WO2008040212A1 - A method, system and device for network access - Google Patents

A method, system and device for network access Download PDF

Info

Publication number
WO2008040212A1
WO2008040212A1 PCT/CN2007/070658 CN2007070658W WO2008040212A1 WO 2008040212 A1 WO2008040212 A1 WO 2008040212A1 CN 2007070658 W CN2007070658 W CN 2007070658W WO 2008040212 A1 WO2008040212 A1 WO 2008040212A1
Authority
WO
WIPO (PCT)
Prior art keywords
function entity
user
address
distribution
nass
Prior art date
Application number
PCT/CN2007/070658
Other languages
French (fr)
Chinese (zh)
Inventor
Weilong Ouyang
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2008040212A1 publication Critical patent/WO2008040212A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities

Definitions

  • the present invention relates to access technologies, and more particularly to a method, system and device for implementing network access. Background of the invention
  • FIG. 1 is a schematic diagram of a prior art TISPAN QoS architecture.
  • a transport control layer that is, a resource admission subsystem (RACS)
  • AF service layer
  • RACS transport layer
  • the RACS is composed of a Service Policy Decision Function Entity (SPDF) and an Access Network Resource Admission Control Function Entity (A-RACF), where the SPDF is used to manage the access network and the core according to the resource and policy control request of the service delivered by the AF.
  • Network resource and policy control; A-RACF is used for resource admission control and policy deployment of the access network according to the user's profile.
  • the AF is used to request network resources and policy control according to the user's service request, and to provide services for the user.
  • the AF finds the A-RACF through the SPDF, thereby implementing control of the access network resources, such as resource application and release, and QoS policy. Deployment, etc.
  • the AF requests the user to use the resource and control policy of the service through the Gq' interface, and the RACS sends the resource request and control policy to the edge node (IP Edge) of the corresponding access network and the core border node device (Core Border Node). Perform resource allocation and policy enforcement.
  • IP Edge edge node
  • Core Border Node core border node
  • the IP Edge is connected to the IP transport network; the Network Connection Management Subsystem (NASS) has only data and control interfaces with the IP Edge, and is used for authentication, authorization, and address assignment of users on the access network, and through the e4 interface.
  • the RACS notifies the user of the user information such as the attribute and the user IP address.
  • the IP Edge includes a Layer 2 Transport Termination Function (L2TF) entity and a Resource Control Execution Function Entity (RCEF), where the L2TF is used to terminate the Layer 2 transmission information of the user packet.
  • the RCEF is used to execute the resource control and policy control commands delivered by the RACS.
  • the core border node is configured to perform corresponding resource control and policy control according to a control instruction of a core network edge gateway function entity (C-BGF), where the C-BGF performs resource control and policy for the core network delivered by the SPDF according to the profile of the service. Controlled instructions.
  • C-BGF core network edge gateway function entity
  • the Customer Premises Equipment is used to carry the user's message on the corresponding line technology and transmit it to the access node (AN, Access Node), and the AN is responsible for terminating the access line of the user, such as xDSL, PON, Wimax, and the like.
  • the NGN network of the TISPAN QoS architecture supports the user's mobility, that is, when the user moves, the mobile IP, such as MIPv4 or MIPv6, can be used to solve the problem that the user's IP address does not change.
  • SPDF does not store user information, and the information related to the network carried by the AF is only the user IP address, and the topology relationship between SPDF and A-RACF in the TISPAN QoS architecture is a pre-configured static configuration.
  • Information for example, the SPDF configures the communication address of the A-RACF to which it belongs according to the address segment of the access network.
  • the main purpose of the present invention is to provide a method for implementing network access, which can dynamically establish a topology relationship between a central policy decision function entity and a distribution or access policy function entity, so as to ensure that the user normally implements network access.
  • Another object of the present invention is to provide a system for implementing network access and a central policy decision function entity, which can dynamically establish a topology relationship between a central policy decision function entity and a distribution or access policy function entity to ensure that the user normally implements network access.
  • a method for implementing network access including:
  • the central policy decision function entity establishes a correspondence between the user and the distribution or access policy functional entity according to the user route information sent by the distribution or access policy function entity and the information of the distribution or access policy function entity.
  • a system for implementing network access comprising: a network connection management subsystem NASS, a central policy decision function entity, and a distribution or access policy function entity, the NASS through a distribution or access policy functional entity and a central policy decision function
  • the entities are connected, and the user accesses the network through NASS.
  • the distribution or access policy function entity receives user information from the NASS carrying the user address, the currently available central policy decision function entity address, or the distribution or access policy function entity receiving the carried user address from the NASS User information;
  • the available or designated central policy decision function entity receives user routing information carrying a user address from a distributed or access policy functional entity, and establishes a correspondence between the user and the distribution or access policy functional entity.
  • a central policy decision function entity including:
  • a distribution or access policy function entity interface unit configured to receive user routing information sent by the distribution or access policy function entity, and provide the information to the corresponding relationship establishing unit;
  • the correspondence establishing unit is configured to establish a correspondence between the user and the distribution or access policy functional entity according to the user routing information received by the distribution or access policy function entity interface unit and the distribution or access policy function entity information.
  • the user dynamically establishes a correspondence between a user and a current network distribution or an access policy functional entity in a central policy decision function entity in a process of user network access, that is, dynamically establishing a central policy.
  • the topological relationship between the decision function entity and the distribution or access policy function entity In this way, when the AF sends a resource request to the central policy decision function entity, the central policy decision function entity may find the distribution or access to which the central policy decision function entity belongs according to the corresponding relationship between the user and the distribution or access policy function entity.
  • the policy function entity realizes the topology automatic discovery of the central policy decision function entity and the distribution or access policy function entity, ensuring that the user normally implements network access.
  • the central policy decision function entity may be specifically SPDF, and the distribution or access policy function entity may be specifically A-RACF.
  • FIG. 1 is a schematic diagram of a prior art TISPAN QoS architecture
  • Figure 2 is a flow chart of the method of the present invention
  • FIG. 3 is a schematic diagram of a system according to Embodiment 1 of the present invention.
  • FIG. 4 is a schematic structural diagram of an SPDF according to Embodiment 1 of the present invention.
  • Figure 5 is a flow chart of Embodiment 1 of the present invention.
  • FIG. 6 is a schematic diagram of a system according to Embodiment 2 of the present invention.
  • FIG. 7 is a flow chart of Embodiment 2 of the present invention.
  • FIG. 8 is a schematic diagram of a system according to Embodiment 3 of the present invention.
  • Embodiment 9 is a flowchart of Embodiment 3 of the present invention.
  • FIG. 10 is a schematic diagram of an IP lookup table. Mode for carrying out the invention
  • the core idea of the present invention is: a user access network, a distribution or access policy function entity sends user routing information to a central policy decision function entity; a central policy decision function entity according to received user routing information and a distribution or access policy via Functional entity information, establishing a correspondence between a user and a distribution or access policy functional entity.
  • the central policy decision function entity may be specifically SPDF, and the distribution or access policy function entity may be specifically A-RACF.
  • the SPDF is used as the central policy decision function entity, and the A-RACF is used as the The distribution or access policy function entity is described as an example.
  • each access network is controlled by NASS and A-RACF.
  • FIG. 2 is a flowchart of the method of the present invention.
  • the user accesses the network, and the NASS sends user information to the A-RACF.
  • the user accesses the network, and the user authenticates and succeeds when requesting to use the service.
  • the user IP address is assigned. This process belongs to the prior art. For details, refer to related protocols, and details are not described here.
  • the method of the invention further comprises the following steps:
  • Step 200 A-RACF sends user routing information to SPDF.
  • the SPDF in this step may be a preset SPDF available in the N AS S or a designated SPDF pre-configured in the A-RACF. Different SPDFs can be distinguished by different SPDF addresses.
  • the available or specified SPDF can be an SPDF corresponding to the service, for example, service 1 corresponds to SPDF1, SPDF2, and service 2 corresponds to SPDF1, SPDF3, and the like.
  • the specific implementation can be configured according to the actual situation.
  • a communication negotiation parameter between the SPDF and the A-RACF is preset, and the communication negotiation parameter refers to a parameter for establishing a communication link between the A-RACF and the SPDF, such as a key and the like, in the home network. It may be referred to as a home communication negotiation parameter, which may be referred to as a visited communication negotiation parameter in a visited network.
  • the NASS After the user accesses the network, the NASS sends the user information to the A-RACF.
  • the user information includes at least the successfully assigned user IP address, the currently available or designated SPDF address, and may also include the communication negotiation parameters between the SPDF and the A-RACF.
  • the A-RACF After receiving the user information, the A-RACF will generally send a response to the NASS.
  • the method further includes the A-RACF performing communication link negotiation with the SPDF corresponding to the SPDF address by using the received communication negotiation parameter to establish a communication link.
  • SPDF learns the A-RACF information such as the A-RACF address;
  • A-RACF sends user routing information such as user IP address to SPDF through the established communication link.
  • Step 201 The SPDF establishes a correspondence between the user and the A-RACF according to the received user routing information and the A-RACF information.
  • the correspondence between the user and the A-RACF in this step can be represented by a correspondence table between the user IP address and the A-RACF address.
  • FIG. 10 is a schematic diagram of an IP lookup table.
  • the index of the IP lookup table is a user IP address, and the content of the IP lookup table may include:
  • Basic information such as the user's IP address, the user's current location information (attribution or place of visit), etc.
  • Home location information such as home A-RACF address, home SPDF address, etc.
  • visit information such as the user's care-of address, visit A-RACF address, visit SPDF address, etc.
  • the shortest match and hash (HASH) methods can be used to reduce the memory requirements of the IP lookup table and improve the search speed.
  • the shortest match and the HASH method belong to the prior art, and are not described here.
  • FIG. 3 is a schematic diagram of a system according to Embodiment 1 of the present invention.
  • SPDF is connected to two access networks, and is respectively connected to A-RACF1 and A-RACF2, and it is assumed that the user accesses the network through the home network. Access the network, and pre-configure the available SPDF addresses such as domain name or IP address correspondence and communication negotiation parameters such as keys in NASS1.
  • FIG. 4 is a schematic structural diagram of an SPDF according to Embodiment 1 of the present invention, which is a specific implementation manner of a central policy decision function entity provided by the present invention, and can be applied to the system shown in FIG. 3.
  • the SPDF includes: an A-RACF interface unit and a correspondence establishing unit.
  • the A-RACF interface unit is configured to receive the user routing information sent by the A-RACF, provide the corresponding relationship establishing unit, and negotiate with the A-RACF to obtain the A-RACF information, and provide the corresponding information.
  • Relationship building unit Correspondence relationship establishment And a unit, configured to establish a correspondence between the user and the A-RACF according to the user routing information received by the A-RACF interface unit and the A-RACF information.
  • FIG. 5 is a flowchart of Embodiment 1 of the present invention. Referring to FIG. 3 and FIG. 4, the following steps are included: Step 500: A user accesses a network through NASS1.
  • the user successfully connects to the network, such as successfully completing the authentication, and the user's IP address is successfully assigned.
  • the specific implementation is related to the prior art.
  • Step 501 ?? Step 502 NASS1 sends the user information carrying the user IP address, SPDF address and communication negotiation parameters to A-RACF1, and A-RACF1 returns a response to NASS1.
  • Step 503 A-RACF1 performs communication link negotiation with the SPDF corresponding to the SPDF address to establish a communication link.
  • the communication link negotiation is performed between the A-RACF1 and the SPDF by using the communication negotiation parameters in the user information from the NASS1.
  • the SPDF learns the information of the A-RACF1, such as the A-RACF1 address.
  • Step 504 A-RACF1 sends the user routing information carrying the user IP address to the SPDF through the established communication link.
  • Step 505 The SPDF establishes a correspondence between the user IP address and the A-RACF1 address according to the received user routing information and the A-RACF1 address obtained in the communication link negotiation.
  • the SPDF can find the A-RACF1 to which the SPDF belongs according to the correspondence between the user IP address and the A-RACF1 address that has been established, thereby realizing the SPDF and the A-RACF1. Topology automatically discovers.
  • a Home Agent is a router on a home network, and can act as a mobile node.
  • the anchor point for communication can also send the packet data to the mobile node that is roaming through the tunnel.
  • the Visiting Agent is a router that visits a connection point acting as a mobile node in the network, and the FA can forward the packet data sent by the HA to the mobile node.
  • a mobile node is a terminal device capable of network roaming.
  • the home A-RACF and the visited A-RACF are connected to the same SPDF, and the connection between the home NASS and the visited NASS. It is assumed that the correspondence between available SPDF addresses such as domain names or IP addresses, and home communication negotiation parameters and visited communication negotiation parameters are pre-configured in the home NASS and the roaming NASS, respectively.
  • the home network has completed the network access of the user in the home network according to the flow shown in FIG. 4, that is, the user IP address and the attribution have been established in the SPDF. Correspondence between A-RACF addresses.
  • FIG. 7 is a flowchart of Embodiment 2 of the present invention.
  • the method includes the following steps: Step 700: A user accesses a network by visiting a NASS.
  • the user obtains the care-of address of the user in the visited network.
  • the care-of address is the location information of the user currently in the visited network.
  • the method for obtaining the care-of address can be referred to the related protocol and has nothing to do with the method of the present invention, and details are not described herein again.
  • Step 701 Visiting the NASS to obtain the home information of the user including the user IP address from the home NASS.
  • the interaction between the visited NASS and the home NASS belongs to the prior art, and the specific implementation can be referred to the related protocol.
  • Step 702 ?? Step 703 Visiting NASS sends the user information carrying the user IP address, the care-of address, the SPDF address, and the visited communication negotiation parameters to the visited A-RACF, and visits the A-RACF to return a response to the visited NASS.
  • Step 704 Visiting the A-RACF and the SPDF corresponding to the SPDF address to perform communication link negotiation and establishing a communication link.
  • the communication communication negotiation parameter in the information is used for communication link negotiation.
  • the SPDF learns the information of the visited A-RACF, such as the visited A-RACF address.
  • Step 705 Visiting the A-RACF to send the user routing information carrying the user IP address and the care-of address to the SPDF through the established communication link.
  • Step 706 The SPDF establishes a correspondence between the user IP address, the care-of address, and the visited A-RACF address according to the received user routing information and the visited A-RACF address obtained in the communication link negotiation.
  • the SPDF can find the visited A-RACF according to the correspondence between the user IP address, the care-of address and the visited A-RACF address established by itself, and when the AF is directed to the SPDF,
  • the SPDF may search for a correspondence between the user IP address established by the user, the care-of address and the visited A-RACF address, and the correspondence between the user IP address and the home A-RACF address. Go to the home A-RACF and visit the A-RACF to achieve topology auto-discovery of SPDF and visit/attribute A-RACF.
  • FIG. 8 is a schematic diagram of a system according to Embodiment 3 of the present invention.
  • the home A-RACF and the visited A-RACF are respectively connected to the home SPDF and the visited SPDF in the respective networks, and the connection between the home SPDF and the visited SPDF is attributed.
  • the connection between NASS and visiting NASS It is assumed that the corresponding relationship between the available home SPDF address, such as a domain name or an IP address, and the parameters of the home communication negotiation parameter, such as a key, are pre-configured in the home NASS; the corresponding visited SPDF address such as the domain name or the IP address is pre-configured in the visited NASS. Relationships, as well as visiting parameters such as communication negotiation parameters such as keys.
  • FIG. 9 is a flowchart of Embodiment 3 of the present invention. Referring to FIG. 9, the following steps are included: Step 900: A user accesses a network by visiting a NASS.
  • the user obtains the care-of address of the user in the visited network.
  • Step 901 The visited NASS obtains the home subscriber information including the user IP address and the home SPDF address from the home NASS.
  • the interaction between the visited NASS and the home NASS belongs to the prior art. For the specific implementation, refer to the related protocol. The difference is that the home subscriber information also includes the home SPDF address.
  • Step 902 ⁇ Step 903: Visiting NASS sends the user information carrying the user IP address, the care-of address, the home SPDF address, the visited SPDF address, and the visited communication negotiation parameters to the visited A-RACF, and visits the A-RACF to return a response to the visited NASS.
  • Step 904 Visiting the A-RACF and visiting the SPDF to negotiate a communication link and establish a communication link.
  • visit A-RACF and visit SPDF use the communication communication negotiation parameters from the user information of the visited NASS to conduct communication link negotiation, and visit the SPDF to learn the information of the visited A-RACF through the communication link negotiation process.
  • A-RACF address, etc. There are many ways to implement negotiation, which are prior art and will not be described in detail here.
  • Step 905 Visiting the A-RACF to send the user routing information carrying the user IP address, the care-of address, and the home SPDF address to the visited SPDF through the established communication link.
  • Step 906 Visiting SPDF establishes a correspondence between the user IP address, the care-of address, and the visited A-RACF address and the home SPDF address according to the received user routing information and the visited A-RACF address obtained in the communication link negotiation.
  • Steps 907 to 908 The communication link negotiation between the SPDF and the home SPDF is performed, and the user who carries the user IP address, the care-of address, and the visited A-RACF address is sent to the home SPDF through the communication link established after the negotiation. Routing information. Through the communication link negotiation process, the home SPDF is informed of the information such as the SPDF address.
  • the home SPDF can find a visit to the SPDF and visit based on the correspondence between the user IP address, the care-of address, the visited A-RACF address, and the visited SPDF address.
  • the home SPDF is based on the correspondence between the user IP address established by itself and the home A-RACF address, and the user IP address, the care-of address, and the visited A-RACF address. Correspond to the visit to the SPDF address, find the home A-RACF and visit the SPDF, and then visit the A-RACF by visiting the SPDF to achieve attribution. Visit SPDF and attribution/visit
  • the NASS accesses the network.
  • the visited NASS authenticates the user through the home NASS, obtains the profile and the visited/home SPDF address, and then visits the NASS to directly allocate the user to the user. IP address;
  • Visit NASS chooses to use SPDF or home SPDF according to the agreement with the home NASS operator, and then sends the user's profile and SPDF address to visit A-RACF. If the home SPDF is the same as the visited SPDF, there is no need to choose.
  • visit A-RACF to negotiate with the visited/home SPDF and establish a communication link; visit the user IP address, attribution/visit SPDF address of the user who visited the visited/home SPDF through the established communication link through the established communication link. And user routing information such as user information of the home/visit communication negotiation parameter;
  • visit/home SPDF establishes the user based on the received user routing information.
  • the visited/home SPDF can find the visited A-RACF according to the correspondence between the household IP address and the visited A-RACF address, thereby implementing SPDF and A-RACF.
  • the topology is automatically discovered.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A method for network access is provided, including: the central policy decision function building up a relationship between the user and the related distribution or access policy function based on the user routing information sent by the distribution or access policy function and the information of the distribution or access policy function. A system for network access is also provided. In the process of the user performing network access, the relationship between the user and the A-RACF of the current network he or she stays in is dynamically built up in the SPDF, which is to say, the topology relationship between the SPDF and the A-RACF is dynamically built up. Thus, when the AF sends a resource request to the SPDF, the SPDF can find the A-RACF the SPDF belongs to based on the relationship between the user and the A-RACF, so that the automatic topology discovery between SPDF and A-RACF can be implemented and the normal user network access can be ensured.

