KR101243758B1 - Convergence access control method by network access apparatus located at penetration node of IP network of convergence ALL-IP network - Google Patents

Abstract

The present invention relates to a converged access control method using a network access point located at an IP network entry point of a converged ALL-IP network, which is an authentication control and a QoS control at a network access point located at an IP network entry point of a converged ALL-IP network. It is possible to apply traffic control and mobility control in a consistent manner, and to more effectively accommodate subscriber networks with various access environments, thereby securing network flexibility and scalability.

ALL-IP network, network access, converged access control, authentication control, QoS control, traffic control, and mobility control

Description

Convergence access control method by network access apparatus located at penetration node of IP network of convergence ALL-IP network}

The present invention relates to an access control structure in a converged ALL-IP network, and more particularly, to a converged access control method for more efficiently performing authentication control, QoS control, traffic control, and mobility control at a network level. .

The present invention is derived from a study performed as part of the IT source technology development project of the Ministry of Knowledge Economy [Task management number: 2006-S-064-03, task name: BcN network engineering technology research].

User's network access environment is rapidly diversifying into wireless environment such as HSPA (High Speed Packet Access), WiBro (Wireless Broadband), WiFi as well as the existing wired environment.

In particular, in the wireless environment, Long Term Evolution (LTE) / System Architecture Evolution (SAE) is being developed around the 3rd Generation Partnership Project (3GPP), but various wireless access environments will coexist for a long time even if the development is completed. It is expected.

The converged ALL-IP network can be seen as the various access networks accommodated by a single control system and a single management system. For this purpose, effective authentication control, QoS control, traffic control, and mobility control can be provided in an integrated platform. You need a structure that can.

Although ITU-T's NACF (Network Attachment Control Function) standard is currently in progress, there are limitations to effectively accommodate the various access environments mentioned above.

Accordingly, in the present invention, in order to more effectively perform authentication control, QoS control, traffic control, and mobility control in the converged ALL-IP network, converged access control by a network access device located at an IP network entry point of the converged ALL-IP network To provide a method.

According to the first aspect of the present invention, as a means for solving the above problems, the authentication method by the network connection device located at the IP network entry point of the converged ALL-IP network, the handover terminal is generated, the handover When the L2 level authentication procedure based on the terminal information is performed between the wireless access device to which the connected terminal is connected and the authentication server, intercepting and obtaining authentication information transmitted and received through the network access device; And allowing the network connection device to only transmit data packets corresponding to the terminal having the authentication information.

The authentication information may include terminal information of a handed over terminal on which terminal authentication based authentication procedure is successfully performed.

According to a second aspect of the present invention, as a means for solving the above problems, the QoS control method by the network access point located at the IP network entry point of the converged ALL-IP network, the network access device is a radio resource allocation amount; Controlling QoS of the downlink traffic based on the control; And controlling, by the network access device, QoS of upstream traffic through bandwidth information or service-specific resource allocation policy that can be obtained during call control signaling.

The controlling of the QoS of the downlink traffic may include obtaining a radio resource allocation amount through a wireless access device provided in a wireless subscriber network through which the downlink traffic is to be delivered; Comparing the radio resource allocation with the data amount of the downlink traffic; And when the amount of data of the downlink traffic exceeds the radio resource quota, scheduling and shaping is performed in the guarantee session downlink in the service session unit, and rate shaping is performed in the radio bandwidth allocation unit in the non-guaranteed downlink traffic downlink. It is characterized by performing).

The controlling of the QoS of the upstream traffic may include receiving and setting policy control setting information for each service; When the SIP-based traffic flows, obtaining bandwidth information obtainable during the call control signaling through a Session Boarder Controller (SBC) or a SIP proxy provided in the network access device and performing resource control for each service; And when traffic that is not SIP-based flows, performing resource control for each service according to the policy control setting information for each service.

According to a third aspect of the present invention, as a means for solving the above problems, a traffic control method using an authentication server, a policy server, a network control device, and a network access device existing in a converged ALL-IP network includes: Providing, by the server, authentication information of a user whose authentication procedure is completed to the policy server and the network control device; Interworking the policy server and a network control device with each other to set a permission traffic total amount and an article capacity corresponding to the authentication information of the user in the network access device; And updating the article capacity by tracking the traffic usage of the user by the network access device, and performing traffic control on a terminal whose updated article capacity exceeds the allowed traffic total amount.

