US9271220B2 - Policy control method and system - Google Patents

Policy control method and system Download PDF

Info

Publication number
US9271220B2
US9271220B2 US13/978,732 US201113978732A US9271220B2 US 9271220 B2 US9271220 B2 US 9271220B2 US 201113978732 A US201113978732 A US 201113978732A US 9271220 B2 US9271220 B2 US 9271220B2
Authority
US
United States
Prior art keywords
header information
packet header
access network
pcrf
bpcf
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US13/978,732
Other languages
English (en)
Other versions
US20130308450A1 (en
Inventor
Xiaoyun Zhou
Zaifeng Zong
Yifeng Bi
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian Zhongxing New Software Co Ltd
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Assigned to ZTE CORPORATION reassignment ZTE CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BI, YIFENG, ZHOU, XIAOYUN, ZONG, ZAIFENG
Publication of US20130308450A1 publication Critical patent/US20130308450A1/en
Application granted granted Critical
Publication of US9271220B2 publication Critical patent/US9271220B2/en
Assigned to XI'AN ZHONGXING NEW SOFTWARE CO., LTD. reassignment XI'AN ZHONGXING NEW SOFTWARE CO., LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ZTE CORPORATION
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/02Access restriction performed under specific conditions
    • H04W48/06Access restriction performed under specific conditions based on traffic conditions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • H04L47/78Architectures of resource allocation
    • H04L47/783Distributed allocation of resources, e.g. bandwidth brokers
    • H04L47/785Distributed allocation of resources, e.g. bandwidth brokers among multiple network domains, e.g. multilateral agreements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • H04L47/80Actions related to the user profile or the type of traffic
    • H04L47/805QOS or priority aware
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/088Access security using filters or firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/16Central resource management; Negotiation of resources or communication parameters, e.g. negotiating bandwidth or QoS [Quality of Service]
    • H04W28/24Negotiating SLA [Service Level Agreement]; Negotiating QoS [Quality of Service]
    • H04W76/02
    • H04W76/021
    • H04W76/022
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/11Allocation or use of connection identifiers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/12Setup of transport tunnels