Description

一种实现网络接入的方法、 系统和设备 技术领域  Method, system and device for realizing network access
本发明涉及接入技术,尤指一种实现网络接入的方法、 系统和设备。 发明背景  The present invention relates to access technologies, and more particularly to a method, system and device for implementing network access. Background of the invention
随着接入技术的不断发展, 用户能够使用越来越大的带宽, 那么, 接入网需要提供更大的传送能力。 如何让接入网的资源能够最大程度地 得到利用, 使提供商获得更大的收益, 是运营商给下一代(NGN )接入 网的使命。 目前, 按需分配带宽、 基于应用和会话的服务质量(QoS ) 控制等动态 QoS 机制已成为提高接入网络资源利用率的主要手段, 比 如, 未来网络的电信和互联网的融合业务和协议 ( TISPAN , Telecommunications and Internet converged Services and Protocols for Advanced Networking ) , 是欧盟的下一代网络的标准, TISPAN论坛提出 的动态 QoS解决方案。  With the continuous development of access technologies, users can use more and more bandwidth, then the access network needs to provide more transmission capabilities. How to make the resources of the access network can be utilized to the greatest extent, so that the provider can obtain more benefits, is the mission of the operator to the next generation (NGN) access network. Currently, dynamic QoS mechanisms such as bandwidth-on-demand, application- and session-based quality of service (QoS) control have become the primary means of improving the utilization of access network resources, such as the convergence of services and protocols for telecommunications and the Internet in the future (TISPAN). , Telecommunications and Internet converged Services and Protocols for Advanced Networking ) , is the standard for the next generation network in the European Union, and the dynamic QoS solution proposed by the TISPAN Forum.
图 1是现有技术 TISPAN QoS架构示意图, 如图 1所示, 在业务层 ( AF )和传送层(Transport Layer )之间增加了一个传送控制层, 即资 源接纳子系统(RACS ), RACS用于根据用户信息如用户的 profile对网 络资源进行管理和策略部署。 RACS由服务策略决策功能实体(SPDF ) 和接入网资源接纳控制功能实体( A-RACF )组成, 其中, SPDF用于根 据 AF下发的业务的资源和策略控制请求, 管理接入网和核心网的资源 和策略控制; A-RACF用于根据用户的 Profile对接入网的资源接纳控制 和策略部署。 AF用于根据用户的业务请求, 请求网络资源和策略控制 并为用户提供业务的服务能力, AF通过 SPDF找到 A-RACF,从而实现 对接入网资源的控制如资源申请和释放, QoS策略的部署等。 AF通过 Gq'接口向 RACS请求用户使用业务的资源及控制策略, RACS将资源请求及控制策略下发到对应的接入网的边缘节点( IP Edge ) 和核心网边缘网关设备 ( Core Border Node )进行资源分配和策略执行。 IP Edge与 IP传送网相连; 网络连接管理子系统(NASS ), 仅与 IP Edge 有数据和控制接口, 用于对接入网的用户进行认证、 授权和地址分配等 处理, 并通过 e4接口向 RACS通知用户的属性和用户 IP地址等用户信 息, IP Edge包括二层传送终结功能(L2TF ) 实体和资源控制执行功能 实体(RCEF ), 其中, L2TF用于终结用户报文的二层传送信息; RCEF 用于执行 RACS下发的资源控制和策略控制指令。 Core Border Node用 于根据核心网边缘网关功能实体(C-BGF ) 的控制指令执行相应的资源 控制和策略控制, 其中 C-BGF根据业务的 Profile执行 SPDF下发的对 核心网的资源控制和策略控制的指令。 1 is a schematic diagram of a prior art TISPAN QoS architecture. As shown in FIG. 1, a transport control layer, that is, a resource admission subsystem (RACS), is added between a service layer (AF) and a transport layer (RACS). Management and policy deployment of network resources based on user information such as the user's profile. The RACS is composed of a Service Policy Decision Function Entity (SPDF) and an Access Network Resource Admission Control Function Entity (A-RACF), where the SPDF is used to manage the access network and the core according to the resource and policy control request of the service delivered by the AF. Network resource and policy control; A-RACF is used for resource admission control and policy deployment of the access network according to the user's profile. The AF is used to request network resources and policy control according to the user's service request, and to provide services for the user. The AF finds the A-RACF through the SPDF, thereby implementing control of the access network resources, such as resource application and release, and QoS policy. Deployment, etc. The AF requests the user to use the resource and control policy of the service through the Gq' interface, and the RACS sends the resource request and control policy to the edge node (IP Edge) of the corresponding access network and the core border node device (Core Border Node). Perform resource allocation and policy enforcement. The IP Edge is connected to the IP transport network; the Network Connection Management Subsystem (NASS) has only data and control interfaces with the IP Edge, and is used for authentication, authorization, and address assignment of users on the access network, and through the e4 interface. The RACS notifies the user of the user information such as the attribute and the user IP address. The IP Edge includes a Layer 2 Transport Termination Function (L2TF) entity and a Resource Control Execution Function Entity (RCEF), where the L2TF is used to terminate the Layer 2 transmission information of the user packet. The RCEF is used to execute the resource control and policy control commands delivered by the RACS. The core border node is configured to perform corresponding resource control and policy control according to a control instruction of a core network edge gateway function entity (C-BGF), where the C-BGF performs resource control and policy for the core network delivered by the SPDF according to the profile of the service. Controlled instructions.
用户驻地设备 ( CPE )用于将用户的报文承载在相应的线路技术上 传送给接入节点( AN, Access Node ), 而 AN负责终结用户接入的线路, 如 xDSL, PON, Wimax等。  The Customer Premises Equipment (CPE) is used to carry the user's message on the corresponding line technology and transmit it to the access node (AN, Access Node), and the AN is responsible for terminating the access line of the user, such as xDSL, PON, Wimax, and the like.
TISPAN QoS架构的 NGN网络支持用户的移动, 即当用户移动时, 可以采用移动 IP如 MIPv4或 MIPv6等解决用户 IP地址不变的问题。但 是, 目前 TISPAN QoS架构中, SPDF并不保存用户信息, 而且 AF携带 的用户与网络相关的信息只有用户 IP地址,而 TISPAN QoS架构中 SPDF 和 A-RACF的拓朴关系是预先配置的静态配置信息, 例如在 SPDF根据 接入网的地址段配置其所属的 A-RACF的通信地址。  The NGN network of the TISPAN QoS architecture supports the user's mobility, that is, when the user moves, the mobile IP, such as MIPv4 or MIPv6, can be used to solve the problem that the user's IP address does not change. However, in the current TISPAN QoS architecture, SPDF does not store user information, and the information related to the network carried by the AF is only the user IP address, and the topology relationship between SPDF and A-RACF in the TISPAN QoS architecture is a pre-configured static configuration. Information, for example, the SPDF configures the communication address of the A-RACF to which it belongs according to the address segment of the access network.
这样, 在用户漫游情况下, 如果用户采用移动 IP, AF获知的用户 IP地址是相同的, 但是用户所接入的网络却是不断变化的, 这样, 是无 法通过静态配置方式来正确发现 SPDF和 A-RACF的拓朴关系的, 从而 不能保证用户的正常通信; 另外, 由于 IP地址资源紧缺, IP地址段被 拆分成很小的子网段, 现有通过静态配置方式配置 SPDF和 A-RACF间 的拓朴关系的工作量很大。 发明内容 In this way, in the case of user roaming, if the user adopts mobile IP, the IP address of the user that the AF learns is the same, but the network accessed by the user is constantly changing, so that the SPDF cannot be correctly found through static configuration. The topology relationship of A-RACF cannot guarantee the normal communication of the user; in addition, due to the shortage of IP address resources, the IP address segment is Split into small subnet segments, the existing static configuration to configure the topology relationship between SPDF and A-RACF is very large. Summary of the invention
有鉴于此, 本发明的主要目的在于提供一种实现网络接入的方法, 能够动态建立中心策略决策功能实体和分布或接入策略功能实体的拓 朴关系, 保证用户正常实现网络接入。  In view of the above, the main purpose of the present invention is to provide a method for implementing network access, which can dynamically establish a topology relationship between a central policy decision function entity and a distribution or access policy function entity, so as to ensure that the user normally implements network access.
本发明的另一目的在于提供一种实现网络接入的系统和中心策略 决策功能实体, 能够动态建立中心策略决策功能实体和分布或接入策 略功能实体的拓朴关系, 保证用户正常实现网络接入。  Another object of the present invention is to provide a system for implementing network access and a central policy decision function entity, which can dynamically establish a topology relationship between a central policy decision function entity and a distribution or access policy function entity to ensure that the user normally implements network access. In.
为达到上述目的, 本发明的技术方案具体是这样实现的:  In order to achieve the above object, the technical solution of the present invention is specifically implemented as follows:
一种实现网络接入的方法, 包括:  A method for implementing network access, including:
中心策略决策功能实体根据分布或接入策略功能实体发送的用户路 由信息, 以及该分布或接入策略功能实体的信息, 建立用户与所述分布 或接入策略功能实体的对应关系。  The central policy decision function entity establishes a correspondence between the user and the distribution or access policy functional entity according to the user route information sent by the distribution or access policy function entity and the information of the distribution or access policy function entity.
一种实现网络接入的系统, 该系统包括: 网络连接管理子系统 NASS、中心策略决策功能实体及分布或接入策略功能实体,所述 NASS 通过分布或接入策略功能实体与中心策略决策功能实体相连, 用户通 过 NASS接入网络,  A system for implementing network access, the system comprising: a network connection management subsystem NASS, a central policy decision function entity, and a distribution or access policy function entity, the NASS through a distribution or access policy functional entity and a central policy decision function The entities are connected, and the user accesses the network through NASS.
在所述 NASS中预先设置可用中心策略决策功能实体, 或者在分布 或接入策略功能实体预先配置与指定中心策略决策功能实体的通信链 路;  Providing an available central policy decision function entity in the NASS, or pre-configuring a communication link with the designated central policy decision function entity in the distribution or access policy function entity;
所述分布或接入策略功能实体接收来自 NASS的携带有用户地址、 所述当前可用中心策略决策功能实体地址的用户信息; 或者所述分布 或接入策略功能实体接收来自 NASS的携带有用户地址的用户信息; 所述可用或指定中心策略决策功能实体接收来自分布或接入策 略功能实体的携带用户地址的用户路由信息, 建立用户与分布或接入 策略功能实体的对应关系。 The distribution or access policy function entity receives user information from the NASS carrying the user address, the currently available central policy decision function entity address, or the distribution or access policy function entity receiving the carried user address from the NASS User information; The available or designated central policy decision function entity receives user routing information carrying a user address from a distributed or access policy functional entity, and establishes a correspondence between the user and the distribution or access policy functional entity.
