KR20200020544A - Method and system for private network service in 5g communication network - Google Patents

Abstract

A dedicated network service method and a system thereof are provided. The method, as a dedicated network service method performed in a session management device of a 5G communication network, comprises the steps of: establishing a public network session between a public network traffic gateway and a terminal connected to a public network; receiving a session creation request including a dedicated network slice identifier from the terminal; and establishing a dedicated network session between a dedicated network traffic gateway corresponding to the dedicated network slice identifier and the terminal among at least one dedicated network traffic gateway independently connected to at least one dedicated network. The dedicated network session is additionally established independently of the public network session, while the establishment of the public network session is valid for the terminal.

Description

METHOD AND SYSTEM FOR PRIVATE NETWORK SERVICE IN 5G COMMUNICATION NETWORK}

The present invention relates to a dedicated network service method and system therefor in a 5G communication network, and more particularly, to a dedicated network service technology for separating a public network and a private network through a core network.

As the broadband mobile communication market became active and the penetration rate of smartphones expanded, the demand for utilizing broadband mobile communication and smartphones for corporate services increased. In the enterprise service based on the conventional LTE (Long Term Evolution) communication system, the core network is divided into a private network such as a corporate internal network and a public network such as an internet network, thereby providing an enterprise-specific data service.

As such, an APN (Access Point Name) is used to classify and service a public network and a private network through a core network. The APN is composed of an APN-NI (Network Identifier) and an APN-OI (Operator Identifier). The APN-NI is used as a network identifier, and the APN-OI is used as an identifier of an operator or an operator identifier.

Conventional network access technology using APN has been largely used two techniques. One technique is a method of changing an APN-NI in a terminal.

This method connects to a public network using a default APN-NI when the terminal is powered on (power-on). Here, the default APN-NI is generally set to a public network identifier. In order for the terminal to access the private network, the default APN-NI should be changed to the dedicated network identifier. As such, in order to change the APN-NI, in the related art, the APN change app must be installed in the terminal or the user must directly change the APN-NI through the terminal setting menu.

Another dedicated network access technology using APN is a method of changing APN-OI in a network device such as a home subscriber system (HSS). In this scheme, even if the terminal transmits a default APN-NI, the APN-OI is changed to an identifier corresponding to the dedicated network at the network side, thereby eliminating the need for the APN change at the terminal.

However, both of these conventional methods assume the APN change in the terminal or the network to access the dedicated network.

In the method of changing the APN-OI, the terminal does not change the APN, but it is necessary to notify the network in advance whether the network needs to be accessed so as to change the APN in the network. Since this operation can also be based on the premise of installing a separate app on the terminal, a change in the terminal is required.

In addition, as described above, the method of changing the APN is always directed to the public network or the dedicated network, the traffic of the terminal corresponding to the currently set APN. Therefore, it is impossible for the terminal to selectively transmit traffic to the public network and the dedicated network. In addition, when accessing the private network, general Internet use is impossible unless the dedicated network provides external Internet interworking.

One problem to be solved by the present invention is to provide a dedicated network service method and system that can access a dedicated network without installing a specific app or changing the terminal using a network slicing technology of 5G communication network.

Another object of the present invention is to provide a dedicated network service method and a system capable of selectively accessing a public network and a dedicated network without a separate network switching procedure.

According to one aspect of the present invention, the dedicated network service method is a dedicated network service method performed in a session management apparatus of a 5G communication network, establishing a public network session between a public network traffic gateway connected to a public network and a terminal, from the terminal to the dedicated network. Receiving a session creation request including a slice identifier, and establishing a dedicated network session between the terminal and the dedicated network traffic gateway corresponding to the dedicated network slice identifier among at least one dedicated network traffic gateway independently connected to at least one dedicated network. And the private network session is further established independently of the public network session, with the establishment of the public network session valid for the terminal.

The dedicated network slice identifier may be included in the terminal policy information including the path selection information of the terminal and transmitted to the terminal.

The dedicated network slice identifier may be included in the terminal policy information transmitted to the terminal when the network is registered with the terminal.

After establishing the dedicated network session, identifying a network slice identifier included in the session release request received from the terminal; if the network slice identifier is a public network slice identifier, releasing the establishment of the public network session; And if the network slice identifier is a dedicated network slice identifier, further comprising the step of releasing the establishment of the dedicated network session, the establishment of the public network session and the establishment of the dedicated network session can be made independently of each other.

The establishing of the public network session may include: establishing a public network session based on the public network slice delimiter when receiving a session creation request including a public network slice delimiter from the terminal, wherein the public network slice delimiter It may be a default NSSAI (Network Slice Selection Assistance Information) set in the terminal.

According to another aspect of the present invention, a dedicated network service method is a dedicated network service method performed in a terminal of a 5G communication network, receiving and storing terminal policy information including a dedicated network slice identifier, in a state in which a public network and a session are connected, When a connection event occurs, transmitting a dedicated network session creation request including the dedicated network slice identifier to a session managing device, and connecting the dedicated network traffic gateway corresponding to the dedicated network slice identifier with the dedicated network session under the control of the session managing device. And the dedicated network session is maintained at the same time independently of the public network session.

After the dedicated network session is connected, if a dedicated network release event occurs, a dedicated network session release request including the dedicated network slice identifier is transmitted to the session managing device, and the dedicated network session is released under the control of the session managing device. The method may further include the step of releasing the private network session, which may be performed separately from the public network.

After the step of connecting the dedicated network session, if a public network release event occurs, a public network session release request including a shared network slice identifier is transmitted to the session management device, and the public network session is controlled by the session management device. The release may further include the step of releasing, and the release of the public network session may be performed separately from the private network.

The storing may further include transmitting a terminal registration request to a policy control device, and receiving a terminal registration response including the terminal policy information from the policy control device.