Definitions

  • the present document relates to a policy control technique in the 3GPP and Broadband Forum (BBF) interconnection, and particularly, to a method and system for policy control.
  • BBF Broadband Forum
  • FIG. 1 is a schematic diagram of component architecture of the 3rd Generation Partnership Project (3GPP) Evolved Packet System (EPS), and in an EPS network architecture in a non-roaming scenario shown in FIG. 1 , an Evolved Universal Terrestrial Radio Access Network (E-UTRAN), a Mobility Management Entity (MME), a Serving Gateway (S-GW), a Packet Data Network Gateway (P-GW, also called as PDN GW), a Home Subscriber Server (HSS), a Policy and Charging Rules Function (PCRF) entity and other support nodes are included.
  • 3GPP 3rd Generation Partnership Project
  • EPS Evolved Packet System
  • E-UTRAN Evolved Universal Terrestrial Radio Access Network
  • MME Mobility Management Entity
  • S-GW Serving Gateway
  • P-GW Packet Data Network Gateway
  • HSS Home Subscriber Server
  • PCRF Policy and Charging Rules Function
  • a PCRF is a core of Policy and Charging Control (PCC) and is responsible for making PCC rules.
  • the PCRF provides network control rules based on service data flow, these network controls include detection of service data flow, gating control, Quality of Service (QoS) control and charging rules based on data flow and so on.
  • the PCRF sends the PCC rules made by the PCRF to a Policy and Charging Enforcement Function (PCEF) to execute, meanwhile, the PCRF is also required to guarantee that these rules are consistent with user subscription information.
  • PCEF Policy and Charging Enforcement Function
  • a basis for the PCRF making the PCC rules includes: acquiring information related to services from an Application Function (AF); acquiring user PCC subscription information from a Subscription Profile Repository (SPR); and acquiring network information related to bearer from the PCEF.
  • AF Application Function
  • SPR Subscription Profile Repository
  • the EPS supports an interconnection between the EPS and a non-3GPP system, the interconnection between the EPS and the non-3GPP system is implemented through interfaces S2a/b/c, and the P-GW serves as an anchor between the 3GPP system and the non-3GPP system.
  • the non-3GPP system is divided into a trusted non-3GPP IP access and an untrusted non-3GPP IP access.
  • the trusted non-3GPP IP access can be connected to the P-GW directly through an interface S2a; the untrusted non-3GPP IP is required to connect to the P-GW through an Evolved Packet Data Gateway (ePDG), an interface between the ePDG and the P-GW is an interface S2b, and an Internet Protocol Security (IPSec) is adopted to perform encipherment protection on signalings and data between a User Equipment (UE) and the ePDG.
  • An interface S2c provides control and mobility support related to a user plane between the User Equipment (UE) and the P-GW, and a mobility management protocol supported by the interface S2c is a Mobile IPv6 support for dual stack Hosts and Routers (DSMIPv6).
  • DSMIPv6 Mobile IPv6 support for dual stack Hosts and Routers
  • BPCF Broadband Policy Control Framework
  • the BPCF is a policy control framework in the BBF access, and for resource request message of the PCRF, the BPCF performs resource admission control or schedules the resource request message to other network elements (e.g.
  • BNG Broadband Network Gateway
  • the other network elements execute the resource admission control (i.e. entrusting the other network elements to execute the resource admission control).
  • the PCRF is required to interact with the BPCF when performing QoS authorization, so that the BBF access network executes the resource admission control.
  • the study of the 3GPP and BBF interconnection mainly includes two aspects: a scenario of the 3GPP UE accessing an Evolved Packet Core (EPC) through the WLAN of the BBF and a scenario of the 3GPP UE accessing the 3GPP core network through a home evolved Node-B (H(e)NB), wherein the H(e)NB takes the BBF access network as a routing path (Backhaul) to connect to the 3GPP core network.
  • EPC Evolved Packet Core
  • H(e)NB home evolved Node-B
  • FIG. 2 is a schematic diagram of the 3GPP UE accessing the 3GPP core network through the WLAN, and as shown in FIG. 2 , the BBF access network is taken as an untrusted non-3GPP access.
  • the architecture shown in FIG. 2 there are 3 ways for initiating a policy interconnection session (i.e. S9*) establishment at present.
  • a Broadband Remote Access Server (BRAS)/Broadband Network Gateway (BNG) will execute an access authentication based on the 3GPP, and meanwhile, the BPCF of the BBF initiates an S9* session actively to interact with the PCRF of the 3GPP. Therefore, the PCRF can interact with the BPCF when performing the QoS authorization, and the BPCF executes the resource admission control or entrusts other network elements to execute the resource admission control.
  • BRAS Broadband Remote Access Server
  • BNG Broadband Network Gateway
  • the access authentication based on the 3GPP is not executed.
  • the ePDG sends a local address of the UE (i.e. an address allocated by the BBF access network to the UE) to the P-GW, the P-GW then sends the local address of the UE to the PCRF, and after determining the BPCF according to the local address of the UE, the PCRF reversely initiates an S9* session establishment to perform an interaction with the BPCF. Therefore, the PCRF can interact with the BPCF when performing the QoS authorization, and the BPCF executes the resource admission control or entrusts other network elements to execute the resource admission control.
  • the access authentication based on the 3GPP is not executed.
  • the ePDG directly sends a local address of the UE (i.e. an address allocated by the BBF access network to the UE) to the PCRF, and after determining the BPCF according to the local address of the UE, the PCRF reversely initiates an S9* session establishment to perform an interaction with the BPCF. Therefore, the PCRF can interact with the BPCF when performing the QoS authorization, and the BPCF executes the resource admission control or entrusts other network elements to execute the resource admission control.
  • the PCRF If the UE requires the network to allocate resources to the UE when the UE performs service access, the PCRF firstly sends QoS information of the made PCC rules to the BPCF, so that the BBF access network executes the admission control. Then, the PCRF sends a PCC rule accepted by the BBF access network to the PCEF.
  • the PCEF performs Differentiated Services Code Point (DSCP) marking on a header of an IP packet of a corresponding data flow (called as an internal packet header) according to the PCC rule, when the IP packets of the service data flow reach the ePDG, the ePDG will perform IPSec encapsulation on the IP packet and perform marking on a header of an IP packet of IPSec (called as an outer packet header) according to a DSCP of the header of the IP packet (i.e. the internal packet header) during the encapsulation. Therefore, the BBF access network can perform data packet scheduling according to a DSCP of the header of the IP packet of the IPSec.
  • DSCP Differentiated Services Code Point
  • a premise of the above scheme is that the 3GPP network supports an interconnection between the 3GPP network and the BBF, when the PCRF does not support an interconnection between the PCRF and the BBF (including a scenario that PCC is not deployed in the 3GPP network), the PCRF will not interact with the BPCF to request the admission control. Thus it will cause that the PCC rules sent by the PCRF to the PCEF are results which are decided according to the PCRF itself.
  • the PCEF performs DSCP marking on headers of IP packets of service data flows according to the PCC rules sent by the PCRF or policies locally configured by the PCEF (with respect to a scenario that PCC is not deployed in the 3GPP network).
  • the ePDG When these service data flows reach the ePDG, the ePDG replicates the DSCP of the outer packet header of the IPSec according to the DSCP marks of the internal packet header. If these data reach the BBF access network, the BBF access network will not distinguish whether these service data flows go through the admission control of the BBF access network, but only perform dispatching according to the DSCP. Thus, these service data flows without going through the admission control will occupy resources of other service data flows going through the admission control, which leads to a failure of the entire FMC policy control mechanism currently.
  • the BRAS/BNG will execute an access authentication based on the 3GPP, and meanwhile, the BPCF of the BBF initiates an S9* session actively to interact with the PCRF of the 3GPP. Therefore, the PCRF can interact with the BPCF when performing QoS authorization, and the BPCF executes the resource admission control or entrusts other network elements to execute the resource admission control.
  • the access authentication based on the 3GPP is not executed.
  • the ePDG directly sends a local address of the UE (i.e. an address allocated by the BBF access network to the UE) to the PCRF, and after determining the BPCF according to the local address of the UE, the PCRF reversely initiates an S9* session establishment to perform an interaction with the BPCF. Therefore, the PCRF can interact with the BPCF when performing the QoS authorization, and the BPCF executes the resource admission control or entrusts other network elements to execute the resource admission control.
  • the PCRF If the UE requires the network to allocate resources to the UE when the UE performs service access, the PCRF firstly sends QoS information of the made PCC rules to the BPCF, so that the BBF access network executes the admission control. Then, the PCRF sends a PCC rule accepted by the BBF access network to the PCEF.
  • the PCEF performs DSCP marking on a header of an IP packet of a corresponding data flow (called as an internal packet header) according to the PCC rule, when the IP packets of the service data flow reach the ePDG, the ePDG will perform IPSec encapsulation on the IP packet and perform marking on a header of an IP packet of an IPSec (called as an outer packet header) according to a DSCP of the header of the IP packet (i.e. the internal packet header) during the encapsulation. Therefore, the BBF access network can perform data packet scheduling according to a DSCP of the header of the IP packet of the IPSec.
  • a premise of the above scheme is that the 3GPP network supports an interconnection between the 3GPP network and the BBF, when the PCRF does not support an interconnection between the PCRF and the BBF (including a scenario that PCC is not deployed in the 3GPP network), the PCRF will not interact with the BPCF to request the admission control.
  • the service data flows without going through the admission control will occupy resources of other service data flows going through the admission control, which leads to a failure of the entire FMC policy control mechanism currently.
  • the BRAS/BNG will execute an access authentication based on the 3GPP, and meanwhile, the BPCF of the BBF initiates an S9* session actively to interact with the PCRF of the 3GPP. Therefore, the PCRF can interact with the BPCF when performing the QoS authorization, and the BPCF executes the resource admission control or entrusts other network elements to execute the resource admission control.
  • the P-GW directly sends a local address of the UE (i.e. an address allocated by the BBF access network to the UE) to the PCRF, and after determining the BPCF according to the local address of the UE, the PCRF reversely initiates an S9* session establishment to perform an interaction with the BPCF. Therefore, the PCRF can interact with the BPCF when performing the QoS authorization, and the BPCF executes the resource admission control or entrusts other network elements to execute the resource admission control.
  • a local address of the UE i.e. an address allocated by the BBF access network to the UE
  • the PCRF reversely initiates an S9* session establishment to perform an interaction with the BPCF. Therefore, the PCRF can interact with the BPCF when performing the QoS authorization, and the BPCF executes the resource admission control or entrusts other network elements to execute the resource admission control.
  • the PCRF If the UE requires the network to allocate resources to the UE when the UE performs service access, the PCRF firstly sends QoS information of the made PCC rules to the BPCF, so that the BBF access network executes the admission control. Then, the PCRF sends a PCC rule accepted by the BBF access network to the PCEF.
  • the PCEF performs DSCP marking on a header of an IP packet of a corresponding data flow according to the PCC rule.
  • the BBF access network can perform data packet scheduling according to the DSCP of the header of the IP packet.
  • a premise of the above scheme is that the 3GPP network supports an interconnection between the 3GPP network and the BBF, when the PCRF does not support an interconnection between the PCRF and the BBF (including a scenario that PCC is not deployed in the 3GPP network), the PCRF will not interact with the BPCF to request the admission control.
  • the service data flows without going through the admission control will occupy resources of other service data flows going through the admission control, which leads to a failure of the entire FMC policy control mechanism currently.
  • FIG. 3 , FIG. 4 and FIG. 5 are schematic diagrams of architectures of the 3GPP UE accessing the 3GPP core network through an H(e)NB, wherein the H(e)NB takes the BBF access network as a Backhaul to be connected to the 3GPP core network.
  • the H(e)NB takes the BBF access network as a Backhaul to be connected to the 3GPP core network.
  • the PCRF is directly interfaced with the BPCF, when the PCRF performs the QoS authorization, the PCRF firstly interacts with the BPCF, after the BBF access network performs the admission control successfully, the PCRF sends the PCC rules and QoS rules (if required) to the PCEF and a Bearing Binding and Event Report Function (BBERF) (if exists) respectively, the PCEF and the BBERF perform DSCP marking on downlink data of a service data flow according to the PCC rules and QoS rules, and when the service data flow reaches a Security Gateway (SeGW), the SeGW will perform IPSec encapsulation on an IP packet and perform marking on a header of an IP packet of the IPSec (called as an outer packet header) according to a DSCP of the IP packet (i.e.
  • SeGW Security Gateway
  • the BBF access network can perform data packet scheduling according to the DSCP of the header of the IP packet of the IPSec.
  • the H(e)NB performs IPSec encapsulation on the IP packet and performs marking on the header of the IP packet of the IPSec (called as the outer packet header) according to the DSCP of the IP packet (i.e. the internal packet header) during the encapsulation.
  • H(e)NB PF H(e)NB Policy Function
  • the H(e)NB GW or the H(e)NB requests the BBF access network for the admission control through the H(e)NB PF.
  • the H(e)NB GW can continue to complete a bearer establishment flow or a bearer modification flow.