一种中心策略决策功能实体, 包括:  A central policy decision function entity, including:
分布或接入策略功能实体接口单元, 用于接收分布或接入策略功能 实体发送的用户路由信息, 提供给对应关系建立单元;  a distribution or access policy function entity interface unit, configured to receive user routing information sent by the distribution or access policy function entity, and provide the information to the corresponding relationship establishing unit;
对应关系建立单元, 用于根据分布或接入策略功能实体接口单元接 收的用户路由信息和该分布或接入策略功能实体信息, 建立用户与分布 或接入策略功能实体的对应关系。  The correspondence establishing unit is configured to establish a correspondence between the user and the distribution or access policy functional entity according to the user routing information received by the distribution or access policy function entity interface unit and the distribution or access policy function entity information.
由上述技术方案可见, 本发明在用户进行网络接入的过程中, 在中 心策略决策功能实体中动态建立用户与其当前所处网络的分布或接入 策略功能实体的对应关系, 即动态建立中心策略决策功能实体和分布或 接入策略功能实体的拓朴关系。 这样, 当 AF向中心策略决策功能实体发 送资源请求时, 中心策略决策功能实体可以根据所述用户与分布或接入 策略功能实体的对应关系, 查找到中心策略决策功能实体所属的分布或 接入策略功能实体, 从而实现了中心策略决策功能实体和分布或接入策 略功能实体的拓朴自动发现, 保证了用户正常实现网络接入。 其中, 中 心策略决策功能实体可以具体为 SPDF, 分布或接入策略功能实体可以 具体为 A-RACF。 附图简要说明  It can be seen from the foregoing technical solution that the user dynamically establishes a correspondence between a user and a current network distribution or an access policy functional entity in a central policy decision function entity in a process of user network access, that is, dynamically establishing a central policy. The topological relationship between the decision function entity and the distribution or access policy function entity. In this way, when the AF sends a resource request to the central policy decision function entity, the central policy decision function entity may find the distribution or access to which the central policy decision function entity belongs according to the corresponding relationship between the user and the distribution or access policy function entity. The policy function entity realizes the topology automatic discovery of the central policy decision function entity and the distribution or access policy function entity, ensuring that the user normally implements network access. The central policy decision function entity may be specifically SPDF, and the distribution or access policy function entity may be specifically A-RACF. BRIEF DESCRIPTION OF THE DRAWINGS
图 1是现有技术 TISPAN QoS架构示意图;  1 is a schematic diagram of a prior art TISPAN QoS architecture;
图 2是本发明方法的流程图;  Figure 2 is a flow chart of the method of the present invention;
图 3是本发明实施例一的系统示意图;  3 is a schematic diagram of a system according to Embodiment 1 of the present invention;
图 4是本发明实施例一的 SPDF结构示意图; 图 5是本发明实施例一的流程图; 4 is a schematic structural diagram of an SPDF according to Embodiment 1 of the present invention; Figure 5 is a flow chart of Embodiment 1 of the present invention;
图 6是本发明实施例二的系统示意图;  6 is a schematic diagram of a system according to Embodiment 2 of the present invention;
图 7是本发明实施例二的流程图;  Figure 7 is a flow chart of Embodiment 2 of the present invention;
图 8是本发明实施例三的系统示意图;  8 is a schematic diagram of a system according to Embodiment 3 of the present invention;
图 9是本发明实施例三的流程图;  9 is a flowchart of Embodiment 3 of the present invention;
图 10是 IP查找表的示意图。 实施本发明的方式  Figure 10 is a schematic diagram of an IP lookup table. Mode for carrying out the invention
本发明的核心思想是: 用户接入网络, 分布或接入策略功能实体 向中心策略决策功能实体发送用户路由信息; 中心策略决策功能实体 根据接收到的用户路由信息及经由的分布或接入策略功能实体信息, 建立用户与分布或接入策略功能实体的对应关系。 其中, 中心策略决 策功能实体可以具体为 SPDF, 分布或接入策略功能实体可以具体为 A-RACF , 在下面对本发明的具体描述中, 即以 SPDF作为中心策略决 策功能实体、 以 A-RACF作为分布或接入策略功能实体为例进行说明。  The core idea of the present invention is: a user access network, a distribution or access policy function entity sends user routing information to a central policy decision function entity; a central policy decision function entity according to received user routing information and a distribution or access policy via Functional entity information, establishing a correspondence between a user and a distribution or access policy functional entity. The central policy decision function entity may be specifically SPDF, and the distribution or access policy function entity may be specifically A-RACF. In the following detailed description of the present invention, the SPDF is used as the central policy decision function entity, and the A-RACF is used as the The distribution or access policy function entity is described as an example.
本文中, 各接入网由 NASS和 A-RACF控制。  In this paper, each access network is controlled by NASS and A-RACF.
图 2是本发明方法的流程图, 如图 2所示, 用户接入网络, NASS 向 A-RACF发送用户信息, 这里, 用户接入网络是指用户在请求使用 业务时, 通过认证且已成功分配用户 IP地址, 该过程属于现有技术, 可参见相关协议, 这里不再赘述。  2 is a flowchart of the method of the present invention. As shown in FIG. 2, the user accesses the network, and the NASS sends user information to the A-RACF. Here, the user accesses the network, and the user authenticates and succeeds when requesting to use the service. The user IP address is assigned. This process belongs to the prior art. For details, refer to related protocols, and details are not described here.
本发明方法还包括以下步骤:  The method of the invention further comprises the following steps:
步骤 200: A-RACF向 SPDF发送用户路由信息。  Step 200: A-RACF sends user routing information to SPDF.
本步骤中的 SPDF可以是在 N AS S中预先设置可用 SPDF , 也可以 是在 A-RACF预先配置的指定 SPDF。 不同的 SPDF可以采用不同 SPDF 地址来区分。 可用或指定 SPDF可以是与业务对应的 SPDF , 比如业务 1对应 SPDF1、 SPDF2, 业务 2对应 SPDF1、 SPDF3等。 具体实现根据实际情 况配置即可。 The SPDF in this step may be a preset SPDF available in the N AS S or a designated SPDF pre-configured in the A-RACF. Different SPDFs can be distinguished by different SPDF addresses. The available or specified SPDF can be an SPDF corresponding to the service, for example, service 1 corresponds to SPDF1, SPDF2, and service 2 corresponds to SPDF1, SPDF3, and the like. The specific implementation can be configured according to the actual situation.
进一步地, 在 NASS中预先设置 SPDF与 A-RACF间的通信协商参 数, 通信协商参数是指用于在 A-RACF与 SPDF间建立通信链路的参 数, 如密钥等参数, 在归属网络中可称为归属通信协商参数, 在拜访 网络中可称为拜访通信协商参数。  Further, in the NASS, a communication negotiation parameter between the SPDF and the A-RACF is preset, and the communication negotiation parameter refers to a parameter for establishing a communication link between the A-RACF and the SPDF, such as a key and the like, in the home network. It may be referred to as a home communication negotiation parameter, which may be referred to as a visited communication negotiation parameter in a visited network.
用户接入网络后, NASS向 A-RACF发送用户信息, 这里, 用户信 息至少包括成功分配的用户 IP地址、 当前可用或指定 SPDF地址, 还 可以包括该 SPDF与 A-RACF间的通信协商参数, A-RACF在收到用户 信息后, 一般会向 NASS发送响应。  After the user accesses the network, the NASS sends the user information to the A-RACF. Here, the user information includes at least the successfully assigned user IP address, the currently available or designated SPDF address, and may also include the communication negotiation parameters between the SPDF and the A-RACF. After receiving the user information, the A-RACF will generally send a response to the NASS.
在发送之前,该方法还包括 A-RACF利用接收到的通信协商参数, 与 SPDF地址对应的 SPDF进行通信链路协商, 建立通信链路。 在通信 链路协商过程中, SPDF获知 A-RACF的信息如 A-RACF地址等;  Before transmitting, the method further includes the A-RACF performing communication link negotiation with the SPDF corresponding to the SPDF address by using the received communication negotiation parameter to establish a communication link. During the communication link negotiation process, SPDF learns the A-RACF information such as the A-RACF address;
A-RACF通过建立的通信链路,向 SPDF发送用户路由信息如用户 IP地址。  A-RACF sends user routing information such as user IP address to SPDF through the established communication link.
步骤 201: SPDF根据接收到的用户路由信息及该 A-RACF信息, 建立用户与 A-RACF的对应关系。  Step 201: The SPDF establishes a correspondence between the user and the A-RACF according to the received user routing information and the A-RACF information.
本步骤中用户与 A-RACF的对应关系可以采用用户 IP地址与 A-RACF地址的对应关系表来表示。  The correspondence between the user and the A-RACF in this step can be represented by a correspondence table between the user IP address and the A-RACF address.
所述建立的对应关系为一查找表, 该查找表可以如图 10所示, 图 10是 IP查找表的示意图, 该 IP查找表的索引是用户 IP地址, IP查找表 的内容可以包括:  The established correspondence is a lookup table, and the lookup table is as shown in FIG. 10. FIG. 10 is a schematic diagram of an IP lookup table. The index of the IP lookup table is a user IP address, and the content of the IP lookup table may include:
基本信息, 比如用户 IP地址、 用户当前位置信息(归属地或拜访 地) 等; 归属地信息, 比如归属 A-RACF地址、 归属 SPDF地址等; 拜访地信息:比如用户的转交地址、拜访 A-RACF地址、拜访 SPDF 地址等; Basic information, such as the user's IP address, the user's current location information (attribution or place of visit), etc. Home location information, such as home A-RACF address, home SPDF address, etc.; visit information: such as the user's care-of address, visit A-RACF address, visit SPDF address, etc.;
由于 A-RACF向 SPDF上报的路由信息可能不能很好的聚敛,可以 采用最短匹配和哈希 (HASH ) 等方法降低查找 IP查找表对内存的要 求, 提高查找的速度。 其中, 最短匹配和 HASH方法属于现有技术, 这里不再赘述。  Because the routing information reported by A-RACF to SPDF may not be well aggregated, the shortest match and hash (HASH) methods can be used to reduce the memory requirements of the IP lookup table and improve the search speed. The shortest match and the HASH method belong to the prior art, and are not described here.
从图 2所示的流程来看, 在用户进行网络接入的过程中, 在 SPDF 中动态建立了用户与 A-RACF的对应关系, 即动态建立了 SPDF和 A-RACF的拓朴关系。 这样, 当 AF向 SPDF发送资源请求时, SPDF可 以^^据所述用户与 A-RACF的对应关系,查找到 SPDF所属的 A-RACF, 从而实现了 SPDF和 A-RACF的拓朴自动发现,保证了用户正常实现网 络接入。  From the flow shown in Figure 2, in the process of user network access, the correspondence between the user and A-RACF is dynamically established in SPDF, that is, the topology relationship between SPDF and A-RACF is dynamically established. In this way, when the AF sends a resource request to the SPDF, the SPDF can find the A-RACF to which the SPDF belongs according to the corresponding relationship between the user and the A-RACF, thereby realizing the topology automatic discovery of the SPDF and the A-RACF. It ensures that the user can access the network normally.