The performing of the traffic control may include blocking the traffic or charging the excess traffic when the updated article capacity exceeds the allowed traffic total amount.

According to the fourth aspect of the present invention, as a means for solving the above problems, a converged ALL-IP for providing an IP mobility control service between a general terminal without a mobility control client and an IP terminal equipped with a mobility control client In the IP mobility control method by a network access device located at an IP network entry point of a network, the network access device grasps terminal information, location information, and data tunnel information of a wireless section, and registers the IP mobility control server. Making a step; When a communication with the general terminal is requested and a data tunnel of an IP network section is formed for performing communication with the general terminal, the network access device transmits the data tunnel of the IP network section to the data tunnel of the wireless section. Mapping; And when the general terminal is handed over, recognizes the changed location information of the general terminal and data tunnel information of the wireless section and notifies the IP mobility control server, and informs the data tunnel of the IP network section of the data tunnel of the changed wireless section. Remapping to.

When the IP terminal requests communication with the general terminal, the IP mobility control server informs the IP terminal of terminal information and location information of the general terminal, and performs an IP network section for performing communication with the general terminal. Characterized in that the data tunnel is formed.

When the general terminal requests communication with the IP terminal equipped with the mobility control client, the network access device obtains the terminal information and the location information of the IP terminal through the IP mobility control server to communicate with the general terminal. Characterized in that the data tunnel of the IP network section to perform.

The network connection device encapsulates the traffic of the data tunnel of the wireless section and delivers it to the data tunnel of the IP network section, and decompresses the traffic of the data tunnel of the IP network section and delivers the data tunnel to the data tunnel of the wireless section. It features.

The network connection apparatus recognizes individual service traffic of the data tunnel of the wireless section and the data tunnel of the IP network section in flow units based on 5-tuple or deep packet inspection (DPI), and thus the data of the wireless section. And mapping between the tunnel and the data tunnel of the IP network section.

As described above, the apparatus and method for the converged access control method of the present invention can apply authentication control, QoS control, traffic control, and mobility control in a consistent manner in a network access device located at an IP network entry point of a converged ALL-IP network. In addition, it is possible to more effectively accommodate the subscriber network having a variety of access environment, thereby ensuring the flexibility and expandability of the network.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. However, in describing in detail the operating principle of the preferred embodiment of the present invention, if it is determined that the detailed description of the related known function or configuration may unnecessarily obscure the subject matter of the present invention, the detailed description thereof will be omitted.

In order to clearly illustrate the present invention, parts not related to the description are omitted, and like parts are denoted by similar reference numerals throughout the specification.

Also, when a part is referred to as "including " an element, it does not exclude other elements unless specifically stated otherwise.

1 is a diagram illustrating a network configuration for access control in a converged ALL-IP network according to an embodiment of the present invention.

The IP network 1 is a network capable of providing different service level agreement (SLA) based services for each subscriber.

The network access points 2-1 to 2-n are located at the junction of the IP network 1 and the plurality of subscriber networks 3-1 to 3-5 and 4, and thus start points for processing IP packets. Becomes In particular, the network access devices 2-1 to 2-3 located at the contact point of the IP network 1 and the wireless subscriber network 3-1 to 3-5 have a quick authentication control for the handovered terminal, and a wireless subscription. It performs various access control functions such as QoS control linked with resource allocation information of own network, traffic usage control per subscriber, and functions for supporting IP mobility.

The plurality of subscriber networks 3-1 to 3-5 and 4 include a wireless subscriber network 3-1 to 3-5 and a fixed terminal 8 to which mobile terminals 7-1 to 7-6 are connected. It may be configured as a wired subscriber network 4 to be connected.

The wireless network controllers 5-1 to 5-3 are located in the wireless subscriber network 3-1 to 3-3, and are responsible for resource control of the wireless subscriber network, and the wireless access devices 6-1 to 6-6. 3) provides a wireless network service to the mobile terminals 7-1 to 7-4 under the control of the wireless network controllers 5-1 to 5-3. In addition, the radio access device 6-5 is configured to include the functions of the radio network controllers 5-1 to 5-3 so that the radio subscriber network 3-5 only uses the radio access device 6-5. It can be provided. That is, the wireless access device and the wireless network control device may be integrated into one device or may be separately configured to each device.

