WO2011137804A1 - Method and apparatus for obtaining policy - Google Patents

Method and apparatus for obtaining policy Download PDF

Info

Publication number
WO2011137804A1
WO2011137804A1 PCT/CN2011/074417 CN2011074417W WO2011137804A1 WO 2011137804 A1 WO2011137804 A1 WO 2011137804A1 CN 2011074417 W CN2011074417 W CN 2011074417W WO 2011137804 A1 WO2011137804 A1 WO 2011137804A1
Authority
WO
WIPO (PCT)
Prior art keywords
service server
service
address
protocol layer
application protocol
Prior art date
Application number
PCT/CN2011/074417
Other languages
French (fr)
Chinese (zh)
Inventor
郭建成
尤正刚
朱铎辉
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2011137804A1 publication Critical patent/WO2011137804A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0894Policy-based network configuration management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/66Policy and charging system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2215/00Metering arrangements; Time controlling arrangements; Time indicating arrangements
    • H04M2215/20Technology dependant metering
    • H04M2215/204UMTS; GPRS

Abstract

Embodiments of the invention provide a method and an apparatus for obtaining a policy, wherein the method includes: performing network layer identification for an obtained service message to identify the Internet Protocol (IP) address of a service server included in the service message (101); according to the mapping relationship between the obtained IP address of the service server and the service control and charging policy of the application protocol layer, obtaining the service control and charging policy of the application protocol layer corresponding to the IP address of the service server (102). The embodiments of the invention improve the forwarding performance of a network device and the efficiency for obtaining the service control and charging policy of the application protocol layer, and ensure normal communications of the network device.

Description

策略的获取方法及装置 技术领域 本发明实施例涉及通信技术,尤其涉及一种策略的获取方法及装置。 背景技术  The present invention relates to communication technologies, and in particular, to a method and an apparatus for acquiring a policy. Background technique
在 IP 网络中 ,有些网络设备对获取的业务报文的处理需要根据一定的业 务控制和计费策略来进行。 如果网络设备需要根据应用协议层(第七层)的业 务控制和计费策略对获取的业务报文进行处理,则需要对获取的业务报文利用 深度报文探测( Deep Packet Inspection ,简称 DPI )技术进行应用协议层识别即 DPI解析,才能获取相应的应用协议层的业务控制和计费策略。 由于网络设备需要对获取的大量业务报文进行 DPI解析,导致了中央处理 单元( Center Processor Unit ,简称 CPU )信令处理负担的增加,降低了网络设 备的转发性能,从而影响了网络设备的正常通信;由于 DPI解析支持的协议有 限,若要新增 DPI解析支持的协议,需要进行版本升级来实现,导致了业务报 文识别灵活性的降低,降低了应用协议层的业务控制和计费策略的获取效率, 而影响了网络设备的正常通信。 发明内容 本发明实施例提供一种策略的获取方法及装置,用以提高网络设备的转发 性能和应用协议层的业务控制和计费策略的获取效率,保证网络设备的正常通 o 本发明实施例提供了一种策略的获取方法,包括: In an IP network, the processing of the obtained service packets by some network devices needs to be performed according to certain service control and charging policies. If the network device needs to process the obtained service packet according to the service control layer and the accounting policy of the application layer (the seventh layer), the deep packet inspection (DPI) is required for the obtained service packet. The technology performs application protocol layer identification, that is, DPI resolution, in order to obtain the corresponding service control and charging policies of the application protocol layer. The network device needs to perform DPI analysis on a large number of obtained service packets, which results in an increase in the signaling processing load of the central processing unit (CPU), which reduces the forwarding performance of the network device, thereby affecting the normality of the network device. Communication; Because the protocol supported by DPI resolution is limited, if the protocol supported by DPI resolution is added, the version upgrade is required to implement the protocol, which reduces the flexibility of service packet identification and reduces the service control and charging policy of the application protocol layer. The acquisition efficiency affects the normal communication of network devices. Summary of the invention The embodiment of the invention provides a method and a device for acquiring a policy, which are used to improve the forwarding performance of the network device and the service control and the charging policy of the application protocol layer, and ensure the normal communication of the network device. A method of obtaining a strategy, including:
对获取的业务报文进行网络层识别,识别出所述业务报文中包含的业务服 务器的 IP地址;  Performing network layer identification on the obtained service packet, and identifying the IP address of the service server included in the service packet;
根据获知的业务服务器的 IP 地址与应用协议层的业务控制和计费策略的 映射关系,获取与所述业务服务器的 IP地址对应的应用协议层的业务控制和 计费策略。  The service control and charging policy of the application protocol layer corresponding to the IP address of the service server is obtained according to the mapping between the IP address of the service server and the service control and the charging policy of the application protocol layer.