为使本发明的目的、 技术方案及优点更加清楚明白, 以下参照附图 并举较佳实施例, 对本发明进一步详细说明。  The present invention will be further described in detail below with reference to the accompanying drawings and preferred embodiments.
图 3是本发明实施例一的系统示意图, 如图 3所示, SPDF月^务 于两个接入网, 分别与 A-RACF1和 A-RACF2相连, 假设用户通过 归属网络即接入网 1接入网络,并在 NASS1中预先配置可用的 SPDF 地址如域名或 IP地址的对应关系以及通信协商参数如密钥等参数。 图 4是本发明实施例一中 SPDF的结构示意图, 是本发明提供的中心 策略决策功能实体的一种具体实施方式, 可以应用于图 3所示的系统 中。 如图 4所示, 该 SPDF包括: A-RACF接口单元和对应关系建立 单元。 其中, A-RACF接口单元, 用于接收 A-RACF发送的用户路由 信息,提供给对应关系建立单元, 并与所述 A-RACF进行通信链路协 商, 获取该 A-RACF信息, 提供给对应关系建立单元。 对应关系建立 单元,用于根据 A-RACF接口单元接收的用户路由信息和该 A-RACF 信息, 建立用户与 A-RACF的对应关系。 3 is a schematic diagram of a system according to Embodiment 1 of the present invention. As shown in FIG. 3, SPDF is connected to two access networks, and is respectively connected to A-RACF1 and A-RACF2, and it is assumed that the user accesses the network through the home network. Access the network, and pre-configure the available SPDF addresses such as domain name or IP address correspondence and communication negotiation parameters such as keys in NASS1. FIG. 4 is a schematic structural diagram of an SPDF according to Embodiment 1 of the present invention, which is a specific implementation manner of a central policy decision function entity provided by the present invention, and can be applied to the system shown in FIG. 3. As shown in FIG. 4, the SPDF includes: an A-RACF interface unit and a correspondence establishing unit. The A-RACF interface unit is configured to receive the user routing information sent by the A-RACF, provide the corresponding relationship establishing unit, and negotiate with the A-RACF to obtain the A-RACF information, and provide the corresponding information. Relationship building unit. Correspondence relationship establishment And a unit, configured to establish a correspondence between the user and the A-RACF according to the user routing information received by the A-RACF interface unit and the A-RACF information.
图 5是本发明实施例一的流程图, 结合图 3和图 4, 包括以下步骤: 步骤 500: 用户通过 NASS1接入网络。  FIG. 5 is a flowchart of Embodiment 1 of the present invention. Referring to FIG. 3 and FIG. 4, the following steps are included: Step 500: A user accesses a network through NASS1.
本步骤实现用户成功连接网络如成功完成认证、用户 IP地址成功分 配等, 具体实现属于现有技术, 可参见相关协议, 这里不再赘述。  In this step, the user successfully connects to the network, such as successfully completing the authentication, and the user's IP address is successfully assigned. The specific implementation is related to the prior art.
步骤 501 ~步骤 502: NASS1将携带有用户 IP地址、 SPDF地址及 通信协商参数的用户信息发送给 A-RACFl , A-RACF1向 NASS1返回响 应。  Step 501 ~ Step 502: NASS1 sends the user information carrying the user IP address, SPDF address and communication negotiation parameters to A-RACF1, and A-RACF1 returns a response to NASS1.
步骤 503: A-RACF1与 SPDF地址对应的 SPDF间进行通信链路协 商, 建立通信链路。  Step 503: A-RACF1 performs communication link negotiation with the SPDF corresponding to the SPDF address to establish a communication link.
本步骤中 A-RACF1和 SPDF之间, 利用来自 NASS1的用户信息中 的通信协商参数进行通信链路协商, 通过通信链路协商过程, SPDF获 知 A-RACF1的信息如 A-RACF1地址等。 实现协商的方法很多, 属于现 有技术, 这里不再详述。  In this step, the communication link negotiation is performed between the A-RACF1 and the SPDF by using the communication negotiation parameters in the user information from the NASS1. Through the communication link negotiation process, the SPDF learns the information of the A-RACF1, such as the A-RACF1 address. There are many ways to implement negotiation, which are current technologies and will not be described in detail here.
步骤 504: A-RACF1通过建立的通信链路, 向 SPDF发送携带有用 户 IP地址的用户路由信息。  Step 504: A-RACF1 sends the user routing information carrying the user IP address to the SPDF through the established communication link.
步骤 505: SPDF根据接收到的用户路由信息及通信链路协商中获得 的 A-RACF1地址,建立用户 IP地址与 A-RACF1地址之间的对应关系。  Step 505: The SPDF establishes a correspondence between the user IP address and the A-RACF1 address according to the received user routing information and the A-RACF1 address obtained in the communication link negotiation.
至此, 完成了用户的网络接入过程。  At this point, the user's network access process is completed.
此后, 当 AF向 SPDF发送资源请求时, SPDF便可以根据自身 已建立的用户 IP地址与 A-RACF1地址之间的对应关系,查找到 SPDF 所属的 A-RACF1 , 从而实现 SPDF和 A-RACF1的拓朴自动发现。  Thereafter, when the AF sends a resource request to the SPDF, the SPDF can find the A-RACF1 to which the SPDF belongs according to the correspondence between the user IP address and the A-RACF1 address that has been established, thereby realizing the SPDF and the A-RACF1. Topology automatically discovers.
图 6是本发明实施例二的系统示意图,如图 6所示,在移动 IP机制 中, 归属代理(HA )是归属网络上的一个路由器, 可以充当与移动节点 进行通信的定位点, 也可以通过隧道将分组数据发送给正在漫游的移动 节点。 拜访代理(FA )是拜访网络中充当移动节点的连接点的路由器, FA可以将 HA发来的分组数据转发给移动节点。移动节点是指一个能够 进行网络漫游的终端设备。 6 is a schematic diagram of a system according to Embodiment 2 of the present invention. As shown in FIG. 6, in a mobile IP mechanism, a Home Agent (HA) is a router on a home network, and can act as a mobile node. The anchor point for communication can also send the packet data to the mobile node that is roaming through the tunnel. The Visiting Agent (FA) is a router that visits a connection point acting as a mobile node in the network, and the FA can forward the packet data sent by the HA to the mobile node. A mobile node is a terminal device capable of network roaming.
图 6中, 归属 A-RACF和拜访 A-RACF与同一 SPDF相连, 归属 NASS与拜访 NASS之间连接。 假设在归属 NASS和漫游 NASS中分别 预先配置可用的 SPDF地址如域名或 IP地址的对应关系,以及归属通信 协商参数和拜访通信协商参数。  In Figure 6, the home A-RACF and the visited A-RACF are connected to the same SPDF, and the connection between the home NASS and the visited NASS. It is assumed that the correspondence between available SPDF addresses such as domain names or IP addresses, and home communication negotiation parameters and visited communication negotiation parameters are pre-configured in the home NASS and the roaming NASS, respectively.
这里, 假设用户从归属网络移动到拜访网络, 此时, 在归属网络已 按照图 4所示的流程完成了用户在归属网络的网络接入,也就是在 SPDF 中已建立有用户 IP地址与归属 A-RACF地址之间的对应关系。  Here, it is assumed that the user moves from the home network to the visited network. At this time, the home network has completed the network access of the user in the home network according to the flow shown in FIG. 4, that is, the user IP address and the attribution have been established in the SPDF. Correspondence between A-RACF addresses.
图 7是本发明实施例二的流程图, 结合图 6, 包括以下步骤: 步骤 700: 用户通过拜访 NASS接入网络。  FIG. 7 is a flowchart of Embodiment 2 of the present invention. Referring to FIG. 6, the method includes the following steps: Step 700: A user accesses a network by visiting a NASS.
本步骤中, 用户获得自身在拜访网络中的转交地址。 转交地址是用 户当前在拜访网络中的位置信息, 获取转交地址的方法可参见相关协议 且与本发明方法无关, 这里不再赘述。  In this step, the user obtains the care-of address of the user in the visited network. The care-of address is the location information of the user currently in the visited network. The method for obtaining the care-of address can be referred to the related protocol and has nothing to do with the method of the present invention, and details are not described herein again.
步骤 701 : 拜访 NASS从归属 NASS中获取包括用户 IP地址的 用户的归属信息。 拜访 NASS与归属 NASS间的交互属于现有技术, 具体实现可参见相关协议。  Step 701: Visiting the NASS to obtain the home information of the user including the user IP address from the home NASS. The interaction between the visited NASS and the home NASS belongs to the prior art, and the specific implementation can be referred to the related protocol.
步骤 702 ~步骤 703:拜访 NASS将携带有用户 IP地址、转交地址、 SPDF地址及拜访通信协商参数的用户信息发送给拜访 A-RACF, 拜访 A-RACF向拜访 NASS返回响应。  Step 702 ~ Step 703: Visiting NASS sends the user information carrying the user IP address, the care-of address, the SPDF address, and the visited communication negotiation parameters to the visited A-RACF, and visits the A-RACF to return a response to the visited NASS.
步骤 704: 拜访 A-RACF与 SPDF地址对应的 SPDF间进行通信链 路协商, 建立通信链路。  Step 704: Visiting the A-RACF and the SPDF corresponding to the SPDF address to perform communication link negotiation and establishing a communication link.
本步骤中拜访 A-RACF和 SPDF之间, 利用来自拜访 NASS的用户 信息中的拜访通信协商参数进行通信链路协商, 通过通信链路协商过 程, SPDF获知拜访 A-RACF的信息如拜访 A-RACF地址等。 实现协商 的方法很多, 属于现有技术, 这里不再详述。 In this step, visit between A-RACF and SPDF, using users from visiting NASS. The communication communication negotiation parameter in the information is used for communication link negotiation. Through the communication link negotiation process, the SPDF learns the information of the visited A-RACF, such as the visited A-RACF address. There are many ways to implement negotiation, which belong to the prior art and will not be described in detail here.
步骤 705: 拜访 A-RACF通过建立的通信链路, 向 SPDF发送携带 有用户 IP地址和转交地址的用户路由信息。  Step 705: Visiting the A-RACF to send the user routing information carrying the user IP address and the care-of address to the SPDF through the established communication link.
步骤 706: SPDF根据接收到的用户路由信息及通信链路协商中获得 的拜访 A-RACF地址, 建立用户 IP地址、 转交地址与拜访 A-RACF地 址之间的对应关系。  Step 706: The SPDF establishes a correspondence between the user IP address, the care-of address, and the visited A-RACF address according to the received user routing information and the visited A-RACF address obtained in the communication link negotiation.
至此, 完成了用户的网络接入过程。  At this point, the user's network access process is completed.