  • the PCEF and the BBERF perform DSCP marking according to the PCC rules and QoS rules, and when the downlink data of the service data flow reach the SeGW, the SeGW will perform IPSec encapsulation on the IP packet and perform marking on the header of the IP packet of the IPSec (called as the outer packet header) according to the DSCP of the IP packet (i.e. the internal packet header) during the encapsulation.
  • the H(e)NB performs IPSec encapsulation on the IP packet and performs marking on the header of the IP packet of the IPSec (called as the outer packet header) according to the DSCP of the IP packet (i.e. the internal packet header) during the encapsulation. Therefore, the BBF access network can perform data packet scheduling according to the DSCP of the header of the IP packet of the IPSec.
  • the 3GPP network also supports an interconnection between the 3GPP network and the BBF ( FIG. 3 is for an interconnection between the PCRF and the BPCF, FIG. 4 and FIG. 5 are for an interconnection between the H(e)NB PF and the BPCF), with regard to FIG. 3 , when the PCRF does not support an interconnection between the PCRF and the BBF, the PCRF will not interact with the BPCF to request the admission control. Thus it will cause that the PCC rules sent by the PCRF to the PCEF are results which are decided according to the PCRF itself.
  • the PCEF performs DSCP marking on headers of downlink IP packets of service data flows according to the PCC rules sent by the PCRF.
  • the SeGW When these service data flows reach the SeGW, the SeGW replicates the DSCP of the outer packet header of the IPSec according to the DSCP marks of the internal packet header. If these data reach the BBF access network, the BBF access network will not distinguish whether these service data flows go through the admission control of the BBF access network, but only perform dispatching according to the DSCP.
  • the H(e)NB similarly performs IPSec encapsulation on the IP packet of uplink data and performs marking on the header of the IP packet of the IPSec (called as the outer packet header) according to the DSCP of the IP packet (i.e. the internal packet header) during the encapsulation.
  • these service data flows without going through the admission control will occupy resources of other service data flows going through the admission control, which leads to a failure of the entire FMC policy control mechanism currently.
  • those service data flows of the fixed network entity without going through the admission control also may occupy resources of service data flows of the 3GPP UE going through the admission control.
  • the technical problem required to be solved by the present document is to provide a method and system for policy control, by which service data flows without going through admission control of a BBF access network will not to occupy resources of service data flows going through the admission control of the BBF access network.
  • a policy control method comprises:
  • 3GPP 3 rd Generation Partnership Project
  • BBF Broadband Forum
  • the BBF access network entity scheduling a data packet matching the outer IP packet header information according to a Differentiated Services Code Point (DSCP) of the data packet.
  • DSCP Differentiated Services Code Point
  • the method further comprises: the BBF access network entity scheduling a data packet mismatching the outer IP packet header information according to a local policy.
  • the step of a 3GPP network entity sending outer IP packet header information to a BBF access network entity comprises:
  • an Evolved Packet Data Gateway (ePDG) of a 3GPP network sending the outer IP packet header information to a Policy and Charging Rules Function (PCRF) through a Packet Data Network Gateway (P-GW), the PCRF sending the outer IP packet header information to a Broadband Policy Control Framework (BPCF) of a BBF access network, and the BPCF sending the outer IP packet header information to the BBF access network entity; or,
  • PCRF Policy and Charging Rules Function
  • P-GW Packet Data Network Gateway
  • BPCF Broadband Policy Control Framework
  • the ePDG directly sending the outer IP packet header information to the PCRF, the PCRF sending the outer IP packet header information to the BPCF, and the BPCF sending the outer IP packet header information to the BBF access network entity; or,
  • the P-GW sending the outer IP packet header information to the PCRF, the PCRF sending the outer IP packet header information to the BPCF, and the BPCF sending the outer IP packet header information to the BBF access network entity;
  • the ePDG sending the outer IP packet header information to the PCRF through the P-GW, the PCRF sending the outer IP packet header information to the BBF access network entity;
  • the ePDG directly sending the outer IP packet header information to the PCRF, the PCRF sending the outer IP packet header information to the BBF access network entity; or,
  • the P-GW sending the outer IP packet header information to the PCRF, the PCRF sending the outer IP packet header information to the BBF access network entity.
  • the step of the PCRF sending the outer IP packet header information to the BPCF or the BBF access network entity comprises:
  • the PCRF when performing quality of service authorization, the PCRF sending the outer IP packet header information to the BPCF or the BBF access network entity; or,
  • the PCRF when initiating a policy interconnection session establishment to the BPCF, the PCRF sending the outer IP packet header information to the BPCF or the BBF access network entity.
  • the step of a 3GPP network entity sending outer IP packet header information to a BBF access network entity comprises:
  • a Security Gateway (SeGW) of the 3GPP network sending the outer IP packet header information to an H(e)NB Policy Function (H(e)NB PF) of the BBF access network, the H(e)NB PF sending the outer IP packet header information to the BPCF, and the BPCF sending the outer IP packet header information to the BBF access network entity; or,
  • the SeGW sending the outer IP packet header information to the PCRF, the PCRF sending the outer IP packet header information to the BPCF, and the BPCF sending the outer IP packet header information to the BBF access network entity;
  • the SeGW sending the outer IP packet header information to the H(e)NB PF, the H(e)NB PF sending the outer IP packet header information to the BBF access network entity;
  • the SeGW sending the outer IP packet header information to the PCRF, the PCRF sending the outer IP packet header information to the BBF access network entity.
  • the step of the H(e)NB PF sending the outer IP packet header information to the BPCF or the BBF access network entity comprises:
  • the H(e)NB PF when initiating a policy interconnection session establishment to the BPCF or the BBF access network entity, the H(e)NB PF sending the outer IP packet header information to the BPCF or the BBF access network entity;
  • the step of the PCRF sending the outer IP packet header information to the BPCF or the BBF access network entity comprises:
  • the PCRF when initiating the policy interconnection session establishment to the BPCF or the BBF access network entity, the PCRF sending the outer IP packet header information to the BPCF or the BBF access network entity.
  • the outer IP packet header information at least comprises a local IP address of a User Equipment (UE).
  • UE User Equipment
  • the outer IP packet header information comprises a User Datagram Protocol (UDP) source port number and the local IP address of the UE.
  • UDP User Datagram Protocol
  • the UDP source port number is an IPSec UDP source port number or a UDP source port number of a DSMIP binding update signaling.
  • the outer IP packet header information is a packet filter containing corresponding information.
  • the outer IP packet header information at least comprises a local IP address of an H(e)NB.
  • the outer IP packet header information comprises a UDP source port number and the local IP address of the H(e)NB.
  • the UDP source port number is an IPSec UDP source port number.
  • the outer IP packet header information is a packet filter containing corresponding information.
  • a policy control system comprises: a 3GPP network entity and a Broadband Forum (BBF) access network entity, wherein:
  • the 3GPP network entity is configured to: send outer IP packet header information to the BBF access network entity;
  • the BBF access network entity is configured to: schedule a data packet matching the outer IP packet header information according to a Differentiated Services Code Point (DSCP) of the data packet.
  • DSCP Differentiated Services Code Point
  • the BBF access network entity is further configured to: schedule a data packet mismatching the outer IP packet header information according to a local policy.
  • the system further comprises: a Broadband Policy Control Framework (BPCF) of a BBF access network, wherein:
  • BPCF Broadband Policy Control Framework
  • the 3GPP network entity comprises a Packet Data Network Gateway (P-GW), an Evolved Packet Data Gateway (ePDG) and a Policy and Charging Rules Function (PCRF), wherein:
  • P-GW Packet Data Network Gateway
  • ePDG Evolved Packet Data Gateway
  • PCRF Policy and Charging Rules Function
  • the ePDG is configured to: send the outer IP packet header information to the PCRF through the P-GW; or directly send the outer IP packet header information to the PCRF;
  • the P-GW is configured to: assist the ePDG to send the outer IP packet header information to the PCRF; or send the outer IP packet header information to the PCRF by itself;
  • the PCRF is configured to: send the outer IP packet header information to the BPCF or send the outer IP packet header information to the BBF access network entity;
  • the BPCF is configured to: send the outer IP packet header information to the BBF access network entity.
  • the PCRF is configured to send the outer IP packet header information to the BPCF or the BBF access network entity by the following way:
  • the system further comprises a BPCF, wherein:
  • the 3GPP network entity comprises a Security Gateway (SeGW) and an H(e)NB Policy Function (H(e)NB PF), or comprises a SeGW and a PCRF, wherein:
  • the SeGW is configured to: send the outer IP packet header information to the H(e)NB PF;
  • the H(e)NB PF is configured to: send the outer IP packet header information to the BPCF;
  • the BPCF is configured to: send the outer IP packet header information to the BBF access network entity; or,
  • the 3GPP network entity comprises the SeGW and the PCRF, wherein:
  • the SeGW is configured to: send the outer IP packet header information to the PCRF;
  • the PCRF is configured to: send the outer IP packet header information to the BPCF or the BBF access network entity;
  • the BPCF is configured to: send the outer IP packet header information to the BBF access network entity.
  • the H(e)NB PF or the PCRF is configured to send the outer IP packet header information to the BPCF or the BBF access network entity by the following way:
  • the outer IP packet header information at least comprises a local IP address of a User Equipment (UE).
  • UE User Equipment
  • the outer IP packet header information comprises a UDP source port number and the local IP address of the UE.
  • the UDP source port number is an IPSec UDP source port number or a UDP source port number of a DSMIP binding update signaling.
  • the outer IP packet header information is a packet filter containing corresponding information.
  • the outer IP packet header information at least comprises a local IP address of an H(e)NB.
  • the outer IP packet header information comprises a UDP source port number and the local IP address of the H(e)NB.
  • the UDP source port number is an IPSec UDP source port number.
  • the outer IP packet header information is a packet filter containing corresponding information.
  • a Broadband Forum (BBF) access network system comprises a BBF access network entity, wherein:
  • the BBF access network entity is configured to: receive outer IP packet header information sent by a 3GPP network, and schedule a data packet matching the outer IP packet header information according to a Differentiated Services Code Point (DSCP) of the data packet.
  • DSCP Differentiated Services Code Point
  • the BBF access network entity is further configured to: schedule a data packet mismatching the outer IP packet header information according to a local policy.
  • the system further comprises: a Broadband Policy Control Framework (BPCF), wherein:
  • BPCF Broadband Policy Control Framework
  • the BPCF is configured to: after an Evolved Packet Data Gateway (ePDG) of the 3GPP network sends the outer IP packet header information to a Policy and Charging Rules Function (PCRF) through a Packet Data Network Gateway (P-GW), receive the outer IP packet header information sent by the PCRF; or after the ePDG directly sends the outer IP packet header information to the PCRF, receive the outer IP packet header information sent by the PCRF; or after the P-GW sends the outer IP packet header information to the PCRF, receive the outer IP packet header information sent by the PCRF, and send the outer IP packet header information to the BBF access network entity; or,
  • ePDG Evolved Packet Data Gateway
  • PCRF Policy and Charging Rules Function
  • P-GW Packet Data Network Gateway
  • a Security Gateway of the 3GPP network through an H(e)NB Policy Function (H(e)NB PF) of a BBF access network; or receive the outer IP packet header information sent by the SeGW through the PCRF, and send the outer IP packet header information to the BBF access network entity.
  • SeGW Security Gateway
  • H(e)NB PF H(e)NB Policy Function
  • the BPCF is further configured to: receive the outer IP packet header information sent by the PCRF when performing quality of service authorization; or,
  • the BBF access network saves outer IP packet headers, when the data reach the BBF access network, the BBF access network entity firstly performs filtering according to the saved outer IP packet headers, and only when service data flows of the outer IP packet headers are matched, performs data scheduling according to DSCPs; with regard to the mismatched service data flows, the BBF access network entity performs processing according to the local policies (e.g., DSCPs with lower priorities are remarked).
  • the local policies e.g., DSCPs with lower priorities are remarked.
  • FIG. 1 is a schematic diagram of the component architecture of the EPS.
  • FIG. 2 is a schematic diagram of a UE accessing the 3GPP core network through a WLAN accessing network.
  • FIG. 3 is a schematic diagram 1 of a UE accessing the 3GPP core network through an H(e)NB.
  • FIG. 4 is a schematic diagram 2 of a UE accessing the 3GPP core network through an H(e)NB.
  • FIG. 5 is a schematic diagram 3 of a UE accessing the 3GPP core network through an H(e)NB.
  • FIG. 6 is a flow diagram 1 of an S9* session according to the example 1 of the present document.
  • FIG. 7 is a flow diagram 2 of an S9* session according to the example 2 of the present document.
  • FIG. 8 is a flow diagram 3 of an S9* session according to the example 3 of the present document.
