KR20190129274A - Method for providing private network service for each application and telecommunication network system, and method for transmitting traffic in terminal - Google Patents

Abstract

Disclosed are a method of providing a private network service by application, a communication network system therefor and a traffic transmission method for a terminal. The present invention relates to a method of providing a service in which a communication system connected with a plurality of private networks connects an application installed in a terminal with a corresponding private network. The method includes the following steps of: receiving a request for classification information about the flow of an application from the terminal; creating the classification information about the flow of the application based on information of the flow of the application; managing one of the private networks, which is going to receive traffic by the flow of the application, by matching the private network with the classification information of the flow of the application; delivering the classification information of the flow of the application to the terminal; and extracting the classification information included in the header of the received traffic when receiving the traffic from the terminal through a base station, and then, delivering the received traffic to one of the private networks corresponding to the extracted classification information.

Description

Application-specific private network service provision method, communication network system implementing the same, and traffic transmission method in terminal {METHOD FOR PROVIDING PRIVATE NETWORK SERVICE FOR EACH APPLICATION AND TELECOMMUNICATION NETWORK SYSTEM, AND METHOD FOR TRANSMITTING TRAFFIC IN TERMINAL}

The present invention relates to a method for providing a private network service for each application, a communication network system implementing the same, and a method for transmitting traffic in a terminal.

Today, due to the development of mobile communication systems, communication services based on the Long Term Evolution (LTE) communication system, which is the next generation mobile communication technology, have become mainstream.

As the mobile communication market is activated and mobile communication devices such as smart phones, smart pads, routers, and eggs are spread, demands for utilizing broadband mobile communication devices in corporate services have increased. A private network service has emerged that exclusively connects general data networks of a private network or a public network.

As the private network service is activated, users are not satisfied with the method provided by the conventional private network service, that is, the method of delivering all the traffic of the terminal to the public network or the corporate network, and simultaneously access the public network and the private network. There is an increasing demand for applications to be delivered to enterprise private networks and the rest of applications to public networks.

As a result, a plurality of APN (Multi-Access Point Name, Multi-APN) private network technologies have been developed, in which a mobile communication terminal simultaneously accesses a public network and a private network, and selectively transmits them to a private network or a public network for each application.

In the conventional multiple APN private network access technology, the mobile communication terminal is connected to the public network APN at the same time, one additional private APN is connected at the same time. That is, the conventional private network service is separated from the method of being connected to the public packet data network gateway (P-GW) or the private P-GW based on the APN, and the public network APN and the private APN are set at the same time, and the public P-GW And P-GW are simultaneously connected, and the connection P-GW is selected for each application based on the internal routing of the terminal.

However, in order to provide independent private network services for each application with respect to traffic delivered through a plurality of APN private network access technologies, traffic of a user transmitted through APN is classified for each application and transmitted to each corresponding private network. Billing and traffic control must be performed for each application. However, in the EPC (Evolved Packet Core) of the conventional LTE system, charging and traffic control is possible only based on a 5-tuple (Src IP, Src Port, Dest IP, Dest Port, Protocol). This is not enough to reflect the session information of the dynamically changing application. In addition, in the 3GPP standard, it may be necessary to add a TDF (Traffic Detection Function) device that checks and classifies the traffic of an application, and provides the corresponding service. As a kind of equipment, it is difficult to use it as a very expensive equipment with very high processing load to perform L7 processing.

An object of the present invention is to provide a method for providing a private network service for each application, a communication network system implementing the same, and a method for transmitting traffic in a terminal.

An object of the present invention is to provide a method and apparatus for enabling the use of different private networks for each application by using one private network APN.

The problem to be solved by the present invention is to provide a method and apparatus that can save the construction cost and maintenance cost for providing a private network service.

Private network service providing method according to an aspect of the present invention,

A method of providing a service for connecting to a private network corresponding to an application installed in a terminal by a communication network system connected to a plurality of private networks, the method comprising: requesting classification information on a flow of an application from the terminal; information of the flow of the application Generating segmentation information on the flow of the application by using; managing a private network to which traffic by the flow of the application is transmitted among the plurality of private networks in correspondence with the segmentation information on the flow of the application; Delivering the classification information on the flow of the terminal to the terminal, and when the traffic is received from the terminal through the base station, extracting the classification information included in the header of the received traffic, and extracting the extracted classification information from the plurality of private networks. For Forwarding the received traffic to a corresponding private network.

Here, in the step of corresponding to the classification information of the flow of the application, the private network to which the traffic by the flow of the application is transferred and the classification information of the application correspond to store as a network policy table, the traffic management policy corresponding to the application And distinct information are stored as data policy tables.

The transmitting of the received traffic may include extracting segmentation information included in a header of traffic received through the second path, and using the data policy table, an application corresponding to the extracted segmentation information. Specifying, using the network policy table, the private network to which the specified application is to be connected, and forwarding the received traffic to the specified private network.

The transmitting of the received traffic to the specified private network may include receiving the received traffic according to a traffic quality control policy that is identified corresponding to the classification information included in the received traffic through the data policy table. Transmit to a specific network through a network policy table.

In addition, the data policy table further includes a billing policy for each application specified by application-specific classification information, and after the step of transmitting the received traffic to the specified private network, through the data policy table, the received traffic The charging of the received traffic is performed according to the charging policy identified in correspondence with the classification information included in the information.

In addition, the classification information is recorded in a differentiated services code point (DSCP) field of an IP (Internet Protocol) header of the received traffic.

In addition, the classification information for the flow of the application is generated based on the information of the source port of the flow of the application.

In addition, the first path for receiving the segmentation information about the flow of the application from the terminal, and the first path for transmitting the segmentation information about the flow of the application to the terminal, a second path for receiving traffic from the terminal through the base station And different paths.

