WO2011095078A1 - System and method for obtaining information by deep packet inspection function - Google Patents

System and method for obtaining information by deep packet inspection function Download PDF

Info

Publication number
WO2011095078A1
WO2011095078A1 PCT/CN2011/070437 CN2011070437W WO2011095078A1 WO 2011095078 A1 WO2011095078 A1 WO 2011095078A1 CN 2011070437 W CN2011070437 W CN 2011070437W WO 2011095078 A1 WO2011095078 A1 WO 2011095078A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
racf
dpif
user
subscription information
Prior art date
Application number
PCT/CN2011/070437
Other languages
French (fr)
Chinese (zh)
Inventor
尤建洁
杨波
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2011095078A1 publication Critical patent/WO2011095078A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/028Capturing of monitoring data by filtering

Definitions

  • the present invention relates to the field of communications, and in particular, to a system and method for obtaining information by a deep packet inspection function.
  • NGN Next Generation Network
  • IP packet technology as the bearer network technology and integrates fixed communication and mobile communication, so that NGN can provide richer.
  • Multimedia services such as emerging services with real-time requirements (IP TV, video conferencing, multimedia distance learning, and video on demand, etc.), which require communication networks to provide efficient end-to-end quality of service (Quality of Service, referred to as QoS) support; at the same time, users are increasingly demanding network service quality. Therefore, providing end-to-end QoS is one of the core issues of NGN.
  • International Telecommunication Standardization Sector International Telecommunication Standardization Sector (International Telecommunication)
  • the Union-Telecommunications standardization sector (ITU-T) is the telecommunications division of the International Telecommunication Union (ITU), which sets standards for resource admission control.
  • ITU-T International Telecommunication Union
  • RCF Resource and Admission Control Functions
  • the functional framework of the RACF is provided. As shown in Figure 1, the RACF consists of two parts, namely the policy decision function. Policy Decision Functional Entity (PD-FE) and Transport Resource Control Functional Entity (TRC-FE), where TRC-FE interacts with the transport function through Rc and performs functions through Rn and transport resources.
  • PD-FE Policy Decision Functional Entity
  • TRC-FE Transport Resource Control Functional Entity
  • the Transport Resource Enforcement Functional Entity (TRE-FE for short) interaction and the PD-FE interacts with the TRC-FE through Rt, interacts with the Customer Premises Network (CPN) through the Rh, and passes the Rw and the policy.
  • the Policy Enforcement Functional Entity (PE-FE) interaction interacts with the Service Layer Functions (SCF) of the service layer through Rs and the network.
  • the Network Attachment Control Functions (NACF) interacts, and the PD-FE interacts with other next-generation networks through the Ri interface.
  • the PD-FE is independent of the transmission technology and has nothing to do with the SCF.
  • the PD-FE is based on the network policy rules, the service information provided by the SCF, the transport layer subscription information provided by the NACF, and the resource availability decision result provided by the TRC-FE. The final decision on resource acceptance control.
  • TRC-FE is not related to the business, but is related to transmission technology.
  • the TRC-FE is responsible for collecting and maintaining transport network information and resource status information.
  • the TRC-FE Upon receiving the resource request from the PD-FE, the TRC-FE performs resource-based admission control based on QoS, priority requirements, resource availability information, and policy rules related to the transmission.
  • the transport layer consists of a Policy Enforcement Functional Entity (PE-FE) and a Transport Resource Enforcement Functional Entity (TRE-FE).
  • PE-FE performs the PD-FE delivery policy (referred to as CPN) and the access network, between the access network and the core network, or between different carrier networks, and supports dynamic QoS control, port address translation control, and Network Address Translator (NAT) is the key node that traverses.
  • CPN Policy Enforcement Functional Entity
  • TRE-FE Transport Resource Enforcement Functional Entity
  • the PE-FE performs the PD-FE delivery policy (referred to as CPN) and the access network, between the access network and the core
  • the TRE-FE implements the transmission resource policy rule delivered by the TRC-FE. Its scope and function and the Rn interface need further study, and are not in the scope of the R2 phase.
  • the service identification and management system that is, the deep packet inspection function (DPIF) has the functions of user identification, service identification, QoS mark recognition, and content identification, and can realize user terminal identification information, IP address, And information such as service type for traffic management and policy management.
  • DPIF deep packet inspection function
  • DD-FE DPI Decision-Functional Entity
  • DE-FE DPI Enforcement-Modular Entity
  • RACF does not support interaction with DPIF.
  • DPIF only considers local when formulating policy rules. Control.
  • the technical problem to be solved by the present invention is to provide a system and method for acquiring information by using a deep packet inspection function, which can implement DPIF to directly obtain relevant information required for formulating a policy rule from the RACF, thereby further making the policy rules formulated by the DPIF more precise.
  • the present invention provides a method for acquiring information by a deep packet inspection function, the method comprising: a deep packet inspection function (DPIF) acquiring information required for formulating a policy rule from a resource admission control function (RACF);
  • DPIF deep packet inspection function
  • the information required to develop a policy rule includes user subscription information and/or resource availability information.
  • the step of the DPIF acquiring the user subscription information from the RACF includes: sending, by the DPIF, a request message to the RACF, where the user identification information and the service type are carried, to obtain the user subscription information; and the RACF receives the request message and then the user The corresponding subscription information is returned to the DPIF.
  • the step of the DPIF acquiring the resource availability information from the RACF includes: sending, by the DPIF, a request message to the RACF, where the user identification information, the service type, and the flow description are carried, to obtain the resource availability information; and the RACF receives the request message. The resource availability information is then returned to the DPIF.
  • the step of the DPIF acquiring the user subscription information from the RACF includes: when the RACF acquires new user subscription information or the stored user subscription information changes, the RACF pushes the user subscription information to the DPIF.
  • the step of the DPIF acquiring the user subscription information from the RACF further includes: after receiving the request message, the RACF first checks whether the subscription information corresponding to the user is saved locally, and if not, the RACF and the NACF exchange the user subscription information. Then return to DPIF.
  • the present invention also provides a system for obtaining information by using a deep packet inspection function.
  • the system includes a deep packet inspection function (DPIF) and a resource admission control function (RACF); wherein: the DPIF is set to: obtain information required to formulate a policy rule from the RACF; wherein the information required to formulate the policy rule includes the user Contract information and/or resource availability information.
  • the DPIF includes a Service Identification and Management Decision Function Entity (DD-FE); the RACF includes a Policy Decision Function Entity (PD-FE); the DPIF is configured to obtain user subscription information from the RACF as follows: DD-FE to RACF Sending a request message, where the user identification information and the service type are carried, to obtain the user subscription information; and the PD-FE returns the subscription information corresponding to the user to the DPIF through the response message after receiving the request message.
  • DD-FE Service Identification and Management Decision Function Entity
  • PD-FE Policy Decision Function Entity
  • the DPIF is configured to obtain user subscription information from the RACF as follows: DD-FE to RACF Sending a request message
  • the DPIF includes a Service Identification and Management Decision Function Entity (DD-FE); the RACF includes a Policy Decision Function Entity (PD-FE); the DPIF is configured to obtain resource availability information from the RACF as follows: DD-FE to RACF Sending a request message, which carries the user identification information, the service type, and the flow description, to obtain the resource availability information; after receiving the request message, the PD-FE interacts with the transmission resource execution function entity (TRC-FE) to obtain the resource availability information, and The obtained resource availability information is returned to the DPIF through a response message.
  • DD-FE Service Identification and Management Decision Function Entity
  • PD-FE Policy Decision Function Entity
  • TRC-FE transmission resource execution function entity
  • the DPIF is configured to acquire user subscription information from the RACF as follows: When the RACF acquires new user subscription information or the stored user subscription information changes, the RACF pushes the user subscription information to the DPIF.
  • the system further includes a network attach control function (NACF); the PD-FE is further configured to: after receiving the request message from the DD-FE, check whether the subscription information corresponding to the user is saved locally, if not, the PD - FE interacts with NACF to obtain user subscription information.
  • NACF network attach control function
  • the present invention also provides a Deep Packet Inspection Function (DPIF) device, which is configured to: acquire information required for formulating a policy rule from a Resource Admission Control Function (RACF); The information required to formulate the policy rules includes user subscription information and/or resource availability information.
  • the DPIF device includes a service identification and management decision function entity (DD-FE): the DPIF device is configured to acquire user subscription information from the RACF as follows: The DD-FE sends a request message to the RACF, where the user identification information is carried and The service type is used to obtain the user subscription information; and the subscription information corresponding to the user returned by the response decision message to the DPIF device after receiving the request message by the PDCF policy decision function entity (PD-FE).
  • DD-FE service identification and management decision function entity