The terminal policy information includes a dedicated network delimiter, a dedicated network slice delimiter corresponding to the dedicated network delimiter, and dedicated network flow information corresponding to the dedicated network delimiter, wherein the transmitting comprises: when the traffic occurs, the flow information of the traffic is determined. Comparing with the dedicated network flow information, if the flow information of the traffic is included in the dedicated network flow information, determining the traffic as a dedicated network traffic, and generating and transmitting the request for creating a dedicated network session.

After the comparing, if the flow information of the traffic is not included in the dedicated network flow information, the method may further include determining the traffic as public network traffic and transmitting the traffic to the public network.

The dedicated network flow information may include an IP band allocated to the dedicated network or a server address connected to the dedicated network.

After the storing, if the dedicated network flow information is changed, the method may further include updating terminal policy information including the changed dedicated network flow information according to a request of a policy control apparatus.

According to still another aspect of the present invention, a dedicated network service system includes an integrated data store for storing terminal policy information including a dedicated network slice identifier subscribed to a terminal, a policy control apparatus for transmitting the terminal policy information to the terminal, and the terminal. And a session management apparatus for additionally establishing a dedicated network session in the terminal when receiving a session creation request including a dedicated network slice identifier from the terminal.

The integrated data store maps and registers a terminal identifier and the dedicated network slice identifier, and transmits terminal policy information including the dedicated network slice identifier corresponding to the terminal identifier identified from the terminal registration request of the policy control apparatus to the policy control apparatus. The policy control apparatus may transmit a terminal registration response including the terminal policy information received from the integrated data store to the terminal.

The dedicated network service system further includes a dedicated network traffic control apparatus configured to set and transmit dedicated network flow information to the integrated data repository, wherein the integrated data repository maps the terminal identifier, the dedicated network slice identifier, and the dedicated network flow information. And the terminal policy information includes a dedicated network slice identifier and a dedicated network flow information mapped to a terminal identifier identified from the terminal registration request, wherein the dedicated network flow information requires that a traffic generated from the terminal be required to establish a dedicated network session. It can be used to determine whether the dedicated network traffic.

The apparatus for controlling a dedicated network traffic changes the dedicated network flow information according to a request of a dedicated network service subscriber, transmits the changed dedicated network flow information to the integrated data store, and the integrated data store includes the changed dedicated network flow information. Requesting an update of the policy information to the policy control device, the policy control device may transmit the updated terminal policy information including the changed dedicated network flow information to the terminal.

The dedicated network service system further includes a public network traffic gateway connected to a public network, and at least one dedicated network traffic gateway independently connected to at least one dedicated network, wherein the session managing device includes a session creation request received from a terminal A network slice identifier is identified from the network slice identifier, and a session creation request is forwarded to a traffic gateway corresponding to the network slice identifier, wherein the network slice identifier includes a public network slice identifier and at least one dedicated network slice identifier. The delimiter may be set to the terminal by default.

The dedicated network service system may further include a mobility management device that selects a session management device based on a network slice identifier identified from the session creation request received from the terminal, and delivers the session creation request to the selected session management device. The session management apparatus may include a public network session management apparatus connected to the public network traffic gateway, and a dedicated network session management apparatus independently connected or commonly connected to the at least one dedicated network traffic gateway.

The network path for establishing the public network session and the network path for establishing the private network session are separated through a network slice identifier, and the network path includes at least one of a base station, a mobility management device, a session management device, and a traffic gateway. This can be identified through a network slice delimiter.

According to an embodiment of the present invention, the public network and the private network can be selectively connected without a separate network switching procedure.

In addition, unlike the prior art, which had to precede the procedure of canceling an existing session at the time of network switching, in the embodiment of the present invention, only a dedicated network session may be selectively connected and terminated as needed without a procedure of canceling a session already connected while the public network session is connected. It can be done with

In addition, with simultaneous access to the public network and the private network, based on the 5G terminal path selection policy, general traffic can be delivered to the public network and dedicated traffic to the private network, so that users can access the public network and the private network without a network switching procedure. Available at the same time.

1 is a block diagram illustrating a dedicated network service system of a 5G communication network according to an embodiment of the present invention.
2 is a block diagram illustrating a dedicated network service system of a 5G communication network according to another embodiment of the present invention.
3 is a block diagram illustrating a dedicated network service system of a 5G communication network according to another embodiment of the present invention.
4 is a block diagram illustrating a dedicated network service system of a 5G communication network according to another embodiment of the present invention.
5 is a flowchart illustrating a process of setting a dedicated network slice separator in a terminal through terminal policy information according to an embodiment of the present invention.
6 is a flowchart illustrating a public network session establishment process according to an embodiment of the present invention.
7 is a flowchart illustrating a process of additionally establishing a private network session in a state where a public network session is established according to an embodiment of the present invention.
8 is a flowchart illustrating a process of changing dedicated network flow information according to an embodiment of the present invention.
9 is a flowchart illustrating a process of releasing a PDU session according to an embodiment of the present invention.
10 is a hardware block diagram of a terminal according to an embodiment of the present invention.
11 is a hardware block diagram of a network device according to an embodiment of the present invention.

DETAILED DESCRIPTION Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art may easily implement the present invention. As those skilled in the art would realize, the described embodiments may be modified in various different ways, all without departing from the spirit or scope of the present invention. In the drawings, parts irrelevant to the description are omitted in order to clearly describe the present invention, and like reference numerals designate like parts throughout the specification.

Throughout the specification, when a part is said to "include" a certain component, it means that it can further include other components, except to exclude other components unless specifically stated otherwise.

In addition, the terms “… unit”, “… unit”, “… module” described in the specification mean a unit that processes at least one function or operation, which may be implemented by hardware or software or a combination of hardware and software. Can be.

In the present specification, a terminal is a user device, and includes a device, a user equipment (UE), a mobile equipment (ME), a mobile station (MS), a mobile terminal (MT), a subscriber station (subscriber station, SS, Portable Subscriber Station (PSS), User Equipment (User Equipment, UE), Access Terminal (Access Terminal, AT), etc. may be referred to in terms of mobile terminal, subscriber station, portable subscriber station, It may also include all or part of the functionality of the user device.

