WO2010022777A1 - Gestion de grands utilisateurs suspects - Google Patents

Gestion de grands utilisateurs suspects Download PDF

Info

Publication number
WO2010022777A1
WO2010022777A1 PCT/EP2008/061296 EP2008061296W WO2010022777A1 WO 2010022777 A1 WO2010022777 A1 WO 2010022777A1 EP 2008061296 W EP2008061296 W EP 2008061296W WO 2010022777 A1 WO2010022777 A1 WO 2010022777A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
network connection
service
quality
threshold
Prior art date
Application number
PCT/EP2008/061296
Other languages
English (en)
Inventor
Miikka Huomo
Juha Suojanen
Original Assignee
Nokia Siemens Networks Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Siemens Networks Oy filed Critical Nokia Siemens Networks Oy
Priority to PCT/EP2008/061296 priority Critical patent/WO2010022777A1/fr
Publication of WO2010022777A1 publication Critical patent/WO2010022777A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/5061Network service management, e.g. ensuring proper service fulfilment according to agreements characterised by the interaction between service providers and their network customers, e.g. customer relationship management
    • H04L41/5067Customer-centric QoS measurements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/16Threshold monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/11Identifying congestion
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2458Modification of priorities while in transit
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2475Traffic characterised by specific attributes, e.g. priority or QoS for supporting traffic characterised by the type of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/02Traffic management, e.g. flow control or congestion control
    • H04W28/0205Traffic management, e.g. flow control or congestion control at the air interface
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/02Traffic management, e.g. flow control or congestion control
    • H04W28/0252Traffic management, e.g. flow control or congestion control per individual bearer or channel
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/02Traffic management, e.g. flow control or congestion control
    • H04W28/0284Traffic management, e.g. flow control or congestion control detecting congestion or overload during communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/16Central resource management; Negotiation of resources or communication parameters, e.g. negotiating bandwidth or QoS [Quality of Service]
    • H04W28/24Negotiating SLA [Service Level Agreement]; Negotiating QoS [Quality of Service]