The traffic transmission method of the terminal according to another feature of the present invention,

A method for transmitting traffic to a communication network system by a terminal, the method comprising: storing flow classification information provided by the communication network system to distinguish applications accessing at least one private network; when at least one packet occurs in a specific application, Determining whether the classification information corresponding to the flow of the specific application is stored in the flow classification information; if the specific classification information corresponding to the flow of the specific application is stored, traffic including the specific classification information in the header of the packet Transmitting the specific classification information corresponding to the flow of the specific application from the communication network system, if the classification information corresponding to the flow of the specific application is not stored; And transmitting the traffic including the specific classification information in a header of an existing packet to the communication network system.

Here, after acquiring the specific classification information corresponding to the flow of the specific application from the communication network system, transmitting the traffic including the specific classification information in the header of the packet to the communication network system may include a flow of the specific application. Requesting the specific segmentation information by transmitting information about the network to the network system, and when the specific segmentation information is received from the network system, traffic including the specific segmentation information in a header of the packet to the network system. Transmitting.

The first path for requesting the specific classification information on the flow of the specific application to the communication network system and receiving the specific classification information from the communication network system may be configured to transmit traffic to the communication network system through the base station. 2 different paths.

The terminal may include a mobile gateway, which is a virtual private network (VPN) application, and the request for the specific classification information by transmitting information on the flow of the specific application to the communication network system may include: Requesting the network information for the classification information of the flow of the specific application through one path, and wherein the specific classification information is received from the communication network system by the mobile gateway from the communication network system through the first path. The specific classification information on the flow of the specific application is received.

The method may further include determining whether the specific classification information received from the communication network system and the application-specific flow table are managed in correspondence with the flow of the specific application, and whether the classification information corresponding to the flow of the specific application is stored. It is determined according to whether information on the flow of the specific application is in the flow table for each application.

Communication network system according to another aspect of the present invention,

A communication network system connected to a plurality of private networks, using the information on the application flows received from the terminal to generate the classification information for distinguishing each application flow, and delivers the classification information corresponding to each application flow to the terminal A private policy and billing server configured to manage the classification information corresponding to each application flow in correspondence with the private network to which the corresponding application is connected, and the plurality of private networks, and when the traffic of a specific terminal is received through the base station, the received traffic. And a private gateway which extracts the classification information included in the header of the and transfers the traffic received from the specific terminal to the private network corresponding to the extracted classification information.

Here, the private policy and the billing server correspond to a network policy table for managing correspondence between the private network to which traffic by the application flow is transmitted and the classification information of the application flow, and the traffic management policy corresponding to the application and the classification information. And a data policy table managed to be transmitted to the private gateway, and when the traffic is received from the terminal and the segmentation information is extracted, the private gateway specifies an application corresponding to the segmentation information using the data policy table. Using the network policy table, a private network to which a specified application is to be connected is specified.

In addition, the data policy table further includes a billing policy for each application specified by application-specific classification information, and the private gateway is applied to traffic received according to the charging policy corresponding to the classification information identified through the data policy table. Perform billing for

According to an embodiment of the present invention, based on the information extracted from the terminal, without additional equipment to the EPC, the private gateway equipment to connect to each other independent private network corresponding to each application, it is possible to implement differential charging and traffic control By doing so, it is possible to provide a private network service for each application at a low cost.

In addition, according to an embodiment of the present invention, since a single private network gateway and a PCRF can be used in the same company to build an independent private network for each application and a system for controlling differentiating billing, the private network of the enterprise at low cost You can manage services by application.

In addition, according to an embodiment of the present invention, it is possible to provide a private network service having a differentiated billing structure for each class of corporate employees or for general customers other than corporate employees.

Also, The private network connection of the unauthorized application of the terminal is performed through the process of verifying the DSCP validity in the private P-GW, thereby reducing the processing load and management complexity for the private network access management, and the associated equipment construction cost.

1 is a diagram illustrating a communication network system that provides a private network service for each application according to an exemplary embodiment of the present invention.
FIG. 2 is a diagram illustrating a communication network system when the core network device is LTE EPC in FIG. 1.
3 is a flowchart of a method of application-specific private network service according to an embodiment of the present invention.
4 is a flowchart illustrating a specific example of a private network service method for each application according to an embodiment of the present invention.
5 is a flowchart illustrating an application-specific private network service method in a terminal according to an embodiment of the present invention.
6 is a flowchart illustrating an application-specific private network service method in a private network communication unit according to an embodiment of the present invention.

DETAILED DESCRIPTION Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art may easily implement the present invention. As those skilled in the art would realize, the described embodiments may be modified in various different ways, all without departing from the spirit or scope of the present invention. In the drawings, parts irrelevant to the description are omitted for simplicity of explanation, and like reference numerals designate like parts throughout the specification.

Throughout the specification, when a part is said to "include" a certain component, it means that it can further include other components, without excluding other components unless specifically stated otherwise. In addition, the terms “… unit”, “… unit”, “module”, etc. described in the specification mean a unit that processes at least one function or operation, which may be implemented by hardware or software or a combination of hardware and software. have.

The devices described in the present invention are composed of hardware including at least one processor, a memory device, a communication device, and the like, and a program executed in combination with the hardware is stored in a designated place. The hardware has the configuration and performance to implement the method of the present invention. The program includes instructions implementing the method of operation of the present invention described with reference to the drawings, and executes the present invention in combination with hardware such as a processor and a memory device.

In the present invention, the terminal may be a mobile station (MS), a mobile terminal (MT), a subscriber station (SS), a portable subscriber station (PSS), or a user equipment (UE). It may also refer to an access terminal (AT) and the like, and may include all or some functions of a mobile station, a mobile terminal, a subscriber station, a portable subscriber station, a user device, an access terminal, and the like.