The base station (BS) is an access point (AP), a radio access station (RAS), a node B (Node B), a base transceiver station (BTS), a mobile multihop relay (MMR). ) -BS and the like, and may include all or part of the functions of an access point, a radio access station, a Node B, a base transceiver station, an MMR-BS, and the like.

Expression used in the singular herein may be interpreted in the singular or plural unless an explicit expression such as “one” or “single” is used.

Embodiments of the present invention may be supported by standard documents related to 3rd Generation Partnership Project (3GPP) 5G systems, such as the Study on Architecture for Next Generation System (FS_NextGen). That is, steps or parts which are not described to clearly reveal the technical spirit of the present invention among the embodiments of the present invention may be supported by the above document. In addition, all terms disclosed in the present document can be described by the above standard document.

According to an embodiment of the present invention, a communication system uses a dedicated network service technology that separates a public network and a private network through a core network, and allows only a specific region or a specific subscriber to access the private network. Here, the public network is a general network that is allowed to an unspecified number, and may be referred to as a public network, the Internet, or a public network. A private network is a network that allows external access to a specific subscriber and may be referred to as a private network, an internal network, an internal network, an intranet, or a private network.

A method and system for providing a dedicated network service in a 5G communication network according to an embodiment of the present invention will now be described with reference to the drawings.

1 is a block diagram illustrating a dedicated network service system of a 5G communication network according to an embodiment of the present invention, FIG. 2 is a block diagram illustrating a dedicated network service system of a 5G communication network according to another embodiment of the present invention, and FIG. 3. Is a block diagram showing a dedicated network service system of a 5G communication network according to another embodiment of the present invention, Figure 4 is a block diagram showing a dedicated network service system of a 5G communication network according to another embodiment of the present invention.

Referring to FIG. 1, a dedicated network service system includes a terminal 101 and 103, a base station (hereinafter referred to as 'gNB') 105, and an access management capability (AMF). 107), Session Management Function (hereinafter referred to as 'SMF') 109, Public Traffic Gateway (hereinafter referred to as User Plane Function, hereinafter referred to as 'UPF') 111, A plurality of dedicated UPFs 113 and 115, a Policy Control Function (hereinafter referred to as 'PCF') 123, and a subscriber storage device (User Data Management, hereinafter referred to as 'UDM') 125 ), Unified Data Repository (hereinafter referred to as 'UDR') 127, Enterprise Network Control Function (hereinafter referred to as 'ETCF') 129, Network Repository (Network) Repository Function, hereafter referred to as 'NRF' 131.

The terminals 101 and 103 are connected to a core network (CN) through the gNB 105. The terminals 101 and 103 transmit and receive data to and from data networks (DNs) 117, 119 and 121 connected through the core network. The data network is divided into a public network 117 and at least one dedicated network 119 and 121.

The terminals 101 and 103 are connected to the AMF 107 through the gNB 105 and perform a signaling procedure for establishing a PDU session. The terminals 101 and 103 are connected to at least one UPF 11, 113, and 115 through a protocol data unit (PDU) session among the plurality of UPFs 111, 113, and 115.

Terminals 101 and 103 include a general app and a dedicated app, and are divided into A terminal 101 and B terminal 103 according to a dedicated network to which the terminal has subscribed. It includes a general app and a dedicated app in common. The generic app generates public network traffic destined for the public network 117, and may be an app such as, for example, Youtoube. The dedicated app generates the dedicated network traffic destined for the dedicated networks 119 and 121, and may be, for example, an in-house mail or a virtual private network (VPN) app.

The terminals 101 and 103 transmit a PDU session request message to the AMF 107 requesting creation of a PDU session with the public network 117 or the private network 119 and 121. The PDU session request message may be included in an attach request message.

The terminals 101 and 103 include a data network name (DNN) and a network slice identifier in the PDU session request message. When the terminal (101, 103) is connected to the network for the first time, the default network slice identifier is included in the PDU session request message and transmitted, thereby connecting to the public network (117).

The default network slice identifier may be Single-Network Slice Selection Assistance Information (S-NSSAI) as defined in the 5G standard. S-NSSAI includes a slice / service type (SST) and a slice differentiator (SD). SST is defined with three values as shown in Table 1 below.

SST Explanation One Enhanced Mobile Broadband (eMBB) 2 Ultra reliability and low latency communication (URLLC) 3 Massive IoT (MIoT)

SD is used to classify the network again within the same SST. At this time, a mobile terminal such as a smartphone is set to 'SST = 1', the default network slice identifier may include this 'SST = 1'.

When the dedicated network traffic occurs, the terminals 101 and 103 are connected to the dedicated networks 119 and 121 by including the DNN and the dedicated network slice separator in the PDU session request message.

At this time, the dedicated network slice identifier is set from the terminal policy information received from the PCF (123) when the terminal (101, 103) network registration.

In 5G, the PCF 123 stipulates that the terminal policy information is transmitted to the terminals 101 and 103.

Here, the terminal policy information provides information on how the terminals 101 and 103 establish traffic routes. The terminal policy information is used by the terminals 101 and 103 and used to determine to which session the traffic transmitted by the terminals 101 and 103 is routed. The terminal policy information may set a traffic path in units of applications executed in the terminals 101 and 103. The terminals 101 and 103 store the terminal policy information received from the PCF 123, and the terminal policy information received from the PCF 123 most recently over the previously stored terminal policy information. According to an embodiment, the terminal policy information may be named a UE Route Selection Policy (URSP) described in the 5G standard document.

The terminal policy information includes a dedicated network identifier (Enterprise Identifier, EI), a dedicated network slice identifier (ESD) corresponding to the dedicated network identifier (EI), and a dedicated network identifier (EI). Contains flow information.

When the traffic occurs in the general app, the terminals 101 and 103 transmit the traffic to the public UPF 111. When traffic occurs in the dedicated app, the terminals 101 and 103 check the dedicated network slice identifier (ESD) corresponding to the identifier (EI) of the dedicated app from the terminal policy information. The traffic is transmitted to dedicated UPFs 113 and 115 to which a dedicated network session corresponding to the identified dedicated network slice identifier (ESD) is connected.