本发明实施例还提供了一种策略的获取装置,包括: 报文识别模块,用于对获取的业务报文进行网络层识别,识别出所述业务 报文中包含的业务服务器的 IP地址;  The embodiment of the present invention further provides a method for acquiring a policy, including: a packet identification module, configured to perform network layer identification on the obtained service packet, and identify an IP address of the service server included in the service packet;
策略获取模块,用于根据获知的业务服务器的 IP地址与应用协议层的业 务控制和计费策略的映射关系,获取与所述业务服务器的 IP 地址对应的应用 协议层的业务控制和计费策略。 由上述技术方案可知,本发明实施例通过获知业务服务器的 IP地址与应 用协议层的业务控制和计费策略的映射关系,能够根据获知的上述业务服务器 的 IP地址与应用协议层的业务控制和计费策略的映射关系,获取与识别出的 业务报文中包含的业务服务器的 IP 地址对应的业务控制和计费策略,从而使 得网络设备可以利用上述应用协议层的业务控制和计费策略,对获取的业务报 文进行处理。本发明实施例由于只需要对获取的业务报文利用普通的报文检测 技术进行网络层(第三层)识别 ,识别出业务报文中包含的业务服务器的 IP 地址,就获知了与业务报文中包含的业务服务器的 IP 地址对应的应用协议层 的业务控制和计费策略,无需对获取的业务报文进行 DPI解析,从而提高了网 络设备的转发性能和应用协议层的业务控制和计费策略的获取效率,保证了网 络设备的正常通信。 附图说明 The policy obtaining module is configured to obtain, according to the mapping relationship between the IP address of the service server and the service control and the charging policy of the application protocol layer, the service control and charging policy of the application protocol layer corresponding to the IP address of the service server. . According to the foregoing technical solution, the embodiment of the present invention can learn the IP address of the service server and the service control layer of the application protocol layer according to the learned mapping relationship between the IP address of the service server and the service control layer and the application protocol layer. Mapping relationship of the charging policy, obtained and identified The service control and charging policy corresponding to the IP address of the service server included in the service packet, so that the network device can process the obtained service packet by using the service control and charging policy of the application protocol layer. In the embodiment of the present invention, since the network packet (the third layer) is identified by using the ordinary packet detection technology, and the IP address of the service server included in the service packet is identified, the service report is obtained. The service control and accounting policies of the application protocol layer corresponding to the IP address of the service server included in the text do not need to perform DPI resolution on the obtained service packets, thereby improving the forwarding performance of the network device and the service control and calculation of the application protocol layer. The acquisition efficiency of the fee policy ensures the normal communication of the network device. DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施 例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描 述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出 创造性劳动的前提下,还可以根据这些附图获得其他的附图。 图 1为本发明实施例一提供的策略的获取方法的流程示意图;  In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, a brief description of the drawings used in the embodiments or the prior art description will be briefly described below. Obviously, the drawings in the following description It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any creative work. 1 is a schematic flowchart of a method for acquiring a policy according to Embodiment 1 of the present invention;
图 2A为本发明实施例二适用的网络设备示意图 ; 图 2B为本发明实施例二提供的策略的获取方法的流程示意图 ; 图 3为本发明实施例三提供的策略的获取装置的结构示意图。  2A is a schematic diagram of a network device according to Embodiment 2 of the present invention; FIG. 2B is a schematic flowchart of a method for acquiring a policy according to Embodiment 2 of the present invention; FIG. 3 is a schematic structural diagram of a device for acquiring a policy according to Embodiment 3 of the present invention.