此后, 当 AF向 SPDF发送用户上行资源请求时, SPDF便可以根据 自身建立的用户 IP地址、 转交地址与拜访 A-RACF地址之间的对应关 系, 查找到拜访 A-RACF, 而当 AF向 SPDF发送用户下行资源请求时, SPDF可以^ ^据自身建立的用户 IP地址、转交地址与拜访 A-RACF地址 之间的对应关系, 以及用户 IP地址与归属 A-RACF地址之间的对应关 系, 查找到归属 A-RACF和拜访 A-RACF, 从而实现 SPDF和拜访 /归属 A-RACF的拓朴自动发现。  Thereafter, when the AF sends a user uplink resource request to the SPDF, the SPDF can find the visited A-RACF according to the correspondence between the user IP address, the care-of address and the visited A-RACF address established by itself, and when the AF is directed to the SPDF, When sending a request for a downlink resource of a user, the SPDF may search for a correspondence between the user IP address established by the user, the care-of address and the visited A-RACF address, and the correspondence between the user IP address and the home A-RACF address. Go to the home A-RACF and visit the A-RACF to achieve topology auto-discovery of SPDF and visit/attribute A-RACF.
图 8是本发明实施例三的系统示意图, 如图 8所示, 归属 A-RACF 和拜访 A-RACF分别与各自网络中的归属 SPDF和拜访 SPDF相连, 归 属 SPDF与拜访 SPDF之间连接, 归属 NASS与拜访 NASS之间连接。 假设在归属 NASS中预先配置可用的归属 SPDF地址如域名或 IP地址的 对应关系, 以及归属通信协商参数如密钥等参数; 在拜访 NASS中预先 配置可用的拜访 SPDF地址如域名或 IP地址的对应关系,以及拜访通信 协商参数如密钥等参数。  8 is a schematic diagram of a system according to Embodiment 3 of the present invention. As shown in FIG. 8, the home A-RACF and the visited A-RACF are respectively connected to the home SPDF and the visited SPDF in the respective networks, and the connection between the home SPDF and the visited SPDF is attributed. The connection between NASS and visiting NASS. It is assumed that the corresponding relationship between the available home SPDF address, such as a domain name or an IP address, and the parameters of the home communication negotiation parameter, such as a key, are pre-configured in the home NASS; the corresponding visited SPDF address such as the domain name or the IP address is pre-configured in the visited NASS. Relationships, as well as visiting parameters such as communication negotiation parameters such as keys.
这里, 假设用户从归属网络移动到拜访网络, 此时, 在归属网络已 按照图 4所示的流程完成了用户在归属网络的网络接入, 也就是在归属 SPDF中已建立有用户 IP地址与归属 A-RACF地址之间的对应关系。 图 9是本发明实施例三的流程图, 结合图 9, 包括以下步骤: 步骤 900: 用户通过拜访 NASS接入网络。 Here, it is assumed that the user moves from the home network to the visited network. At this time, the home network has completed the network access of the user in the home network according to the flow shown in FIG. 4, that is, at the home network. The correspondence between the user IP address and the home A-RACF address has been established in the SPDF. FIG. 9 is a flowchart of Embodiment 3 of the present invention. Referring to FIG. 9, the following steps are included: Step 900: A user accesses a network by visiting a NASS.
本步骤中, 用户获得自身在拜访网络中的转交地址。  In this step, the user obtains the care-of address of the user in the visited network.
步骤 901 : 拜访 NASS从归属 NASS中获取包括用户 IP地址和 归属 SPDF地址的归属用户信息。拜访 NASS与归属 NASS间的交互 属于现有技术, 具体实现可参见相关协议, 不同的是归属用户信息中 还包括归属 SPDF地址。  Step 901: The visited NASS obtains the home subscriber information including the user IP address and the home SPDF address from the home NASS. The interaction between the visited NASS and the home NASS belongs to the prior art. For the specific implementation, refer to the related protocol. The difference is that the home subscriber information also includes the home SPDF address.
步骤 902 ~步骤 903:拜访 NASS将携带有用户 IP地址、转交地址、 归属 SPDF地址、 拜访 SPDF地址及拜访通信协商参数的用户信息发送 给拜访 A-RACF, 拜访 A-RACF向拜访 NASS返回响应。  Step 902 ~ Step 903: Visiting NASS sends the user information carrying the user IP address, the care-of address, the home SPDF address, the visited SPDF address, and the visited communication negotiation parameters to the visited A-RACF, and visits the A-RACF to return a response to the visited NASS.
步骤 904: 拜访 A-RACF与拜访 SPDF间进行通信链路协商, 建立 通信链路。  Step 904: Visiting the A-RACF and visiting the SPDF to negotiate a communication link and establish a communication link.
本步骤中拜访 A-RACF和拜访 SPDF之间, 利用来自拜访 NASS的 用户信息中的拜访通信协商参数进行通信链路协商, 通过通信链路协商 过程, 拜访 SPDF获知拜访 A-RACF的信息如拜访 A-RACF地址等。 实 现协商的方法很多, 属于现有技术, 这里不再详述。  In this step, visit A-RACF and visit SPDF, use the communication communication negotiation parameters from the user information of the visited NASS to conduct communication link negotiation, and visit the SPDF to learn the information of the visited A-RACF through the communication link negotiation process. A-RACF address, etc. There are many ways to implement negotiation, which are prior art and will not be described in detail here.
步骤 905: 拜访 A-RACF通过建立的通信链路, 向拜访 SPDF发送 携带有用户 IP地址、 转交地址和归属 SPDF地址的用户路由信息。  Step 905: Visiting the A-RACF to send the user routing information carrying the user IP address, the care-of address, and the home SPDF address to the visited SPDF through the established communication link.
步骤 906: 拜访 SPDF根据接收到的用户路由信息及通信链路协商 中获得的拜访 A-RACF地址,建立用户 IP地址、转交地址、拜访 A-RACF 地址与归属 SPDF地址之间的对应关系。  Step 906: Visiting SPDF establishes a correspondence between the user IP address, the care-of address, and the visited A-RACF address and the home SPDF address according to the received user routing information and the visited A-RACF address obtained in the communication link negotiation.
步骤 907 ~步骤 908:拜访 SPDF与归属 SPDF之间进行通信链路协 商, 通过协商后建立的通信链路, 拜访 SPDF向归属 SPDF发送携带有 用户 IP地址、 转交地址和拜访 A-RACF地址的用户路由信息。 通过通信链路协商过程, 归属 SPDF获知拜访 SPDF地址等信息。 步骤 909: 归属 SPDF根据接收到的用户路由信息及通信链路协商 中获得的拜访 SPDF地址, 建立用户 IP地址、 转交地址、 拜访 A-RACF 地址与拜访 SPDF地址之间的对应关系。 Steps 907 to 908: The communication link negotiation between the SPDF and the home SPDF is performed, and the user who carries the user IP address, the care-of address, and the visited A-RACF address is sent to the home SPDF through the communication link established after the negotiation. Routing information. Through the communication link negotiation process, the home SPDF is informed of the information such as the SPDF address. Step 909: The home SPDF establishes a correspondence between the user IP address, the care-of address, the visited A-RACF address, and the visited SPDF address according to the received user routing information and the visited SPDF address obtained in the communication link negotiation.
此后, 当 AF向归属 SPDF发送用户上行资源请求时, 归属 SPDF 便可以根据自身建立的用户 IP地址、 转交地址、 拜访 A-RACF地址 与拜访 SPDF地址之间的对应关系, 查找到拜访 SPDF和拜访  Thereafter, when the AF sends a user uplink resource request to the home SPDF, the home SPDF can find a visit to the SPDF and visit based on the correspondence between the user IP address, the care-of address, the visited A-RACF address, and the visited SPDF address.
A-RACF; 当 AF向归属 SPDF发送用户下行资源请求时, 归属 SPDF 根据自身建立的用户 IP地址与归属 A-RACF地址之间的对应关系, 以及用户 IP地址、 转交地址、 拜访 A-RACF地址与拜访 SPDF地址 之间的对应关系, 查找到归属 A-RACF和拜访 SPDF , 然后通过拜访 SPDF访问拜访 A-RACF , 从而实现归属 .拜访 SPDF和归属 /拜访 A-RACF; When the AF sends a user downlink resource request to the home SPDF, the home SPDF is based on the correspondence between the user IP address established by itself and the home A-RACF address, and the user IP address, the care-of address, and the visited A-RACF address. Correspond to the visit to the SPDF address, find the home A-RACF and visit the SPDF, and then visit the A-RACF by visiting the SPDF to achieve attribution. Visit SPDF and attribution/visit
A-RACF的拓朴自动发现。 The topology of A-RACF is automatically discovered.
针对图 6和图 8所示的系统示意图, 还存在另外一种情况, 假设 用户从归属网络移动到拜访网络时,未在归属网络完成用户在归属网 络的网络接入,也就是未在 SPDF中建立用户 IP地址与归属 A-RACF 地址之间的对应关系, 这种情况称为游牧场景, 这样拜访 A-RACF 可按照拜访地和归属地网络运营商的协议, 直接与拜访 SPDF或归属 SPDF进行网络接入, 具体包括:  For the system diagrams shown in FIG. 6 and FIG. 8, there is another case. If the user moves from the home network to the visited network, the user does not complete the network access of the user in the home network, that is, not in the SPDF. Establish a correspondence between the user IP address and the home A-RACF address. This situation is called a nomadic scenario. In this way, the visit A-RACF can directly contact the SPDF or the home SPDF according to the agreement between the visited place and the home network operator. Network access, including:
首先, 在用户移动到拜访网络后, 通过拜访 NASS接入网络, 在用 户注册成功后,拜访 NASS通过归属 NASS对用户进行认证,获取 Profile 和拜访 /归属 SPDF地址, 此后拜访 NASS为用户直接分配用户 IP地址; 拜访 NASS根据与归属 NASS运营商的协议选择采用拜访 SPDF或归属 SPDF, 再向拜访 A-RACF发送用户的 Profile和与 SPDF地址, 如果归 属 SPDF与拜访 SPDF是同一个, 则无需选择。 之后, 拜访 A-RACF与拜访 /归属 SPDF协商并建立通信链路; 拜访 A-RACF通过建立的通信链路向拜访 /归属 SPDF上报的用户在 拜访地的用户 IP地址、 归属 /拜访 SPDF地址, 以及归属 /拜访通信协 商参数的用户信息等用户路由信息; First, after the user moves to the visited network, the NASS accesses the network. After the user registers successfully, the visited NASS authenticates the user through the home NASS, obtains the profile and the visited/home SPDF address, and then visits the NASS to directly allocate the user to the user. IP address; Visit NASS chooses to use SPDF or home SPDF according to the agreement with the home NASS operator, and then sends the user's profile and SPDF address to visit A-RACF. If the home SPDF is the same as the visited SPDF, there is no need to choose. After that, visit A-RACF to negotiate with the visited/home SPDF and establish a communication link; visit the user IP address, attribution/visit SPDF address of the user who visited the visited/home SPDF through the established communication link through the established communication link. And user routing information such as user information of the home/visit communication negotiation parameter;
然后, 拜访 /归属 SPDF根据接收到的用户路由信息, 建立用户 Then, visit/home SPDF establishes the user based on the received user routing information.
IP地址和拜访 A-RACF地址之间的对应关系。 至此, 完成了用户的 网络接入过程。 The correspondence between the IP address and the visited A-RACF address. At this point, the user's network access process is completed.
此后, 当 AF向拜访 /归属 SPDF发送用户资源请求时, 拜访 /归 属 SPDF可以根据户 IP地址和拜访 A-RACF地址之间的对应关系, 查找到拜访 A-RACF , 从而实现 SPDF和 A-RACF的拓朴自动发现。  Thereafter, when the AF sends a user resource request to the visited/home SPDF, the visited/home SPDF can find the visited A-RACF according to the correspondence between the household IP address and the visited A-RACF address, thereby implementing SPDF and A-RACF. The topology is automatically discovered.
以上所述, 仅为本发明的较佳实施例而已, 并非用于限定本发明的 保护范围, 凡在本发明的精神和原则之内所做的任何修改、 等同替换、 改进等, 均应包含在本发明的保护范围之内。  The above is only the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modifications, equivalents, improvements, etc., which are made within the spirit and principles of the present invention, should be included. It is within the scope of the invention.