In this case, when the private network access event occurs, the terminals 101 and 103 connect the private network session at the same time while maintaining the public network session. That is, the public network session and the dedicated network session are simultaneously maintained independently at the terminals 101 and 103. As in the prior art, a procedure for terminating a public network session is not performed to connect a private network session.

Here, according to an embodiment of the present invention, the dedicated network access event may include a case where traffic occurs in the dedicated app A or the dedicated app B.

At this time, when traffic occurs, the terminals 101 and 103 compare the flow information of the traffic with the dedicated network flow information of the terminal policy information. The flow information may include a destination IP and a destination port or may include a destination IP band. The flow information may include IP and port of at least one server connected to the dedicated networks 119 and 121.

When the flow information of the traffic is included in the dedicated network flow information, the terminals 101 and 103 may determine the traffic as the dedicated network traffic and transmit the dedicated network session request message. On the other hand, when the flow information of the traffic is not included in the dedicated network flow information, the terminals 101 and 103 determine the traffic as public network traffic and transmit the traffic to the connected public network.

In addition, according to another embodiment of the present invention, the dedicated network access event may include a case of entering the dedicated network service area.

Subsequently, when a dedicated network release event occurs, the terminals 101 and 103 transmit a dedicated network session release message that includes a dedicated network slice identifier (ESD) to the AMF 107. Then, the release is performed for the dedicated network session separately from the public network session. In this case, the exclusive network release event may include a case in which the exclusive network service area is released.

In addition, the terminals 101 and 103 maintain a public network session and a dedicated network session, and when a public network release event occurs, the AMF (disabled network session release message including a default network slice identifier, that is, a default S-NSSAI) is transmitted. 107). Then, only the public network session is released while the private network session is maintained. Here, the public network release event may be a case where the public network session connection is forcibly blocked in the dedicated network service area.

The gNB 105 provides a radio connection to the terminals 101 and 103 by using a radio access technology (RAT), and connects the terminal 101 to the core network. The gNB 105 may include generic base stations including 5G and non-3GPP access technologies such as Wi-Fi.

The core network is a set of devices that include control plane functions (CPF) and user plane functions (UPF). The control plane function (CPF) of the core network includes the AMF 107, the SMF 109, the PCF 123, the UDM 125, the UDR 127, the ETCF 129, and the NRF 131. The user plane function (UPF) of the core network includes a common UPF 111 and at least one dedicated UPF 113, 115.

The AMF 107 is connected to the gNB 105 to perform access and mobility management functions of the terminals 101 and 103 through non-access stratum (NAS) signaling. The AMF 107 manages the moving states of the terminals 101 and 103. For example, the AMF 107 manages which wireless access network the terminals 101 and 103 are currently connected to, and whether the terminal is in an idle state.

The AMF 107 receives a connection request message from the terminals 101 and 103. The AMF 107 receives a public network session request message or a dedicated network session request message from the terminals 101 and 103. AMF 107 selects SMF 109 using the DNN and network slice separator.

The AMF 107 queries the Internet Protocol (IP) or Fully Qualified Domain Name (FQDN) corresponding to the DNN and network slice identifier with the NRF 131 to obtain the address of the SMF 109.

The SMF 109 is connected to the AMF 107 and the plurality of UPFs 111, 113, and 115 so that the terminals 101 and 103 connect the PDU session with at least one UPF 111, 113, and 115. Perform

The SMF 109 confirms the network slice identifier from the PDU session request of the terminals 101 and 103 delivered from the AMF 107. In addition, UPFs 111, 113, and 115 corresponding to network slice identifiers are selected to establish a PDU session between the selected UPFs 111, 113, and 115 and the terminals 101 and 103.

The SMF 109 manages a mapping table as shown in Table 2 below, and may select the UPFs 111, 113, and 115 based on the mapping table.

Network slice separator UPF Public network slice separator Public UPF Dedicated Network Slice Separator (ESD) A Dedicated UPF A Dedicated Network Slice Separator (ESD) B Dedicated UPF B … …

The SMF 109 receives a session creation request message including a default S-NSSAI from the AMF 107 and establishes a public network session between the public UPF 111 and the terminals 101 and 103. The SMF 109 receives the session creation request message including the dedicated network slice identifier (ESD) from the AMF 107 while the public network session is established, and corresponds to the dedicated UPF 113 corresponding to the dedicated network slice identifier (ESD). 115 further establishes a dedicated network session between the terminal (101, 103). At this time, the dedicated network session, With the establishment of the public network session valid for terminals 101 and 103, it is added to terminals 101 and 103 independently of the public network session. That is, even if a dedicated network session is added, the previously connected public network session is not released.

When the SMF 109 receives the session release request message from the AMF 107, the SMF 109 establishes a session connection between the UPFs 111, 113, and 115 and the terminal 101 and 103 corresponding to the network slice identifier included in the session release request message. Release it. If the SMF 109 includes a default S-NSSAI in the session release request message, the SMF 109 releases the public network session between the public UPF 111 and the terminals 101 and 103. When the session release request message includes the dedicated network slice identifier (ESD), the SMF 109 releases the dedicated network session between the dedicated UPFs 113 and 115 and the terminals 101 and 103.

In this case, when the public network session and the dedicated network session are maintained at the same time, the SMF 109 releases the session only for the session corresponding to the network slice identifier included in the session release request message.

The PCF 123 determines a policy for session management, mobility management, quality of service (QoS) management, and the like of the terminals 101 and 103 and transmits the policy to the AMF 107 and the SMF 109. The PCF 123 transmits terminal policy information to the terminals 101 and 103 to set a path of traffic used by the terminals 101 and 103.

The UDM 125 divides and stores a subscriber profile for each of the terminals 101 and 103. The subscriber profile includes subscriber information, policy information, and the like. The subscriber information includes information for determining the mobility restriction of the terminals 101 and 103 and the DNN.