  • FIG. 9 is a flow diagram of a BBF access network entity obtaining outer IP packet headers in the process of a UE attaching to an EPS under the architecture shown in FIG. 3 , according to the example 4 of the present document.
  • FIG. 10 is a flow diagram of a BBF access network entity obtaining outer IP packet headers after an H(e)NB is power-on under the architecture of FIG. 4 , according to the example 5 of the present document.
  • FIG. 11 is a flow diagram of a BBF access network entity obtaining outer IP packet headers after an H(e)NB is power-on under the architecture of FIG. 5 , according to the example 6 of the present document.
  • the present document provides a policy control method, which includes:
  • the BBF access network entity schedule a data packet matching the outer IP packet header according to a Differentiated Services Code Point (DSCP) of the data packet, and schedule a data packet mismatching the outer IP packet header according to a local policy.
  • DSCP Differentiated Services Code Point
  • the outer IP packet header is an outer IP packet header of an IPSec tunnel.
  • the IPSec tunnel is an IPSec tunnel between a user equipment and an Evolved Packet Data Gateway (ePDG), or between a user equipment and a P-GW, or between an H(e)NB and a security gateway.
  • ePDG Evolved Packet Data Gateway
  • the step of a 3GPP network sending the outer IP packet header to a BBF access network entity includes:
  • ePDG Evolved Packet Data Gateway
  • the PCRF sending the outer IP packet header to a BPCF the PCRF sending the outer IP packet header to the BPCF when performing quality of service authorization; or the PCRF sending the outer IP packet header to the BPCF when initiating a policy interconnection session establishment to the BPCF.
  • the H(e)NB PF or PCRF sending the outer IP packet header to the BPCF; the H(e)NB PF or PCRF sending the outer IP packet header to the BPCF when initiating a policy interconnection session establishment to the BPCF;
  • the BPCF sending the outer IP packet header to the BBF access network entity.
  • FIG. 6 is a flow diagram of a BPCF initiating an S9* session in a non-roaming scenario when a UE accesses a 3GPP core network through an untrusted BBF access network according to the example of the present document.
  • a PMIPv6 protocol is adopted between an ePDG and a P-GW.
  • step 601 after the UE accesses a BBF access system, an access authentication based on the 3GPP is executed, and the UE provides an International Mobile Subscriber Identity (IMSI) (used for the access authentication).
  • IMSI International Mobile Subscriber Identity
  • the UE obtains a local IP address from the BBF access network.
  • the address may be allocated by a Residential Gateway (RG) or a BNG.
  • step 603 after the triggering of step 601 or step 602 , the BPCF is informed of that the UE accesses the BBF access network.
  • step 604 the BPCF sends gateway control session establishment message including a user identifier to a PCRF.
  • the PCRF returns gateway control session establishment acknowledgement message to the BPCF.
  • the PCRF may be required to interact with an SPR to acquire a subscription user policy decision of a user.
  • step 606 after selecting the ePDG, the UE initiates an IKEv2 tunnel establishment process and performs an authentication using an Extensible Authentication Protocol (EAP). If NA(P)T exists between the UE and ePDG (e.g., the NA(P)T exists on the RG), an IKEv2 signaling will execute an NAT traversal.
  • EAP Extensible Authentication Protocol
  • the ePDG sends proxy binding update message to the P-GW, and the user identifier, a PDN identifier and outer IP packet header information are carried in the proxy binding update message.
  • the outer IP packet header information can be outer IP packet header information of the IPSec tunnel established between the UE and ePDG.
  • the outer IP packet header information of the IPSec tunnel at least includes a source address in the IKEv2 signaling sent by the UE and received by the ePDG (i.e.
  • the outer IP packet header information of the IPSec tunnel also may include a UDP source port number in the IKEv2 signaling sent by the UE and received by the ePDG (i.e. an IPSec source port number, with respect to the uplink direction of the UE, also called as a UDP source port number, the same as below), an address of the ePDG, a receiving port number of the ePDG (i.e. a UDP target port number, with respect to the uplink direction of the UE) and protocol types and so on.
  • a UDP source port number in the IKEv2 signaling sent by the UE and received by the ePDG i.e. an IPSec source port number, with respect to the uplink direction of the UE, also called as a UDP source port number, the same as below
  • an address of the ePDG i.e. a UDP target port number, with respect to the uplink direction of the UE
  • protocol types and so on i.e
  • the source address and source port number received by the ePDG may be different from the source address and source port number when the UE performs sending. If the IKEv2 signaling does not go through the NA(P)T traversal, the source address is the local address obtained when the UE accesses the BBF access network.
  • the source address in the IKEv2 signaling sent by the UE and received by the ePDG is a local IP address allocated by the BBF access network, and the address can uniquely identify the service data flows of the UE encapsulated with the IPSec tunnel, thus the outer IP packet header information at least contains the local IP address.
  • the source address in the IKEv2 signaling sent by the UE and received by the ePDG is a public network IP address after going through the NAT, but due to the 1:1 NAT, the address still can uniquely identify the service data flows of the UE encapsulated with the IPSec tunnel, thus the outer IP packet header information at least contains the source address in the IKEv2 signaling sent by the UE and received by the ePDG (i.e. the public network IP address after going through the NAT of the BBF access network, if the NAT is in the RG, the address is an address of the RG).
  • NAT i.e. NAPT
  • the NAPT will allocate the UDP source port number (with respect to the uplink direction of the UE) to the IPSec tunnel. Therefore, in order to uniquely identify the service data flows of the UE encapsulated with the IPSec tunnel, the outer IP packet header information at least contains the source address in the IKEv2 signaling sent by the UE and received by the ePDG (i.e.
  • the IP address of the UE after going through the NAT is also called as the local IP address. Therefore, the outer IP packet header information at least includes the local IP address of the UE. If the NA(P)T is detected between the UE and the ePDG, the outer IP packet header information also may include the IPSec UDP source port number. The outer IP packet header information also can include information such as the address of the ePDG, an IPSec UDP target port number (with respect to the uplink direction of the UE) and protocol types and so on.
  • the outer IP packet header information can be a packet filter, and the packet filter at least contains the local IP address of the UE. If the NA(P)T is detected between the UE and the ePDG, the packet filter also may contain the IPSec UDP source port number. The packet filter also can contain information such as the address of the ePDG, an IPSec UDP target port number (with respect to the uplink direction of the UE) and protocol types and so on.
  • the P-GW allocates an IP address to the UE, and a PCEF located in the P-GW sends IP-CAN session establishment indication message to the PCRF, and the user identifier, the PDN identifier, the IP address allocated to the UE and the outer IP packet header information are carried in the IP-CAN session establishment indication message.
  • the PCRF makes a judgment according to the user identifier and PDN identifier, and if no relevant user subscription data exists, an H-PCRF will interact with the SPR to acquire the subscription data.
  • the PCRF makes PCC rules according to the subscription data, network policies and access network attributes and so on, and returns acknowledgement message including the PCC rules to the PCEF.
  • the P-GW sends P-GW IP address update message to an AAA Server and sends an address of the P-GW to the AAA Server, and the AAA Server further interacts with an HSS and saves the address of the P-GW into the HSS.
  • step 611 the P-GW returns proxy binding acknowledgement message to the ePDG, and the IP address allocated to the UE is carried in the proxy binding acknowledgement message.
  • step 612 the proxy binding update is successful, and the IPSec tunnel is established between the UE and ePDG.
  • the ePDG sends a final IKEv2 signaling to the UE, wherein the IP address of the UE is included.
  • step 614 the PCRF provides the outer IP packet header information to the BPCF.
  • the BPCF provides the outer IP packet header information to a BBF access network entity (e.g. BNG/BRAS).
  • a BBF access network entity e.g. BNG/BRAS
  • step 616 the BBF access network entity (BNG/BRAS) returns acknowledgement message after saving outer IP packet headers.
  • BNG/BRAS BBF access network entity
  • step 617 the BPCF returns acknowledgement message to the PCRF.
  • the step 614 can be executed after step 609 .
  • a session is established between the PCRF and BPCF, and the BBF access network (BNG/BRAS) obtains the outer IP packet header information.
  • the PCRF firstly sends QoS information of the made PCC rules to the BPCF, so that the BBF access network executes the admission control. Then, the PCRF sends a PCC rule accepted by the BBF access network to the PCEF.
  • the PCEF performs DSCP marking on a header of an IP packet of downlink data of a corresponding data flow (called as an internal packet header) according to the PCC rule, when the IP packets of the service data flow reach the ePDG, the ePDG will perform IPSec encapsulation on the IP packet and perform DSCP replication.
  • the BBF access network entity firstly performs filtering according to the saved outer IP packet headers, and only when service data flows of the outer IP packet header information are matched, performs data scheduling according to DSCPs; with regard to the mismatched service data flows, the BBF access network entity performs processing according to the local policies (e.g., DSCPs with lower priorities are remarked).
  • the UE performs IPSec encapsulation and performs DSCP replication, when the data reach the BBF access network, the BBF access network entity firstly performs filtering according to the saved outer IP packet header information, and only when service data flows of the outer IP packet header information are matched, performs data scheduling according to DSCPs; with regard to the mismatched service data flows, the BBF access network entity performs processing according to the local policies (e.g., DSCPs with lower priorities are remarked).
  • the local policies e.g., DSCPs with lower priorities are remarked.
  • FIG. 7 is a flow diagram of a P-GW triggering a PCRF to initiate an S9* session in a non-roaming scenario when a UE accesses a 3GPP core network through an untrusted BBF access network according to the present document.
  • a PMIPv6 protocol is adopted between an ePDG and the P-GW.
  • step 701 after the UE accesses a BBF access system, the BBF access system allocates a local IP address to the UE.
  • the UE initiates an IKEv2 tunnel establishment process and performs authentication using an EAP.
  • the ePDG interacts with an AAA Server (the AAA Server further interacts with an HSS) to complete the EAP authentication.
  • the ePDG sends proxy binding update message to the P-GW, and a user identifier, a PDN identifier and outer IP packet header information are carried in the proxy binding update message.
  • the outer IP packet header information can be outer IP packet header information of the IPSec tunnel established between the UE and ePDG.
  • the outer IP packet header information of the IPSec tunnel at least includes a source address in an IKEv2 signaling sent by the UE and received by the ePDG (i.e.
  • the outer IP packet header information of the IPSec tunnel also may include a source port number in the IKEv2 signaling sent by the UE and received by the ePDG (i.e. an IPSec source port number, with respect to the uplink direction of the UE), an address of the ePDG, a UDP receiving port number of the ePDG (i.e. a UDP target port number, with respect to the uplink direction of the UE) and protocol types and so on.
  • the source address and source port number received by the ePDG may be different from the source address and source port number when the UE performs sending. If the IKEv2 signaling does not go through the NAT traversal, the source address is the local address obtained when the UE accesses the BBF access network.
  • the source address in the IKEv2 signaling sent by the UE and received by the ePDG is a local IP address allocated by the BBF access network, and the address can uniquely identify the service data flows of the UE encapsulated with the IPSec tunnel, thus the outer IP packet header information at least contains the local IP address.
  • the source address in the IKEv2 signaling sent by the UE and received by the ePDG is a public network IP address after going through the NAT, but due to the 1:1 NAT, the address still can uniquely identify the service data flows of the UE encapsulated with the IPSec tunnel, thus the outer IP packet header information at least contains the source address in the IKEv2 signaling sent by the UE and received by the ePDG (i.e. the public network IP address after going through the NAT of the BBF access network, if the NAT is in an RG, the address is an address of the RG).
  • NAT i.e. NAPT
  • the NAPT will allocate a UDP source port number (with respect to the uplink direction of the UE) to the IPSec tunnel. Therefore, in order to uniquely identify the service data flows of the UE encapsulated with the IPSec tunnel, the outer IP packet header information at least contains the source address in the IKEv2 signaling sent by the UE and received by the ePDG (i.e.
  • the IP address of the UE after going through the NAT is also called as the local IP address. Therefore, the outer IP packet header information at least includes the local IP address of the UE. If the NA(P)T is detected between the UE and the ePDG, the outer IP packet header information also may include the IPSec UDP source port number. The outer IP packet header information also can include information such as the address of the ePDG, an IPSec UDP target port number (with respect to the uplink direction of the UE) and protocol types and so on.
  • the outer IP packet header information can be a packet filter, and the packet filter at least contains the local IP address of the UE. If the NA(P)T is detected between the UE and the ePDG, the packet filter also may contain the IPSec UDP source port number. The packet filter also can contain information such as the address of the ePDG, an IPSec UDP target port number (with respect to the uplink direction of the UE) and protocol types and so on.