Claims

权利要求书 Claim
1.一种实现网络接入的方法, 其特征在于, 该方法还包括: 中心策略决策功能实体根据分布或接入策略功能实体发送的用户 路由信息, 以及该分布或接入策略功能实体的信息, 建立用户与所述分 布或接入策略功能实体的对应关系。 A method for implementing network access, the method further comprising: user routing information sent by a central policy decision function entity according to a distribution or access policy function entity, and information of the distribution or access policy function entity And establishing a correspondence between the user and the distribution or access policy functional entity.
2. 根据权利要求 1 所述的方法, 其特征在于, 在网络连接管理子 系统 NASS中预先设置可用中心策略决策功能实体, 或者在分布或接入 策略功能实体预先配置指定中心策略决策功能实体; 接入网资源接纳控 制功能分布或接入策略功能实体发送用户路由信息具体包括:  The method according to claim 1, wherein the available central policy decision function entity is preset in the network connection management subsystem NASS, or the designated central policy decision function entity is pre-configured in the distribution or access policy function entity; The access network resource admission control function distribution or the access policy function entity sends the user routing information specifically:
用户接入网络并获得网络分配的用户当前地址,所述 NASS向分 布或接入策略功能实体发送用户信息, 该用户信息中携带有用户地 址、 所述可用中心策略决策功能实体地址; 或者用户接入网络并获得 网络分配的用户当前地址,所述 NASS向分布或接入策略功能实体发 送用户信息, 该用户信息中携带有用户地址;  The user accesses the network and obtains the current address of the user assigned by the network, and the NASS sends the user information to the distribution or access policy function entity, where the user information carries the user address, the available central policy decision function entity address, or the user interface Entering the network and obtaining the current address of the user allocated by the network, the NASS sending user information to the distribution or access policy function entity, where the user information carries the user address;
所述分布或接入策略功能实体向可用或指定中心策略决策功能 实体发送携带用户地址的用户路由信息。  The distribution or access policy functional entity sends user routing information carrying the user address to the available or designated central policy decision function entity.
3. 根据权利要求 2所述的方法, 其特征在于,在所述 NASS中还 预先设置有中心策略决策功能实体与分布或接入策略功能实体间的通 信协商参数;  The method according to claim 2, wherein a communication negotiation parameter between the central policy decision function entity and the distribution or access policy function entity is further preset in the NASS;
所述 NASS 向分布或接入策略功能实体发送的用户信息中还携 带有所述中心策略决策功能实体与分布或接入策略功能实体间的通 信协商参数;  The user information sent by the NASS to the distribution or access policy function entity further carries a communication negotiation parameter between the central policy decision function entity and the distribution or access policy function entity;
所述发送携带用户地址的用户路由信息的方法为:  The method for sending user routing information carrying a user address is:
所述分布或接入策略功能实体利用接收到的通信协商参数, 与所 述中心策略决策功能实体地址对应的中心策略决策功能实体进行通 信链路协商, 建立通信链路; The distribution or access policy function entity utilizes the received communication negotiation parameters, The central policy decision function entity corresponding to the central policy decision function entity address performs communication link negotiation to establish a communication link;
所述分布或接入策略功能实体通过建立的通信链路, 向中心策略 决策功能实体发送携带用户地址的用户路由信息。  The distribution or access policy function entity sends the user routing information carrying the user address to the central policy decision function entity through the established communication link.
4. 根据权利要求 3所述的方法, 其特征在于, 所述 NASS为归 属 NASS , 所述中心策略决策功能实体为归属中心策略决策功能, 所 述分布或接入策略功能实体为归属分布或接入策略功能;  The method according to claim 3, wherein the NASS is a home NASS, the central policy decision function entity is a home center policy decision function, and the distribution or access policy function entity is a home distribution or connection. Into the strategy function;
所述分配的用户当前地址为用户 IP地址;  The current address of the allocated user is a user IP address;
所述用户地址为用户 IP地址。  The user address is a user IP address.
5. 根据权利要求 4所述的方法, 其特征在于, 所述该分布或接入 策略功能实体信息为: 所述通信链路协商中中心策略决策功能实体获 得的归属分布或接入策略功能实体地址;  The method according to claim 4, wherein the distribution or access policy function entity information is: a home distribution or access policy function entity obtained by the central policy decision function entity in the communication link negotiation Address
所述用户与分布或接入策略功能实体的对应关系为: 所述用户 IP 地址与归属分布或接入策略功能实体地址间的对应关系。  The corresponding relationship between the user and the distribution or access policy function entity is: the correspondence between the user IP address and the home distribution or the access policy function entity address.
6. 根据权利要求 3所述的方法, 其特征在于, 所述 NASS为拜 访 NASS , 所述中心策略决策功能实体为归属中心策略决策功能, 所 述分布或接入策略功能为拜访分布或接入策略功能;  The method according to claim 3, wherein the NASS is a visited NASS, the central policy decision function entity is a home center policy decision function, and the distribution or access policy function is a visit distribution or access. Strategy function
所述分配的用户地址为转交地址;  The assigned user address is a care-of address;
所述 NASS向分布或接入策略功能实体发送用户信息之前,该方 法还包括: 所述拜访 NASS从归属 NASS中获取包括用户 IP地址的 用户的归属信息;  Before the NASS sends the user information to the distribution or access policy function entity, the method further includes: the visited NASS acquiring the home information of the user including the user IP address from the home NASS;
所述用户地址包括转交地址和用户 IP地址, 所述通信协商参数 为拜访通信协商参数。  The user address includes a care-of address and a user IP address, and the communication negotiation parameter is a visited communication negotiation parameter.
7. 根据权利要求 6所述的方法, 其特征在于, 所述该分布或接入 策略功能实体信息为: 所述通信链路协商中中心策略决策功能实体获 得的拜访分布或接入策略功能实体地址; The method according to claim 6, wherein the distribution or access policy function entity information is: the central policy decision function entity obtained in the communication link negotiation The visit distribution or access policy function entity address;
所述用户与分布或接入策略功能实体的对应关系为: 所述用户 IP 地址、 转交地址与拜访分布或接入策略功能实体地址间的对应关系。  The corresponding relationship between the user and the distribution or access policy function entity is: the correspondence between the user IP address, the care-of address, the visit distribution, or the access policy function entity address.
8. 根据权利要求 3所述的方法, 其特征在于, 所述 NASS为拜 访 NASS,所述中心策略决策功能实体为拜访中心策略决策功能实体, 所述分布或接入策略功能实体为拜访分布或接入策略功能实体;  The method according to claim 3, wherein the NASS is a visited NASS, the central policy decision function entity is a visit center policy decision function entity, and the distribution or access policy function entity is a visit distribution or Access policy function entity;
所述分配的用户地址为转交地址;  The assigned user address is a care-of address;
所述 NASS向分布或接入策略功能实体发送用户信息之前,该方 法还包括: 所述 NASS从归属 NASS中获取包括用户 IP地址和归属 中心策略决策功能实体地址的归属用户信息;  Before the NASS sends the user information to the distribution or access policy function entity, the method further includes: obtaining, by the NASS, the home subscriber information including the user IP address and the home center policy decision function entity address from the home NASS;
所述用户信息还包括: 归属中心策略决策功能地址;  The user information further includes: a home center policy decision function address;
所述用户地址包括转交地址和用户 IP地址, 所述通信协商参数 为拜访通信协商参数。  The user address includes a care-of address and a user IP address, and the communication negotiation parameter is a visited communication negotiation parameter.
9. 根据权利要求 8所述的方法, 其特征在于, 所述该分布或接入 策略功能信息为: 所述通信链路协商中拜访中心策略决策功能实体获 得的拜访分布或接入策略功能实体地址;  The method according to claim 8, wherein the distribution or access policy function information is: a visit distribution or an access policy function entity obtained by the visited central policy decision function entity in the communication link negotiation Address
所述用户与分布或接入策略功能实体的对应关系为: 所述用户 IP 地址、 转交地址、 拜访分布或接入策略功能实体地址与归属中心策略决 策功能实体间的对应关系。  The corresponding relationship between the user and the distribution or access policy function entity is: the correspondence between the user IP address, the care-of address, the visit distribution, or the access policy function entity address and the home center policy decision function entity.
10. 根据权利要求 8所述的方法, 其特征在于, 该方法还包括: 所述拜访中心策略决策功能实体通过协商的通信链路, 向归属中心 策略决策功能发送携带有用户 IP地址、转交地址和拜访分布或接入策略 功能实体地址的用户路由信息;  The method according to claim 8, wherein the method further comprises: the visiting center policy decision function entity transmitting, by using the negotiated communication link, a user IP address and a care-of address to the home center policy decision function And accessing user routing information of the distribution or access policy function entity address;
所述归属中心策略决策功能实体根据接收到的用户路由信息及通 信链路协商中获得的拜访中心策略决策功能实体地址, 建立用户 IP地 址、 转交地址、 拜访分布或接入策略功能实体地址与拜访中心策略决策 功能实体地址之间的对应关系。 The home center policy decision function entity establishes a user IP address according to the received user route information and the visit center policy decision function entity address obtained in the communication link negotiation. The correspondence between the address, the care-of address, the visit distribution or the access policy function entity address and the address of the visit center policy decision function entity.
11. 根据权利要求 2或 3所述的方法, 其特征在于, 所述 NASS 为拜访 NASS,所述中心策略决策功能实体为归属 /拜访中心策略决策 功能实体, 所述分布或接入策略功能实体为拜访分布或接入策略功能 实体;  The method according to claim 2 or 3, wherein the NASS is a visited NASS, the central policy decision function entity is a home/visit center policy decision function entity, and the distribution or access policy function entity To access the distribution or access policy functional entity;
所述用户接入网络并获得网络分配的用户当前地址的方法为:拜 访 NASS与归属 NASS通信, 完成对用户的认证和地址分配, 并将分配 的地址信息发送给归属 /拜访中心策略决策功能实体;  The method for the user to access the network and obtain the current address of the user allocated by the network is: the visited NASS communicates with the home NASS, completes the authentication and address allocation of the user, and sends the allocated address information to the home/visit center policy decision function entity. ;
所述分配的用户地址为用户 IP地址;  The assigned user address is a user IP address;
所述用户与分布或接入策略功能实体的对应关系为: 所述用户 IP 地址与拜访分布或接入策略功能实体地址间的对应关系。  The corresponding relationship between the user and the distribution or access policy function entity is: the correspondence between the user IP address and the visit distribution or the access policy function entity address.
12. 根据权利要求 1 所述的方法, 其特征在于, 所述建立的对 应关系为以用户 IP地址为索引的 IP查找表; 所述 IP查找表包括:基 本信息、 归属地信息和拜访地信息;  The method according to claim 1, wherein the established correspondence is an IP lookup table indexed by a user IP address; the IP lookup table includes: basic information, attribution information, and visited location information. ;