The UDR 127 is a unified storage that stores data necessary for the operation of entities in the core network. The UDR 127 stores dedicated network subscriber information such as Tables 3 and 4.

Private network ID Dedicated Network Slice Separator (ESD) Private network flow information One One 10.1.1.0/24 2 2 11.1.1.0/24 … … …

Terminal SUPI Private network ID 45008111111111 One 45008111111112 2 … …

Here, SUPI (Subscription Permanent Identifier) is a terminal identifier, and unique information of the terminals 101 and 103 may be used. For example, SUPI may include an International Mobile Subscriber Identity (IMSI). At this time, the enterprise flow information is provided from the ETCF 129.

The ETCF 129 serves to deliver dedicated network flow information to the UDR 127. Dedicated network flow information requires changes, such as additions and deletions. In general, the UDR 127 is in the carrier internal network and is not accessible to the subscriber. Accordingly, the ETCF 129 provides a user interface that enables the dedicated network subscriber to manage the dedicated network flow information. The ETCF 129 generates a table that maps the dedicated network flow information set by the dedicated network subscriber to the dedicated network ID provided from the UDR 127 and provides the table to the UDR 127, which is shown in Table 5 below.

Private network ID Private network flow information One 10.1.1.0/24 2 11.1.1.0/24 … …

The NRF 131 is a network function (NF) repository and performs a discovery request of an NF instance, an NF profile, and a maintenance function of an available NF instance. The NRF 131 provides the address of the SMF 109 at the request of the AMF 107. The NRF 131 provides the addresses of the UPFs 111, 113, and 115 at the request of the SMF 109.

The UPFs 111, 113, and 115 are connected to respective DNs 117, 119 and 121, and connect the terminals 101 and 103 to respective DNs 117, 119 and 121. The UPFs 111, 113, and 115 are traffic gateways, providing IP routing and forwarding functions, and providing packet filtering.

The UPFs 111, 113, and 115 transmit downlink PDUs transmitted from the DNs 117, 119, and 121 to the terminals 101 and 103, and transmit the uplink PDUs received from the terminals 101 and 103 to the DN 117. , 119, 121).

In the above 5G communication system, only the UPFs 111, 113, and 115 are distinguished through the network slice separator, but according to an embodiment of the present invention, at least one network of the gNB 105, the AMF 107, and the SMF 109 is used. Devices can be distinguished through network slice identifiers. This embodiment will be described with reference to FIGS. 2, 3, and 4, and the description of the same components as those of FIG. 1 will be omitted, and only other components will be described.

Referring to FIG. 2, since the AMF 107 is not divided into a public network and a private network, the terminals 101 and 103 are connected to one AMF 107. In addition to the UPFs 111, 113, and 115, the SMFs 109-1 and 109-3 are distinguished through network slice separators. That is, the public network 117 is connected to the common UPF 111 and the common SMF 109-1, and the dedicated networks 119 and 121 are connected to the respective dedicated UPFs 113 and 115 and the dedicated SMF 109-3. Connected. Here, the SMFs 109-1 and 109-3 are divided into only a public network and a dedicated network, but the dedicated SMF 109-3 may be independently connected to the individual dedicated UPFs 113 and 115.

In this case, the AMF 107 may establish a session with the terminals 101 and 103 among the common SMF 109-1 and the dedicated SMF 109-3 based on the network slice separator. Select.

Referring to FIG. 3, not only UPFs 111, 113, and 115, but also AMFs 107-1, 107-3, and SMF 109-1, 109-3 are distinguished through network slice separators. That is, the public network 117 is connected to the common UPF 111, the common SMF 109-1, the common AMF 107-1, and the dedicated networks 119 and 121 are the respective dedicated UPFs 113 and 115, It is connected to the dedicated SMF 109-3 and the dedicated AMF 107-3. Here, the AMFs 107-1 and 107-3 and the SMFs 109-1 and 109-3 are divided into a public network and a private network only, but the dedicated AMF 107-3 and the dedicated SMF 109-3 are separate. It may be independently connected to the dedicated UPFs 113 and 115.

At this time, the gNB 105 selects the AMFs 107-1 and 107-3 to which the terminals 101 and 103 are to be connected from among the shared AMF 107-1 and the dedicated AMF 107-3 based on the network slice separator. do. The common AMF 107-1 or the dedicated AMF 107-3 selects the SMFs 109-1, 109-3 to establish a session with the terminals 101, 103 based on the network slice separator.

Referring to FIG. 4, not only the UPFs 111, 113, and 115, but also the AMFs 107-1, 107-3, and SMF 109-1, 109-3 are distinguished through network slice separators. That is, the public network 117 is connected to the common UPF 111, the common SMF 109-1, the common AMF 107-1, and the dedicated networks 119 and 121 are the respective dedicated UPFs 113 and 115, It is connected to the dedicated SMF 109-3 and the dedicated AMF 107-3. Here, the AMFs 107-1 and 107-3 and the SMFs 109-1 and 109-3 are divided into a public network and a private network only, but the dedicated AMF 107-3 and the dedicated SMF 109-3 are separate. It may be independently connected to the dedicated UPFs 113 and 115.

In this case, the terminals 101 and 103 access the shared gNB 105-1 or the dedicated gNB 105-3 corresponding to the network slice identifier selected based on the flow information of the generated traffic. The shared gNB 105-1 or the dedicated gNB 105-3 is an AMF 107 to which the terminals 101 and 103 connect from among the shared AMF 107-1 and the dedicated AMF 107-3 based on the network slice identifier. -1, 107-3). The common AMF 107-1 or the dedicated AMF 107-3 selects the SMFs 109-1, 109-3 to establish a session with the terminals 101, 103 based on the network slice separator.

Based on the above configuration, a series of processes for providing a dedicated network service in a 5G communication network according to an embodiment of the present invention will be described. At this time, it demonstrates based on the Example structure of FIG.

5 is a flowchart illustrating a process of setting a dedicated network slice separator in a terminal through an URSP according to an embodiment of the present invention.