具体实施方式 为使本发明实施例的目的、 技术方案和优点更加清楚,下面将结合本发明 实施例中的附图 ,对本发明实施例中的技术方案进行清楚、完整地描述,显然, 所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中 的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其 他实施例,都属于本发明保护的范围。 图 1为本发明实施例一提供的策略的获取方法的流程示意图 ,如图 1所示, 本实施例的策略的获取方法可以包括以下步骤: detailed description The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is a partial embodiment of the invention, and not all of the embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention. FIG. 1 is a schematic flowchart of a method for acquiring a policy according to Embodiment 1 of the present invention. As shown in FIG. 1 , a method for acquiring a policy in this embodiment may include the following steps:
步骤 101、 对获取的业务报文进行网络层识别,识别出上述业务报文中包 含的业务服务器的 IP地址; 本实施例可以适用于移动通信网络中任何需要根据应用协议层的业务控 制和计费策略,对获取的报文进行处理的网络设备。 具体地,上述网络设备可 以对获取的业务报文进行网络层识别 ,识别出上述业务报文中包含的业务服务 器的 IP地址。 步骤 102、根据获知的业务服务器的 IP地址与应用协议层的业务控制和计 费策略的映射关系,获取与上述业务服务器的 IP地址对应的应用协议层的业 务控制和计费策略。  Step 101: Perform network layer identification on the obtained service packet, and identify the IP address of the service server included in the service packet. This embodiment may be applicable to any service control and calculation in the mobile communication network according to the application protocol layer. A fee-based policy, a network device that processes acquired packets. Specifically, the network device may perform network layer identification on the obtained service packet, and identify an IP address of the service server included in the service packet. In step 102, the service control and charging policy of the application protocol layer corresponding to the IP address of the service server is obtained according to the mapping between the IP address of the service server and the service control and the charging policy of the application protocol layer.
具体地,上述网络设备可以根据预先获知的业务服务器的 IP 地址与应用 协议层的业务控制和计费策略的映射关系,获取与上述业务服务器的 IP地址 对应的应用协议层的业务控制和计费策略。 在其他实施方式中 ,上述步骤 101 之前上述网络设备还可以执行获知业务服务器的 IP地址与应用协议层的业务 控制和计费策略的映射关系的步骤。 具体地,上述网络设备可以先获知业务服 务器的域名与业务服务器的 IP地址的映射关系,再进一步根据预先设置的业 务服务器的域名与应用协议层的业务控制和计费策略的映射关系和上述业务 服务器的域名与业务服务器的 IP地址的映射关系,获知业务服务器的 IP地址 与应用协议层的业务控制和计费策略的映射关系。 本实施例中 ,通过获知业务服务器的 IP地址与应用协议层的业务控制和 计费策略的映射关系,能够根据获知的上述业务服务器的 IP 地址与应用协议 层的业务控制和计费策略的映射关系,获取与识别出的业务报文中包含的业务 服务器的 IP地址对应的业务控制和计费策略,从而使得可以利用上述应用协 议层的业务控制和计费策略,对获取的业务报文进行处理。 本发明实施例由于 只需要对获取的业务报文利用普通的报文检测技术进行网络层(第三层)识别, 识别出业务报文中包含的业务服务器的 IP地址,就获知了与业务报文中包含 的业务服务器的 IP地址对应的应用协议层的业务控制和计费策略,无需对获 取的业务报文进行 DPI解析,从而提高了网络设备的转发性能和应用协议层的 业务控制和计费策略的获取效率,保证了网络设备的正常通信。 Specifically, the network device may obtain the service control and charging of the application protocol layer corresponding to the IP address of the service server according to the mapping between the IP address of the service server and the service control and the charging policy of the application protocol layer. Strategy. In other embodiments, step 101 above The foregoing network device may further perform the step of obtaining a mapping relationship between the IP address of the service server and the service control and charging policy of the application protocol layer. Specifically, the foregoing network device may first learn the mapping relationship between the domain name of the service server and the IP address of the service server, and further, according to the mapping relationship between the domain name of the service server and the service control and the charging policy of the application protocol layer, and the foregoing service. The mapping between the domain name of the server and the IP address of the service server, and the mapping between the IP address of the service server and the service control and charging policy of the application protocol layer. In this embodiment, by mapping the IP address of the service server and the service control and charging policy of the application protocol layer, the mapping between the IP address of the service server and the service control layer and the application protocol layer can be obtained. The relationship between the service control and the charging policy corresponding to the IP address of the service server included in the identified service packet, so that the service control and the charging policy of the application protocol layer can be utilized to perform the obtained service packet. deal with. In the embodiment of the present invention, the network packet (the third layer) is identified by using the ordinary packet detection technology, and the IP address of the service server included in the service packet is identified, and the service report is obtained. The service control and charging policy of the application protocol layer corresponding to the IP address of the service server included in the text does not need to perform DPI resolution on the obtained service packet, thereby improving the forwarding performance of the network device and the service control and calculation of the application protocol layer. The acquisition efficiency of the fee policy ensures the normal communication of the network device.