The mobile terminals 7-1 to 7-6 and the fixed terminal 8 may be provided with network services in the form of end-to-end communication between the application server 15, a client / server network service, and other mobile terminals. The mobile terminals 7-1 to 7-6 may have a single air interface or multiple air interfaces.

The network controller 9 receives the subscriber information and the service QoS information from the user DB 12 and the policy server 11 to control traffic for complying with the subscriber's service level agreement (SLA). In response to receiving user authentication information from the authentication server 14, the network access devices 2-1 to 2-n may control the network access devices so that the network access device may transmit traffic of the authenticated user.

In particular, the network control apparatus 9 of the present invention is interworked with the policy server 11 to display the policy control setting information for each service for controlling uplink traffic, the total amount of traffic allowed for each subscriber, and the traffic usage of the network controllers 2. -1 ~ 2-n) to provision.

The IP mobility control server 10 receives and registers terminal information, location information, and data tunnel information for each terminal from the network access devices 2-1 to 2-n. When the mobile terminal is connected to the IP network 1, the IP mobility control server 10 provides control related to the IP mobility of the mobile terminal, thereby ensuring continuity of services when the mobile terminal moves.

The policy server 11 performs service policy control and maintains and manages information such as resource allocation policy for each service, total amount of traffic allowed for each subscriber, and traffic usage information.

The user DB (Database) 12 stores various kinds of information about the subscriber (or terminal) connected to the network of the present invention, such as subscriber information and subscriber terminal information.

The IP Multimedia Subsystem (IMS) 13 performs call control based on Session Initiation Protocol (SIP), and the authentication server 14 performs authentication for network access and services including terminal information of the user. The authentication server 14 may control the network connection devices 2-1 to 2-n so that the user may access the network based on the user authentication information.

In the converged ALL-IP network configured as described above, various functions are required to recognize users using various types of terminals through various types of wired / wireless subscriber networks and to smoothly provide mobility services.

That is, there is a need for fast authentication control for a handovered terminal, QoS control associated with resource allocation information of a wireless subscriber network, traffic usage control for each subscriber, and functions for supporting IP mobility.

In the present invention, the above functions are referred to as a converged access control function (CACF).

Since this converged access control function is related to the user's network access, IP traffic control, etc., it should be performed at the starting point of the IP network in terms of authentication, and at the first point in which IP packets can be processed in terms of IP traffic.

Therefore, in the present invention, the network access devices 2-1 to 2-n, which are the entry points of the IP network 1, are interested in the converged access control function. In particular, among the converged access control functions performed in the network access devices 2-1 to 2-n, an authentication control method for providing mobility, a QoS control method associated with resource allocation information of a wireless subscriber network, and a network traffic control method for each user , And mobility control methods are within the scope of the present invention.

<Authentication Control>

First, the authentication control method according to the present invention will be described. The authentication control method at this time is not an authentication control method performed when the network is first accessed, but relates to an authentication control method performed in a new subscriber network when the mobile terminal moves.

When a mobile terminal moves to access a new subscriber network (i.e., handover), and performs an IP address-based authentication or ID / password-based authentication procedure, a delay caused by authentication occurs and quick handover is performed. It becomes difficult to carry out.

Accordingly, in the present invention, an authentication procedure is performed during handover based on terminal information for identifying a terminal on a network such as E.164 information and a media access control (MAC) address.

Basically, when the mobile terminal (for example, 7-2) is handed over and accesses the wireless access point 6-2 in the new subscriber network, based on the terminal information before authentication of the user level and IP address level Authentication at one OSI Layer 2 (L2) level is performed between the radio access device 6-2 and the authentication server 14. When the authentication based on the terminal information is successfully completed, the handed over terminal can transmit and receive data packets.

Accordingly, in the present invention, the terminal information is obtained from the information transmitted and received through the terminal information based authentication, and by allowing the network connection of the handed over terminal based on this, a separate IP address based authentication or ID / password based authentication Ensure that the procedure is omitted.

Hereinafter, the authentication procedure according to an embodiment of the present invention will be described in more detail with reference to FIG. 2.

2 is a flowchart illustrating an authentication control method in a converged ALL-IP network according to an embodiment of the present invention.