Referring to FIG. 5, the UDR 127 generates a dedicated network ID (ED) for distinguishing a dedicated network subscriber for each dedicated network subscriber and a dedicated network slice identifier (ESD) for identifying a dedicated network corresponding to the dedicated network ID (S101, S103). This may be as in Table 3. Here, the dedicated network subscriber may be an enterprise subscriber.

The UDR 127 registers a dedicated network ID (EI) and a dedicated network slice identifier (ESD) by mapping with SUPIs of the terminals 101 and 103 (S105), which may be as shown in Table 4 below. In this case, the UDR 127 may map SUPIs of employee terminals of a specific company to EI and ESD of the corresponding company.

The UDR 127 forwards the dedicated network ID (EI) to the ETCF 129 (S107). Then, the ETCF 129 generates the dedicated network flow information requested or set by the dedicated network subscriber (S109) and transmits the information to the UDR 127 (S111). In this case, the ETC 129 may provide the UDR 127 with information that maps the dedicated network flow information generated in the step S109 to the dedicated network ID EI received in the step S107, which may be as shown in Table 3 below.

The UDR 127 registers the dedicated network flow information received in step S111 by mapping to a dedicated network ID (EI) and a dedicated network slice identifier (ESD) as shown in Table 3 (S113).

Thereafter, when the first network registration event such as power-on of the terminals 101 and 103 occurs, the terminal registration request including the SUPI of the terminals 101 and 103 is transmitted to the AMF 107 (S115).

The AMF 107 requests the terminal authentication to the UDM 125 (S117) and receives a response (S119). At this time, the terminal authentication procedure (S117, S119) includes a communication authentication to determine whether the terminal (101, 103) is a terminal subscribed to the communication provider, that is, determine whether the terminal is an opening terminal.

When the AMF 107 receives the terminal authentication success response in step S119, the AMF 107 transmits a terminal policy request including the SUPI of the terminals 101 and 103 to the PCF 123 (S121). Then, the PCF 123 transmits the terminal policy request including the SUPI of the terminals 101 and 103 to the UDR 127 (S123).

The UDR 127 extracts a dedicated network ID (EI), a dedicated network slice identifier (ESD), and dedicated network flow information mapped to the SUPI received in step S123 (S125). The extracted information is included in the terminal policy information and transmitted to the PCF 123 (S129).

The PCF 123 transmits the received terminal policy information to the AMF 107 (S131). Then, the AMF 107 transmits the terminal registration response including the terminal policy information to the terminals 101 and 103 (S133).

As such, the terminals 101 and 103 may acquire the dedicated network slice identifier (ESD) and the dedicated network flow information to which the terminals 101 and 103 subscribe.

6 is a flowchart illustrating a public network session establishment process according to an embodiment of the present invention.

Referring to FIG. 6, after the network registration of FIG. 5, the terminals 101 and 103 transmit a PDU session creation request including a default network slice identifier (S-NSSAI) to the AMF 107 (S201).

The AMF 107 selects the SMF 109 based on the S-NSSAI (S203), and transmits a PDU session creation request to the SMF 109 (S205).

The SMF 109 requests the QoS policy of the terminals 101 and 103 from the PCF 123 (S207) and receives it (S209).

The SMF 109 selects the common UPF 111 based on the S-NSSAI received in step S205 (S211). Then, IPs to be used in the public network 117 are allocated to the terminals 101 and 103 (S213).

The SMF 109 transmits a PDU session creation request including the SUPI of the terminals 101 and 103 to the common UPF 111 and the QoS policy received in step S209 (S215).

When the SMF 109 receives the PDU session creation response from the public UPF 111 (S217), the SMF 109 transfers the PDU session creation response to the AMF 107 (S219). At this time, the PDU session creation response includes the IP allocated in step S213.

The AMF 107 transmits the received PDU session creation response to the terminals 101 and 103 (S221). Then, the terminals 101 and 103 establish a PDU session with the common UPF 111 (S223).

7 is a flowchart illustrating a process of additionally establishing a private network session in a state where a public network session is established according to an embodiment of the present invention.

Referring to FIG. 7, traffic is generated when the terminals 101 and 103 are in a state where the common UPF 111 and the public network session establishment S301 are valid (S303). The terminal 101, 103 compares the flow information of the generated traffic (S303) with the dedicated network flow information defined in the terminal policy information (S305), and determines whether it matches (S307). At this time, if it does not match, it is determined that the generated traffic (S303) as public network traffic, and transmits to the public UPF 111 (S309).

On the other hand, if it is determined in step S307 to match, the terminal (101, 103) determines the traffic generated (S303) as dedicated network traffic, the PDU session creation request including the dedicated network slice identifier (ESD) identified from the terminal policy information The transmission is sent to the AMF 107 (S311).

The AMF 107 selects the SMF 109 based on the dedicated network slice identifier (ESD) received in step S311 (S313). The AMF 107 transmits a PDU session creation request including the dedicated network slice identifier (ESD) to the selected SMF 109 (S315).

The SMF 109 requests the QoS policy of the terminals 101 and 103 from the PCF 123 (S317) and receives it (S319).

The SMF 109 selects the dedicated UPFs 113 and 115 based on the dedicated network slice identifier (ESD) received in step S315 (S321). The SMF 109 allocates the dedicated network IP to be used in the dedicated networks 119 and 121 to the terminals 101 and 103 (S323).

The SMF 109 transmits a PDU session creation request including the SUPI of the terminals 101 and 103 and the QoS policy received in step S319 to the dedicated UPFs 113 and 115 that are selected (S321) and receives a response (S325). (S327).

The SMF 109 transmits a PDU session creation response including the terminal IP allocated in step S323 to the AMF 107 (S329). The AMF 107 transmits the received PDU session creation response to the terminals 101 and 103 (S331). Then, the terminals 101 and 103 establish a PDU session with the dedicated UPFs 113 and 115 (S333). At this time, even if the dedicated network session is established (S333), the established public network session is maintained as is separate from the dedicated network session.

8 is a flowchart illustrating a process of changing dedicated network flow information according to an embodiment of the present invention.