  • the DPIF device includes an identification and management decision function entity (DD-FE); the DPIF device is configured to obtain resource availability information by RACF as follows: DD-FE sends a request message to the RACF, where the user identification information and the service type are carried. And a flow description, to obtain resource availability information; and resource availability information returned by the policy decision function entity (PD-FE) of the RACF after receiving the request message to the DPIF device by using the response message, where the resource availability information is The PD-FE is obtained by interacting with a transmission resource execution function entity (TRC-FE).
  • TRC-FE transmission resource execution function entity
  • the DPIF device is configured to acquire user subscription information from the RACF as follows: Receive user subscription information that the RACF pushes to the DPIF when the RACF acquires new user subscription information or the stored user subscription information changes.
  • the present invention provides a system and method for acquiring information by using a deep packet inspection function, which can implement DPIF to directly obtain relevant information required for formulating a policy rule, such as user subscription information and/or resource availability information, from the RACF.
  • the policy rules developed by DPIF are more elaborate.
  • FIG. 1 is a schematic diagram of a functional framework of a RACF in the related art
  • FIG. 2 is a schematic diagram of a functional framework of a DPIF in the related art
  • FIG. 3 is an interaction diagram of a RACF and a DPIF according to the present invention
  • FIG. 5 is a schematic diagram of a process of acquiring resource availability information in a system and method for acquiring information by a deep packet inspection function according to an embodiment of the present invention
  • the DPIF needs to use some information saved by the RACF when formulating the policy rules.
  • the RACF needs to use some information saved by the RACF when formulating the policy rules.
  • the present invention proposes a system and method for obtaining information by using the deep packet inspection function.
  • This embodiment provides a system for acquiring information by using a deep packet inspection function, including DPIF and RACF; and may further include NACF; DPIF is set to: obtain information required for formulating a policy rule from the RACF; information required for formulating a policy rule includes user subscription Information and/or resource availability information;
  • DPIF includes DE-FE and DD-FE;
  • RACF includes PD-FE and TRC-FE;
  • the DE-FE is set to: perform depth detection, identify the service, and extract its features.
  • the extracted features include: user information, flow description (quintuple), and service type, and DE-FE is also set to report the extracted feature information.
  • DD-FE DD-FE
  • the DPIF obtains the user subscription information from the RACF.
  • the DD-FE sends a request message to the RACF, which carries the user identification information and the service type to obtain the user subscription information.
  • the PD-FE passes the subscription information corresponding to the user.
  • the response message is returned to DPIF.
  • the user identification information is the username and/or the user's IP address.
  • the PD-FE is further configured to: after receiving the request message from the DD-FE, check whether the subscription information corresponding to the user is saved locally, and if not, the PD-FE and the NACF exchange the user subscription information.
  • the DPIF obtains the resource availability information from the RACF, and the DD-FE sends a request message to the RACF, which carries the identifier information, the service type, and the flow description to obtain the resource availability information.
  • the PD-FE and the TRC-FE After receiving the request message, the PD-FE and the TRC-FE The resource availability information is obtained interactively, and the obtained resource availability information is returned to the DPIF through the response message.
  • the user identification information is the username and/or the user's IP address.
  • the DPIF obtains the user subscription information from the RACF, that is, the RACF obtains new user subscription information or When the stored user subscription information changes, the user subscription information is pushed to the DPIF; after receiving the user subscription information pushed by the RACF, the DD-FE saves the data and sends a response message to the RACF.
  • the DD-FE is further configured to: formulate a policy rule according to the local feature information, and the obtained user subscription information and/or resource availability information, and send it to the DE-FE for execution.
  • the embodiment provides a deep packet inspection function (DPIF) device, where the device is configured to: acquire information required for formulating a policy rule from a resource admission control function (RACF); wherein the information required to formulate the policy rule includes the user Contract information and/or resource availability information.
  • the DPIF device includes a service identification and management decision function entity (DD-FE): the DPIF device is configured to acquire user subscription information from the RACF as follows: The DD-FE sends a request message to the RACF, where the user identifier is carried. The information and the service type are used to obtain the user subscription information; and the subscription information corresponding to the user returned by the RACF's policy decision function entity (PD-FE) after receiving the request message and returning the response message to the DPIF device.
  • DD-FE service identification and management decision function entity
  • the DPIF device includes an identification and management decision function entity (DD-FE); the DPIF device is configured to obtain resource availability information by RACF as follows: DD-FE sends a request message to the RACF, where the user identification information is carried, a service type and a flow description, to obtain resource availability information; and resource availability information returned by the policy decision function entity (PD-FE) of the RACF after receiving the request message to the DPIF device by using the response message, where the resource availability information
  • the PD-FE is obtained by interacting with a transmission resource execution function entity (TRC-FE).
  • TRC-FE transmission resource execution function entity
  • the DPIF device is configured to obtain user subscription information from the RACF as follows: Receive user subscription information that the RACF pushes to the DPIF when the RACF acquires new user subscription information or the stored user subscription information changes.
  • FIG. 4 is a process for acquiring user subscription information in a system and method for acquiring information of a deep packet inspection function according to an embodiment of the present invention. The process includes the following steps: 401.
  • DE-FE execution depth of DPIF Detecting identifying the service and extracting its characteristics, wherein the characteristics include: user information, flow description (quintuple), and service type information, and the DE-FE reports the extracted feature information to the DD-FE of the DPIF;
  • the DD-FE After receiving the feature information reported by the DE-FE, the DD-FE sends a request message to the RACF to obtain the user subscription information, where the request message carries the user identification information and the service type and the like; the user identification information may be the user. Name and / or user's IP address.
  • the PD-FE of the RACF After receiving the request message from the DD-FE, the PD-FE of the RACF checks whether the subscription information corresponding to the user is saved locally. If not, the PD-FE interacts with the NACF to obtain the user subscription information.
  • the PD-FE After receiving the user subscription information from the NACF, the PD-FE sends a response message to the DD-FE, where the response message carries the user subscription information requested by the DD-FE.
  • the DD-FE formulates a policy rule according to the user subscription information and the local feature information, and sends the policy rule to the DE-FE for execution. In this step, the DD-FE considers the obtained user subscription information when formulating the policy rule. Compared with the prior art, only the local feature information is used to formulate the policy rule.
  • the policy rule formulated by the DD-FE in this embodiment is more elaborate.
  • FIG. 5 is a flowchart showing a process for acquiring resource availability information in a system and method for acquiring information by a deep packet inspection function according to an embodiment of the present invention, where the process includes the following steps:
  • the DEIF of the DPIF performs depth detection, identifies the service, and extracts its characteristics.
  • the characteristics include: user information, flow description (quintuple), and service type, and the DE-FE reports the extracted feature information to DD-FE of DPIF;
  • the DD-FE sends a request message to the RACF to check the current network resource availability information, where the request message carries the user identification information, the service type, and the flow description (quintuple) and the like.
  • the user identification information may be a username and/or a user's IP address.
  • the PD-FE of the RACF After receiving the request message from the DD-FE, the PD-FE of the RACF interacts with the TRC-FE to obtain resource availability information.
  • the PD-FE sends a response message to the DD-FE, where the response message includes resource availability information of the DD-FE request.
  • the DD-FE formulates a policy rule according to the resource availability information and the local feature information, and sends the policy rule to the DE-FE for execution. In this step, the DD-FE considers the obtained resource availability information when formulating the policy rule.
  • the local feature information includes user identity information such as the authentication ID, the obtained IP address, and the special access attribute used by the user, and service traffic characteristic information such as service type, service status, and service traffic bandwidth.
  • DD-FE can also comprehensively consider user subscription information, resource availability information, and local feature information.
  • the policy rules thus formulated consider only user subscription information and local feature information, or only resource availability information.
  • the policy rules formulated with local feature information are more detailed.
  • a program to instruct the associated hardware such as a read only memory, a magnetic disk, or an optical disk.
  • all or part of the steps of the above embodiments may also be implemented using one or more integrated circuits.
  • each module unit in the foregoing embodiment may be implemented in the form of hardware, or may be implemented in the form of a software function module. The invention is not limited to any specific form of combination of hardware and software.
  • the above are only the preferred embodiments of the present invention, and are not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.
  • INDUSTRIAL APPLICABILITY The present invention provides a system and method for acquiring information by a deep packet inspection function, which can implement DPIF to directly acquire relevant information required for formulating a policy rule, such as user subscription information and/or resource availability information, from the RACF, thereby enabling the DPIF to formulate The rules of the strategy are more elaborate.