First, when a mobile terminal (for example, 7-2) is handed over from an existing wireless subscriber network (for example, 3-1) to a new wireless subscriber network (for example, 3-2) (S100), The mobile terminal 7-2 attempts to connect at the L2 level to the wireless access point 6-2 by transmitting its own terminal information to the wireless access point 6-2 in the new wireless subscriber network 3-2. (S101).

Then, the wireless access device 6-2 requests the authentication information based on the terminal information to the authentication server 14 using the received terminal information (S102).

Then, the authentication server 14 searches the user DB 12 and checks the DB related to the terminal information (S103), the terminal information (single or multiple) registered at the time of user registration, the IP address that the user is using on the network, Acquisition of available services, etc. (S104, S105).

The authentication server 14 compares the terminal information obtained through the steps S104 and S105 with the terminal information transmitted through the step S102 to perform authentication based on the terminal information, and transmits the authentication result to the wireless access apparatus 6-2. Notify (S106).

The network connection device 2-2 intercepts the authentication result provided from the authentication server 14 to the wireless access device 6-2 or receives the authentication result directly from the authentication server 14. Terminal information of 2) is acquired (S107).

If authentication of the mobile terminal 7-2 is successfully performed and the radio access device 6-2 permits the connection of the L2 level of the mobile terminal 7-2 (S110), the mobile terminal 7-2. Starts transmitting the data packet (S112).

The network connection device 2-2 checks the terminal information and the IP address of the data packet of the mobile terminal 7-2, and if the packet is transmitted from the terminal with the authenticated terminal information, the IP address of the packet (i.e., Before the handover is performed, the terminal binds and records the terminal information and the IP address which has already been authenticated (S110). That is, the mobile terminal 7-2 having the authenticated terminal information is accepted for connection to the IP network.

As described above, in the present invention, it is determined whether the handovered mobile terminal 7-2 accesses the IP network by using L2 level authentication information such as terminal information.

<QoS control in connection with resource allocation information of wireless subscriber network>

Next, a QoS control method associated with resource allocation information of a wireless subscriber network according to the present invention will be described.

Network resources in a wireless subscriber network are subject to much more capacity limitation than network resources in a wired subscriber network. Therefore, to consider both QoS in wired subscriber network and QoS in wireless subscriber network, QoS control using resource allocation information in wireless subscriber network is required.

3A, 3B, and 4 are flowcharts illustrating a QoS control method in a converged ALL-IP network according to an embodiment of the present invention.

First, a QoS control method for downlink traffic will be described with reference to FIGS. 3A and 3B.

The network access device (for example, 2-1) receives radio resource allocation information for each terminal from the radio network controller 5-1 (S201).

When the amount of downlink traffic exceeds the radio resource allocation for each terminal by comparing the amount of downlink data and the radio resource allocation for each terminal obtained through step S201 (S202), the guaranteed downlink traffic is secured as shown in FIG. 3B. In order to prevent broken QoS, scheduling and shaping are performed on a service session basis (S203). For non-guaranteed downlink traffic, rate shaping is performed in units of radio bandwidth allocation so that guarantee bandwidth can be used for the bandwidth of the allocated wireless subscriber network so as to use the remaining free resources (S204).

A QoS control method for uplink traffic will now be described with reference to FIG. 4.

The network connection device (eg 2-1) must be able to support both SIP-based and non-SIP-based services. Accordingly, the network connection device 2-1 receives and sets policy control information for each service of the policy server 11 through the network control device 9 in advance (S301).

When uplink traffic occurs (S302), after confirming whether the service is based on the SIP (S303), in the case of uplink traffic based on the SIP-based service, the network access device 2-1 performs the SBC function or the SIP proxy function. Bandwidth information required for a call is acquired during call control signaling (S304), and resource control for corresponding traffic is performed using the obtained bandwidth information (S305).

On the other hand, if uplink traffic according to a service other than the SIP-based occurs (S303), the network connection device 2-1 is a service-specific resource corresponding to the currently generated uplink traffic through the service-specific policy control information set through step S301 The allocation policy is identified and resource control is performed accordingly (S306).

<Control traffic usage per user>

Next, a traffic usage control method for each user according to the present invention will be described.

In order to apply service models to secure profitability of telecom operators, such as pay-per-use and partial pay-per-use, it is necessary to control the traffic usage per user. For example, in the case of P2P service, it is necessary to set the total amount of P2P traffic allowed for the monthly amount, and if this limit is exceeded, a differential fee can be charged according to the traffic volume.