Definitions

  • the present invention relates to an apparatus, system and method for controlling network usage by detecting use of unwanted bandwidth-hungry applications.
  • P2P peer-to-peer
  • Another method is to perform a bandwidth management where it is given less capacity for certain users or services, but at present it is possible to do that only on network level, not on radio cell level.
  • GGSN gateway GPRS support nodes
  • an apparatus comprising identification means configured to identify a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold; quality of service modification means configured to downgrade a quality of service for a network connection of said user below an initially negotiated quality of service; and deep packet inspection means configured to be activated to a network connection of said user and to detect a service on said network connection which is actively set to represent a threshold exceeding application.
  • Certain modifications of the apparatus according to the first aspect may include the following.
  • the apparatus may be suitable for providing bandwidth management .
  • the identification means can be further configured to user-specifically count transmitted data volume and the actively set threshold can define a maximum data transfer volume per time period.
  • the identification means can be further configured to user-specifically count transmitted data volume for a fixed time period and in fixed intervals.
  • the identification means can be further configured to receive and refer to a record listing user corresponding to a bandwidth consumption of a network connection which exceeds the actively set threshold.
  • the quality of service modification means can be further configured to restore the initially negotiated quality of service to a network connection of the user if no threshold exceeding application is detected by the deep packet inspection means.
  • the deep packet inspection means can be further configured to periodically check a network connection of the user where a threshold exceeding application is detected if the threshold exceeding application is still present, and to have a checking period actively set.
  • an apparatus comprising an identification processor configured to identify a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold; a quality of service modification controller configured to downgrade a quality of service for a network connection of said user below an initially negotiated quality of service; and a deep packet inspection processor configured to be activated to a network connection of said user and to detect a service on said network connection which is actively set to represent a threshold exceeding application .
  • a system comprising identification means configured to identify a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold; quality of service modification means configured to downgrade a quality of service for a network connection of said user below an initially negotiated quality of service; and deep packet inspection means configured to be activated to a network connection of said user and to detect a service on said network connection which is actively set to represent a threshold exceeding application.
  • Certain modifications of the system according to the third aspect may include the following.
  • the system may be suitable for providing bandwidth management .
  • the identification means can be further configured to user-specifically count transmitted data volume and the actively set threshold can define a maximum data transfer volume per time period.
  • the identification means can be further configured to user-specifically count transmitted data volume for a fixed time period and in fixed intervals.
  • the identification means can be further configured to receive and refer to a record listing user corresponding to a bandwidth consumption of a network connection which exceeds the actively set threshold.
  • the quality of service modification means can be further configured to restore the initially negotiated quality of service to a network connection of the user if no threshold exceeding application is detected by the deep packet inspection means.
  • the deep packet inspection means can be further configured to periodically check a network connection of the user where a threshold exceeding application is detected if the threshold exceeding application is still present, and to have a checking period actively set.
  • the system can further comprise provisioning means configured to monitor a data volume of a user and to include the user to the record if an actively set threshold is exceeded which is defined by a maximum data transfer volume per time period, and to provide the record to the identification means.
  • the threshold can be set in relation to an average data transfer volume per time period of monitored user.
  • a system comprising an identification processor configured to identify a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold; a quality of service modification controller configured to downgrade a quality of service for a network connection of said user below an initially negotiated quality of service; and a deep packet inspection processor configured to be activated to a network connection of said user and to detect a service on said network connection which is actively set to represent a threshold exceeding application.
  • system can further comprise a provisioning tool configured to monitor a data volume of a user and to include the user to the record if an actively set threshold is exceeded which is defined by a maximum data transfer volume per time period, and to provide the record to the identification means.
  • the threshold can be set in relation to an average data transfer volume per time period of monitored user.