Referring to FIG. 8, when the ETCF 129 changes the dedicated network flow information (S401), the ETCF 129 transmits the changed dedicated network flow information and the corresponding dedicated network ID (EI) to the UDR 127 (S403).

The UDR 127 maps and registers the received private network flow change information and the dedicated network ID (EI) (S403) (S405). The PCF 123 notifies a change of the dedicated network flow information (S407).

The PCF 123 applies the received network flow change information (S407) to the terminal policy information (S409), and notifies the AMF 107 of the terminal policy information update (S411).

The AMF 107 notifies the terminal 101, 103 of the terminal policy information update received in step S411 (S413).

The terminals 101 and 103 delete the pre-stored terminal policy information and update the terminal policy information received in step S413 (S415). The terminals 101 and 103 transmit a terminal policy information update response to the AMF 107 (S417).

The AMF 107 transmits the terminal policy information update response received in step S417 to the PCF 123 (S419). The PCF 123 transmits a terminal policy information update response to the UDR 127 (S421).

The terminals 101 and 103 control the transmission of the dedicated network traffic based on the changed dedicated network flow information of the updated terminal policy information in step S415 (S423). For example, in the past, the private network PDU session was used when the destination address was 10.1.1.0/24. However, the private network PDU session may be used only when the destination address is 20.1.1.0/24 because the terminal policy information is modified.

9 is a flowchart illustrating a process of releasing a PDU session according to an embodiment of the present invention, wherein the release of the PDU session is performed when a PDU session release event occurs.

9, the terminals 101 and 103 are in a state in which a PDU session is established with a common UPF 111 (S501), and a PDU session with a dedicated UPF 113 and 115 is established (S503).

In this case, when the session release event occurs, the terminals 101 and 103 determine whether a dedicated network session release event occurs or whether a public network session release event occurs (S505).

When the dedicated network session release event occurs, the terminals 101 and 103 transmit a PDU session release request including the dedicated network slice identifier (ESD) to the AMF 107 (S507).

The AMF 107 selects the SMF 109 based on the dedicated network slice identifier (ESD) received in step S507 (S509). The AMF 107 transmits the PDU session release request including the dedicated network slice identifier (ESD) to the selected SMF 109 (S509).

The SMF 109 performs a PDU session release procedure with the dedicated UPFs 113 and 115 corresponding to the dedicated network slice identifier (ESD) received in step S511 (S513). When the PDU session release procedure is completed, the SMF 109 transmits a PDU session release response for step S511 to the AMF 107 (S515). Then, the AMF 107 transmits the PDU session release response to the terminals 101 and 103 (S517). As a result, the terminals 101 and 103 release the dedicated network session established with the dedicated UPFs 113 and 115.

On the other hand, if it is determined that the common network session release event occurs in step S505, the terminal (101, 103) transmits a PDU session release request including the default S-NSSAI to the AMF (107) (S519).

The AMF 107 selects the SMF 109 based on the default S-NSSAI received in step S519 (S521). The AMF 107 transmits a PDU session release request including the default S-NSSAI to the selected SMF 109 (S523).

The SMF 109 performs a PDU session release procedure with the common UPF 111 corresponding to the default S-NSSAI received in step S523 (S525). When the PDU session release procedure is completed, the SMF 109 transmits a PDU session release response for step S523 to the AMF 107 (S527). Then, the AMF 107 transmits the PDU session release response to the terminals 101 and 103 (S529). As a result, the terminal 101 or 103 releases the public network session established with the public UPF 111.

Through the above steps, the terminals 101 and 103 may selectively release the private network session or the public network session while both the public network session and the private network session are established.

FIG. 10 is a hardware block diagram of a terminal according to an embodiment of the present invention, and illustrates a hardware configuration of the terminals 101 and 103 described with reference to FIGS. 1 to 9.

Referring to FIG. 10, the terminal 200 includes a memory 201, a storage device 203, a display 205, an input device 207, a communication device 209, and at least one processor 211. It is composed of hardware and stores a program executed in combination with hardware in a designated place. The hardware has a configuration and performance capable of executing the configuration and / or method according to the embodiments described with reference to FIGS. In this case, the display 205 and the input device 207 may be implemented as one device. The program includes instructions that can execute the configuration and / or method according to the embodiments described with reference to FIGS. 1 to 9, in combination with hardware such as the memory device 201 and the processor 211. Implement the present invention.

FIG. 11 is a hardware block diagram of a network device according to an embodiment of the present invention, and includes the gNB 105, the AMF 107, the SMF 109, the UPF 111, 113, and 115 described in FIGS. 1 to 9. 123, the UDM 125, the UDR 127, the ETCF 129, and the NRF 131 each represent hardware configurations.

Referring to FIG. 11, the network device 300 includes a communication device 301, a memory 303, a storage device 305, and at least one processor 307. The communication device 301 is connected with at least one processor 307 to transmit and / or receive data with an external network. The memory 303 is connected to at least one processor 307 and stores a program including instructions for executing the configuration and / or method according to the embodiments described with reference to FIGS. 1 to 9. The program implements the present invention in combination with hardware such as memory 303 and at least one processor 307.

The storage device 305 includes information necessary for the operation or operation of the network device. The processor 307 executes the present invention in combination with hardware such as the memory 303, the storage device 305, and the like.

The embodiments of the present invention described above are not only implemented through the apparatus and the method, but may also be implemented through a program for realizing a function corresponding to the configuration of the embodiments of the present invention or a recording medium on which the program is recorded.

Although the embodiments of the present invention have been described in detail above, the scope of the present invention is not limited thereto, and various modifications and improvements of those skilled in the art using the basic concepts of the present invention defined in the following claims are also provided. It belongs to the scope of rights.