5 is a flowchart illustrating a traffic usage control method in a converged ALL-IP network according to an embodiment of the present invention.

After the user performs authentication by connecting to the network through the mobile terminals 7-1 to 7-6 or the fixed terminal 8, the authentication server 14 is connected to the network controller 9 and the policy server 11. Provide authentication information (S401).

The network controller 9 inquires the policy server 11 of the total amount of permission traffic and the article capacity of the user corresponding to the authentication information (S402).

In addition, the network controller 9 receives the user's permission traffic total amount and the article capacity information provided from the policy server 11 and sets the information to the corresponding network access device (for example, 7-1) (S403).

Then, the network access device 7-1 determines whether the data is transmitted to the terminal of the user by using the IP address information of the data, or is generated by the terminal of the user, and tracks the traffic usage of the user ( S404).

If the total amount of authorized traffic is exceeded while the user is using the network (S405), the network connection device 7-1 takes a corresponding measure. That is, blocking the excess traffic or performing an operation such as charging the excess traffic through the linkage operation with the policy server 11 or the application server 15 (S405).

<IP Mobility Control>

Finally, the IP mobility control method according to the present invention will be described as follows. The IP mobility control method considered in the present invention uses the IP mobility control server 10 and a terminal equipped with a mobility client function.

6 is a diagram illustrating a network configuration to which the IP mobility control method is applied according to an embodiment of the present invention.

As shown in FIG. 6, when the mobile terminal 7-6 receives IP mobility control, a control tunnel Cter for a control signal is formed between the mobile terminal 7-6 and the IP mobility control server 10. Thereafter, a data tunnel (Dter) for data communication is also formed between the mobile terminal 7-6 and the counterpart terminal. At this time, the method for forming the control tunnel (Cter) and the data tunnel (Dter) is to follow a known technique, and a detailed description thereof will be omitted.

The network connection devices 2-2 and 2-3 of the present invention are equipped with a mobility control client, and not only terminals (hereinafter referred to as IP terminals) equipped with mobility client functions, such as WiFi mobile terminals, but also 3GPP mobile terminals. And mobility services through the IP mobility control server 10 during IP-based data communication for terminals (hereinafter, general terminals) 7-1 to 7-5 that do not have mobility client functions such as LTE mobile terminals. Provide.

The mobility control client of the network access devices 2-2 and 2-3 acquires terminal information (address information, etc.) and location information of the general terminal in order to provide IP mobility service to the general terminal, and the network access device (2- 2,2-3) and informs the IP mobility control server 10 through a control tunnel (Cter) between the IP mobility control server 10. The IP mobility control server 10 grasps and records the terminal information of the general terminal and whether each general terminal is controlled by the mobility control client of which network connection apparatus.

When the IP terminal requests communication with the general terminal, the IP mobility control server 10 sends the terminal information of the general terminal and information about the network access devices 2-2 and 2-3 controlling the terminal to the IP terminal. It informs, and controls so that a data tunnel (Dter) can be created between the terminal and the network connection device to which the corresponding node is connected.

When the general terminal requests communication with the IP terminal, the mobility control client of the network access devices 2-2 and 2-3 obtains the address information and the location information of the counterpart node from the IP mobility control server 10 to obtain the corresponding network. A data tunnel is created between the connection devices 2-2 and 2-3.

The mobility control client of the network access device (2-2, 2-3) encapsulates the traffic of the radio section to the data tunnel generated when providing the IP mobility service for the uplink traffic. If present, it is mapped to a data tunnel created when providing IP mobility services. On the other hand, in the case of downlink traffic, the packet transmitted through the data tunnel generated when providing the IP mobility service is decapsulated and delivered to the target general terminal, and if the data tunnel is formed in the radio section, the IP mobility service is provided thereto. Maps the data tunnel created in the city.

Since the data tunnel of the wireless section is formed by terminal unit, if the terminal has a service session with two or more counterpart nodes (or terminals) at the same time (for example, downloading a file while using VoIP), 1: 1 mapping of data tunnels in an IP network is not possible. Accordingly, in the network access apparatuses 2-2 and 2-3 of the present invention, individual service traffic in a data tunnel of a wireless section is recognized in a flow unit based on 5-tuple or DPI (Deep Packet Inspection). The destination can be mapped to a data tunnel on another IP network.