Abstract

The present invention discloses a method for obtaining information by the Deep Packet Inspection Function (DPIF). The method includes: the DPIF obtains the information needed for making policy rules from the Resource and Admission Control Function (RACF), wherein the information needed for making policy rules includes the user subscription information and/or the resource availability information. The present invention also discloses a system for obtaining information by the DPIF and a DPIF device. The present invention enables the DPIF to obtain correlative information needed for making policy rules, such as the user subscription information and/or the resource availability information, from the RACF directly, and thereby makes the policy rules made by the DPIF more precise.

Description

一种深度包检测功能获取信息的系统及方法  System and method for acquiring information by deep packet inspection function
技术领域 本发明涉及通信领域, 并且特别地, 涉及一种深度包检测功能获取信息 的系统及方法。 TECHNICAL FIELD The present invention relates to the field of communications, and in particular, to a system and method for obtaining information by a deep packet inspection function.
背景技术 Background technique
目前, 下一代网络( Network Generation Network , 简称为 NGN )是当前 通信标准领域的一个热点研究课题, 它釆用 IP分组技术作为承载网技术, 并 融合固定通信和移动通信, 从而 NGN可以提供更丰富的多媒体业务, 例如, 具有实时要求的新兴业务(IP电视、 视频会议、 多媒体远程教学、 以及视频 点播等),这些业务要求通信网络能提供高效的端到端的服务质量( Quality of Service, 简称为 QoS ) 的支持; 同时由于用户对网络服务质量的要求也越来 越高。 因此, 提供端到端的 QoS是 NGN的核心问题之一。 国际电信联盟电信标准化部门 ( International Telecommunication At present, the Next Generation Network (NGN) is a hot research topic in the field of communication standards. It uses IP packet technology as the bearer network technology and integrates fixed communication and mobile communication, so that NGN can provide richer. Multimedia services, such as emerging services with real-time requirements (IP TV, video conferencing, multimedia distance learning, and video on demand, etc.), which require communication networks to provide efficient end-to-end quality of service (Quality of Service, referred to as QoS) support; at the same time, users are increasingly demanding network service quality. Therefore, providing end-to-end QoS is one of the core issues of NGN. International Telecommunication Standardization Sector (International Telecommunication)
Union-Telecommunications standardization sector, 简称为 ITU-T )是国际电信 联盟 ( International Telecommunication Union, 简称为 ITU ) 的电信化部门, 制定了有关资源接纳控制的标准。 在 ITU-T公布的最新的资源接纳控制功能 ( Resource and Admission Control Functions, 简称为 RACF )草案中, 提供了 RACF的功能框架, 如图 1所示, RACF由两部分组成, 分别是策略决策功 能实体(Policy Decision Functional Entity, 简称为 PD-FE )和传输资源控制 功能实体 ( Transport Resource Control Functional Entity, TRC-FE ) , 其中, TRC-FE 通过 Rc 与传输功能交互, 通过 Rn 与传输资源执行功能实体 ( Transport Resource Enforcement Functional Entity, 简称为 TRE-FE ) 交互 , 并且, PD-FE通过 Rt与 TRC-FE交互, 通过 Rh与用户驻地网 (Customer Premises Network, 简称为 CPN )交互,通过 Rw与策略执行功能实体( Policy Enforcement Functional Entity, 简称为 PE-FE ) 交互 , 通过 Rs与业务层的业 务控制功能( Service Control Functions, 简称为 SCF )交互, 通过 Ru与网络 附着控制功能( Network Attachment Control Functions, 简称为 NACF )交互, 并且 PD-FE通过 Ri接口与其他下一代网络交互。 此外, PD-FE与传输技术无关, 与 SCF也无关, PD-FE基于网络策略规 则、 SCF提供的业务信息、 NACF提供的传输层签约信息, 以及 TRC-FE提 供的资源可用性决策结果, 做出资源接纳控制的最后决策。 The Union-Telecommunications standardization sector (ITU-T) is the telecommunications division of the International Telecommunication Union (ITU), which sets standards for resource admission control. In the latest draft of the Resource and Admission Control Functions (RACF) published by the ITU-T, the functional framework of the RACF is provided. As shown in Figure 1, the RACF consists of two parts, namely the policy decision function. Policy Decision Functional Entity (PD-FE) and Transport Resource Control Functional Entity (TRC-FE), where TRC-FE interacts with the transport function through Rc and performs functions through Rn and transport resources. The Transport Resource Enforcement Functional Entity (TRE-FE for short) interaction, and the PD-FE interacts with the TRC-FE through Rt, interacts with the Customer Premises Network (CPN) through the Rh, and passes the Rw and the policy. The Policy Enforcement Functional Entity (PE-FE) interaction interacts with the Service Layer Functions (SCF) of the service layer through Rs and the network. The Network Attachment Control Functions (NACF) interacts, and the PD-FE interacts with other next-generation networks through the Ri interface. In addition, the PD-FE is independent of the transmission technology and has nothing to do with the SCF. The PD-FE is based on the network policy rules, the service information provided by the SCF, the transport layer subscription information provided by the NACF, and the resource availability decision result provided by the TRC-FE. The final decision on resource acceptance control.
TRC-FE与业务无关,但与传输技术相关。 TRC-FE负责收集和维护传输 网信息和资源状态信息。 从 PD-FE收到资源请求后, TRC-FE基于 QoS、 优 先级需求、 资源可用性信息以及与传输相关的策略规则, 执行基于资源的接 纳控制。 传输层由策略执行功能实体( Policy Enforcement Functional Entity , 简称 为 PE-FE ) 和传输资源执行功能实体 (Transport Resource Enforcement Functional Entity, 简称为 TRE-FE )组成。 PE-FE执行 PD-FE下发的策略规 简称为 CPN )和接入网络之间、 接入网和核心网之间或者不同运营商网络之 间, 是支持动态 QoS 控制、 端口地址转换控制和网络地址转换(Network Address Translator, 简称为 NAT ) 穿越的关键节点。 TRE-FE执行 TRC-FE 下发的传输资源策略规则, 其范围和功能以及 Rn接口有待进一步研究, 不 在 R2阶段的研究范围。 业务识别与管理系统, 即主要就是指深度包检测功能 (Deep Packet Inspection Function, DPIF )具备用户识别、 业务识别、 QoS标记识别、 以及 内容识别等能力, 能够实现基于用户终端标识信息、 IP地址、 以及业务类型 等信息进行流量管理和策略管理。 如图 2所示, 针对 DPIF, 在传输控制层有 业务识别与管理决策功能实体 ( DPI Decision- Functional Entity , DD-FE ) , 根据 DD-FE收集到的信息执行管理策略和 QoS策略; 在传输层, 有业务识 别与管理执行功能实体( DPI Enforcement- Functional Entity, DE-FE ) , 执行 DD-FE下发的策略规则。 目前, RACF不支持与 DPIF的交互, DPIF制定策略规则时仅考虑本地 控制。 TRC-FE is not related to the business, but is related to transmission technology. The TRC-FE is responsible for collecting and maintaining transport network information and resource status information. Upon receiving the resource request from the PD-FE, the TRC-FE performs resource-based admission control based on QoS, priority requirements, resource availability information, and policy rules related to the transmission. The transport layer consists of a Policy Enforcement Functional Entity (PE-FE) and a Transport Resource Enforcement Functional Entity (TRE-FE). The PE-FE performs the PD-FE delivery policy (referred to as CPN) and the access network, between the access network and the core network, or between different carrier networks, and supports dynamic QoS control, port address translation control, and Network Address Translator (NAT) is the key node that traverses. The TRE-FE implements the transmission resource policy rule delivered by the TRC-FE. Its scope and function and the Rn interface need further study, and are not in the scope of the R2 phase. The service identification and management system, that is, the deep packet inspection function (DPIF) has the functions of user identification, service identification, QoS mark recognition, and content identification, and can realize user terminal identification information, IP address, And information such as service type for traffic management and policy management. As shown in Figure 2, for DPIF, there is a DPI Decision-Functional Entity (DD-FE) at the transmission control layer, and the management policy and QoS policy are executed according to the information collected by the DD-FE; Layers, which have DPI Enforcement-Modular Entity (DE-FE), and enforce the policy rules issued by the DD-FE. Currently, RACF does not support interaction with DPIF. DPIF only considers local when formulating policy rules. Control.