The terminal may include a base station (BS), an access point (AP), a radio access station (RAS), a node B (Node B), an advanced node B (evolved NodeB, eNodeB), and a transmission / reception base station ( A network device such as a base transceiver station (BTS), a mobile multihop relay (MMR) -BS, a 5G NB (gNB), or the like may be connected to a remote server.

The terminal may be a mobile terminal such as a smartphone, a tablet terminal such as a smart pad and a tablet PC, a computer, a television, and various types of communication terminals, and may include a plurality of communication interfaces. The communication interface may vary. For example, the communication interface may be a short-range wireless network interface such as Wi-Fi / WLAN / Bluetooth, and a mobile terminal such as 3G / Long Term Evolution (LTE) / Long Term Evolution-Advanced (LTE-A) / 5G. The network interface may be included, and the terminal manufacturer may add various communication interfaces.

Hereinafter, an application-specific private network service method and a system providing the method according to an embodiment of the present invention will be described.

1 is a diagram illustrating a communication network system that provides a private network service for each application according to an exemplary embodiment of the present invention.

As shown in FIG. 1, the communication network system 10 includes a terminal 100, an internet network 400 that is shared with the terminal 100 through a base station 300, and a plurality of private networks, for example, an intranet 1. ,… And a core network device 200 that performs communication connections between intranets 500-1, ..., 500-N. At this time, since the communication network system 10 shown in FIG. 1 is only one embodiment of the present invention, the present invention is not limitedly interpreted through FIG. 1 and is configured differently from FIG. 1 according to various embodiments of the present invention. May be

The terminal 100 may transmit and receive data to and from the core network apparatus 200 using the base station 300 as a communication device that provides or receives voice and video calls or data communication.

Here, the core network device 200 includes a communication control unit 210, a public network communication unit 220 and a private network communication unit 230.

The communication control unit 210 communicates and connects the terminal 100 to the public network communication unit 220 or the private network communication unit 230 according to the access information included in the access request from the terminal 100, for example, APN.

The public network communication unit 220 connects the terminal 100 and the internet 400 connected through the communication control unit 210 to perform the public network communication for the terminal 100.

The private network communication unit 230 connects the terminal 100 and the intranets 500-1,..., 500 -N connected through the communication control unit 210 to perform private network communication with respect to the terminal 100.

Meanwhile, the terminal 100 is connected to the Internet 400 or the intranet 500-1 through 500-N via the public network 220 and the private network 230, which are simultaneously connected through the communication controller 210. You can request access to.

In addition, the terminal 100 includes a mobile gateway 110, and the mobile gateway 110 receives all outgoing traffic of the terminal 100 as a virtual private network (VPN) application. In addition, since the mobile gateway 110 is an application of the terminal 100, the mobile gateway 110 may inquire the traffic-application corresponding information of the terminal.

The mobile gateway 110 forms a session with the private network communication unit 230 and is always connected. When the traffic of the application using the private network service is generated in the terminal 100, the flow of the generated traffic is corresponding to the application. It is determined whether the flow is the first flow, that is, a new flow. Such a new flow may be determined by an application-specific flow table that stores and manages flow information generated for each application by the mobile gateway 110. These application specific flow tables will be described later. That is, the mobile gateway 110 determines whether traffic corresponding to a new flow that is not stored in the application-specific flow table is generated.

If it is determined that the traffic of the application generated in the terminal 100 is traffic according to a new flow generated by the application for the first time, the mobile gateway 110 before the transmission of the traffic information and flow information of the application that generated the traffic. Confirmed from the terminal 100 and delivered to the private network communication unit 230. Therefore, the private network communication unit 230 generates a hash value that is classification information for distinguishing (or identifying) the flow of the application by using the information and the flow information of the application transmitted from the mobile gateway 110 of the terminal 100, A data policy and a charging control value corresponding to the application are generated, and a network policy for setting one intranet among a plurality of intranets 500-1,..., 500 -N to which the traffic of the application is connected is set. Thereafter, the private network communication unit 230 transmits the hash value generated for the flow of the application to the mobile gateway 110 of the terminal 100. Here, since the mobile gateway 110 installed in the terminal 100 is a VPN application, the mobile gateway 110 may establish a session with the private network communication unit 230 using an existing VPN connection technology, for example, an IPsec VPN technology.

Accordingly, the mobile gateway 110 of the terminal 100 inputs a hash value received from the private network communication unit 230 into a differentiated services code point (DSCP) field of an IP (Internet Protocol) header of traffic generated by the terminal 100. Afterwards, the terminal 100 transmits the corresponding traffic to the core network apparatus 200. Then, the private network communication unit 230 checks the hash value of the DSCP field included in the traffic received from the terminal 100 to check the flow of the corresponding application, specifically, the application, and the plurality of intranets set in the network policy ( 500-1,…, 500-N). In addition, the private network communication unit 230 may check the application information and the traffic information received from the terminal 100 to perform a corresponding data policy and charging control.

As described above, according to the embodiment of the present invention, it is possible to implement a communication connection to a plurality of intranets 500-1,. It can provide private network service for each application.

Hereinafter, a communication network system 20 that provides an application-specific private network service according to an embodiment of the present invention as described above will be described using specific examples. In this example, an LTE EPC (Evolved Packet Core) will be described as an example, but the same can be applied to a 5G core.

Hereinafter, the communication network system 20 will be described in detail with an example in which the core network device 200 illustrated in FIG. 1 is an LTE EPC.

2 is a diagram of a network system 20 in accordance with another embodiment of the present invention.

Referring to FIG. 2, the communication control unit 610 of the core network apparatus 600 includes a mobility management entity (hereinafter referred to as “MME”) 611, a home subscriber server (hereinafter referred to as “HSS”). 612) and Serving Gateway (hereinafter referred to as 'S-GW') 613.