本发明实施例提供的策略的获取方法可以适用于移动通信网络中任何需 要根据应用协议层的业务控制和计费策略,对获取的报文进行处理的网络设 备,例如:分组数据网络网关( Packet Data Network Gateway ,简称 P-GW )、 网关通用分组无线服务( General Packet Radio Service ,简称 GPRS )支持节点 ( Gateway GPRS Supporting Node ,简称 GGSN )、 服务通用分组无线服务 ( General Packet Radio Service,简称 GPRS )支持节点>( Serving GPRS Supporting Node ,简称 SGSN )等网络设备。 为了使得本实施例提供的方法更加清楚,下 面将以 GGSN (图 2A )作为举例。 图 2B为本发明实施例二提供的策略的获取 方法的流程示意图 ,如图 2B所示,本实施例的策略的获取方法可以包括以下 步骤: The method for obtaining the policy provided by the embodiment of the present invention may be applicable to any network device in the mobile communication network that needs to process the obtained packet according to the service control and charging policy of the application protocol layer, for example, a packet data network gateway (Packet) Data Network Gateway, referred to as P-GW), General Packet Radio Service (GPRS) support node (Gateway GPRS Supporting Node, GGSN for short), General Packet Radio Service (GPRS) Support Node > (Serving GPRS Supporting Node) SGSN) and other network devices. In order to make the method provided by this embodiment more clear, the GGSN (Fig. 2A) will be exemplified below. FIG. 2B is a schematic flowchart of a method for acquiring a policy according to Embodiment 2 of the present invention. As shown in FIG. 2B, the method for acquiring a policy in this embodiment may include the following steps:
步骤 201、 GGSN获知业务服务器的域名与业务服务器的 IP地址的映射关 系;  Step 201: The GGSN learns the mapping relationship between the domain name of the service server and the IP address of the service server.
具体地,本步骤中 , GGSN获知业务服务器的域名与业务服务器的 IP地 址的映射关系可以包括但不限于以下几种方式:  Specifically, in this step, the GGSN learns that the mapping relationship between the domain name of the service server and the IP address of the service server may include, but is not limited to, the following methods:
A、 GGSN从域名服务器( Domain Name System ,简称 DNS )获知业务服 务器的域名与业务服务器的 IP地址的映射关系;  A. The GGSN learns the mapping relationship between the domain name of the service server and the IP address of the service server from the Domain Name System (DNS).
具体地, GGSN可以通过截获 DNS根据终端发起的 DNS查询请求,向上 述终端返回的 DNS报文,解析上述 DNS报文,获知业务服务器的域名与业务 服务器的 IP地址的映射关系; GGSN还可以通过获取 DNS根据自身主动发起 的 DNS查询请求, 向自身返回的 DNS报文,解析上述 DNS报文,获知业务 服务器的域名与业务服务器的 IP地址的映射关系。  Specifically, the GGSN can obtain the mapping between the domain name of the service server and the IP address of the service server by intercepting the DNS packet returned by the DNS according to the DNS query request initiated by the terminal to the terminal, and obtaining the mapping relationship between the domain name of the service server and the IP address of the service server; Obtaining the DNS packet returned by the DNS according to the DNS query request initiated by itself, and parsing the DNS packet to obtain the mapping relationship between the domain name of the service server and the IP address of the service server.
B、 GGSN从配置信息中获知业务服务器的域名与业务服务器的 IP地址的 映射关系。 B. The GGSN learns the domain name of the service server and the IP address of the service server from the configuration information. Mapping relations.