  • a method comprising identifying a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold; downgrading a quality of service for a network connection of said user below an initially negotiated quality of service; and activating deep packet inspection to a network connection of said user and detecting by deep packet inspection a service on said network connection which is actively set to represent a threshold exceeding application .
  • Certain modifications of the method according to the fifth aspect may include the following.
  • the method may be capable of providing bandwidth management .
  • the method can further comprise user-specifically counting transmitted data volume, wherein the actively set threshold defines a maximum data transfer volume per time period.
  • the transmitted data volume can be user-specifically counted for a fixed time period and in fixed intervals.
  • the method can further comprise restoring the initially negotiated quality of service to a network connection of the user if no threshold exceeding application is detected by the deep packet inspection means.
  • the method can further comprise periodically checking a network connection of the user where a threshold exceeding application is detected if the threshold exceeding application is still present, and actively setting a checking period.
  • the method can further comprise monitoring a data volume of a user and including the user to the record if an actively set threshold is exceeded which is defined by a maximum data transfer volume per time period, and providing the record.
  • the method can further comprise setting the threshold in relation to an average data transfer volume per time period of monitored user.
  • a computer program product embodied as a computer readable medium storing instructions which comprise identifying a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold; downgrading a quality of service for a network connection of said user below an initially negotiated quality of service; and activating deep packet inspection to a network connection of said user and detecting by deep packet inspection a service with said network connection which is actively set to represent a threshold exceeding application.
  • Fig. 1 shows an implementation example for certain embodiments of the present invention.
  • embodiments of the present invention are presently considered to be particularly useful in 3 rd generation partnership project (3GPP) radio access networks such as GSM EDGE radio access networks (GERAN) and UMTS terrestrial radio access networks (UTRAN) as well as in long term evolution (LTE) and system architecture evolution (SAE) networks, where EDGE refers to enhanced data rates for GSM evolution, GSM refers to global system for mobile communications, and UMTS refers to universal mobile .
  • 3GPP 3 rd generation partnership project
  • 3GPP 3 rd generation partnership project
  • GERAN GSM EDGE radio access networks
  • UTRAN UMTS terrestrial radio access networks
  • SAE system architecture evolution
  • EDGE refers to enhanced data rates for GSM evolution
  • GSM refers to global system for mobile communications
  • UMTS refers to universal mobile .
  • certain embodiments of the present invention are also applicable to any other network where bandwidth management and/or network usage control is used like in fixed broadband networks (e.g. with respect to a broadband remote access server - BRAS - and/or a broadband network gateway - BNG) , in WiMAX (worldwide interoperability for microwave access) networks (e.g. with respect to an access service network gateway/home agent) etc or any internet protocol edge/border gateway product that analyzes user data .
  • fixed broadband networks e.g. with respect to a broadband remote access server - BRAS - and/or a broadband network gateway - BNG
  • WiMAX worldwide interoperability for microwave access
  • implementation examples comprise the following functionalities :
  • those users which generate most of the network load are identified and subjected to a by-default downgraded quality of service at the session start-up.
  • DPI deep packet inspection
  • the identification of heavy users can be based on charging data record (CDR) data volumes, statistics or for example some internal counters in a gateway node such as a GGSN.
  • CDR charging data record
  • a list of suspicious user could be provided which can take place using existing provisioning tools of the operator.
  • the identification of TOP heavy users can include an offline analysis of collected statistics. This can be done based on collected data of charging data records (CDR) or gateway node internal statistical data.
  • CDR charging data records
  • Embodiment 1 gateway node internal alternative
  • the gateway node can count and compare users internally based on the currently existing subscriber specific data volume counters which are e.g. used in generating charging data records (CDR) .
  • CDR charging data records
  • the operator could define thresholds which the gateway node should check before it resets this internal counter and increments the charging data record (CDR) data volume.
  • CDR charging data record
  • GGSN statistical data collection As follows:
  • the sample collection period is defined.
  • the statistics time period parameter is determined as the time during which samples are collected. The time is given in minutes. Allowed values are 15, 30, 45, and 60. The default value is 15.
  • the sample collection interval is defined.
  • the statistics time interval parameter is determined as how often samples are collected. The value is given in minutes. Allowed values are 1, 5, 15, 30, 45, and 60. The default value is 1.
  • the operator could define e.g. if the user data volume during the last 1/15 minutes (last measurement collection period) exceeds 30 Mbits/300 Mbits, then the user (packet data protocol (PDP) context) shall be marked internally in the GGSN.
  • PDP packet data protocol
  • Embodiment 2 post processing and provisioning alternative