When the general terminal moves, the mobility control client of the network access devices 2-2 and 2-3 identifies the changed location information, the changed data path or data tunnel information of the wireless section, and the changed data traffic path or It passes traffic through the data tunnel. In addition, the IP mobility control server 10 informs the changed location information of the terminal, the changed data path or data tunnel information of the radio section.

7 is a flowchart illustrating a communication configuration and an IP mobility control method between a general terminal and an IP terminal according to an embodiment of the present invention.

First, when a mobile terminal (for example, 7-2) that is not equipped with a mobility control client transmits terminal information to a wireless network controller 5-1 connected thereto (S500), the wireless network controller 5-1 ) Indicates the terminal information and the location information of the mobile terminal 7-2 (that is, the information indicating that the mobile terminal 7-2 is connected to the radio network controller 5-1). Notify (S501).

At this time, a data tunnel (Dter) is formed between the wireless network controller 5-1 and the network connection device 2-2, and the function of the gateway GPRS support node (GGSN) is located in the network connection device 2-2. Shall be.

Then, the network connection device 2-2 records the terminal information, the location information of the mobile terminal 7-2, the data tunnel information of the wireless section used by the mobile terminal 7-2, and the like (S502). Register with the IP mobility control server 10 (S503).

In this state, when the mobile terminal (eg, 7-6) equipped with the mobility control client requests mobility control to communicate with the mobile terminal 7-2 (S504), the IP mobility control server 10 moves. The terminal 7-6 provides terminal information and location information of the mobile terminal 7-2 (S505).

Thereafter, when data communication is performed, a data tunnel of an IP network is formed between the mobile terminal 7-6 and the network connection device 2-2 to which the mobile terminal 7-2 is connected (S506).

Then, the network connection device 2-2 maps the data tunnel of the IP network to the data tunnel of the radio section (S507), and transfers the data of the mobile terminal 7-6 to the mobile terminal 7-2, which is a counterpart terminal. (S508).

When the mobile terminal 7-2 performs handover during mutual communication and is connected to the new radio network controller 5-2 (S509), the handovered mobile terminal 7-2 controls the newly connected radio network. It provides its own terminal information to the device (5-2) (S510). The new radio network controller 5-2 forms a new data tunnel and provides the terminal information and the changed location information of the mobile terminal 7-2 to the network connection device 2-2 to which it is connected ( S511).

In response, the network connection device 2-2 records the terminal information, the changed location information, and the changed data tunnel information of the mobile terminal 7-2, and binds these information to the IP mobility control server 10 ( S512), the IP mobility control server 10 is registered (S513).

The network connection device 2-2 maps the data tunnel of the IP network to the data tunnel of the changed wireless section (S514) to the mobile terminal 7-2 to which the data of the mobile terminal 7-6 is handed over. To be delivered (S515).

The present invention described above is not limited to the above-described embodiments and the accompanying drawings, and it is common in the art that various substitutions, modifications, and changes can be made without departing from the technical spirit of the present invention. It will be apparent to those skilled in the art.

1 is a diagram illustrating a network configuration for access control in a converged ALL-IP network according to an embodiment of the present invention.

2 is a flowchart illustrating an authentication control method in a converged ALL-IP network according to an embodiment of the present invention.

3A, 3B, and 4 are flowcharts illustrating a QoS control method in a converged ALL-IP network according to an embodiment of the present invention.

5 is a flowchart illustrating a traffic usage control method in a converged ALL-IP network according to an embodiment of the present invention.

6 is a diagram illustrating a network configuration to which the IP mobility control method is applied according to an embodiment of the present invention.

7 is a flowchart illustrating a communication configuration and an IP mobility control method between a general terminal and an IP terminal according to an embodiment of the present invention.