所述基本信息包括: 用户 IP地址、 用户当前位置信息; 所述归属地信息包括: 归属分布或接入策略功能实体地址、 归属 中心策略决策功能实体地址;  The basic information includes: a user IP address and a current location information of the user; the attribution information includes: a home distribution or an access policy function entity address, and a home center policy decision function entity address;
所述拜访地信息包括: 用户的转交地址、 拜访分布或接入策略功 能实体地址、 拜访中心策略决策功能实体地址。  The visitor information includes: a care-of address of the user, a visit distribution or an access policy function entity address, and a visit center policy decision function entity address.
13. 根据权利要求 1 所述的方法, 其特征在于, 所述可用的中 心策略决策功能实体为: 与业务对应的中心策略决策功能实体。  The method according to claim 1, wherein the available central policy decision function entity is: a central policy decision function entity corresponding to the service.
14. 一种实现网络接入的系统, 该系统包括: 网络连接管理子系 统 NASS、 中心策略决策功能实体及分布或接入策略功能实体, 所述 NASS通过分布或接入策略功能实体与中心策略决策功能实体相连, 用户通过 NASS接入网络, 其特征在于, 14. A system for implementing network access, the system comprising: a network connection management subsystem NASS, a central policy decision function entity, and a distribution or access policy function entity, the NASS through a distribution or access policy functional entity and a central policy Decision function entities are connected, The user accesses the network through the NASS, and is characterized in that
在所述 NASS中预先设置可用中心策略决策功能实体, 或者在分布 或接入策略功能实体预先配置与指定中心策略决策功能实体的通信链 路;  Providing an available central policy decision function entity in the NASS, or pre-configuring a communication link with the designated central policy decision function entity in the distribution or access policy function entity;
所述分布或接入策略功能实体接收来自 NASS的携带有用户地址、 所述当前可用中心策略决策功能实体地址的用户信息; 或者所述分布 或接入策略功能实体接收来自 NASS的携带有用户地址的用户信息; 所述可用或指定中心策略决策功能实体接收来自分布或接入策 略功能实体的携带用户地址的用户路由信息, 建立用户与分布或接入 策略功能实体的对应关系。  The distribution or access policy function entity receives user information from the NASS carrying the user address, the currently available central policy decision function entity address, or the distribution or access policy function entity receiving the carried user address from the NASS User information; the available or specified central policy decision function entity receives user routing information carrying a user address from a distribution or access policy functional entity, and establishes a correspondence between the user and the distribution or access policy functional entity.
15. 根据权利要求 14所述的系统, 其特征在于, 所述 NASS中 还预先设置中心策略决策功能实体与分布或接入策略功能实体间的通 信协商参数;  The system according to claim 14, wherein the NASS further presets a communication negotiation parameter between the central policy decision function entity and the distribution or access policy function entity;
所述分布或接入策略功能实体还接收所述中心策略决策功能实体 与分布或接入策略功能实体间的通信协商参数;  The distribution or access policy function entity further receives communication negotiation parameters between the central policy decision function entity and the distribution or access policy function entity;
16. 根据权利要求 14或 15所述的系统,其特征在于,所述 NASS 为归属 NASS, 所述中心策略决策功能实体为归属中心策略决策功能 实体, 所述分布或接入策略功能实体为归属分布或接入策略功能实 体; 所述用户地址为用户 IP地址。  The system according to claim 14 or 15, wherein the NASS is a home NASS, the central policy decision function entity is a home center policy decision function entity, and the distribution or access policy function entity is a home entity. A distribution or access policy function entity; the user address is a user IP address.
17. 根据权利要求 14或 15所述的系统,其特征在于,所述 NASS 为拜访 NASS, 所述中心策略决策功能实体为归属中心策略决策功能 实体, 所述分布或接入策略功能实体为拜访分布或接入策略功能实 体; 所述系统还包括: 归属 NASS和归属分布或接入策略功能实体; 所述拜访 NASS接收来自归属 NASS的包括用户 IP地址的用户 的归属信息; 所述拜访分布或接入策略功能实体接收来自拜访 NASS 的携带有 用户 IP地址、 用户接入网络获得的转交地址、 归属中心策略决策功 能实体地址, 以及拜访通信协商参数的用户信息; The system according to claim 14 or 15, wherein the NASS is a visited NASS, the central policy decision function entity is a home center policy decision function entity, and the distribution or access policy function entity is a visit. a distribution or access policy function entity; the system further comprising: a home NASS and a home distribution or access policy function entity; the visited NASS receiving home information of the user including the user IP address from the home NASS; The visit distribution or access policy function entity receives user information from the visited NASS carrying the user IP address, the care-of address obtained by the user access network, the home center policy decision function entity address, and the visited communication negotiation parameter;
所述中心策略决策功能实体接收来自拜访分布或接入策略功能 实体的携带用户 IP地址和转交地址的用户路由信息, 建立用户与拜 访分布或接入策略功能实体的对应关系。  The central policy decision function entity receives the user routing information of the user's IP address and the care-of address from the visited distribution or access policy function entity, and establishes a correspondence between the user and the visit distribution or the access policy function entity.
18. 根据权利要求 14或 15所述的系统,其特征在于,所述 NASS 为拜访 NASS,所述中心策略决策功能实体为归属 /拜访中心策略决策 功能实体, 所述分布或接入策略功能实体为拜访分布或接入策略功 能; 所述系统还包括: 归属 NASS和归属分布或接入策略功能实体; 所述拜访 NASS与归属 NASS通信, 完成对用户的认证, 并获得 用户的归属信息, 以及完成地址分配, 将用户信息发送给拜访分布或接 入策略功能实体;  The system according to claim 14 or 15, wherein the NASS is a visited NASS, the central policy decision function entity is a home/visit center policy decision function entity, and the distribution or access policy function entity To access the distribution or access policy function; the system further includes: a home NASS and a home distribution or access policy function entity; the visited NASS communicates with the home NASS, completes authentication of the user, and obtains the user's attribution information, and Complete the address allocation, and send the user information to the visited distribution or access policy function entity;
所述拜访分布或接入策略功能实体接收来自拜访 NASS 的携带有 用户 IP地址、 归属 /拜访中心策略决策功能实体地址, 以及归属 /拜访 通信协商参数的用户信息;  The visit distribution or access policy function entity receives user information from the visited NASS that carries the user IP address, the home/visit center policy decision function entity address, and the home/visit communication negotiation parameter;
所述拜访 /归属中心策略决策功能实体接收来自拜访分布或接入 策略功能的携带用户 IP地址的用户路由信息, 建立用户与拜访分布 或接入策略功能实体的对应关系。  The visit/home center policy decision function entity receives user routing information of the user's IP address from the visited distribution or access policy function, and establishes a correspondence between the user and the visited distribution or the access policy functional entity.
19. 根据权利要求 14或 15所述的系统,其特征在于,所述 NASS 为拜访 NASS , 所述中心策略决策功能实体为拜访中心策略决策功能 实体, 所述分布或接入策略功能实体为拜访分布或接入策略功能实 体; 所述系统还包括: 归属中心策略决策功能实体、 归属 NASS和归 属分布或接入策略功能实体;  The system according to claim 14 or 15, wherein the NASS is a visited NASS, the central policy decision function entity is a visit center policy decision function entity, and the distribution or access policy function entity is a visit. a distribution or access policy functional entity; the system further comprising: a home center policy decision function entity, a home NASS, and a home distribution or access policy function entity;
所述拜访 NASS接收来自归属 NASS的包括用户 IP地址和归属 中心策略决策功能实体地址的归属用户信息; The visited NASS receives the user IP address and attribution from the home NASS. The central user determines the attribution user information of the functional entity address;
所述拜访分布或接入策略功能实体接收来自拜访 NASS 的携带有 用户 IP地址、 用户接入网络获得的转交地址、 归属中心策略决策功 能实体地址、 拜访中心策略决策功能实体地址以及拜访通信协商参数 的用户信息;  The visit distribution or access policy function entity receives the user IP address from the visited NASS, the care-of address obtained by the user access network, the home center policy decision function entity address, the visit center policy decision function entity address, and the visited communication negotiation parameter. User information;
所述拜访中心策略决策功能实体接收来自拜访分布或接入策略 功能实体的携带用户 IP地址、 转交地址和归属中心策略决策功能实 体地址的用户路由信息, 建立用户与拜访分布或接入策略功能实体和 归属中心策略决策功能实体地址之间的对应关系。  The visit center policy decision function entity receives user routing information from the visited distribution or access policy function entity that carries the user IP address, the care-of address, and the home center policy decision function entity address, and establishes a user and visit distribution or access policy function entity. Correspondence with the address of the home authority policy decision function entity.
20. 根据权利要求 19所述的系统, 其特征在于, 所述系统还包 括:  20. The system of claim 19, wherein the system further comprises:
所述归属中心策略决策功能实体接收来自拜访中心策略决策功 能实体的携带用户 IP地址、 转交地址和拜访分布或接入策略功能实 体地址的用户路由信息,建立用户与拜访分布或接入策略功能实体地址 和拜访中心策略决策功能实体地址之间的对应关系。  The home center policy decision function entity receives user routing information from the visited center policy decision function entity that carries the user IP address, the care-of address, and the visit distribution or the access policy function entity address, and establishes a user and visit distribution or access policy function entity. The correspondence between the address and the address of the visit center policy decision function entity.
21. 一种中心策略决策功能实体, 其特征在于, 该中心策略决策功 能实体包括:  21. A central policy decision function entity, wherein the central policy decision function entity comprises:
分布或接入策略功能实体接口单元, 用于接收分布或接入策略功能 实体发送的用户路由信息, 提供给对应关系建立单元;  a distribution or access policy function entity interface unit, configured to receive user routing information sent by the distribution or access policy function entity, and provide the information to the corresponding relationship establishing unit;
对应关系建立单元, 用于根据分布或接入策略功能实体接口单元接 收的用户路由信息和该分布或接入策略功能实体信息, 建立用户与分布 或接入策略功能实体的对应关系。  The correspondence establishing unit is configured to establish a correspondence between the user and the distribution or access policy functional entity according to the user routing information received by the distribution or access policy function entity interface unit and the distribution or access policy function entity information.
22. 根据权利要求 21所述的中心策略决策功能实体,其特征在于, 所述分布或接入策略功能实体接口单元, 进一步与所述分布或接入策略 功能实体进行通信链路协商, 获取该分布或接入策略功能实体信息。  The central policy decision function entity according to claim 21, wherein the distribution or access policy function entity interface unit further performs a communication link negotiation with the distribution or access policy function entity to obtain the Distribution or access policy functional entity information.
PCT/CN2007/070658 2006-09-07 2007-09-07 A method, system and device for network access WO2008040212A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200610126866.2 2006-09-07
CN200610126866A CN100579070C (en) 2006-09-07 2006-09-07 Method and system of implementing network access