The public network communication unit 620 is a public gateway (public PDN Gateway, hereinafter referred to as 'public P-GW') 621, a public policy and charging server (Policy and Charging Rule Function, hereinafter referred to as 'public PCRF') (622) ), The Public Subscriber Profile Repository (hereinafter referred to as Public SPR ') 623 and the Public Online Charging System / Offline Charging System (hereinafter referred to as' Public OCS / OFCS') ( 624).

The private network communication unit 630 is a private PDN gateway (hereinafter referred to as 'private P-GW') (631), private policy and billing server (Policy and Charging Rule Function (hereinafter referred to as 'private PCRF') (632) , Private Subscriber Profile Repository (hereinafter referred to as 'private SPR') 633 and Private Online Charging System / Offline Charging System (hereinafter referred to as 'Public OCS / OFCS') ( 634).

On the other hand, the terminal 700 via the public P-GW 621 and the private P-GW 631 which are connected at the same time through the S-GW 613, a plurality of intranets (internet 400 or a private network) 500-1, ..., 500-N) may be requested.

The terminal 700 includes a mobile gateway 710, which forms a session with the private PCRF 632, and traffic corresponding to a new flow of a specific application is generated in the terminal 700. If so, the flow request information (destination IP, source IP, destination port, source port, protocol) of the traffic, application information that generated the traffic, subscriber information, etc. to the private PCRF (632) to proceed with the access request When the connection is allowed from the private PCRF 632, the hash value generated by the private PCRF 632 is received.

In addition, when the traffic corresponding to the condition is executed based on the policy information received from the private PCRF 632, the DSCP field of the IP header of the traffic is changed to the received hash value.

The MME 611 is a control plane entity in the E-UTRAN 800, and performs mobility management and session management functions through non-access stratum (NAS) signaling with the terminal 700.

When there is an access request for the core network apparatus 600 from the terminal 700, the MME 611 receives corresponding subscriber information from the HSS 612 based on the profile included in the access request, and receives the corresponding subscriber information for the terminal 700. Allow the connection. At this time, when the access to the terminal 700 is allowed, the APN, which is access information included in the profile information, is checked and the gateway device corresponding to the APN, that is, the public P-GW 621 or the private P-GW ( 631) performs a session creation and an IP allocation request via the S-GW 613. That is, the session creation request to the S-GW 613, the session creation to the public P-GW 621, and the private P-GW 631 according to the APN value included in the access request transmitted by the terminal 700, and IP allocation. The request is performed to enable connection between the terminal, the Internet 400, and intranets 500-1, ..., 500-N.

The HSS 612 is a server that stores subscriber information. The HSS 612 divides and stores a subscriber profile for each terminal 700. Here, the subscriber profile records whether the terminal 700 subscribes to the private network service, and the access information of the terminal 700, that is, the APN is recorded. When the terminal 700 is subscribed to the private network service, the private APN to which the terminal 700 can access is recorded in the subscriber profile.

The S-GW 613 is a device for managing mobility of the terminal 700 between the E-UTRAN 800 and another base station, between the 3GPP network and the E-UTRAN 800, and is transmitted from the terminal 700 according to a set session. The received traffic is forwarded to the public P-GW 621 or the private P-GW 631.

The common P-GW 621 connects the terminal 700 to the Internet 400 and performs a filtering function according to the PCC (Policy & Charging Control) rule received from the common PCRF 622. In addition, according to the PCC rule received from the common PCRF (622), and transfers the charging information for the forwarded traffic to the public OCS / OFCS (624). The common P-GW 621 performs L2 / L3 processing (switching and routing) through its own function.

The private P-GW 631 is a gateway for connecting the terminal 700 to the intranets 500-1 to 500-N, and is connected to the intranets 500-1 to 500-N by wire. The private P-GW 631 receives the traffic flow information and the IP DSCP value, that is, the hash value and the corresponding private network information from the private PCRF 632. The private P-GW 631 transfers the traffic received from the terminal 700 through the received PCC rule to the intranets 500-1, ..., 500-N identified by the application of the traffic in the network (NW) policy information. To pass.

The private PCRF 632 is a management server for controlling the charging and data policy of the terminal 700. The private PCRF 632 is always connected to the private P-GW 631, and whenever a new session is created in the private P-GW 631. Relevant billing and management policies are requested. Each time, the private PCRF 632 inquires the relevant information to the private SPR 633 and assigns the PCC rule to the private P-GW 631.

In addition, the private PCRF 632 is requested whenever the traffic for the new flow of the application in the mobile gateway 710, information for identifying the new flow, and the related billing and management policy. At this time, the private PCRF 632 generates the partition information, that is, the hash value for distinguishing the new flow using the information on the new flow, and inquires the information on the subscriber through the private SPR 633 to retrieve the mobile gateway. In step 710, the identification information is transmitted along with whether to permit access, and the private P-GW 631 is assigned an associated PCC rule.

The private SPR 633 is a server that stores a subscriber QoS profile, and stores the subscriber billing profile for each terminal 700. At this time, the QoS profile is recorded in the subscriber QoS profile according to whether the terminal 700 subscribes to the application-specific private network service. In the subscriber QoS profile, filtering information (destination IP, source IP, destination port, source port, protocol, IP DSCP value (hash value)) for each application traffic is recorded, and charging group information for each application traffic is recorded.

Therefore, the private PCRF 632 confirms the presence or absence of a private network service subscription for each application in the subscriber QoS profile received from the private SPR 633, and performs private network service for each application only when it is determined that the private network service is subscribed to the corresponding application. Perform work to provide. However, if it is determined that the private network service is not subscribed to the corresponding application, a connection failure message is transmitted to the mobile gateway 710 so that the terminal 100 blocks the traffic according to a preset policy for the corresponding traffic, or It can be processed to be connected to the Internet 400 through the public P-GW (621).