  • the P-GW allocates an IP address to the UE, and a PCEF located in the P-GW sends IP-CAN session establishment indication message to the PCRF, and the user identifier, the PDN identifier, the IP address allocated to the UE and the outer IP packet header information are carried in the IP-CAN session establishment indication message.
  • the PCRF makes a judgment according to the user identifier and PDN identifier, and if no relevant user subscription data exists, the PCRF will interact with an SPR to acquire the subscription data.
  • the PCRF makes PCC rules according to the subscription data, network policies and access network attributes and so on.
  • the PCRF returns acknowledgement message including the PCC rules to the PCEF.
  • the P-GW sends P-GW IP address update message to the AAA Server and sends an address of the P-GW to the AAA Server, and the AAA Server further interacts with the HSS and saves the address of the P-GW into the HSS.
  • step 706 the P-GW returns proxy binding acknowledgement message to the ePDG, and the IP address allocated to the UE is carried in the proxy binding acknowledgement message.
  • step 707 the proxy binding update is successful, and the IPSec tunnel is established between the UE and ePDG.
  • step 708 the ePDG sends a final IKEv2 signaling to the UE, wherein the IP address of the UE is included.
  • the PCRF determines a BPCF of the BBF access network which the UE accesses currently according to the outer IP packet header information, and sends gateway control session establishment message initiated by the PCRF to the BPCF, and the outer IP packet header information is included in the gateway control session establishment message.
  • the step 709 can be executed after step 703 .
  • the BPCF provides outer IP packet headers to a BBF access network entity (e.g. BNG/BRAS).
  • a BBF access network entity e.g. BNG/BRAS
  • step 711 the BBF access network entity returns acknowledgement message after saving the outer IP packet headers.
  • step 712 the BPCF returns acknowledgement message to the PCRF.
  • a session is established between the PCRF and BPCF, and the BBF access network entity (BNG/BRAS) obtains the outer IP packet header information. If the UE requires the network to allocate resources to the UE when the UE performs the service access, the PCRF firstly sends QoS information of the made PCC rules to the BPCF, so that the BBF access network executes the admission control. Then, the PCRF sends a PCC rule accepted by the BBF access network to the PCEF.
  • BNG/BRAS BBF access network entity
  • the PCEF performs DSCP marking on a header of a downlink IP packet of a corresponding data flow (called as an internal packet header) according to the PCC rule, when the IP packets of the service data flow reach the ePDG, the ePDG will perform IPSec encapsulation on the IP packet and perform DSCP replication.
  • the BBF access network entity firstly performs filtering according to the saved outer IP packet header information, and only when service data flows of the outer IP packet header information are matched, it performs data scheduling according to DSCPs; with regard to the mismatched service data flows, the BBF access network entity performs processing according to the local policies (e.g., DSCPs with lower priorities are remarked).
  • the UE performs IPSec encapsulation and performs DSCP replication, when the data reach the BBF access network, the BBF access network entity firstly performs filtering according to the saved outer IP packet header information, and only when service data flows of the outer IP packet header information are matched, it performs data scheduling according to DSCPs; with regard to the mismatched service data flows, the BBF access network entity performs processing according to the local policies (e.g., DSCPs with lower priorities are remarked).
  • the local policies e.g., DSCPs with lower priorities are remarked.
  • the example is also applied to roaming scenarios (including a home routing roaming scenario or a local breakout roaming scenario).
  • the ePDG will carry the outer IP packet header information in session establishment request message.
  • FIG. 8 is a flow diagram of a P-GW triggering a PCRF to initiate an S9* session in a non-roaming scenario when a UE accesses a 3GPP core network through an untrusted BBF access network according to the present document.
  • a PMIPv6 protocol is adopted between an ePDG and the P-GW.
  • step 801 after the UE accesses a BBF access system, the BBF access system allocates a local IP address to the UE.
  • the UE initiates an IKEv2 tunnel establishment process and performs an authentication using an EAP.
  • the ePDG interacts with an AAA Server (the AAA Server further interacts with an HSS) to complete the EAP authentication.
  • the ePDG sends gateway control session establishment message including outer IP packet header information to the PCRF.
  • the outer IP packet header information can be outer IP packet header information of the IPSec tunnel established between the UE and ePDG.
  • the outer IP packet header information of the IPSec tunnel at least includes a source address in a IKEv2 signaling sent by the UE and received by the ePDG (i.e. an IPSec source address, with respect to an uplink direction of the UE).
  • the outer IP packet header information of the IPSec tunnel also may include a source port number in the IKEv2 signaling sent by the UE and received by the ePDG (i.e. an IPSec source port number, with respect to the uplink direction of the UE), an address of the ePDG, a UDP receiving port number of the ePDG (i.e. a UDP target port number, with respect to the uplink direction of the UE) and protocol types and so on.
  • a source port number in the IKEv2 signaling sent by the UE and received by the ePDG i.e. an IPSec source port number, with respect to the uplink direction of the UE
  • an address of the ePDG i.e. a UDP receiving port number of the ePDG (i.e. a UDP target port number, with respect to the uplink direction of the UE) and protocol types and so on.
  • the source address and source port number received by the ePDG may be different from the source address and source port number when the UE performs sending. If the IKEv2 signaling does not go through the NAT traversal, the source address is a local address obtained when the UE accesses the BBF access network.
  • the source address in the IKEv2 signaling sent by the UE and received by the ePDG is a local IP address allocated by the BBF access network, and the address can uniquely identify the service data flows of the UE encapsulated with the IPSec tunnel, thus the outer IP packet header information at least contains the local IP address.
  • the source address in the IKEv2 signaling sent by the UE and received by the ePDG is a public network IP address after going through the NAT, but due to the 1:1 NAT, the address still can uniquely identify the service data flows of the UE encapsulated with the IPSec tunnel, thus the outer IP packet header information at least contains the source address in the IKEv2 signaling sent by the UE and received by the ePDG (i.e. the public network IP address after going through the NAT of the BBF access network, if the NAT is in an RG, the address is an address of the RG).
  • NAT i.e. NAPT
  • the NAPT will allocate a UDP source port number to the IPSec tunnel (with respect to the uplink direction of the UE). Therefore, in order to uniquely identify the service data flows of the UE encapsulated with the IPSec tunnel, the outer IP packet header information at least contains the source address in the IKEv2 signaling sent by the UE and received by the ePDG (i.e.
  • the IP address of the UE after going through the NAT is also called as the local IP address. Therefore, the outer IP packet header information at least includes the local IP address of the UE. If the NA(P)T is detected between the UE and the ePDG, the outer IP packet header information also may include the IPSec UDP source port number. The outer IP packet header information also can include information such as the address of the ePDG, an IPSec UDP target port number (with respect to the uplink direction of the UE) and protocol types and so on.
  • the outer IP packet header information can be a packet filter, and the packet filter at least contains the local IP address of the UE. If the NA(P)T is detected between the UE and the ePDG, the packet filter also may contain the IPSec UDP source port number. The packet filter also can contain information such as the address of the ePDG, the IPSec UDP target port number (with respect to the uplink direction of the UE) and protocol types and so on.
  • step 803 the PCRF returns acknowledgement message to the ePDG.
  • step 804 after selecting the P-GW, the ePDG sends proxy binding update message to the P-GW, and a user identifier, a PDN identifier and the outer IP packet header information are carried in the proxy binding update message.
  • the P-GW allocates an IP address to the UE, and a PCEF located in the P-GW sends IP-CAN session establishment indication message to the PCRF, and the user identifier, the PDN identifier and the IP address allocated to the UE are carried in the IP-CAN session establishment indication message.
  • the PCRF makes a judgment according to the user identifier and PDN identifier, and if no relevant user subscription data exists, an H-PCRF will interact with an SPR to acquire subscription information.
  • the PCRF makes PCC rules according to the subscription data, network policies and access network attributes and so on.
  • the PCRF returns acknowledgement message including the PCC rules to the PCEF.
  • the P-GW sends P-GW IP address update message to the AAA Server and sends an address of the P-GW to the AAA Server, and the AAA Server further interacts with the HSS and saves the address of the P-GW in the HSS.
  • step 808 the P-GW returns proxy binding acknowledgement message to the ePDG, and the IP address allocated to the UE is carried in the proxy binding acknowledgement message.
  • step 809 the proxy binding update is successful, and the IPSec tunnel is established between the UE and ePDG.
  • step 810 the ePDG sends a final IKEv2 signaling to the UE, wherein the IP address of the UE is included.
  • the PCRF determines a BPCF of the BBF access network which the UE accesses currently according to the outer IP packet header information, and sends the gateway control session establishment message initiated by the PCRF to the BPCF, and the outer IP packet header information is included in the gateway control session establishment message.
  • the step 811 also can be executed after step 802 .
  • the BPCF provides outer IP packet headers to a BBF access network entity (e.g. BNG/BRAS).
  • a BBF access network entity e.g. BNG/BRAS
  • step 813 the BBF access network entity returns acknowledgement message after saving the outer IP packet headers.
  • step 814 the BPCF returns acknowledgement message to the PCRF.
  • a session is established between the PCRF and BPCF, and the BBF access network (BNG/BRAS) obtains the outer IP packet header information. If the UE requires the network to allocate resources to the UE when the UE performs service access, the PCRF firstly sends QoS information of the made PCC rules to the BPCF, so that the BBF access network executes the admission control. Then, the PCRF sends a PCC rule accepted by the BBF access network to the PCEF.
  • the PCEF performs DSCP marking on a header of an IP packet of downlink data of a corresponding data flow (called as an internal packet header) according to the PCC rule, when the IP packets of the service data flow reach the ePDG, the ePDG will perform IPSec encapsulation on the IP packet and perform DSCP replication.
  • the BBF access network entity firstly performs filtering according to the saved outer IP packet header information, and only when service data flows of the outer IP packet header information are matched, it performs data scheduling according to DSCPs; with regard to the mismatched service data flows, the BBF access network entity performs processing according to the local policies (e.g., DSCPs with lower priorities are remarked).
  • the UE performs IPSec encapsulation and performs DSCP replication, when the data reach the BBF access network, the BBF access network entity firstly performs filtering according to the saved outer IP packet header information, and only when service data flows of the outer IP packet header information are matched, it performs data scheduling according to DSCPs; with regard to the mismatched service data flows, the BBF access network entity performs processing according to the local policies (e.g., DSCPs with lower priorities are remarked).
  • the local policies e.g., DSCPs with lower priorities are remarked.
  • the example is also applied to roaming scenarios (including a home routing roaming scenario or a local breakout roaming scenario).
  • the ePDG will carry the outer IP packet header information in session establishment request message.
  • the P-GW sends the outer IP packet header information (i.e. the outer IP packet header information of the IPSec tunnel) to the PCRF, the PCRF sends the outer IP packet header information to the BPCF, and then the BPCF sends the outer IP packet header information to the BBF access network entity.
  • the BBF access network entity performs matching on data packets according to the outer IP packet header information and further executes data packet scheduling according to the DSCPs.
  • the above outer IP packet header information at least contains the local IP address of the UE.
  • the IPSec UDP source port number (with respect to the uplink direction of the UE) also may be contained.
  • information such as an address of the P-GW, an IPSec UDP target port number (with respect to the uplink direction of the UE) and protocol types, etc. also can be included.
  • the P-GW sends outer IP packet header information (i.e. outer IP packet header information of a DSMIPv6 tunnel) to the PCRF, the PCRF sends the outer IP packet header information to the BPCF, and then the BPCF sends the outer IP packet header information to the BBF access network entity.
  • the BBF access network entity performs matching on the data packets according to the outer IP packet header information and further executes data packet scheduling according to the DSCPs.
  • the above outer IP packet header information at least contains the local IP address of the UE.
  • a UDP source port number of a DSMIPv6 binding update signaling (with respect to the uplink direction of the UE, the port number is a UDP port number allocated by the NAPT when the binding update signaling traverses the NAPT when the UE performs binding update) also may be contained.
  • information such as an address of the P-GW, a UDP target port number of the DSMIPv6 binding update signaling (with respect to the uplink direction of the UE) and protocol types, etc. also can be included.
  • the ePDG sends the outer IP packet header information (i.e. the outer IP packet header information of the IPSec tunnel) to the PCRF, the PCRF sends the outer IP packet header information to the BPCF, and then the BPCF sends the outer IP packet header information to the BBF access network entity.