  • the operator has (automatic) charging data record post-processing tool (i.e. apparatus) that identifies TOP heavy users based on the transmitted data volumes in a given time.
  • automatically charging data record post-processing tool i.e. apparatus
  • the tool monitors user activity based on thresholds and the transferred user data volume exceeds the defined threshold, the tool marks the user to the list of suspicious user.
  • the threshold is a limit for data transfer per hour or day etc.
  • the tool may alternatively mark the users e.g. if the transmitted data volumes are considerably higher than other users in average where thresholds may be used as well. In such cases simply the heaviest users are marked.
  • the tool After the tool marks the user, it provides the information to a user profile database that may be any profile server/lightweight database access protocol (LDAP) /remote authentication dial in user service (RADIUS) or policy server or even the home location register (HLR) .
  • LDAP profile server/lightweight database access protocol
  • RADIUS remote authentication dial in user service
  • HLR home location register
  • the most practical way to update the profile database would be to use existing provisioning tools which the operator has. Hence, this tool may be somehow integrated to the operator's existing provisioning system.
  • the downgrade of the quality of service and activation of deep packet inspection to the users identified as TOP heavy users can involve the following.
  • the gateway node receives an indication of a suspicious user at session start-up or knows it internally when it receives user information from a user profile database. If the user or the PDP context is marked to be suspicious, the gateway node immediately downgrades the quality of service by e.g. decreasing the maximum bit rate (MBR) and downgrading the traffic class for these users internally. That is, no PDP update over the Gn interface is performed. Further, also the differentiated services codepoint (DSCP) marking in the Gn interface may be based on this temporary gateway node internal quality of service.
  • MLR maximum bit rate
  • DSCP differentiated services codepoint
  • the session is continued with the downgraded quality of service. It is to be understood that also at this point the user will be marked in the subscription profile to be able to continue with reduced quality of service immediately after PDP context re-establishment.
  • a PDP context with downgraded quality of service is checked again after a period determined by the operator. If a misuse in the sense of using an "unwanted” application has ended, the original quality of service which is negotiated for the PDP context shall be allowed.
  • an implementation in a gateway node such as (but not limited to) a gateway GPRS (general packet radio service) support node is considered advantageous.
  • a gateway GPRS general packet radio service
  • an implementation is considered to be useful in all 3 rd generation partnership project (3GPP) networks and others. Accordingly, benefits can be achieved for e.g. mobile data networks, radio and core networks, deep packet inspection and bandwidth management functionalities, provisioning and subscriber database manufacturers.
  • embodiments of the present invention may also be implemented in accordance with performing bandwidth management network usage control in the Gi interface (between the access network and the Internet) , and corresponding servers would also benefit a lot if user data volume information would be available. In this case deep user data inspection could focus only to most likely misuses (i.e. to respective users) and network capacity would be saved.
  • An implementation of embodiments of the present invention may be achieved by providing a computer program product embodied as a computer readable medium which stores instructions according to the above described embodiments.
  • a gateway GPRS support node detects the used quota per subscriber during a definable time period. Counters for the used data can be tracked either internally by the GGSN or the used quota can be reported in the form of charging data records to a system involving e.g. servers providing the functions of post-processing, policy enforcement, balance holding and provisioning.
  • Fig. 1 shows an online service controller as a post-processing tool for the charging data records (CDR) that identifies heavy users based on the transmitted data volume in a given time.
  • CDR charging data records
  • the online service controller marks the user as "heavy user” and provides the information to a subscriber profile database .
  • the quality of service After a heavy user is detected, the quality of service will be downgraded so that less bandwidth is given. The quality of service is upgraded back to an original value if unwanted service usage is not identified by performing deep packet inspection in the GGSN or in any other node.
  • a marking as heavy user can be removed from the subscriber profile at this point.
  • the operator has the option to double check the subscriber service usage once in a while.
  • the marked heavy user begins a session, lower quality of service will be given based on the user information stored in the subscriber profile data base, since the GGSN can query the subscriber profile database upon session initiation and find out about the marking as heavy user.
  • identification means configured to identify a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold
  • quality of service modification means configured to downgrade a quality of service for a network connection of said user below an initially negotiated quality of service
  • deep packet inspection means configured to be activated to a network connection of said user and to detect a service on said network connection which is actively set to represent a threshold exceeding application.