Table 1 below shows an application-specific flow table set in the mobile gateway 710. The package name, flow information, and DSCP value of the application are mapped to the application-specific flow table.

The application-specific flow table may be used by the mobile gateway 710 to determine whether a new flow of an application occurs. That is, if the information about the flow generated by the application in the terminal 700 is not included in the flow information set in [Table 1], it may be determined as a new flow.

The mobile gateway 710 is always connected to the private PCRF 632. When traffic by the flow occurs from the application of the terminal 700, the mobile gateway 710 extracts the information of the IP header of the traffic, confirms the flow information, and confirms the flow information. If it is confirmed as a new flow through the table of [Table 1] based on the connection request to the private PCRF 632 to request the classification information for distinguishing the new flow. At this time, the access request includes the information of the new flow, application information, and the like, and the new flow information is added to [Table 1] when the hash value, which is the classification information of the new flow included in the response result, is received. Record the corresponding DSCP value. Here, when it is assumed that one application generates traffic only through one flow, the classification information for identifying a new flow may be used as classification information for identifying an application for generating a new flow.

Therefore, the mobile gateway 710 modifies the IP DSCP field of the traffic transmitted from the application in the terminal 700 based on the table set in [Table 1] so that the traffic is transmitted to the core network device 600.

The private PCRF 632 generates a hash value between 0 and 127 based on the flow information included in the access request received from the mobile gateway 710. After generating the PCC rule based on the flow information, the hash value, and the subscription information received from the private SPR 633, that is, the QoS and billing information, the PCC rule is generated and transmitted to the private P-GW 631, and then a connection response message including the hash value is provided. To the mobile gateway 710.

Table 2 below shows a PCC rule table generated and set by the private PCRF 232.

As shown in Table 2, the PCC rule table according to an embodiment of the present invention includes SDF template information (Src IP, Dst IP, Src port, Dst port, protocol, IP DSCP value), GBR, MBR. And management policy information such as Rating, Rating Group, etc. are mapped and stored. In Table 2, SDF information is recorded as flow information for each application, but is not limited to the SDF information.

The private P-GW 631 receives the PCC rule from the private PCRF 632, separates the traffic transmitted from the terminal 700, and intranets 500-1,..., 500-N corresponding to the traffic. To pass. In addition, the private P-GW 631 transfers the billing related information to the private OCS / OFCS 634 by utilizing the Rating Group information specified in the PCC rule.

Meanwhile, Table 3 shows a network (NW) policy table set in the private P-GW 631 according to an embodiment of the present invention.

As shown in Table 3, a policy rule name and VLAN information are mapped and stored in a network policy table according to an embodiment of the present invention. Here, in Table 3, it is exemplified that Policy Rule name information is recorded, but is not limited to Policy Rule name information.

Meanwhile, the E-UTRAN 800 may use a mobile communication network to which an LTE network is interworked.

Hereinafter, an application-specific private network service method according to an embodiment of the present invention will be described with reference to the drawings.

3 is a flowchart of a method of application-specific private network service according to an embodiment of the present invention. FIG. 3 relates to an application-specific private network service method performed by the communication network system 10 shown in FIG. 1.

Before the description, in the embodiment of the present invention, a common APN and a private APN are set at the same time in the terminal, and can be simultaneously connected to the common P-GW and the private P-GW, and the connection P-GW for each application is based on the internal routing of the terminal. Choose. That is, the terminal 100 includes a routing table in which a common APN and a private APN to be connected to each application are set, and when the traffic of the application occurs, the APN corresponding to the application, that is, the public APN or the private APN, is assigned to the corresponding traffic. Suppose you do an internal routing that includes and transmits. At this time, in the embodiment of the present invention, a plurality of private networks, namely intranet 1,. In spite of the intranet N (500-1, ..., 500-N), one private APN is used. That is, the routing table is configured to allocate the same private APN for applications accessing different intranets 500-1, ..., 500-N.

Referring to FIG. 3, when traffic of a specific application is generated in the terminal 100 and delivered to the mobile gateway 110, the mobile gateway 110 detects whether the traffic generated by the terminal 100 is traffic due to a new flow. (S110). Here, the terminal 100 may detect whether a new flow refers to the flow table for each application of [Table 1] set in the mobile gateway 110. That is, if the flow information on the application traffic generated in the terminal 100 is not included in the application-specific flow table of [Table 1], it is detected as traffic by the new flow.

Accordingly, the mobile gateway 110 provides a private network with a connection request message including application information generating traffic by the new flow and flow information of the application for application-specific private network service according to an embodiment of the present invention. Transmission to the communication unit 210 (S120).

The private network communication unit 210 generates a hash value, which is classification information for distinguishing an application generating traffic by a new flow, according to an access request transmitted from the mobile gateway 110 (S130), and applies the generated hash value to an application to which the generated hash value is applied. After generating the corresponding data policy and the charging control value (S132), a network policy for setting intranets 500-1, ..., 500-N to which the traffic of the application is to be connected is set (S134). Here, the generation method of the hash value will be described in detail later.

Thereafter, the private network communication unit 210 transmits an access permission message including the hash value generated in step S130 to the terminal 100 (S140).

Through this process, the terminal 100 may obtain a hash value that is classification information for distinguishing a new flow generated by an application or an application that has generated a new flow.

Thereafter, the mobile gateway 110 changes the DSCP field of the IP header of the traffic to the hash value obtained in step S140. That is, the hash value obtained in the step S140 is recorded in the DSCP field of the IP header of the traffic.

The mobile gateway 110 transmits the traffic whose hash value is recorded as the DSCP value to the communication control unit 210 of the core network apparatus 200 through the terminal 100 (S160). At this time, the traffic transmitted from the terminal 100 to the core network device 200 may include a public APN or a private APN, but in the embodiment of the present invention, the terminal 100 is intended for an application accessing the private network. The private APN is included in the traffic transmitted to the core network apparatus 200 by internal routing using a routing table inside the terminal 100.