  • the BBF access network entity performs matching on data packets according to the outer IP packet header information and further executes data packet scheduling according to the DSCPs.
  • the above outer IP packet header information at least contains the local IP address of the UE. If the NA(P)T is detected between the UE and the ePDG, the IPSec UDP source port number (with respect to the uplink direction of the UE) also can be contained. Information such as an address of the ePDG, an IPSec UDP target port number (with respect to the uplink direction of the UE) and protocol types, etc. also can be included.
  • FIG. 9 is a flow of a BBF access network entity obtaining outer IP packet headers during the process of a UE attaching to an EPS under the architecture shown in FIG. 3 .
  • step 901 after an HeNB is power-on, it obtains a Customer Premises Equipment (CPE) IP address (i.e. a local IP address) allocated by a BBF access network, and the HeNB uses the CPE IP address to perform IKEv2 signaling interaction with a SeGW and establishes an IPSec tunnel.
  • CPE Customer Premises Equipment
  • the SeGW allocates an HeNB IP address to the HeNB, which is used for the HeNB interacting with other 3GPP network elements; and the SeGW obtains outer IP packet header information.
  • all service data flows of the HeNB will be encapsulated with the IPSec tunnel between the HeNB and SeGW.
  • the outer IP packet header information can be outer IP packet header information of the IPSec tunnel established between the HeNB and SeGW.
  • the outer IP packet header information of the IPSec tunnel at least includes a source address in an IKEv2 signaling sent by the HeNB and received by the SeGW (i.e. an IPSec source address, with respect to an uplink direction of the HeNB).
  • the outer IP packet header information of the IPSec tunnel also may include a source port number in the IKEv2 signaling sent by the HeNB and received by the SeGW (i.e.
  • an IPSec source port number with respect to the uplink direction of the HeNB
  • an address of the SeGW i.e. a UDP receiving port number, with respect to the uplink direction of the HeNB
  • protocol types and so on i.e. a UDP target port number, with respect to the uplink direction of the HeNB
  • the source address and source port number received by the SeGW may be different from the source address and source port number when the HeNB performs sending. If the IKEv2 signaling does not go through the NA(P)T traversal, the source address is the local IP address obtained when the HeNB accesses the BBF access network.
  • the source address in the IKEv2 signaling sent by the HeNB and received by the SeGW is the local IP address allocated by the BBF access network, and the address can uniquely identify the service data flows of the HeNB encapsulated with the IPSec tunnel, thus the outer IP packet header information at least contains the local IP address.
  • the source address in the IKEv2 signaling sent by the HeNB and received by the SeGW is a public network IP address after going through the NAT, but due to the 1:1 NAT, the address still can uniquely identify the service data flows of the HeNB encapsulated with the IPSec tunnel, thus the outer IP packet header information at least contains the source address in the IKEv2 signaling sent by the HeNB and received by the SeGW (i.e. the public network IP address after going through the NAT of the BBF access network, if the NAT is in an RG, the address is an address of the RG).
  • NAT i.e. NAPT
  • the NAPT will allocate a UDP source port number (with respect to the uplink direction of the HeNB) to the IPSec tunnel. Therefore, in order to uniquely identify the service data flows of the UE encapsulated with the IPSec tunnel, the outer IP packet header information at least contains the source address in the IKEv2 signaling sent by the HeNB and received by the SeGW (i.e.
  • the IP address of the HeNB after going through the NAT is also called as the local IP address. Therefore, the outer IP packet header information at least includes the local IP address of the HeNB. If the NA(P)T is detected between the HeNB and SeGW, the outer IP packet header information also may include the IPSec UDP source port number. The outer IP packet header information also can include information such as the address of the SeGW, an IPSec UDP target port number (with respect to the uplink direction of the HeNB) and protocol types and so on.
  • the outer IP packet header information can be a packet filter, and the packet filter at least contains the local IP address of the HeNB. If the NA(P)T is detected between the HeNB and SeGW, the packet filter also may contain the IPSec UDP source port number. The packet filter also can contain information such as the address of the SeGW, the IPSec UDP target port number (with respect to the uplink direction of the HeNB) and protocol types and so on.
  • step 902 the UE sends attachment request message including a user identifier to the HeNB.
  • step 903 the HeNB sends the attachment request message including the user identifier to an MME.
  • the SeGW adds the outer IP packet header information obtained in step 901 into the message to be carried to the MME.
  • step 904 the MME sends a location update request including the user identifier to an HSS.
  • step 905 the HSS returns a location update response to the MME to return user subscription information.
  • the MME sends a session establishment request including the user identifier, a PDN identifier and the outer IP packet header information to an S-GW.
  • the S-GW sends the session establishment request including the user identifier, the PDN identifier and the outer IP packet header information to a P-GW.
  • the P-GW sends an IP-CAN session establishment indication including the user identifier, the PDN identifier and the outer IP packet header information to a PCRF.
  • the PCRF determines a BPCF of the BBF access network which the UE accesses currently according to the outer IP packet headers, and sends gateway control session establishment message initiated by the PCRF to the BPCF, and the outer IP packet header information is included in the gateway control session establishment message.
  • the BPCF provides the outer IP packet header information to a BBF access network entity (e.g. BNG/BRAS).
  • a BBF access network entity e.g. BNG/BRAS
  • step 911 the BBF access network entity returns acknowledgement message to the BPCF after saving the outer IP packet header information.
  • step 912 the BPCF returns response message to the PCRF.
  • step 913 the PCRF returns an IP-CAN session establishment acknowledgement to a PCEF.
  • step 914 the gateway P-GW in which the PCEF is located sends a session establishment response to the S-GW.
  • step 915 the S-GW returns the session establishment response to the MME.
  • step 916 an interaction is performed between the MME, HeNB and UE to establish a radio bearer.
  • step 917 the MME interacts with the S-GW to update the bearer.
  • a session is established between the PCRF and BPCF, and the BBF access network (BNG/BRAS) obtains the outer IP packet header information. If the UE requires the network to allocate resources to the UE when the UE performs service access, the PCRF firstly sends QoS information of the made PCC rules to the BPCF, so that the BBF access network executes the admission control. Then, the PCRF sends a PCC rule accepted by the BBF access network to the PCEF.
  • the PCEF performs DSCP marking on a header of an IP packet of downlink data of a corresponding data flow (called as an internal packet header) according to the PCC rule, when the IP packets of the service data flow reach the SeGW, the SeGW will perform IPSec encapsulation on the IP packet and perform DSCP replication.
  • the BBF access network entity firstly performs filtering according to the saved outer IP packet header information, and only when service data flows of the outer IP packet header information are matched, it performs data scheduling according to DSCPs; with regard to the mismatched service data flows, the BBF access network entity performs processing according to the local policies (e.g., DSCPs with lower priorities are remarked).
  • the HeNB performs IPSec encapsulation and performs DSCP replication, when the data reach the BBF access network, the BBF access network entity firstly performs filtering according to the saved outer IP packet header information, and only when service data flows of the outer IP packet header information are matched, it performs data scheduling according to DSCPs; with regard to the mismatched service data flows, the BBF access network entity performs processing according to the local policies (e.g., DSCPs with lower priorities are remarked).
  • the local policies e.g., DSCPs with lower priorities are remarked.
  • the flow of the BBF access network entity obtaining the outer IP packet header information is similar to this.
  • the outer IP packet header information can be outer IP packet header information of an IPSec tunnel established between the FMB and SeGW.
  • the outer IP packet header information of the IPSec tunnel at least includes a source address in an IKEv2 signaling sent by the HNB and received by the SeGW (i.e. an IPSec source address, with respect to the uplink direction of the HNB).
  • the outer IP packet header information of the IPSec tunnel also may include a source port number in the IKEv2 signaling sent by the FMB and received by the SeGW (i.e. an IPSec source port number, with respect to the uplink direction of the HNB) if the NA(P)T is detected between the HNB and SeGW.
  • a source port number in the IKEv2 signaling sent by the FMB and received by the SeGW i.e. an IPSec source port number, with respect to the uplink direction of the HNB
  • NA(P)T if the NA(P)T is detected between the HNB and SeGW.
  • an address of the SeGW a UDP receiving port number of the SeGW (i.e. a UDP target port number, with respect to the uplink direction of the HNB) and protocol types, etc.
  • the outer IP packet header information also can be implemented in a form of the packet filter.
  • step 901 the SeGW sends the outer IP packet header information to the HeNB
  • step 902 the HeNB sends the outer IP packet header information to the MME, and other steps are unchanged.
  • FIG. 10 is a flow of a BBF access network entity obtaining outer IP packet headers after an H(e)NB is power-on under the architecture of FIG. 4 .
  • step 1001 after the H(e)NB is power-on, it obtains a CPE IP address (i.e. a local IP address) allocated by a BBF access network, and the H(e)NB uses the CPE IP address to perform IKEv2 signaling interaction with a SeGW and establishes an IPSec tunnel.
  • the SeGW allocates an H(e)NB IP address to the H(e)NB which is used for the H(e)NB interacting with other 3GPP network elements.
  • the SeGW informs an H(e)NB PF of an association relationship between the CPE IP address and H(e)NB IP address, wherein outer IP packet header information is carried.
  • the outer IP packet header information can be outer IP packet header information of the IPSec tunnel established between the H(e)NB and SeGW.
  • the outer IP packet header information of the IPSec tunnel at least includes a source address in an IKEv2 signaling sent by the H(e)NB and received by the SeGW (i.e.
  • the outer IP packet header information of the IPSec tunnel also may include a source port number in the IKEv2 signaling sent by the H(e)NB and received by the SeGW (i.e. an IPSec source port number, with respect to the uplink direction of the H(e)NB), an address of the SeGW, a UDP receiving port number of the SeGW (i.e. a UDP target port number, with respect to the uplink direction of the H(e)NB) and protocol types and so on.
  • the source address and source port number received by the SeGW may be different from the source address and source port number when the H(e)NB performs sending. If the IKEv2 signaling does not go through the NAT traversal, the source address is the CPE IP address obtained when the H(e)NB accesses the BBF access network.
  • the source address in the IKEv2 signaling sent by the H(e)NB and received by the SeGW is the local IP address allocated by the BBF access network, and the address can uniquely identify the service data flows of the H(e)NB encapsulated with the IPSec tunnel, thus the outer IP packet header information at least contains the local IP address.
  • the source address in the IKEv2 signaling sent by the H(e)NB and received by the SeGW is a public network IP address after going through the NAT, but due to the 1:1 NAT, the address still can uniquely identify the service data flows of the H(e)NB encapsulated with the IPSec tunnel, thus the outer IP packet header information at least contains the source address in the IKEv2 signaling sent by the H(e)NB and received by the SeGW (i.e. the public network IP address after going through the NAT of the BBF access network, if the NAT is in an RG, the address is an address of the RG).
  • NAT i.e. NAPT
  • the NAPT will allocate a UDP source port number (with respect to the uplink direction of the H(e)NB) to the IPSec tunnel. Therefore, in order to uniquely identify the service data flows of the UE encapsulated with the IPSec tunnel, the outer IP packet header information at least contains the source address in the IKEv2 signaling sent by the H(e)NB and received by the SeGW (i.e.
  • the IP address of the H(e)NB after going through the NAT is also called as the local IP address. Therefore, the outer IP packet header information at least includes the local IP address of the H(e)NB. If the NA(P)T is detected between the H(e)NB and SeGW, the outer IP packet header information also may include the IPSec UDP source port number. The outer IP packet header information also can include information such as the address of the SeGW, an IPSec UDP target port number (with respect to the uplink direction of the H(e)NB) and protocol types and so on.
  • the outer IP packet header information can be a packet filter, and the packet filter at least contains the local IP address of the H(e)NB. If the NA(P)T is detected between the H(e)NB and SeGW, the packet filter also may contain the IPSec UDP source port number. The packet filter also can contain information such as the address of the SeGW, the IPSec UDP target port number (with respect to the uplink direction of the H(e)NB) and protocol types and so on.
  • step 1003 the H(e)NB PF returns acceptance message after saving the association relationship.
  • step 1004 an S1 connection or an Iuh connection is established between the H(e)NB and an H(e)NB GW or between the H(e)NB and an MME.
  • a T2 session is established between the H(e)NB GW and H(e)NB PF or between the MME and H(e)NB PF, wherein a CSG ID and the H(e)NB IP address are carried.
  • H(e)NB PF associates the T2 session with the step 1002 according to the H(e)NB IP address, thereby obtaining the CPE IP address of the H(e)NB, and the H(e)NB PF determines a BPCF of the BBF access network which the H(e)NB accesses according to the CPE IP address.
  • the H(e)NB PF establishes an S9* session to the BPCF, wherein the CPE IP address and the outer IP packet header information are carried.
  • the BPCF provides the outer IP packet header information to a BBF access network entity (e.g. BNG/BRAS).