发明内容 本发明要解决的技术问题是提供一种深度包检测功能获取信息的系统及 方法, 可实现 DPIF直接从 RACF获取制定策略规则所需的相关信息, 进而 使 DPIF制定的策略规则更加精细。 为了解决上述问题,本发明提供了一种深度包检测功能获取信息的方法, 该方法包括: 深度包检测功能 (DPIF )从资源接纳控制功能 (RACF )获取制定策略 规则所需的信息; 其中 所述制定策略规则所需的信息包括用户签约信息和 /或资源可用性信息。 所述 DPIF从 RACF获取用户签约信息的步骤包括: 所述 DPIF向 RACF发送请求消息,其中携带用户标识信息及业务类型, 以获取用户签约信息; 以及所述 RACF收到所述请求消息后将用户对应的签 约信息返回至 DPIF。 所述 DPIF从 RACF获取资源可用性信息的步骤包括: 所述 DPIF向 RACF发送请求消息, 其中携带用户标识信息、 业务类型 及流描述, 以获取资源可用性信息; 以及所述 RACF收到所述请求消息后将 资源可用性信息返回至 DPIF。 所述 DPIF从 RACF获取用户签约信息的步骤包括: 当 RACF获取新的用户签约信息或已存储的用户签约信息发生改变时, RACF向 DPIF推送用户签约信息。 所述 DPIF从 RACF获取用户签约信息的步骤还包括: 所述 RACF收到所述请求消息后, 先检查本地是否保存有该用户对应的 签约信息,若没有,则 RACF与 NACF交互获取用户签约信息后返回至 DPIF。 为了解决上述问题, 本发明还提供了一种深度包检测功能获取信息的系 统, 包括深度包检测功能(DPIF )及资源接纳控制功能 (RACF ) ; 其中: 所述 DPIF设置为: 从 RACF获取制定策略规则所需的信息; 其中 所述制定策略规则所需的信息包括用户签约信息和 /或资源可用性信息。 所述 DPIF包括业务识别与管理决策功能实体(DD-FE ); RACF包括策 略决策功能实体(PD-FE ) ; 所述 DPIF是设置为按如下方式从 RACF获取用户签约信息: DD-FE向 RACF发送请求消息, 其中携带用户标识信息及业务类型, 以获取用户签约 信息; 以及所述 PD-FE收到上述请求消息后将用户对应的签约信息通过响应 消息返回至 DPIF。 所述 DPIF包括业务识别与管理决策功能实体( DD-FE ); RACF包括策 略决策功能实体(PD-FE ) ; 所述 DPIF是设置为按如下方式从 RACF获取资源可用性信息: DD-FE 向 RACF发送请求消息, 其中携带用户标识信息、 业务类型及流描述, 以获 取资源可用性信息; PD-FE收到上述请求消息后, 与传输资源执行功能实体 ( TRC-FE )交互获取资源可用性信息, 并将获取的资源可用性信息通过响应 消息返回至 DPIF。 所述 DPIF是设置为按如下方式从 RACF获取用户签约信息: 当 RACF获取新的用户签约信息或已存储的用户签约信息发生改变时, RACF向 DPIF推送用户签约信息。 所述系统还包括网络附着控制功能( NACF ) ; 所述 PD-FE还设置为: 收到来自 DD-FE的请求消息后, 检查本地是否 保存有该用户对应的签约信息,若没有,则 PD-FE与 NACF交互获取用户签 约信息。 为了解决上述问题,本发明还提供了一种深度包检测功能 ( DPIF )设备, 所述设备设置为: 从资源接纳控制功能(RACF )获取制定策略规则所需的信息; 其中 所述制定策略规则所需的信息包括用户签约信息和 /或资源可用性信息。 所述 DPIF设备包括业务识别与管理决策功能实体(DD-FE ) : 所述 DPIF设备是设置为按如下方式从 RACF获取用户签约信息: DD-FE 向 RACF发送请求消息, 其中携带用户标识信息及业务类型, 以获取用户签 约信息; 以及接收 RACF的策略决策功能实体(PD-FE )收到上述请求消息 后通过响应消息向 DPIF设备返回的用户对应的签约信息。 所述 DPIF设备包括识别与管理决策功能实体(DD-FE ) ; 所述 DPIF设备是设置为按如下方式 RACF获取资源可用性信息: DD-FE 向 RACF发送请求消息, 其中携带用户标识信息、 业务类型及流描述, 以获 取资源可用性信息; 以及接收 RACF的策略决策功能实体(PD-FE ) 收到上 述请求消息后通过响应消息向 DPIF设备返回的资源可用性信息, 其中, 所 述资源可用性信息是所述 PD-FE与传输资源执行功能实体(TRC-FE ) 交互 获取的。 所述 DPIF设备是设置为按如下方式从 RACF获取用户签约信息: 接收 当 RACF获取新的用户签约信息或已存储的用户签约信息发生改变时, RACF 向 DPIF推送的用户签约信息。 综上所述, 本发明提供一种深度包检测功能获取信息的系统及方法, 可 实现 DPIF直接从 RACF获取制定策略规则所需的相关信息, 如用户签约信 息和 /或资源可用性信息, 进而使 DPIF制定的策略规则更加精细。 SUMMARY OF THE INVENTION The technical problem to be solved by the present invention is to provide a system and method for acquiring information by using a deep packet inspection function, which can implement DPIF to directly obtain relevant information required for formulating a policy rule from the RACF, thereby further making the policy rules formulated by the DPIF more precise. In order to solve the above problem, the present invention provides a method for acquiring information by a deep packet inspection function, the method comprising: a deep packet inspection function (DPIF) acquiring information required for formulating a policy rule from a resource admission control function (RACF); The information required to develop a policy rule includes user subscription information and/or resource availability information. The step of the DPIF acquiring the user subscription information from the RACF includes: sending, by the DPIF, a request message to the RACF, where the user identification information and the service type are carried, to obtain the user subscription information; and the RACF receives the request message and then the user The corresponding subscription information is returned to the DPIF. The step of the DPIF acquiring the resource availability information from the RACF includes: sending, by the DPIF, a request message to the RACF, where the user identification information, the service type, and the flow description are carried, to obtain the resource availability information; and the RACF receives the request message. The resource availability information is then returned to the DPIF. The step of the DPIF acquiring the user subscription information from the RACF includes: when the RACF acquires new user subscription information or the stored user subscription information changes, the RACF pushes the user subscription information to the DPIF. The step of the DPIF acquiring the user subscription information from the RACF further includes: after receiving the request message, the RACF first checks whether the subscription information corresponding to the user is saved locally, and if not, the RACF and the NACF exchange the user subscription information. Then return to DPIF. In order to solve the above problem, the present invention also provides a system for obtaining information by using a deep packet inspection function. The system includes a deep packet inspection function (DPIF) and a resource admission control function (RACF); wherein: the DPIF is set to: obtain information required to formulate a policy rule from the RACF; wherein the information required to formulate the policy rule includes the user Contract information and/or resource availability information. The DPIF includes a Service Identification and Management Decision Function Entity (DD-FE); the RACF includes a Policy Decision Function Entity (PD-FE); the DPIF is configured to obtain user subscription information from the RACF as follows: DD-FE to RACF Sending a request message, where the user identification information and the service type are carried, to obtain the user subscription information; and the PD-FE returns the subscription information corresponding to the user to the DPIF through the response message after receiving the request message. The DPIF includes a Service Identification and Management Decision Function Entity (DD-FE); the RACF includes a Policy Decision Function Entity (PD-FE); the DPIF is configured to obtain resource availability information from the RACF as follows: DD-FE to RACF Sending a request message, which carries the user identification information, the service type, and the flow description, to obtain the resource availability information; after receiving the request message, the PD-FE interacts with the transmission resource execution function entity (TRC-FE) to obtain the resource availability information, and The obtained resource availability information is returned to the DPIF through a response message. The DPIF is configured to acquire user subscription information from the RACF as follows: When the RACF acquires new user subscription information or the stored user subscription information changes, the RACF pushes the user subscription information to the DPIF. The system further includes a network attach control function (NACF); the PD-FE is further configured to: after receiving the request message from the DD-FE, check whether the subscription information corresponding to the user is saved locally, if not, the PD - FE interacts with NACF to obtain user subscription information. In order to solve the above problems, the present invention also provides a Deep Packet Inspection Function (DPIF) device, which is configured to: acquire information required for formulating a policy rule from a Resource Admission Control Function (RACF); The information required to formulate the policy rules includes user subscription information and/or resource availability information. The DPIF device includes a service identification and management decision function entity (DD-FE): the DPIF device is configured to acquire user subscription information from the RACF as follows: The DD-FE sends a request message to the RACF, where the user identification information is carried and The service type is used to obtain the user subscription information; and the subscription information corresponding to the user returned by the response decision message to the DPIF device after receiving the request message by the PDCF policy decision function entity (PD-FE). The DPIF device includes an identification and management decision function entity (DD-FE); the DPIF device is configured to obtain resource availability information by RACF as follows: DD-FE sends a request message to the RACF, where the user identification information and the service type are carried. And a flow description, to obtain resource availability information; and resource availability information returned by the policy decision function entity (PD-FE) of the RACF after receiving the request message to the DPIF device by using the response message, where the resource availability information is The PD-FE is obtained by interacting with a transmission resource execution function entity (TRC-FE). The DPIF device is configured to acquire user subscription information from the RACF as follows: Receive user subscription information that the RACF pushes to the DPIF when the RACF acquires new user subscription information or the stored user subscription information changes. In summary, the present invention provides a system and method for acquiring information by using a deep packet inspection function, which can implement DPIF to directly obtain relevant information required for formulating a policy rule, such as user subscription information and/or resource availability information, from the RACF. The policy rules developed by DPIF are more elaborate.