Publications (1)

Publication Number Publication Date
WO2008040212A1 true WO2008040212A1 (en) 2008-04-10

Family

ID=39193134

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/070658 WO2008040212A1 (en) 2006-09-07 2007-09-07 A method, system and device for network access

Country Status (2)

Country Link
CN (1) CN100579070C (en)
WO (1) WO2008040212A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009016543A2 (en) * 2007-07-27 2009-02-05 Telefonaktiebolaget L M Ericsson (Publ) Methods and systems for providing racf configuration information

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101599912B (en) * 2008-06-06 2012-04-04 华为技术有限公司 Method and system for transmitting message to transportable functional entity in communication system
CN102857585A (en) * 2011-06-30 2013-01-02 中兴通讯股份有限公司 Method and system for distributing address and executing strategy of BBF (Broadband Forum) network
CN112422714A (en) * 2020-11-27 2021-02-26 上海数讯信息技术有限公司 Multi-application batch continuous IP address allocation method and system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006136895A1 (en) * 2005-04-29 2006-12-28 Nokia Corporation A network
CN1925420A (en) * 2005-09-02 2007-03-07 华为技术有限公司 Resource repealing method and device based on resource admittance control subsystem

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006136895A1 (en) * 2005-04-29 2006-12-28 Nokia Corporation A network
CN1925420A (en) * 2005-09-02 2007-03-07 华为技术有限公司 Resource repealing method and device based on resource admittance control subsystem

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Resource and Admission Control Sub-system (RACS); Functional Architecture", ETSI ES 282 003 V1.1.1, June 2006 (2006-06-01), pages 1 - 41 *
"Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Resource and Admission Control; Protocol for QoS reservation information exchange between the Service Policy Decision Function (SPDF) and the.....", ETSI ES 283 026 V1.1.1, June 2006 (2006-06-01), pages 1 - 33 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009016543A2 (en) * 2007-07-27 2009-02-05 Telefonaktiebolaget L M Ericsson (Publ) Methods and systems for providing racf configuration information
WO2009016543A3 (en) * 2007-07-27 2009-06-25 Ericsson Telefon Ab L M Methods and systems for providing racf configuration information
US7953026B2 (en) 2007-07-27 2011-05-31 Telefonaktiebolaget L M Ericsson (Publ) Methods and systems for providing RACF configuration information

Also Published As

Publication number Publication date
CN101141379A (en) 2008-03-12
CN100579070C (en) 2010-01-06

Similar Documents

Publication Publication Date Title
EP2081332B1 (en) A method for sharing network resources, and a device and system thereof
US8077619B2 (en) Method for aggregating data traffic over an access domain and nodes therefor
US20080130656A1 (en) Apparatus and method for managing quality of service in integrated network of heterogeneous mobile network
WO2011147074A1 (en) Method, system and corresponding apparatus for implementing policy and charging control
CA2604234A1 (en) Method for managing service bindings over an access domain and nodes therefor
US8072897B2 (en) Method, system and device for selecting edge connection link across different management domain networks
WO2008031349A1 (en) Control system, control method and control device
WO2009114976A1 (en) Method and system for resource and admission control
WO2008148320A1 (en) Method, device and system for multicast service authorization controlling
WO2009046666A1 (en) Addressing method of policy decision function entity, network element and network system
WO2009006847A1 (en) Method, device and system for combination of resource admission control
WO2009079844A1 (en) Processing method for resource request in ngn
WO2009074072A1 (en) Method, network system and network equipment of dynamic strategy conversion
US7953026B2 (en) Methods and systems for providing RACF configuration information
WO2009056013A1 (en) A policy control method and system for layer two device
US8379519B2 (en) Method for realizing resource admission control at push mode in nomadism scene of NGN
WO2008040212A1 (en) A method, system and device for network access
WO2012003781A1 (en) Method and system for controlling service admission
WO2009132492A1 (en) A system for the racs supporting mobile ip and the method thereof
WO2008017226A1 (en) Multicast control system and method
WO2010091562A1 (en) Method and apparatus for interaction between fixed network and third party network or application server
WO2007033612A1 (en) A system and a method for resource controlling of the access network
WO2009076837A1 (en) User access method and gateway equipment in wimax system
WO2009100625A1 (en) Selecting method of policy decision functional entity in resource and admission control system
CN102036431B (en) Interactive functional entity and protocol mapping method for resource management

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07801066

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07801066

Country of ref document: EP

Kind code of ref document: A1