  • a BBF access network entity e.g. BNG/BRAS
  • step 1008 the BBF access network entity returns acknowledgement message to the BPCF after saving the outer IP packet header information.
  • step 1009 the BPCF returns response message to the H(e)NB PF.
  • step 1010 the H(e)NB PF returns the response message to the H(e)NB GW or MME.
  • a session is established between the H(e)NB PF and BPCF, and the BBF access network (BNG/BRAS) obtains the outer IP packet header information. If the UE requires the network to allocate resources to the UE when the UE performs service access, the PCRF firstly sends QoS information of the made PCC rules to the BPCF, so that the BBF access network executes the admission control. Then, the PCRF sends a PCC rule accepted by the BBF access network to the PCEF.
  • the PCEF performs DSCP marking on a header of an IP packet of downlink data of a corresponding data flow (called as an internal packet header) according to the PCC rule, when the IP packets of the service data flow reach the SeGW, the SeGW will perform IPSec encapsulation on the IP packet and perform DSCP replication.
  • the BBF access network entity firstly performs filtering according to the saved outer IP packet header information, and only when service data flows of the outer IP packet header information are matched, it performs data scheduling according to DSCPs; with regard to the mismatched service data flows, the BBF access network entity performs processing according to the local policies (e.g., DSCPs with lower priorities are remarked).
  • the H(e)NB performs IPSec encapsulation and performs DSCP replication, when the data reach the BBF access network, the BBF access network entity firstly performs filtering according to the saved outer IP packet headers, and only when service data flows of the outer IP packet header information are matched, it performs data scheduling according to DSCPs; with regard to the mismatched service data flows, the BBF access network entity performs processing according to the local policies (e.g., DSCPs with lower priorities are remarked).
  • the local policies e.g., DSCPs with lower priorities are remarked.
  • step 1001 the SeGW sends the outer IP packet header information to the H(e)NB, step 1002 and step 1003 are not executed, in step 1004 , the H(e)NB sends the outer IP packet header information to the H(e)NB PF, and other steps are unchanged.
  • FIG. 11 is a flow of a BBF access network entity obtaining outer IP packet headers after an H(e)NB is power-on under the architecture of FIG. 5 .
  • step 1101 after the H(e)NB is power-on, it obtains a Customer Premises Equipment (CPE) IP address (i.e. a local IP address) allocated by a BBF access network, and the H(e)NB uses the CPE IP address to perform IKEv2 signaling interaction with a SeGW and establishes an IPSec tunnel.
  • CPE Customer Premises Equipment
  • the SeGW allocates an H(e)NB IP address to the H(e)NB which is used for the H(e)NB interacting with other 3GPP network elements.
  • the SeGW informs an H(e)NB PF of an association relationship between the CPE IP address and H(e)NB IP address, wherein outer IP packet header information is carried.
  • the outer IP packet header information can be outer IP packet header information of the IPSec tunnel established between the H(e)NB and SeGW.
  • the outer IP packet header information of the IPSec tunnel at least includes a source address in an IKEv2 signaling sent by the H(e)NB and received by the SeGW (i.e.
  • the outer IP packet header information of the IPSec tunnel also may include a source port number in the IKEv2 signaling sent by the H(e)NB and received by the SeGW (i.e. an IPSec source port number, with respect to the uplink direction of the H(e)NB), an address of the SeGW, a UDP receiving port number of the SeGW (i.e. a UDP target port number, with respect to the uplink direction of the H(e)NB) and protocol types and so on.
  • the source address and source port number received by the SeGW may be different from the source address and source port number when the UE performs sending. If the IKEv2 signaling does not go through the NAT traversal, the source address is a CPE IP address obtained when the UE accesses the BBF access network.
  • the source address in the IKEv2 signaling sent by the H(e)NB and received by the SeGW is the local IP address allocated by the BBF access network, and the address can uniquely identify the service data flows of the H(e)NB encapsulated with the IPSec tunnel, thus the outer IP packet header information at least contains the local IP address.
  • the source address in the IKEv2 signaling sent by the H(e)NB and received by the SeGW is a public network IP address after going through the NAT, but due to the 1:1 NAT, the address still can uniquely identify the service data flows of the H(e)NB encapsulated with the IPSec tunnel, thus the outer IP packet header information at least contains the source address in the IKEv2 signaling sent by the H(e)NB and received by the SeGW (i.e. the public network IP address after going through the NAT of the BBF access network, if the NAT is in an RG, the address is an address of the RG).
  • NAT i.e. NAPT
  • the NAPT will allocate a UDP source port number (with respect to the uplink direction of the H(e)NB) to the IPSec tunnel. Therefore, in order to uniquely identify the service data flows of the UE encapsulated with the IPSec tunnel, the outer IP packet header information at least contains the source address in the IKEv2 signaling sent by the H(e)NB and received by the SeGW (i.e.
  • the IP address of the H(e)NB after going through the NAT is also called as the local IP address. Therefore, the outer IP packet header information at least includes the local IP address of the H(e)NB. If the NA(P)T is detected between the H(e)NB and SeGW, the outer IP packet header information also may include the IPSec UDP source port number. The outer IP packet header information also can include information such as the address of the SeGW, an IPSec UDP target port number (with respect to the uplink direction of the H(e)NB) and protocol types and so on.
  • the outer IP packet header information can be a packet filter, and the packet filter at least contains the local IP address of the H(e)NB. If the NA(P)T is detected between the H(e)NB and SeGW, the packet filter also may contain the IPSec UDP source port number. The packet filter also can contain information such as the address of the SeGW, the IPSec UDP target port number (with respect to the uplink direction of the H(e)NB) and protocol types and so on.
  • step 1103 the H(e)NB PF returns acceptance message after saving the association relationship.
  • step 1104 an S1 connection or an Iuh connection is established between the H(e)NB and an H(e)NB GW or between the H(e)NB and an MME.
  • a T2 session is established between the H(e)NB and H(e)NB PF, wherein a CSG ID and the H(e)NB IP address are carried.
  • H(e)NB PF associates the T2 session with the step 1102 according to the H(e)NB IP address, thereby obtaining the CPE IP address of the H(e)NB, and the H(e)NB PF determines a BPCF of the BBF access network which the H(e)NB accesses according to the CPE IP address.
  • the H(e)NB PF establishes an S9* session to the BPCF, wherein the CPE IP address and the outer IP packet header information are carried.
  • the BPCF provides the outer IP packet header information to a BBF access network entity (e.g. BNG/BRAS).
  • a BBF access network entity e.g. BNG/BRAS
  • step 1108 the BBF access network entity returns acknowledgement message to the BPCF after saving the outer IP packet header information.
  • step 1109 the BPCF returns response message to the H(e)NB PF.
  • step 1110 the H(e)NB PF returns the response message to the H(e)NB.
  • a session is established between the H(e)NB PF and BPCF, and the BBF access network (BNG/BRAS) obtains the outer IP packet header information. If the UE requires the network to allocate resources to the UE when the UE performs service access, the PCRF firstly sends QoS information of the made PCC rules to the BPCF, so that the BBF access network executes the admission control. Then, the PCRF sends a PCC rule accepted by the BBF access network to the PCEF.
  • the PCEF performs DSCP marking on a header of an IP packet of downlink data of a corresponding data flow (called as an internal packet header) according to the PCC rule, when the IP packets of the service data flow reach the SeGW, the SeGW will perform IPSec encapsulation on the IP packet and perform DSCP replication.
  • the BBF access network entity firstly performs filtering according to the saved outer IP packet header information, and only when service data flows of the outer IP packet header information are matched, it performs data scheduling according to DSCPs; with regard to the mismatched service data flows, the BBF access network entity performs processing according to the local policies (e.g., DSCPs with lower priorities are remarked).
  • the UE performs IPSec encapsulation and performs DSCP replication, when the data reach the BBF access network, the BBF access network entity firstly performs filtering according to the saved outer IP packet header information, and only when service data flows of the outer IP packet header information are matched, it performs data scheduling according to DSCPs; with regard to the mismatched service data flows, the BBF access network entity performs processing according to the local policies (e.g., DSCPs with lower priorities are remarked).
  • the local policies e.g., DSCPs with lower priorities are remarked.
  • step 1101 the SeGW sends the outer IP packet header information to the H(e)NB, step 1102 and step 1103 are not executed, in step 1104 , the H(e)NB sends the outer IP packet header information to the H(e)NB PF, and other steps are unchanged.
  • the BBF access network entity when the BBF access network entity performs matching on IP packets according to the outer IP packet header information, if no IP packet is matched, only when a network congestion occurs, it performs data scheduling according to the local policies, and if resources are still sufficient currently, it still performs dispatching according to the DSCPs.
  • the present document also provides a policy control system, which includes: a 3GPP network entity and a Broadband Forum (BBF) access network entity, wherein:
  • BBF Broadband Forum
  • the 3GPP network entity is configured to: send outer IP packet header information to the BBF access network entity;
  • the BBF access network entity is configured to: schedule a data packet matching the outer IP packet header information according to a Differentiated Services Code Point (DSCP) of the data packet.
  • DSCP Differentiated Services Code Point
  • the BBF access network entity is further configured to: schedule a data packet mismatching the outer IP packet header information according to a local policy.
  • the system also includes a Broadband Policy Control Framework (BPCF), and the 3GPP network entity includes an Evolved Packet Data Gateway (ePDG) and a Policy and Charging Rules Function (PCRF), wherein:
  • BPCF Broadband Policy Control Framework
  • ePDG Evolved Packet Data Gateway
  • PCRF Policy and Charging Rules Function
  • the ePDG is configured to send the outer IP packet header information to a Packet Data Network Gateway (P-GW), and the P-GW sends the outer IP packet header information to the Policy and Charging Rules Function (PCRF); or the ePDG directly sends the outer IP packet header information to the PCRF.
  • P-GW Packet Data Network Gateway
  • PCRF Policy and Charging Rules Function
  • the PCRF is configured to: send the outer IP packet header information to the BPCF;
  • the BPCF is configured to: send the outer IP packet header information to the BBF access network entity.
  • the 3GPP network entity includes a P-GW and a PCRF:
  • the P-GW is configured to: send the outer IP packet header information to the PCRF;
  • the PCRF is configured to: send the outer IP packet header information to the BPCF or the BBF access network entity;
  • the BPCF is configured to: send the outer IP packet header information to the BBF access network entity.
  • the PCRF is configured to send the outer IP packet header information to the BPCF or the BBF access network entity by the following way: when performing quality of service authorization, sending the outer IP packet header information to the BPCF or the BBF access network entity; or, when initiating a policy interconnection session establishment to the BPCF or the BBF access network entity, sending the outer IP packet header information to the BPCF or the BBF access network entity.
  • the system also includes a Broadband Policy Control Framework (BPCF), and the 3GPP network entity includes a security gateway and an H(e)NB policy function, or includes a security gateway and a PCRF, wherein:
  • BPCF Broadband Policy Control Framework
  • the security gateway is configured to: send the outer IP packet header information to the H(e)NB policy function;
  • the H(e)NB policy function is configured to: send the outer IP packet header information to the BPCF;
  • the BPCF is configured to: send the outer IP packet header information to the BBF access network entity.
  • the security gateway is configured to: send the outer IP packet header information to the PCRF;
  • the PCRF is configured to: send the outer IP packet header information to the BPCF or the BBF access network entity;
  • the BPCF is configured to: send the outer IP packet header information to the BBF access network entity.
  • the H(e)NB policy function or the PCRF is configured to send the outer IP packet header information to the BPCF or the BBF access network entity by the following way: when initiating a policy interconnection session establishment to the BPCF or the BBF access network entity, sending the outer IP packet header information to the BPCF or the BBF access network entity.
  • the outer IP packet header information is outer IP packet header information of an IPSec tunnel.
  • the IPSec tunnel is an IPSec tunnel between the user equipment and ePDG, or between the user equipment and P-GW, or between the H(e)NB and security gateway.
  • the BBF access network saves outer IP packet headers, when the data reach the BBF access network, the BBF access network entity firstly performs filtering according to the saved outer IP packet headers, and only when service data flows of the outer IP packet headers are matched, it performs data scheduling according to DSCPs; with regard to the mismatched service data flows, the BBF access network entity performs processing according to the local policies (e.g., DSCPs with lower priorities are remarked).
  • the local policies e.g., DSCPs with lower priorities are remarked.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Quality & Reliability (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
US13/978,732 2011-01-14 2011-11-04 Policy control method and system Active 2032-07-21 US9271220B2 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN201110008179.1A CN102595508B (zh) 2011-01-14 2011-01-14 一种策略控制方法及系统
CN201110008179 2011-01-14
CN201110008179.1 2011-01-14
PCT/CN2011/081824 WO2012094919A1 (zh) 2011-01-14 2011-11-04 一种策略控制方法及系统