附图概述 图 1是相关技术中 RACF的功能框架示意图; 图 2是相关技术中 DPIF的功能框架示意图; 图 3是根据本发明 RACF与 DPIF的交互图; 图 4是本发明实施例深度包检测功能获取信息的系统及方法中用户签约 信息的获取过程的示意图; 图 5是本发明实施例深度包检测功能获取信息的 系统及方法中资源可用性信息的获取过程的示意图。 本发明的较佳实施方式 BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a schematic diagram of a functional framework of a RACF in the related art; FIG. 2 is a schematic diagram of a functional framework of a DPIF in the related art; FIG. 3 is an interaction diagram of a RACF and a DPIF according to the present invention; FIG. 5 is a schematic diagram of a process of acquiring resource availability information in a system and method for acquiring information by a deep packet inspection function according to an embodiment of the present invention; FIG. Preferred embodiment of the invention
DPIF在制定策略规则时需要用到 RACF保存的一些信息, 而现有技术 中 RACF与 DPIF之间没有交互方法, 本发明为了克服该问题提出一种深度 包检测功能获取信息的系统及方法。 下文中将结合附图对本发明的实施例进行详细说明。 需要说明的是, 在 不冲突的情况下, 本申请中的实施例及实施例中的特征可以相互任意组合。 本实施例提供一种深度包检测功能获取信息的系统, 包括 DPIF 及 RACF; 还可以包括 NACF; DPIF设置为: 从 RACF获取制定策略规则所需的信息; 制定策略规则所需的信息包括用户签约信息和 /或资源可用性信息; The DPIF needs to use some information saved by the RACF when formulating the policy rules. However, there is no interaction method between the RACF and the DPIF in the prior art. In order to overcome the problem, the present invention proposes a system and method for obtaining information by using the deep packet inspection function. Embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be noted that, in the case of no conflict, the features in the embodiments and the embodiments in the present application may be arbitrarily combined with each other. This embodiment provides a system for acquiring information by using a deep packet inspection function, including DPIF and RACF; and may further include NACF; DPIF is set to: obtain information required for formulating a policy rule from the RACF; information required for formulating a policy rule includes user subscription Information and/or resource availability information;
DPIF包括 DE-FE及 DD-FE; RACF包括 PD-FE及 TRC-FE; DPIF includes DE-FE and DD-FE; RACF includes PD-FE and TRC-FE;
DE-FE设置为: 执行深度检测, 识别业务并提取其特征, 提取的特征包 括: 用户信息、 流描述(五元组)及业务类型等信息, DE-FE还设置为将提 取的特征信息上报给 DD-FE; The DE-FE is set to: perform depth detection, identify the service, and extract its features. The extracted features include: user information, flow description (quintuple), and service type, and DE-FE is also set to report the extracted feature information. Give DD-FE;
DPIF从 RACF获取用户签约信息是指, DD-FE向 RACF发送请求消息, 其中携带用户标识信息及业务类型, 以获取用户签约信息; PD-FE收到上述 请求消息后将用户对应的签约信息通过响应消息返回至 DPIF。用户标识信息 为用户名和 /或用户的 IP地址。 PD-FE还设置为: 收到来自 DD-FE的请求消息后,检查本地是否保存有 该用户对应的签约信息,若没有,则 PD-FE与 NACF交互获取用户签约信息。 The DPIF obtains the user subscription information from the RACF. The DD-FE sends a request message to the RACF, which carries the user identification information and the service type to obtain the user subscription information. After receiving the request message, the PD-FE passes the subscription information corresponding to the user. The response message is returned to DPIF. The user identification information is the username and/or the user's IP address. The PD-FE is further configured to: after receiving the request message from the DD-FE, check whether the subscription information corresponding to the user is saved locally, and if not, the PD-FE and the NACF exchange the user subscription information.
DPIF从 RACF获取资源可用性信息是指, DD-FE向 RACF发送请求消 息, 其中携带标识信息、业务类型及流描述, 以获取资源可用性信息; PD-FE 收到上述请求消息后, 与 TRC-FE交互获取资源可用性信息, 并将获取的资 源可用性信息通过响应消息返回至 DPIF。 用户标识信息为用户名和 /或用户 的 IP地址。 The DPIF obtains the resource availability information from the RACF, and the DD-FE sends a request message to the RACF, which carries the identifier information, the service type, and the flow description to obtain the resource availability information. After receiving the request message, the PD-FE and the TRC-FE The resource availability information is obtained interactively, and the obtained resource availability information is returned to the DPIF through the response message. The user identification information is the username and/or the user's IP address.
DPIF从 RACF获取用户签约信息是指, RACF获取新的用户签约信息或 已存储的用户签约信息发生改变时, 向 DPIF推送用户签约信息; DD-FE收 到 RACF推送过来的用户签约信息后,保存数据,并向 RACF发送响应消息。 The DPIF obtains the user subscription information from the RACF, that is, the RACF obtains new user subscription information or When the stored user subscription information changes, the user subscription information is pushed to the DPIF; after receiving the user subscription information pushed by the RACF, the DD-FE saves the data and sends a response message to the RACF.
DD-FE还设置为: 根据本地的特征信息, 以及获取的用户签约信息和 / 或资源可用性信息制定策略规则, 下发给 DE-FE执行。 The DD-FE is further configured to: formulate a policy rule according to the local feature information, and the obtained user subscription information and/or resource availability information, and send it to the DE-FE for execution.
本实施例提供一种深度包检测功能(DPIF )设备, 所述设备设置为: 从资源接纳控制功能(RACF )获取制定策略规则所需的信息; 其中 所述制定策略规则所需的信息包括用户签约信息和 /或资源可用性信息。 其中, 所述 DPIF设备包括业务识别与管理决策功能实体(DD-FE ) : 所述 DPIF设备是设置为按如下方式从 RACF获取用户签约信息: DD-FE 向 RACF发送请求消息, 其中携带用户标识信息及业务类型, 以获取用户签 约信息; 以及接收 RACF的策略决策功能实体(PD-FE )收到上述请求消息 后通过响应消息向 DPIF设备返回的用户对应的签约信息。 其中, 所述 DPIF设备包括识别与管理决策功能实体(DD-FE ) ; 所述 DPIF设备是设置为按如下方式 RACF获取资源可用性信息: DD-FE 向 RACF发送请求消息, 其中携带用户标识信息、 业务类型及流描述, 以获 取资源可用性信息; 以及接收 RACF的策略决策功能实体(PD-FE ) 收到上 述请求消息后通过响应消息向 DPIF设备返回的资源可用性信息, 其中, 所 述资源可用性信息是所述 PD-FE与传输资源执行功能实体(TRC-FE ) 交互 获取的。 其中,所述 DPIF设备是设置为按如下方式从 RACF获取用户签约信息: 接收当 RACF获取新的用户签约信息或已存储的用户签约信息发生改变时, RACF向 DPIF推送的用户签约信息。 The embodiment provides a deep packet inspection function (DPIF) device, where the device is configured to: acquire information required for formulating a policy rule from a resource admission control function (RACF); wherein the information required to formulate the policy rule includes the user Contract information and/or resource availability information. The DPIF device includes a service identification and management decision function entity (DD-FE): the DPIF device is configured to acquire user subscription information from the RACF as follows: The DD-FE sends a request message to the RACF, where the user identifier is carried. The information and the service type are used to obtain the user subscription information; and the subscription information corresponding to the user returned by the RACF's policy decision function entity (PD-FE) after receiving the request message and returning the response message to the DPIF device. The DPIF device includes an identification and management decision function entity (DD-FE); the DPIF device is configured to obtain resource availability information by RACF as follows: DD-FE sends a request message to the RACF, where the user identification information is carried, a service type and a flow description, to obtain resource availability information; and resource availability information returned by the policy decision function entity (PD-FE) of the RACF after receiving the request message to the DPIF device by using the response message, where the resource availability information The PD-FE is obtained by interacting with a transmission resource execution function entity (TRC-FE). The DPIF device is configured to obtain user subscription information from the RACF as follows: Receive user subscription information that the RACF pushes to the DPIF when the RACF acquires new user subscription information or the stored user subscription information changes.