需要说明的是:上述业务服务器的域名与业务服务器的 IP地址的映射关 系还可以根据网络具体的组网架构,通过周边网络设备(例如: SGSN )下发 的方式,从周边网络设备获知。  It should be noted that the mapping between the domain name of the service server and the IP address of the service server can also be learned from the peripheral network device by means of a peripheral network device (for example, SGSN) according to the specific network architecture of the network.
本步骤中 GGSN获知的上述业务服务器的域名与业务服务器的 IP地址的 映射关系可以如表 1所示。  The mapping relationship between the domain name of the service server and the IP address of the service server learned by the GGSN in this step can be as shown in Table 1.
表 1 业务服务器的域名与业务服务器的 IP地址的映射关系  Table 1 Mapping between the domain name of the service server and the IP address of the service server
Figure imgf000009_0001
Figure imgf000009_0001
步骤 202、 GGSN根据预先设置的业务服务器的域名与应用协议层的业务 控制和计费策略的映射关系和上述业务服务器的域名与业务服务器的 IP地址 的映射关系,获知业务服务器的 IP 地址与应用协议层的业务控制和计费策略 的映射关系;  Step 202: The GGSN learns the IP address and application of the service server according to the mapping relationship between the domain name of the service server and the service control and the charging policy of the application protocol layer, and the mapping between the domain name of the service server and the IP address of the service server. Mapping between service control and charging policies at the protocol layer;
本步骤中 , GGSN预先设置的业务服务器的域名与应用协议层的业务控制 和计费策略的映射关系可以如表 2所示; GGSN获知的上述业务服务器的 IP 地址与应用协议层的业务控制和计费策略的映射关系可以如表 3所示。  In this step, the mapping between the domain name of the service server set by the GGSN and the service control and charging policy of the application protocol layer may be as shown in Table 2; the IP address of the service server and the service control layer of the application protocol layer learned by the GGSN The mapping relationship of the accounting policy can be as shown in Table 3.
表 2 业务服务器的域名与应用协议层的业务控制和计费策略的映射关系 业务服务器的域名 应用协议层的业务控制和计费策略 www.abc.com 策略 1 Table 2 Mappings between the domain name of the service server and the service control and accounting policies of the application protocol layer Service Control and Accounting Policy for the Domain Name Application Protocol Layer of the Service Server www.abc.com Strategy 1
www.xyz.com 策略 2 表 3 业务服务器的 IP地址与应用协议层的业务控制和计费策略 业务服务器的 IP地址 应用协议层的业务控制和计费策略  Www.xyz.com Policy 2 Table 3 IP address of the service server and service control and charging policy of the application protocol layer IP address of the service server Service control and charging policy of the application protocol layer
61.172.201.194 允许访问  61.172.201.194 Allow access
121.14.0.19 禁止访问  121.14.0.19 No access
步骤 203、 GGSN对获取的业务报文进行网络层识别,识别出上述业务报 文中包含的业务服务器的 IP地址( 目的 IP地址) ;步骤 204、 GGSN根据获 知的业务服务器的 IP 地址与应用协议层的业务控制和计费策略的映射关系, 获取与上述业务服务器的 IP地址对应的应用协议层的业务控制和计费策略。  Step 203: The GGSN performs network layer identification on the obtained service packet, and identifies an IP address (destination IP address) of the service server included in the service packet. Step 204: The GGSN according to the IP address and application protocol of the learned service server The mapping between the service control and the charging policy of the layer, and the service control and charging policy of the application protocol layer corresponding to the IP address of the service server.