Claims (14)

In the authentication method by the network connection device located at the IP network entry point of the converged ALL-IP network, When a handed-over terminal is generated and an L2 level authentication procedure based on terminal information is performed between a wireless access device to which the handed-over terminal is connected and an authentication server, the network access device intercepts authentication information transmitted and received through itself. Obtaining; And And allowing the network connection device to only transmit data packets corresponding to the terminal having the authentication information. The method of claim 1, wherein the authentication information And a terminal information of the handed-over terminal which has successfully performed the terminal information based authentication procedure. A QoS control method by a network access device located at an IP network entry point of a converged ALL-IP network, Controlling, by the network access device, QoS of downlink traffic based on a radio resource allocation amount; And And controlling the QoS of the upstream traffic through the bandwidth information obtainable during call control signaling or the resource allocation policy for each service. 4. The method of claim 3, wherein controlling the QoS of the downlink traffic Obtaining a radio resource allocation amount through a wireless access device provided in a wireless subscriber network through which the downlink traffic is to be transmitted; Comparing the radio resource allocation with the data amount of the downlink traffic; And When the amount of data of the downlink traffic exceeds the radio resource quota, scheduling and shaping is performed in the guarantee session downlink in the service session unit, and rate shaping is performed in the radio bandwidth allocation unit in the non-guaranteed downlink traffic downlink. QoS control method according to the network connection device, characterized in that for performing. 4. The method of claim 3, wherein controlling the QoS of upstream traffic Receiving and setting policy control setting information for each service; When the SIP-based traffic flows, obtaining bandwidth information obtainable during the call control signaling through a Session Boarder Controller (SBC) or a SIP proxy provided in the network access device and performing resource control for each service; And If the traffic is not SIP-based, QoS control method by the network access device comprising the step of performing resource control for each service according to the policy control setting information for each service. In the traffic control method by an authentication server, a policy server, a network control device, and a network connection device existing in a converged ALL-IP network, Providing, by the authentication server, authentication information of a user whose authentication procedure is completed, to the policy server and a network control device; Interworking the policy server and a network control device with each other to set a permission traffic total amount and an article capacity corresponding to the authentication information of the user in the network access device; The network connection device tracking traffic usage of the user to update the article capacity, and performing traffic control on a terminal whose updated article capacity exceeds the allowed traffic total amount; Control method. 7. The method of claim 6, wherein performing the traffic control And if the updated article capacity exceeds the allowed traffic total, blocking traffic. The method of claim 6, And if the updated article capacity exceeds the allowed traffic total, charging processing for excess traffic. A method for controlling IP mobility by a network access device located at an IP network entry point of a converged ALL-IP network for providing an IP mobility control service between a general terminal without a mobility control client and an IP terminal with a mobility control client. , Grasping, by the network access device, terminal information, location information, and data tunnel information of a wireless section of the general terminal, and registering them in an IP mobility control server; When a communication with the general terminal is requested and a data tunnel of an IP network section is formed for performing communication with the general terminal, the network access device transmits the data tunnel of the IP network section to the data tunnel of the wireless section. Mapping; And When the general terminal is handed over, the changed location information of the general terminal and the data tunnel information of the wireless section are detected and notified to the IP mobility control server, and the data tunnel of the IP network section is converted into the data tunnel of the changed wireless section. IP mobility control method by the network access device comprising the step of remapping. 10. The method of claim 9, wherein the IP mobility control server When the IP terminal requests communication with the general terminal, the terminal information and location information of the general terminal is informed to the IP terminal so that a data tunnel of an IP network section for performing communication with the general terminal is formed. IP mobility control method by a network connection device, characterized in that. 10. The apparatus of claim 9, wherein the network connection device When the general terminal requests communication with an IP terminal equipped with a mobility control client, an IP network for performing communication with the general terminal by obtaining terminal information and location information of the IP terminal through the IP mobility control server. IP mobility control method by a network connection device, characterized in that the data tunnel of the interval is formed. 10. The apparatus of claim 9, wherein the network connection device Encapsulating traffic in the data tunnel of the wireless section and delivering it to the data tunnel of the IP network section, and extracting traffic of the data tunnel of the IP network section and delivering the data tunnel to the data tunnel of the wireless section. IP mobility control method by device. 10. The apparatus of claim 9, wherein the network connection device Recognizing the individual service traffic of the data tunnel of the wireless section and the data tunnel of the IP network section in flow units based on 5-tuple or deep packet inspection (DPI), the data tunnel of the wireless section and the IP network IP mobility control method by a network connection device, characterized in that mapping between the data tunnel of the interval. A network connection device located at an IP network entry point of a converged ALL-IP network for performing the method according to any one of claims 1 to 5 and 9.

Images