本实施例提供一种深度包检测功能获取信息的方法, DPIF从 RACF获 取制定策略规则所需的信息;制定策略规则所需的信息包括用户签约信息和 / 或资源可用性信息。 以下结合附图详细说明本发明方法; 图 4是本发明实施例深度包检测功能获取信息的系统及方法中用户签约 信息的获取过程, 该流程包括以下步骤: 401 , DPIF的 DE-FE执行深度检测, 识别业务并提取其特征, 其中, 特 征包括: 用户信息、 流描述(五元组) 、 以及业务类型等信息, DE-FE将提 取的特征信息上报给 DPIF的 DD-FE; The embodiment provides a method for acquiring information by using a deep packet inspection function, and the DPIF obtains information required for formulating a policy rule from the RACF; the information required for formulating the policy rule includes user subscription information and/or Or resource availability information. The method of the present invention is described in detail below with reference to the accompanying drawings. FIG. 4 is a process for acquiring user subscription information in a system and method for acquiring information of a deep packet inspection function according to an embodiment of the present invention. The process includes the following steps: 401. DE-FE execution depth of DPIF Detecting, identifying the service and extracting its characteristics, wherein the characteristics include: user information, flow description (quintuple), and service type information, and the DE-FE reports the extracted feature information to the DD-FE of the DPIF;
402 , DD-FE收到来自 DE-FE上报的特征信息后,发送请求消息给 RACF , 以获取用户签约信息 ,在该请求消息中携带用户标识信息及业务类型等信息; 用户标识信息可以是用户名和 /或用户的 IP地址。 After receiving the feature information reported by the DE-FE, the DD-FE sends a request message to the RACF to obtain the user subscription information, where the request message carries the user identification information and the service type and the like; the user identification information may be the user. Name and / or user's IP address.
403 , RACF的 PD-FE收到来自 DD-FE的请求消息后, 检查本地是否保 存有该用户对应的签约信息, 若没有, 则 PD-FE与 NACF交互, 获取用户签 约信息; 403. After receiving the request message from the DD-FE, the PD-FE of the RACF checks whether the subscription information corresponding to the user is saved locally. If not, the PD-FE interacts with the NACF to obtain the user subscription information.
404, PD-FE收到来自 NACF的用户签约信息后, 向 DD-FE发送响应消 息, 在该响应消息中携带 DD-FE请求的用户签约信息。  404. After receiving the user subscription information from the NACF, the PD-FE sends a response message to the DD-FE, where the response message carries the user subscription information requested by the DD-FE.
405, DD-FE根据用户签约信息及本地的特征信息制定策略规则, 下发 给 DE-FE执行。 该步骤中, DD-FE制定策略规则时会考虑获取的用户签约 信息, 相比现有技术中仅考虑本地的特征信息制定策略规则, 本实施例 DD-FE制定的策略规则更加精细。 405. The DD-FE formulates a policy rule according to the user subscription information and the local feature information, and sends the policy rule to the DE-FE for execution. In this step, the DD-FE considers the obtained user subscription information when formulating the policy rule. Compared with the prior art, only the local feature information is used to formulate the policy rule. The policy rule formulated by the DD-FE in this embodiment is more elaborate.
如图 5所示是本发明实施例深度包检测功能获取信息的系统及方法中资 源可用性信息的获取过程, 该流程包括以下步骤: FIG. 5 is a flowchart showing a process for acquiring resource availability information in a system and method for acquiring information by a deep packet inspection function according to an embodiment of the present invention, where the process includes the following steps:
501 , DPIF的 DE-FE执行深度检测, 识别业务并提取其特征, 其中, 特 征包括: 用户信息、 流描述(五元组) 、 以及业务类型等信息, DE-FE将提 取的特征信息上报给 DPIF的 DD-FE; 501. The DEIF of the DPIF performs depth detection, identifies the service, and extracts its characteristics. The characteristics include: user information, flow description (quintuple), and service type, and the DE-FE reports the extracted feature information to DD-FE of DPIF;
502 , DD-FE发送请求消息给 RACF , 以检查当前网络资源可用性信息, 该请求消息中可携带用户标识信息、 业务类型、 以及流描述(五元组)等信 息; 用户标识信息可以是用户名和 /或用户的 IP地址。 502. The DD-FE sends a request message to the RACF to check the current network resource availability information, where the request message carries the user identification information, the service type, and the flow description (quintuple) and the like. The user identification information may be a username and/or a user's IP address.
503 , RACF的 PD-FE收到来自 DD-FE的请求消息后,与 TRC-FE交互, 获取资源可用性信息; 503. After receiving the request message from the DD-FE, the PD-FE of the RACF interacts with the TRC-FE to obtain resource availability information.
504 , PD-FE向 DD-FE发送响应消息, 响应消息中包含 DD-FE请求的资 源可用性信息。 504. The PD-FE sends a response message to the DD-FE, where the response message includes resource availability information of the DD-FE request.
505, DD-FE根据资源可用性信息及本地的特征信息制定策略规则, 下 发给 DE-FE执行。 该步骤中, DD-FE制定策略规则时会考虑获取的资源可 用性信息, 相比现有技术中仅考虑本地的特征信息制定策略规则, 本实施例 DD-FE制定的策略规则更加精细。 本地的特征信息包括用户使用的认证 ID、 获得的 IP地址和特殊的接入 属性等用户特征信息, 以及业务类型、 业务状态和业务流量带宽等业务流量 特征信息。 505. The DD-FE formulates a policy rule according to the resource availability information and the local feature information, and sends the policy rule to the DE-FE for execution. In this step, the DD-FE considers the obtained resource availability information when formulating the policy rule. Compared with the prior art, only the local feature information is used to formulate the policy rule, and the policy rule formulated by the DD-FE in this embodiment is more elaborate. The local feature information includes user identity information such as the authentication ID, the obtained IP address, and the special access attribute used by the user, and service traffic characteristic information such as service type, service status, and service traffic bandwidth.
DD-FE在制定策略规则时, 还可以综合考虑用户签约信息、 资源可用性 信息及本地的特征信息, 这样制定的策略规则相比仅考虑用户签约信息及本 地的特征信息, 或仅考虑资源可用性信息及本地的特征信息而制定的策略规 则更加 4青细。 本领域普通技术人员可以理解上述方法中的全部或部分步骤可通过程序 来指令相关硬件完成, 所述程序可以存储于计算机可读存储介质中, 如只读 存储器、 磁盘或光盘等。 可选地, 上述实施例的全部或部分步骤也可以使用 一个或多个集成电路来实现。 相应地, 上述实施例中的各模块单元可以釆用 硬件的形式实现, 也可以釆用软件功能模块的形式实现。 本发明不限制于任 何特定形式的硬件和软件的结合。 以上仅为本发明的优选实施例而已, 并不用于限制本发明, 对于本领域 的技术人员来说, 本发明可以有各种更改和变化。 凡在本发明的精神和原则 之内, 所作的任何修改、 等同替换、 改进等, 均应包含在本发明的保护范围 之内。 工业实用性 本发明提供一种深度包检测功能获取信息的系统及方法, 可实现 DPIF 直接从 RACF获取制定策略规则所需的相关信息,如用户签约信息和 /或资源 可用性信息, 进而使 DPIF制定的策略规则更加精细。 When formulating policy rules, DD-FE can also comprehensively consider user subscription information, resource availability information, and local feature information. The policy rules thus formulated consider only user subscription information and local feature information, or only resource availability information. The policy rules formulated with local feature information are more detailed. One of ordinary skill in the art will appreciate that all or a portion of the above steps may be performed by a program to instruct the associated hardware, such as a read only memory, a magnetic disk, or an optical disk. Alternatively, all or part of the steps of the above embodiments may also be implemented using one or more integrated circuits. Correspondingly, each module unit in the foregoing embodiment may be implemented in the form of hardware, or may be implemented in the form of a software function module. The invention is not limited to any specific form of combination of hardware and software. The above are only the preferred embodiments of the present invention, and are not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention. INDUSTRIAL APPLICABILITY The present invention provides a system and method for acquiring information by a deep packet inspection function, which can implement DPIF to directly acquire relevant information required for formulating a policy rule, such as user subscription information and/or resource availability information, from the RACF, thereby enabling the DPIF to formulate The rules of the strategy are more elaborate.