具体地,当移动台( Mobile Station ,简称 MS )通过 GGSN发起了访问 IP 地址为 61.172.201.194的业务服务器, GGSN则可以根据获取的与上述 IP地址 对应的业务控制和计费策略" 允许访问" ,允许 MS访问该业务服务器;具体 地,当移动台( Mobile Station ,简称 MS )通过 GGSN发起了访问 IP地址为 121.14.0.19的业务服务器, GGSN则可以根据获取的与上述 IP地址对应的业 务控制和计费策略" 禁止访问" ,禁止 MS访问该业务服务器。 本实施例中 , GGSN通过获知业务服务器的 IP地址与应用协议层的业务 控制和计费策略的映射关系,能够根据获知的上述业务服务器的 IP 地址与应 用协议层的业务控制和计费策略的映射关系,获取与识别出的业务报文中包含 的业务服务器的 IP地址对应的业务控制和计费策略,从而使得 GGSN可以利 用上述应用协议层的业务控制和计费策略,对获取的业务报文进行处理。 本发 明实施例由于 GGSN 只需要对获取的业务报文利用普通的报文检测技术进行 网络层(第三层)识别 ,识别出业务报文中包含的业务服务器的 IP 地址,就 获知了与业务报文中包含的业务服务器的 IP地址对应的应用协议层的业务控 制和计费策略,而无需对获取的业务报文进行 DPI解析,从而提高了 GGSN 的转发性能和应用协议层的业务控制和计费策略的获取效率,保证了 GGSN的 正常通信。 Specifically, when the mobile station (MS) initiates access to the service server with the IP address of 61.172.201.194 through the GGSN, the GGSN may "allow access" according to the obtained service control and charging policy corresponding to the above IP address. The MS is allowed to access the service server. Specifically, when the mobile station (MS) initiates the access to the service server with the IP address of 121.14.0.19 through the GGSN, the GGSN can control the service corresponding to the obtained IP address. And the billing policy "no access" prohibits the MS from accessing the service server. In this embodiment, the GGSN can learn the IP address of the service server and the service control and charging policy of the application protocol layer according to the mapping between the IP address of the service server and the service control and charging policy of the application protocol layer. The mapping relationship is used to obtain the service control and charging policy corresponding to the IP address of the service server included in the identified service packet, so that the GGSN can use the service control and charging policy of the application protocol layer to obtain the service report. The text is processed. In the embodiment of the present invention, the GGSN only needs to identify the network packet (the third layer) of the obtained service packet by using the common packet detection technology, and identify the IP address of the service server included in the service packet. The service control and charging policy of the application protocol layer corresponding to the IP address of the service server included in the packet does not need to perform DPI resolution on the obtained service packet, thereby improving the forwarding performance of the GGSN and the service control of the application protocol layer. The acquisition efficiency of the charging policy ensures the normal communication of the GGSN.
进一步地,本实施例中 ,上述步骤 202中 GGSN预先设置的映射关系还可 以为终端的 IP地址(源 IP地址)、 业务服务器的域名与应用协议层的业务控 制和计费策略的映射关系,相应的,上述步骤 203中 GGSN对获取的业务报文 进行网络层识别 ,还可以识别出获取的业务报文中包含的终端的 IP 地址;上 述步骤 202中 GGSN预先设置的映射关系还可以为终端的 IP地址、 终端的端 口(源端口)、 业务服务器的域名、 业务服务器的端口( 目的端口 )与应用协 议层的业务控制和计费策略的映射关系,相应的 ,上述步骤 203中 GGSN除了 对获取的业务报文进行网络层识别,识别出终端的 IP地址和业务服务器的 IP 地址之外,还可以进一步进行传输层(第四层)识别 ,识别出终端的端口和业 务服务器的端口。 Further, in this embodiment, the mapping relationship preset by the GGSN in the foregoing step 202 may also be a mapping relationship between the IP address (source IP address) of the terminal, the domain name of the service server, and the service control and charging policy of the application protocol layer. Correspondingly, in the foregoing step 203, the GGSN performs network layer identification on the obtained service packet, and can also identify the IP address of the terminal included in the obtained service packet. The mapping relationship preset by the GGSN in the foregoing step 202 can also be the terminal. The mapping between the IP address, the port of the terminal (the source port), the domain name of the service server, the port of the service server (the destination port), and the service control and charging policy of the application protocol layer. Correspondingly, the GGSN in the above step 203 is The obtained service packet is identified by the network layer, and the IP address of the terminal and the IP address of the service server are identified. In addition to the address, the transport layer (layer 4) can be further identified to identify the port of the terminal and the port of the service server.
需要说明的是:对于前述的各方法实施例,为了简单描述,故将其都表述 为一系列的动作组合,但是本领域技术人员应该知悉,本发明并不受所描述的 动作顺序的限制,因为依据本发明,某些步骤可以采用其他顺序或者同时进行。 其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于优选实施 例,所涉及的动作和模块并不一定是本发明所必须的。  It should be noted that, for the foregoing method embodiments, for the sake of simple description, they are all expressed as a series of action combinations, but those skilled in the art should understand that the present invention is not limited by the described action sequence. Because certain steps may be performed in other sequences or concurrently in accordance with the present invention. In addition, those skilled in the art should also understand that the embodiments described in the specification are all preferred embodiments, and the actions and modules involved are not necessarily required by the present invention.