When the communication control unit 210 confirms that the APN, which is the access information of the received traffic, is the private APN for the private network service (S162), the communication control unit 210 transmits the corresponding traffic to the private network communication unit 230 (S164).

Thereafter, the private network communication unit 230 confirms the value of the DSCP field, that is, the hash value of the IP header of the traffic transmitted from the terminal 100 through the communication control unit 210 (S166), and corresponds to the identified hash value. The application is identified by the hash value through the data policy, and the corresponding traffic is transmitted to the private networks 500-1, ..., 500-N set in the network policy in response to the identified application (S168). At this time, the private network communication unit 230 may perform QoS control and charging control of the corresponding traffic through a data policy corresponding to the identified hash value. In addition, when it is determined that the corresponding private network is, for example, intranet 1 (500-1) for the application identified by the hash value, the private network communication unit 220 sends the received traffic to the intranet 1 (500-). To 1).

Thereafter, after the communication between the terminal 100 and the intranets 500-1, ..., 500-N is performed, the private network communication unit 230 may also charge information according to the charging control value corresponding to the hash value of the corresponding traffic. Can be charged separately for each application.

In this way, the private network communication unit 230 generates and uses a hash value, which is classification information for dividing each application, specifically, for each application flow, so as to use one private connection information, that is, a private APN, by using the hash value. In addition to providing a corresponding private network service by dividing the flow of the network, separate charging for each application can be performed.

Hereinafter, the application-specific private network service method shown in FIG. 3 will be described in more detail with respect to the application-specific private network service using the communication network system 20 when the core network device 200 shown in FIG. 2 is LTE EPC. .

4 is a flowchart illustrating a specific example of a private network service method for each application according to an embodiment of the present invention. FIG. 4 relates to an application-specific private network service method performed by the communication network system 20 shown in FIG. 2.

First, the mobile gateway 710 mounted in the terminal 700 checks all the leaked traffic of the terminal 700 to check whether the traffic is caused by the new flow of the application (S210). Here, the mobile gateway 710 may determine whether a new flow from the flow table for each application shown in Table 1 based on the flow information (Src IP, Src port, Dst IP, Dst port, protocol) of the application traffic. . That is, if the flow information of the traffic is not included in the application-specific flow table, it may be determined that the traffic is caused by the new flow. Therefore, when the traffic is caused by the new flow of the application, a new entry is added to the application-specific flow table shown in [Table 1].

On the other hand, if it is determined that the application is not a new flow, that is, if the flow information of the traffic is already included in the application-specific flow table, the original path, that is, the core network device 600, without the additional additional operation, Specifically, it delivers to the S-GW 613.

In this example, it is assumed that the traffic is caused by the new flow.

Although the mobile gateway 710 detects all leaked traffic of the terminal by operating as a VPN application without a separate authority of the terminal 700, the mobile gateway 710 may also operate in the form of an application or a system application to which a separate authority is granted. That is, the operation of the mobile gateway 710 is not limited to the VPN application method.

Next, the mobile gateway 710 checks the flow information of the traffic detected as the traffic by the new flow and the application information corresponding thereto, for example, the package name of the application (S220). In the present exemplary embodiment, the application package name is checked, but the present invention is not limited thereto.

Thereafter, the mobile gateway 710 transmits an access request message for requesting segmentation information for distinguishing a new flow to the private PCRF 632 which is always connected through the session (S230). At this time, the access request message includes user information (IMSI, private APN, etc.), application package name information, and flow information.

The private PCRF 632 requests the subscriber QoS profile from the private SPR 633 based on the user information received from the mobile gateway 110 (S240), and obtains the subscriber QoS profile (S242).

Private PCRF 632 then checks the application package name in the subscriber QoS profile. When the terminal 700 is subscribed to the application-specific private network service, registered application package names are recorded in the subscriber QoS profile, and when the terminal 700 is not subscribed to the application-specific private network service, separate application information is recorded in the subscriber profile. It doesn't work.

In the embodiment of the present invention, it is assumed that the application package name received from the mobile gateway 710 in step S230 is recorded in the subscriber QoS profile. That is, it is assumed that the application received from the mobile gateway 710 in step S230 is subscribed to a private network service.

Therefore, the private PCRF 632 checks whether the application requested for access is subscribed to the application-specific private network service through the subscriber QoS profile information (S250).

If the requested application is not subscribed to the application-specific private network service, the private PCRF 632 transmits a connection failure message to the mobile gateway 710. Accordingly, the mobile gateway 710 receiving the access failure message may block the traffic according to a preset policy for the traffic or process the connection to the Internet 400 through the public P-GW 621. Can be.

On the other hand, if it is determined that the requested application is subscribed to the application-specific private network service, the private PCRF 632 may determine a hash value (or checksum) between 0 and 127 based on the application flow information. 1] (S252).

Where D is the calculated hash value, that is, the DSCP value (or checksum), n is the Src port of the application flow requested for the connection, and r is a secret key value between 0 and 127.

Thereafter, the private PCRF 632 receives QoS and charging information included in the user QoS profile received from the private SPR 633, that is, the lowest guaranteed bandwidth (GBR), the maximum bandwidth (MBR), and the charging group information. And flow information included in the access request of the UE, that is, Src IP, Src port, Dst IP, Dst port, protocol information, and hash values generated by Equation 1 as shown in [Table 2]. The same PCC rule is generated (S254), and the generated PCC rule is transmitted to the private P-GW 631 (S260).

The private P-GW 631 additionally sets the PCC rule delivered from the private PCRF 632 internally (S262), and also provides network policy information corresponding to the PCC rule as shown in [Table 3]. Add to the table (S264). That is, the private P-GW 631 separates the traffic to be delivered later, and according to the network policy corresponding to the traffic information and the hash value for each application, the intranets 500-1, ..., 500- N) can be connected to the corresponding intranet.