Claims

权 利 要 求 书 Claim
1、 一种深度包检测功能获取信息的方法, 该方法包括: 深度包检测功能 (DPIF )从资源接纳控制功能 (RACF )获取制定策略 规则所需的信息; 其中 所述制定策略规则所需的信息包括用户签约信息和 /或资源可用性信息。 A method for obtaining information by a deep packet inspection function, the method comprising: a deep packet inspection function (DPIF) obtaining information required to formulate a policy rule from a resource admission control function (RACF); wherein the policy rule is required The information includes user subscription information and/or resource availability information.
2、 如权利要求 1所述的方法, 其中: 所述 DPIF从 RACF获取用户签约信息的步骤包括: 所述 DPIF向 RACF发送请求消息,其中携带用户标识信息及业务类型, 以获取用户签约信息; 以及所述 RACF收到所述请求消息后将用户对应的签 约信息返回至 DPIF。 The method of claim 1, wherein: the step of the DPIF acquiring the user subscription information from the RACF comprises: sending, by the DPIF, a request message to the RACF, where the user identification information and the service type are carried, to obtain the user subscription information; And the RACF returns the subscription information corresponding to the user to the DPIF after receiving the request message.
3、 如权利要求 1所述的方法, 其中: 所述 DPIF从 RACF获取资源可用性信息的步骤包括: 所述 DPIF向 RACF发送请求消息, 其中携带用户标识信息、 业务类型 及流描述, 以获取资源可用性信息; 以及所述 RACF收到所述请求消息后将 资源可用性信息返回至 DPIF。 3. The method of claim 1, wherein: the step of the DPIF acquiring the resource availability information from the RACF comprises: sending, by the DPIF, a request message to the RACF, where the user identification information, the service type, and the flow description are carried to obtain the resource. Availability information; and the RACF returns resource availability information to the DPIF upon receipt of the request message.
4、 如权利要求 1所述的方法, 其中: 所述 DPIF从 RACF获取用户签约信息的步骤包括: 当 RACF获取新的用户签约信息或已存储的用户签约信息发生改变时, RACF向 DPIF推送用户签约信息。 4. The method according to claim 1, wherein: the step of the DPIF acquiring user subscription information from the RACF comprises: when the RACF acquires new user subscription information or the stored user subscription information changes, the RACF pushes the user to the DPIF. Signing information.
5、 如权利要求 2所述的方法, 其中, 所述 DPIF从 RACF获取用户签约 信息的步骤还包括: 所述 RACF收到所述请求消息后, 先检查本地是否保存有该用户对应的 签约信息,若没有,则 RACF与 NACF交互获取用户签约信息后返回至 DPIF。 The method of claim 2, wherein the step of the DPIF acquiring the user subscription information from the RACF further comprises: after receiving the request message, the RACF first checks whether the subscription information corresponding to the user is saved locally. If not, the RACF and the NACF exchange the user subscription information and return to the DPIF.
6、 一种深度包检测功能获取信息的系统, 包括深度包检测功能(DPIF ) 及资源接纳控制功能 ( RACF ) ; 其中: 所述 DPIF设置为: 从 RACF获取制定策略规则所需的信息; 其中 所述制定策略规则所需的信息包括用户签约信息和 /或资源可用性信息。 6. A system for obtaining information by a deep packet inspection function, comprising a deep packet inspection function (DPIF) and a resource admission control function (RACF); wherein: the DPIF is set to: obtain information required to formulate a policy rule from the RACF; The information required to formulate the policy rules includes user subscription information and/or resource availability information.
7、 如权利要求 6所述的系统, 其中: 所述 DPIF包括业务识别与管理决策功能实体(DD-FE ); RACF包括策 略决策功能实体(PD-FE ) ; 所述 DPIF是设置为按如下方式从 RACF获取用户签约信息: DD-FE向 RACF发送请求消息, 其中携带用户标识信息及业务类型, 以获取用户签约 信息; 以及所述 PD-FE收到上述请求消息后将用户对应的签约信息通过响应 消息返回至 DPIF。 7. The system of claim 6, wherein: the DPIF comprises a Service Identification and Management Decision Function Entity (DD-FE); the RACF comprises a Policy Decision Function Entity (PD-FE); the DPIF is set to The method of obtaining the user subscription information from the RACF: the DD-FE sends a request message to the RACF, where the user identification information and the service type are carried, to obtain the user subscription information, and the subscription information corresponding to the user after the PD-FE receives the request message Return to DPIF via a response message.
8、 如权利要求 6所述的系统, 其中: 所述 DPIF包括业务识别与管理决策功能实体(DD-FE ); RACF包括策 略决策功能实体(PD-FE ) ; 所述 DPIF是设置为按如下方式从 RACF获取资源可用性信息: DD-FE 向 RACF发送请求消息, 其中携带用户标识信息、 业务类型及流描述, 以获 取资源可用性信息; PD-FE收到上述请求消息后, 与传输资源执行功能实体 ( TRC-FE )交互获取资源可用性信息, 并将获取的资源可用性信息通过响应 消息返回至 DPIF。 8. The system of claim 6, wherein: the DPIF comprises a Service Identification and Management Decision Function Entity (DD-FE); the RACF comprises a Policy Decision Function Entity (PD-FE); the DPIF is set to The method obtains the resource availability information from the RACF: The DD-FE sends a request message to the RACF, where the user identification information, the service type, and the flow description are carried to obtain the resource availability information. After receiving the request message, the PD-FE performs the function with the transmission resource. The entity (TRC-FE) interactively obtains resource availability information and returns the obtained resource availability information to the DPIF through a response message.
9、 如权利要求 6所述的系统, 其中: 所述 DPIF是设置为按如下方式从 RACF获取用户签约信息: 当 RACF获取新的用户签约信息或已存储的用户签约信息发生改变时, RACF向 DPIF推送用户签约信息。 9. The system of claim 6, wherein: the DPIF is configured to obtain user subscription information from the RACF as follows: When the RACF acquires new user subscription information or the stored user subscription information changes, the RACF DPIF pushes user subscription information.
10、 如权利要求 7所述的系统, 其中: 所述系统还包括网络附着控制功能( NACF ) ; 所述 PD-FE还设置为: 收到来自 DD-FE的请求消息后, 检查本地是否 保存有该用户对应的签约信息,若没有,则 PD-FE与 NACF交互获取用户签 约信息。 10. The system of claim 7 wherein: The system further includes a network attach control function (NACF); the PD-FE is further configured to: after receiving the request message from the DD-FE, check whether the subscription information corresponding to the user is saved locally, if not, the PD - FE interacts with NACF to obtain user subscription information.
11、 一种深度包检测功能(DPIF )设备, 所述设备设置为: 从资源接纳控制功能(RACF )获取制定策略规则所需的信息; 其中 所述制定策略规则所需的信息包括用户签约信息和 /或资源可用性信息。 11. A Deep Packet Inspection Function (DPIF) device, the device being configured to: obtain information required to formulate a policy rule from a resource admission control function (RACF); wherein the information required to formulate a policy rule includes user subscription information And/or resource availability information.