Claims (20)

A dedicated network service method performed in a session management apparatus of a 5G communication network,
Establishing a public network session between the terminal and the public network traffic gateway connected to the public network;
Receiving a session creation request including a dedicated network slice identifier from the terminal, and
Establishing, among at least one dedicated network traffic gateway connected to at least one dedicated network independently, a dedicated network session between the dedicated network traffic gateway corresponding to the dedicated network slice identifier and the terminal;
The dedicated network session,
Private network service method further established independently of the public network session, with the establishment of the public network session valid for the terminal. In claim 1,
The dedicated network slice separator,
The private network service method included in the terminal policy information including the path selection information of the terminal, and transmitted to the terminal. In claim 2,
The dedicated network slice separator,
The network registration method of the terminal, which is included in the terminal policy information transmitted to the terminal. In claim 1,
After establishing the dedicated network session,
Identifying a network slice identifier included in the session release request received from the terminal;
If the network slice identifier is a public network slice identifier, de-establishing the public network session, and
If the network slice identifier is a dedicated network slice identifier, further comprising the step of releasing the establishment of the dedicated network session,
De-establishment of the public network session and de-establishment of the private network session,
Dedicated network service method that is independent of each other. In claim 1,
The step of establishing the public network session,
When receiving a session creation request including a shared network slice identifier from the terminal, establish the public network session based on the shared network slice identifier,
The public network slice separator is,
A dedicated network service method, which is a default NSSAI (Network Slice Selection Assistance Information) set in the terminal. A dedicated network service method performed in a terminal of a 5G communication network,
Receiving and storing terminal policy information including a dedicated network slice separator;
Transmitting a dedicated network session creation request including the dedicated network slice identifier to the session managing apparatus when the dedicated network access event occurs while the public network and the session are connected, and
Connecting a dedicated network traffic gateway corresponding to the dedicated network slice identifier and a dedicated network session according to the control of the session managing device;
The dedicated network session,
And simultaneously maintained independently of the public network session. In claim 6,
After the dedicated network session is connected,
If a dedicated network release event occurs, transmitting a dedicated network session release request including the dedicated network slice identifier to the session managing device, and releasing the dedicated network session under the control of the session managing device.
The release of the dedicated network session,
Dedicated network service method performed separately from the public network. In claim 6,
After the dedicated network session is connected,
If a common network release event occurs, transmitting a common network session release request including a common network slice identifier to the session managing device, and releasing the shared network session under the control of the session managing device;
The release of the public network session,
Dedicated network service method performed separately from the dedicated network. In claim 6,
The storing step,
Transmitting a terminal registration request to the policy control device, and
Receiving a terminal registration response including the terminal policy information from the policy control device;
Further comprising, dedicated network service method. In claim 6,
The terminal policy information,
A dedicated network separator, a dedicated network slice separator corresponding to the dedicated network separator, and dedicated network flow information corresponding to the dedicated network separator;
The transmitting step,
When the traffic is generated, comparing the flow information of the traffic with the dedicated network flow information;
If the flow information of the traffic is included in the dedicated network flow information, determining the traffic as dedicated network traffic, and generating and transmitting the dedicated network session creation request
Including, dedicated network service method. In claim 10,
After the comparing step,
If the flow information of the traffic is not included in the dedicated network flow information, determining the traffic as public network traffic, and transmitting to the public network
Further comprising, dedicated network service method. In claim 10,
The dedicated network flow information,
A dedicated network service method comprising an IP band allocated to a private network or a server address connected to a private network. In claim 10,
After the storing step,
If the dedicated network flow information is changed, updating terminal policy information including the changed dedicated network flow information according to a request of a policy control apparatus;
Further comprising, dedicated network service method. Integrated data storage for storing the terminal policy information including the dedicated network slice identifier to which the terminal subscribed,
A policy control device for transmitting the terminal policy information to the terminal, and
A session management apparatus for establishing a dedicated network session in the terminal upon receiving a session creation request including a dedicated network slice identifier from the terminal while establishing a shared network session in the terminal.
Including, dedicated network service system. The method of claim 14,
The integrated data store,
Register and register a terminal identifier and the dedicated network slice identifier,
Transmitting terminal policy information including a dedicated network slice identifier corresponding to the terminal identifier identified from the terminal registration request of the policy controlling apparatus to the policy controlling apparatus,
The policy control device,
And a terminal registration response including terminal policy information received from the integrated data store, to the terminal. The method of claim 15,
Dedicated network traffic control device for setting the dedicated network flow information, and transmits to the integrated data storage,
The integrated data store,
Map and register the terminal identifier, the dedicated network slice identifier, and the dedicated network flow information;
The terminal policy information,
Dedicated network slice identifier and dedicated network flow information mapped to the terminal identifier confirmed from the terminal registration request,
The dedicated network flow information,
And used to determine whether the traffic generated in the terminal is dedicated network traffic requiring the establishment of a dedicated network session. The method of claim 16,
The dedicated network traffic control device,
Change the dedicated network flow information according to a request of a dedicated network service subscriber, transmit the changed dedicated network flow information to the integrated data repository,
The integrated data store,
Requesting the policy control device to update the terminal policy information including the changed dedicated network flow information;
The policy control device,
Dedicated network service system for transmitting the updated terminal policy information including the changed dedicated network flow information to the terminal. The method of claim 14,
A public network traffic gateway connected to the public network, and
At least one dedicated network traffic gateway independently connected to at least one dedicated network,
The session management device,
Confirming the network slice identifier from the session creation request received from the terminal and forwarding the session creation request to the traffic gateway corresponding to the network slice identifier;
The network slice separator is,
Includes a public network slice separator and at least one dedicated network slice separator;
The public network slice separator is,
Private network service system, which is set by default in the terminal. The method of claim 18,
A mobility management device for selecting a session management device based on the network slice identifier identified from the session creation request received from the terminal and delivering the session creation request to the selected session management device;
The session management device,
A public network session management device connected to the public network traffic gateway, and
Dedicated network session management device independently connected or commonly connected to the at least one dedicated network traffic gateway
Including, dedicated network service system. The method of claim 14,
The network path for establishing the public network session and the network path for establishing the private network session,
Separated by a network slice separator,
The network path is,
At least one of a base station, a mobility management device, a session management device, and a traffic gateway is identified through the network slice identifier.

Images