When the series of table addition process is normally completed, the private P-GW 631 transmits a PCC rule addition response message to the private PCRF 632 to notify normal rule addition and policy table addition (S266).

As such, when the PCC rule additional response message is normally received, the private PCRF 632 transmits an access permission message to the mobile gateway 710 (S268). The access permission message includes the flow information included in the access request message and a hash value (DSCP value) calculated in the step S250.

Then, the mobile gateway 710 completes the table update operation for the flow by adding the hash value (DSCP value) included in the received connection response message to the application-specific flow table as shown in [Table 1] ( S423).

Thereafter, the mobile gateway 710 includes the new flow detected in the step S210 in the application-specific flow table shown in [Table 1], so that the value of the DSCP field of the IP header of the corresponding traffic is determined by the application-specific flow table. Update to the corresponding hash value, that is, DSCP value within (S270), and the traffic whose DSCP field is updated is transmitted to the private P-GW 231 through the terminal 100 (S280).

As such, the private P-GW 631 that receives the traffic whose DSCP field corresponding to the traffic is updated receives the flow information (Src IP, Src port, Dst IP, Dst port, protocol) and DSCP field included in the received traffic. Check the value of (S282).

Thereafter, the private P-GW 631 checks the application corresponding to the checked flow information and the DSCP value, that is, the policy rule name, and displays the private network information (VLAN) corresponding to the checked application. After confirming in the network policy table as shown in [], the traffic is forwarded to the identified private network, that is, intranets 500-1, ..., 500-N (S284). At this time, the private P-GW 631 may perform validation between the flow information of the transmitted traffic and the DSCP value. That is, the private P-GW 631 is recorded in the private P-GW 631 and the value calculated through Equation 1 using the flow information of the transmitted traffic and the random value used in the conventional calculation of the DSCP value. Validation can be done by comparing the DSCP values to see if they are identical.

In addition, when the private P-GW 631 receives the traffic from the terminal 700, the private P-GW 631 checks the flow information (Src IP, Src port, Dst IP, Dst port, protocol) and the DSCP value included in the traffic. According to the PCC table of the P-GW 631, processing is performed according to the lowest guaranteed bandwidth (GBR), the maximum bandwidth (MBR), and the charging groups.

In addition, the private P-GW 631 checks the traffic amount in real time / non-real time and transfers the charging information to the private OFCS / OCS 634 recorded in the charging group (S290).

 As such, according to the application-specific service method according to an embodiment of the present invention, traffic is transmitted from the terminal 700 to the private P-GW 631 through one private access information, that is, a private APN, and is independent of each other. Since intranets 500-1, ..., 500-N are implemented for each application, private network services can be provided for each application at low cost.

Next, a description will be given of an application-specific private network service method in the terminal 100 and the private network communication unit 230 according to an embodiment of the present invention.

5 is a flowchart illustrating an application-specific private network service method in the terminal 100 according to an embodiment of the present invention.

Referring to FIG. 5, the terminal 100, specifically, the mobile gateway 100 installed in the terminal 100 checks all outflow traffic of the terminal 100 and detects traffic due to a new flow of an application (S310). ).

Next, the mobile gateway 110 checks the flow information of the traffic detected as the traffic by the new flow and the application information corresponding thereto (S320), and then detects the new flow with the private network communication unit 230 that is always connected through the session. The access request message for the traffic is transmitted (S330). At this time, the traffic detected by the new flow may be added as a new entry in a table corresponding to the application-specific traffic information.

Thereafter, the mobile gateway 110 determines whether an access permission message is received from the private network communication unit 230 (S340), and if the access permission message is received from the private network communication unit 230, the mobile gateway 110 responds to the connection. A hash value (DSCP value) included in the message is obtained (S350). In this case, the obtained hash value may be added as a DSCP value in a new entry in a table corresponding to application-specific traffic information.

Next, the mobile gateway 110 updates the value of the DSCP field of the IP header of the traffic by the new flow detected in the step S310 to the hash value obtained in the step S350, that is, the DSCP value (S360). In step S370, the DSCP field is updated to the private network communication unit 230 through the terminal 100.

6 is a flowchart of an application-specific private network service method in the private network communication unit 230 according to an embodiment of the present invention.

Referring to FIG. 6, when the private network communication unit 230 receives a connection request message of traffic from the terminal 100, specifically, the mobile gateway 110 installed in the terminal 100 (S410). Check the flow information of the received traffic (S420).

Thereafter, the private network communication unit 230 calculates a hash value, that is, a DSCP value, for the corresponding traffic using Equation 1 above using the flow information of the traffic identified in step S420 (S430). .

Next, the private network communication unit 230 generates a PCC rule by using the data policy information corresponding to the subscriber information of the terminal 100, the charging control value and the flow information of the traffic, and the hash value generated in the step S430 (S430). In operation S434, network policy information including information on private networks 500-1, ..., 500-N to which the received traffic is to be communicated is generated (S434).

The private network communication unit 230 includes the hash value generated in the step S430 together with the flow information of the corresponding traffic in the access permission message and transmits it to the mobile gateway 110 of the terminal 100 (S440).

Thereafter, the terminal 100 checks whether the traffic requested for access is received in step S410 (S450). If the corresponding traffic is received from the terminal 100, the flow information and the DSCP value are received from the received traffic. Check (S460).

Then, traffic is transmitted to the corresponding private networks 500-1, ..., 500-N according to PCC rules and network policies corresponding to the checked DSCP values (S470).

The private network communication unit 230 checks the traffic amount in real time / non-real time and performs separate charging for each application according to the charging control value (S480).