Abstract

L'invention concerne un appareil comprenant un moyen d'identification configuré pour identifier un utilisateur correspondant à une consommation de bande passante d'une connexion de réseau qui dépasse un seuil défini de manière active. L'appareil comprend en outre un moyen de modification de qualité de service configuré pour rétrograder une qualité de service d'une connexion de réseau dudit utilisateur en dessous d'une qualité de service négociée au départ. De plus, l'appareil comprend un moyen d'inspection profonde de paquets configuré pour être activé sur une connexion de réseau dudit utilisateur et détecter un service sur ladite connexion de réseau qui est défini de manière active pour représenter une application dépassant un seuil.
PCT/EP2008/061296 2008-08-28 2008-08-28 Gestion de grands utilisateurs suspects WO2010022777A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2008/061296 WO2010022777A1 (fr) 2008-08-28 2008-08-28 Gestion de grands utilisateurs suspects

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2008/061296 WO2010022777A1 (fr) 2008-08-28 2008-08-28 Gestion de grands utilisateurs suspects

Publications (1)

Publication Number Publication Date
WO2010022777A1 true WO2010022777A1 (fr) 2010-03-04

Family

ID=40545771

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2008/061296 WO2010022777A1 (fr) 2008-08-28 2008-08-28 Gestion de grands utilisateurs suspects

Country Status (1)

Country Link
WO (1) WO2010022777A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102811204A (zh) * 2011-06-01 2012-12-05 普天信息技术研究院有限公司 分组核心演进中基于深度包检测的承载控制系统及方法

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006108282A1 (fr) * 2005-04-13 2006-10-19 Zeugma Systems Canada, Inc. Noeud de service de lissage du trafic informe de l'application positionne entre le reseau d'acces et le reseau central
EP1798914A1 (fr) * 2005-12-13 2007-06-20 Alcatel Lucent Contrôle de la congestion
WO2008061171A2 (fr) * 2006-11-16 2008-05-22 Comcast Cable Holdings, Llc Procédé permettant de limiter les abus

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006108282A1 (fr) * 2005-04-13 2006-10-19 Zeugma Systems Canada, Inc. Noeud de service de lissage du trafic informe de l'application positionne entre le reseau d'acces et le reseau central
EP1798914A1 (fr) * 2005-12-13 2007-06-20 Alcatel Lucent Contrôle de la congestion
WO2008061171A2 (fr) * 2006-11-16 2008-05-22 Comcast Cable Holdings, Llc Procédé permettant de limiter les abus

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102811204A (zh) * 2011-06-01 2012-12-05 普天信息技术研究院有限公司 分组核心演进中基于深度包检测的承载控制系统及方法

Similar Documents

Publication Publication Date Title
CN102823197B (zh) 用于增强的服务检测和策略规则确定的方法、系统和计算机可读介质
US8694619B2 (en) Packet classification method and apparatus
EP3909204B1 (fr) Technique de corrélation d'informations d'analyse de données réseau
US8773981B2 (en) Systems and methods for dynamic congestion management in communications networks
JP5855268B2 (ja) ポリシー制御装置を使用するネットワーク統計の生成
US9860752B2 (en) Handling of authorization requests for a packet-based service in a mobile network
US8917600B2 (en) Technique for introducing a real-time congestion status in a policy decision for a cellular network
US9787484B2 (en) Adapting PCC rules to user experience
CN106332183B (zh) 流量的控制、控制处理方法及装置、终端
US9137843B2 (en) Method and node for controlling bearer related resources as well as a corresponding system and computer program
EP2587737B1 (fr) Procédé et dispositif de surveillance de trafic de service
KR101884048B1 (ko) 네트워크 자원들을 관리하기 위한 방법들과 노드들, 및 상응하는 시스템과 컴퓨터 프로그램
US20140233432A1 (en) Pcrf and pcc rule setting method in a mobile communication network
US9397908B2 (en) Method, apparatus, and system for acquiring quality of service QoS control information
WO2014146502A1 (fr) Procédé et appareil de gestion de congestion de réseau d'accès radio, et procédé et système de gestion de stratégie de congestion
CN109428781B (zh) 会话用量监测控制方法、服务器及存储介质
AU2020270237A1 (en) Terminal information processing method and apparatus, and system
US20160173390A1 (en) Confidence degree of data packet flow classification
WO2010022777A1 (fr) Gestion de grands utilisateurs suspects
WO2016091294A1 (fr) Estimation de composition de trafic de données d'un réseau de communication par extrapolation
EP4315777A1 (fr) Commande de charge de fonction de plan utilisateur (upf)
FR3043515A1 (fr) Procede de gestion du trafic reseau relatif a un mecanisme de signalisation de presence d'un terminal
US20240137276A1 (en) Controlling User Plane Function (UPF) Load
WO2013174416A1 (fr) Gestion de fichiers de données d'événements relatifs à l'utilisation de réseau

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08787539

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08787539

Country of ref document: EP

Kind code of ref document: A1