12、 如权利要求 11所述的设备, 其中: 所述 DPIF设备包括业务识别与管理决策功能实体(DD-FE ) : 所述 DPIF设备是设置为按如下方式从 RACF获取用户签约信息: DD-FE 向 RACF发送请求消息, 其中携带用户标识信息及业务类型, 以获取用户签 约信息; 以及接收 RACF的策略决策功能实体(PD-FE )收到上述请求消息 后通过响应消息向 DPIF设备返回的用户对应的签约信息。 12. The device of claim 11, wherein: the DPIF device comprises a Service Identification and Management Decision Function Entity (DD-FE): the DPIF device is configured to obtain user subscription information from the RACF as follows: DD- The FE sends a request message to the RACF, where the user identification information and the service type are carried to obtain the user subscription information; and the user that receives the request message after receiving the request message by the RACF policy decision function entity (PD-FE) returns to the DPIF device through the response message. Corresponding signing information.
13、 如权利要求 11所述的设备, 其中: 所述 DPIF设备包括识别与管理决策功能实体( DD-FE ) ; 所述 DPIF设备是设置为按如下方式 RACF获取资源可用性信息: DD-FE 向 RACF发送请求消息, 其中携带用户标识信息、 业务类型及流描述, 以获 取资源可用性信息; 以及接收 RACF的策略决策功能实体(PD-FE ) 收到上 述请求消息后通过响应消息向 DPIF设备返回的资源可用性信息, 其中, 所 述资源可用性信息是所述 PD-FE与传输资源执行功能实体(TRC-FE ) 交互 获取的。 13. The apparatus of claim 11, wherein: the DPIF device comprises an identification and management decision function entity (DD-FE); the DPIF device is configured to obtain resource availability information by RACF as follows: DD-FE direction The RACF sends a request message, where the user identification information, the service type, and the flow description are carried to obtain the resource availability information; and the policy decision function entity (PD-FE) that receives the RACF receives the request message and returns the response message to the DPIF device. The resource availability information, wherein the resource availability information is obtained by the PD-FE interacting with a transmission resource execution function entity (TRC-FE).
14、 如权利要求 11所述的设备, 其中: 所述 DPIF设备是设置为按如下方式从 RACF获取用户签约信息: 接收 当 RACF获取新的用户签约信息或已存储的用户签约信息发生改变时, RACF 向 DPIF推送的用户签约信息。 14. The apparatus according to claim 11, wherein: the DPIF device is configured to acquire user subscription information from the RACF as follows: receiving when the RACF acquires new user subscription information or the stored user subscription information changes, User subscription information pushed by RACF to DPIF.
PCT/CN2011/070437 2010-02-04 2011-01-20 System and method for obtaining information by deep packet inspection function WO2011095078A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010112750.XA CN102148809B (en) 2010-02-04 2010-02-04 System and method for service identification and management system to obtain information
CN201010112750.X 2010-02-04

Publications (1)

Publication Number Publication Date
WO2011095078A1 true WO2011095078A1 (en) 2011-08-11

Family

ID=44354955

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/070437 WO2011095078A1 (en) 2010-02-04 2011-01-20 System and method for obtaining information by deep packet inspection function

Country Status (2)

Country Link
CN (1) CN102148809B (en)
WO (1) WO2011095078A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160065575A1 (en) * 2013-04-28 2016-03-03 Zte Corporation Communication Managing Method and Communication System

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101166153A (en) * 2006-10-18 2008-04-23 华为技术有限公司 A method and system for controlling network service
CN101350781A (en) * 2008-07-31 2009-01-21 成都市华为赛门铁克科技有限公司 Method, equipment and system for monitoring flux

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101166153A (en) * 2006-10-18 2008-04-23 华为技术有限公司 A method and system for controlling network service
CN101350781A (en) * 2008-07-31 2009-01-21 成都市华为赛门铁克科技有限公司 Method, equipment and system for monitoring flux

Also Published As

Publication number Publication date
CN102148809B (en) 2014-12-10
CN102148809A (en) 2011-08-10

Similar Documents

Publication Publication Date Title
EP2285050B1 (en) Method and system for resource admission control
US8863229B2 (en) Method and system for resource and admission control of home network
WO2009114976A1 (en) Method and system for resource and admission control
WO2011022893A1 (en) Interaction method and apparatus between resource and admission control systems
WO2007085195A1 (en) System and method for handling resource request
EP2214359B1 (en) A policy control method and system for layer two devices
US20110261690A1 (en) Method and system for resource and admission control in an NGN home network
EP2472814B1 (en) Method for interaction between resource and admission control systems and resource and admission control system
WO2009103192A1 (en) A resource allocation method and a resource release method
CN101360113B (en) QoS request information implementing method and policy execution functional entity
US8381261B2 (en) Method for selecting policy decision functional entity in a resource and admission control system
WO2011095078A1 (en) System and method for obtaining information by deep packet inspection function
WO2012149833A1 (en) Resource and admission control method and system
US8874758B2 (en) Interworking functional entity and protocol mapping method thereof
CN101730156B (en) Resource admission control method
WO2011032374A1 (en) Method and system for pull mode resource and admission control under wholesale scene
WO2011044811A1 (en) System and mehtod for access control
WO2011120292A1 (en) Method and system for querying resource in roaming scenario
WO2011127760A1 (en) Method and system for resource policy decision in roaming scene
CN101330462B (en) Method for implementing network safety gradation in the next generation network
CN101959253B (en) Cross-domain resource receiving control method and system
WO2009105942A1 (en) Resource and admission control subsystem and method for sending resource policy decision request message
WO2011069390A1 (en) Method and system for signing consumption, consumption -based admission control method and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11739357

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11739357

Country of ref document: EP

Kind code of ref document: A1