Publications (2)

Publication Number Publication Date
US20130308450A1 US20130308450A1 (en) 2013-11-21
US9271220B2 true US9271220B2 (en) 2016-02-23

Family

ID=46483607

Family Applications (1)

Application Number Title Priority Date Filing Date
US13/978,732 Active 2032-07-21 US9271220B2 (en) 2011-01-14 2011-11-04 Policy control method and system

Country Status (5)

Country Link
US (1) US9271220B2 (de)
EP (1) EP2651080B1 (de)
CN (1) CN102595508B (de)
ES (1) ES2617478T3 (de)
WO (1) WO2012094919A1 (de)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210185681A1 (en) * 2013-10-30 2021-06-17 Interdigital Patent Holdings, Inc. Systems and methods for handling priority services congestion

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101127766B (zh) * 2007-09-24 2010-06-09 中兴通讯股份有限公司 基于sip协议的消息处理方法、装置及ip通信系统
US8942088B2 (en) * 2011-10-07 2015-01-27 Telefonaktiebolaget L M Ericsson (Publ) BNG to PCRF mediation entity for BBF and 3GPP access interworking
EP2789205A2 (de) * 2011-12-08 2014-10-15 Interdigital Patent Holdings, Inc. Verfahren und vorrichtung für at-richtlinienverwaltung für direkte kommunikation zwischen drahtlosen sende-/empfangseinheiten (wtru)
CN103369498B (zh) * 2012-03-31 2016-08-31 上海贝尔股份有限公司 在无线接入设备和用户设备中管理数据承载的方法
US9900218B2 (en) * 2012-05-31 2018-02-20 Telefonaktiebolaget L M Ericsson (Publ) Method, user terminal, and policy and charging network entity for classifying packets
CN103918229B (zh) * 2012-08-15 2017-10-17 华为技术有限公司 一种dscp的标记处理方法、系统及策略实体
CN103906146B (zh) * 2012-12-27 2018-08-03 南京中兴新软件有限责任公司 一种WLAN和分组核心网之间的QoS对齐的方法
PL2887594T3 (pl) 2013-12-19 2020-07-13 Alcatel Lucent Sterowanie przeciążeniem dla dostępu zaufanej WLAN do EPC
US20150289162A1 (en) * 2014-04-06 2015-10-08 Saguna Networks Ltd. Methods circuits devices systems and associated computer executable code for implementing cell congestion detection in a mobile network
CN106921588B (zh) * 2015-12-28 2020-06-09 华为技术有限公司 一种流量控制方法、装置及设备
CN108377570B (zh) * 2016-10-31 2020-07-24 中国电信股份有限公司 业务数据路由方法和系统以及相关设备
CN109818917B (zh) * 2017-11-21 2021-10-26 华为技术有限公司 一种通信方法及其装置
CN108521397B (zh) * 2018-02-09 2021-02-12 华为技术有限公司 一种访问资源服务的方法及系统
US20220014903A1 (en) * 2020-07-08 2022-01-13 Nokia Technologies Oy Retrieving a core network or access network assigned user equipment identifier

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1466340A (zh) 2002-06-24 2004-01-07 �人��������������ι�˾ 以策略流方式转发数据的方法和数据转发设备
CN1536900A (zh) 2003-04-11 2004-10-13 华为技术有限公司 无线接入网中的业务优先级的传输方法
CN101026625A (zh) 2007-01-24 2007-08-29 华为技术有限公司 一种保证服务质量的方法、系统、宽带接入终端和网络设备
US20080165679A1 (en) * 2007-01-10 2008-07-10 Ipwireless, Inc. Method to mitigate fraudulent usage of QoS from mobile terminals using uplink packet marking
US20080310303A1 (en) * 2007-06-13 2008-12-18 Qualcomm Incorporated Quality of service information configuration
US20090003383A1 (en) * 2004-09-21 2009-01-01 Koji Watanabe Node Device, Packet Control Device, Radio Communication Device, and Transmission Control Method
US20110243097A1 (en) * 2008-12-10 2011-10-06 Thomas Lindqvist Interface Setup for Communications Network with Femtocells
US20120210003A1 (en) * 2009-08-20 2012-08-16 Telefonaktiebolaget Lm Ericsson (Publ) Fair Usage Enforcement in Roaming Packet Based Access
US20120220330A1 (en) * 2010-12-09 2012-08-30 Allot Communications Ltd. Device, system and method of traffic detection
US20120265888A1 (en) * 2010-01-05 2012-10-18 Dinand Roeland Method and apparatus for gateway session establishment
US20130067082A1 (en) * 2011-09-14 2013-03-14 Verizon Patent And Licensing Inc. Inter-policy server communication via a policy broker
US20130166905A1 (en) * 2010-08-25 2013-06-27 Telefonaktiebolaget L M Ericsson (Publ) Methods and arrangements for secure communication over an ip network
US8775352B2 (en) * 2010-03-01 2014-07-08 At&T Intellectual Property I, L.P. Methods and apparatus to model end-to-end class of service policies in networks
US20150011182A1 (en) * 2010-12-09 2015-01-08 Alla Goldner System, device, and method of cellular traffic monitoring
US20150124616A1 (en) * 2013-11-05 2015-05-07 Hughes Network Systems, Llc Method and system for satellite backhaul offload for terrestrial mobile communications systems

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100377545C (zh) * 2004-03-13 2008-03-26 鸿富锦精密工业(深圳)有限公司 网络品质服务系统及方法
CN100448227C (zh) * 2005-08-30 2008-12-31 杭州华三通信技术有限公司 业务流的识别方法
CN101931898B (zh) * 2009-06-26 2014-03-05 华为技术有限公司 用户面数据的传输方法、装置及系统

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1466340A (zh) 2002-06-24 2004-01-07 �人��������������ι�˾ 以策略流方式转发数据的方法和数据转发设备
CN1536900A (zh) 2003-04-11 2004-10-13 华为技术有限公司 无线接入网中的业务优先级的传输方法
US20090003383A1 (en) * 2004-09-21 2009-01-01 Koji Watanabe Node Device, Packet Control Device, Radio Communication Device, and Transmission Control Method
US20080165679A1 (en) * 2007-01-10 2008-07-10 Ipwireless, Inc. Method to mitigate fraudulent usage of QoS from mobile terminals using uplink packet marking
CN101026625A (zh) 2007-01-24 2007-08-29 华为技术有限公司 一种保证服务质量的方法、系统、宽带接入终端和网络设备
US20080310303A1 (en) * 2007-06-13 2008-12-18 Qualcomm Incorporated Quality of service information configuration
US20110243097A1 (en) * 2008-12-10 2011-10-06 Thomas Lindqvist Interface Setup for Communications Network with Femtocells
US20120210003A1 (en) * 2009-08-20 2012-08-16 Telefonaktiebolaget Lm Ericsson (Publ) Fair Usage Enforcement in Roaming Packet Based Access
US20120265888A1 (en) * 2010-01-05 2012-10-18 Dinand Roeland Method and apparatus for gateway session establishment
US8775352B2 (en) * 2010-03-01 2014-07-08 At&T Intellectual Property I, L.P. Methods and apparatus to model end-to-end class of service policies in networks
US20130166905A1 (en) * 2010-08-25 2013-06-27 Telefonaktiebolaget L M Ericsson (Publ) Methods and arrangements for secure communication over an ip network
US20120220330A1 (en) * 2010-12-09 2012-08-30 Allot Communications Ltd. Device, system and method of traffic detection
US20150011182A1 (en) * 2010-12-09 2015-01-08 Alla Goldner System, device, and method of cellular traffic monitoring
US20130067082A1 (en) * 2011-09-14 2013-03-14 Verizon Patent And Licensing Inc. Inter-policy server communication via a policy broker
US20150124616A1 (en) * 2013-11-05 2015-05-07 Hughes Network Systems, Llc Method and system for satellite backhaul offload for terrestrial mobile communications systems

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Policy and charging control architecture (Release 11); 3GPP TS 23203 V11.0.1 (Jan. 2011).
3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Study on Support of BBF Access Interworking,(Release 11); 3GPP TR 23.839 V0.4.0 (Nov. 2010).
Discussion on an alternative architecture for BBF interworking via WLAN access; 3GPP TSG SA Meeting #80; Aug. 30-Sep. 3, 2010. Brunstad (Norway).
International Search Report for PCT/CN2011/081824 dated Dec. 27, 2011.
Procedures for PCRF initiated S9* session establishment and procedures for WLAN as untrusted access interworking : attach, detach, handover; 3GPP TSG SA WG2 Meeting #80,30 Aug.-Sep. 3, 2010,Brunstad, Norway; ZTE.

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210185681A1 (en) * 2013-10-30 2021-06-17 Interdigital Patent Holdings, Inc. Systems and methods for handling priority services congestion
US11792830B2 (en) * 2013-10-30 2023-10-17 Interdigital Patent Holdings, Inc. Systems and methods for handling priority services congestion

Also Published As

Publication number Publication date
EP2651080B1 (de) 2016-12-21
US20130308450A1 (en) 2013-11-21
EP2651080A4 (de) 2015-03-25
EP2651080A1 (de) 2013-10-16
ES2617478T3 (es) 2017-06-19
CN102595508B (zh) 2016-09-28
WO2012094919A1 (zh) 2012-07-19
CN102595508A (zh) 2012-07-18

Similar Documents

Publication Publication Date Title
US9271220B2 (en) Policy control method and system
US8849273B2 (en) Method and system for reporting fixed network access information
WO2013064070A1 (zh) 一种实现反射QoS机制的方法、系统和PCRF
EP2592852B1 (de) Verfahren mit richtlinien und aufladungsregeln für eine zentralisierte einsatzfunktionsarchitektur für informationen über den zugriff auf eine benutzervorrichtung
EP2597908B1 (de) Richtliniensteuerungsverfahren und -system für ein festes breitbandzugangsnetzwerk
EP2689567A1 (de) Netzwerkknoten und verfahren zur steuerung des routens oder umgehens von eingesetzten verkehrsdetektionsfunktionsknoten
US20140016629A1 (en) System, policy nodes, and methods to perform policy provisioning of traffic offloaded at a fixed broadband network
US9544832B2 (en) Method, apparatus and system for policy control
CN103209410A (zh) 一种实现反射QoS机制的方法及系统
US9854555B2 (en) Method and system for notifying access network location information
US9369292B2 (en) Information transmission method, packet data gateway, and policy and charging rules function
US9609028B2 (en) Method, apparatus and system for establishing session
WO2014048191A1 (zh) 一种选择vplmn的方法、系统及分组数据网络网关
Ahmed et al. Inter-system mobility in evolved packet system (EPS): Connecting non-3GPP accesses
WO2012174977A1 (zh) 业务数据流处理方法及装置
WO2012100606A1 (zh) 一种资源管理方法和系统
Kim et al. Enhanced 3GPP system for interworking with fixed broadband access network
WO2012022221A1 (zh) 一种触发固网移动融合策略协商的方法及系统
US20130145038A1 (en) Method and system for establishing session
WO2013020451A1 (zh) 一种建立会话的方法及系统

Legal Events

Date Code Title Description
AS Assignment

Owner name: ZTE CORPORATION, CHINA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:ZHOU, XIAOYUN;ZONG, ZAIFENG;BI, YIFENG;REEL/FRAME:030764/0666

Effective date: 20130402

STCF Information on status: patent grant

Free format text: PATENTED CASE

AS Assignment

Owner name: XI'AN ZHONGXING NEW SOFTWARE CO., LTD., CHINA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:ZTE CORPORATION;REEL/FRAME:040017/0584

Effective date: 20160905

FEPP Fee payment procedure

Free format text: SURCHARGE FOR LATE PAYMENT, LARGE ENTITY (ORIGINAL EVENT CODE: M1554); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8