The embodiments of the present invention described above are not only implemented through the apparatus and the method, but may be implemented through a program for realizing a function corresponding to the configuration of the embodiments of the present invention or a recording medium on which the program is recorded.

Although the embodiments of the present invention have been described in detail above, the scope of the present invention is not limited thereto, and various modifications and improvements of those skilled in the art using the basic concepts of the present invention defined in the following claims are also provided. It belongs to the scope of rights.

Claims (16)

A method of providing a service for connecting a private network corresponding to an application installed in a terminal by a communication network system connected to a plurality of private networks,
Receiving request for classification information on a flow of an application from the terminal;
Generating segmentation information about the flow of the application using the information of the flow of the application,
Managing a private network to which traffic by the flow of the application is transmitted among the plurality of private networks in correspondence with the classification information on the flow of the application;
Delivering classification information on the flow of the application to the terminal; and
When traffic is received from the terminal through a base station, extracting the classification information included in the header of the received traffic, and forwarding the received traffic to the private network corresponding to the extracted classification information from the plurality of private networks
Private network service providing method comprising a. The method of claim 1,
In the step of managing in correspondence with the classification information for the flow of the application,
Corresponding to the private network to which the traffic by the flow of the application will be delivered and the identification information of the application correspond to the network information table,
And a traffic management policy corresponding to the application and the classification information, and storing them as a data policy table. The method of claim 2,
Delivering the received traffic,
Extracting classification information included in a header of traffic received through the second path,
Specifying an application corresponding to the extracted classification information by using the data policy table;
Specifying a private network to which a specified application is to be connected using the network policy table, and
Forwarding the received traffic to a specified private network
Including, private network service providing method. The method of claim 3,
Delivering the received traffic to the specified private network,
And transmitting the received traffic to a private network specified through the network policy table according to a traffic quality management policy identified in correspondence with the classification information included in the received traffic through the data policy table. The method of claim 2,
The data policy table further includes an application-specific charging policy specified by application-specific information.
After forwarding the received traffic to the specified private network,
And charging the received traffic according to the charging policy identified in correspondence with the classification information included in the received traffic through the data policy table. The method of claim 1,
The classification information is recorded in a Differentiated Services Code Point (DSCP) field of an Internet Protocol (IP) header of the received traffic. The method of claim 1,
The classification information for the flow of the application is generated based on the information of the source port of the flow of the application, private network service providing method. The method of claim 1,
The first path that receives the segmentation information about the flow of the application from the terminal and delivers the segmentation information about the flow of the application to the terminal is different from the second path that receives the traffic from the terminal through the base station. Another route, a private network service delivery method. A method for transmitting traffic to a communication network system by a terminal,
Storing flow classification information assigned by the communication system to distinguish applications accessing at least one private network;
When at least one packet occurs in a specific application, determining whether the classification information corresponding to the flow of the specific application is stored in the flow classification information;
If specific classification information corresponding to the flow of the specific application is stored, transmitting traffic including the specific identification information in a header of the packet to the communication network system, and
If the segmentation information corresponding to the flow of the specific application is not stored, after obtaining the specific segmentation information corresponding to the flow of the specific application from the communication network system, the traffic including the specific segmentation information in the header of the packet is acquired. Transmitting to the network system
Traffic transmission method of the terminal comprising a. The method of claim 9,
After acquiring the specific classification information corresponding to the flow of the specific application from the communication network system, transmitting the traffic including the specific identification information in the header of the packet to the communication network system,
Transmitting the information on the flow of the specific application to the communication network system to request the specific classification information; and
When the specific segmentation information is received from the network system, transmitting traffic including the specific segmentation information in a header of the packet to the network system.
It comprises a traffic transmission method of the terminal. The method of claim 10,
The first path for requesting the specific classification information on the flow of the specific application to the communication network system, and receiving the specific classification information from the communication network system, a second path for transmitting traffic to the communication network system through the base station The traffic transmission method of the terminal and a different path. The method of claim 11,
The terminal includes a mobile gateway that is a VPN (Virtual Private Network) application,
The request for the specific classification information by transmitting information on the flow of the specific application to the communication network system,
Requesting, by the mobile gateway, the division information on the flow of the specific application to the communication network system through the first path,
The specific classification information is received from the communication network system,
Wherein the mobile gateway receives the specific classification information for the flow of the specific application from the communication network system through the first path,
A traffic transmission method of a terminal. The method of claim 9,
An application-specific flow table for managing the specific classification information received from the communication network system and the flow of the specific application;
Determining whether the classification information corresponding to the flow of the specific application is stored,
Determined according to whether the information on the flow of the specific application is in the flow table for each application,
A traffic transmission method of a terminal. A network system connected to a plurality of private networks,
By using the information on the application flows received from the terminal to generate the classification information for distinguishing each application flow, delivers the classification information corresponding to each application flow to the corresponding terminal, the classification information corresponding to each application flow A private policy and billing server that manages the server in correspondence with the private network to which the application is connected, and
When the traffic of a specific terminal is received through the base station and is connected to the plurality of private networks, the classification information included in the header of the received traffic is extracted, and the traffic received from the specific terminal is transferred to the private network corresponding to the extracted classification information. Passing private gateway
Network system comprising a. The method of claim 14,
The private policy and billing server,
The private gateway includes a network policy table for managing correspondence between the private network to which traffic by the application flow is transmitted and the classification information of the application flow, and a data policy table for managing the traffic management policy corresponding to the application and the classification information. To and
When traffic is received from the terminal and the segmentation information is extracted, the private gateway specifies an application corresponding to the segmentation information using the data policy table, and uses the network policy table as a private network to which the specified application is connected. Specified by
Network system. The method of claim 15,
The data policy table further includes a billing policy for each application specified by application-specific information.
The private gateway performs charging for traffic received according to a charging policy corresponding to the distinguishing information identified through the data policy table.
Network system.

Images