在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详 述的部分,可以参见其他实施例的相关描述。  In the above embodiments, the descriptions of the various embodiments are different, and the details are not described in the specific embodiments. For details, refer to related descriptions of other embodiments.
图 3为本发明实施例三提供的策略的获取装置的结构示意图 ,如图 3所示, 本实施例的策略的获取装置可以包括报文识别模块 31和策略获取模块 32。 其 中 ,报文识别模块 31对获取的业务报文进行网络层识别,识别出上述业务报 文中包含的业务服务器的 IP地址,策略获取模块 32根据获知的业务服务器的 IP地址与应用协议层的业务控制和计费策略的映射关系,获取与上述业务服务 器的 IP地址对应的应用协议层的业务控制和计费策略。 上述本发明实施例一、 二中方法的功能均可以由本发明实施例提供的策略 的获取装置实现,上述策略的获取装置可以位于任何需要根据应用协议层的业 务控制和计费策略,对获取的报文进行处理的网络设备上,例如:分组数据网 络网关( Packet Data Network Gateway ,简称 P-GW )、 网关通用分组无线服务 ( General Packet Radio Service , 简称 GPRS )支持节点( Gateway GPRS Supporting Node ,简称 GGSN )、服务通用分组无线服务( General Packet Radio Service ,简称 GPRS )支持节点( Serving GPRS Supporting Node ,简称 SGSN ) 等网络设备。 FIG. 3 is a schematic structural diagram of a device for acquiring a policy according to Embodiment 3 of the present invention. As shown in FIG. 3, the device for acquiring a policy in this embodiment may include a packet identification module 31 and a policy acquisition module 32. The packet identification module 31 performs network layer identification on the obtained service packet, and identifies the IP address of the service server included in the service packet. The policy acquisition module 32 is configured according to the IP address of the learned service server and the application protocol layer. The mapping between the service control and the charging policy obtains the service control and charging policy of the application protocol layer corresponding to the IP address of the service server. The functions of the foregoing methods in the first and second embodiments of the present invention may be implemented by the acquiring device of the policy provided by the embodiment of the present invention. The acquiring device of the foregoing policy may be located in any service control and charging policy that needs to be obtained according to the application protocol layer. Packets are processed on network devices, such as Packet Data Network Gateway (P-GW), Gateway General Packet Radio Service. (General Packet Radio Service, referred to as GPRS) support node (Gateway GPRS Supporting Node, GGSN for short), and the General Packet Radio Service (GPRS) support node (Serving GPRS Supporting Node, SGSN) network equipment.
具体地,策略获取模块 32可以具体包括第一获知单元 321和第二获知单 元 322。其中 ,第一获知单元 321获知业务服务器的 IP地址与应用协议层的业 务控制和计费策略的映射关系,第二获知单元 322根据第一获知单元 321获知 的上述业务服务器的 IP地址与应用协议层的业务控制和计费策略的映射关系, 获取与上述业务服务器的 IP地址对应的应用协议层的业务控制和计费策略。  Specifically, the policy obtaining module 32 may specifically include a first learning unit 321 and a second learning unit 322. The first learning unit 321 learns the mapping relationship between the IP address of the service server and the service control and charging policy of the application protocol layer, and the IP address and application protocol of the service server learned by the second learning unit 321 according to the first learning unit 321 is obtained. The mapping between the service control and the charging policy of the layer, and the service control and charging policy of the application protocol layer corresponding to the IP address of the service server.
具体地,第一获知单元 321具体可以包括第一获知子单元 3211和第二获 知子单元 3212。 其中 ,第一获知子单元 3211获知业务服务器的域名与业务服 务器的 IP地址的映射关系,第二获知子单元 3212根据预先设置的业务服务器 的域名与应用协议层的业务控制和计费策略的映射关系和第一获知子单元 3211获知的上述业务服务器的域名与业务服务器的 IP地址的映射关系,获知 业务服务器的 IP地址与应用协议层的业务控制和计费策略的映射关系。  Specifically, the first learning unit 321 may specifically include a first learned subunit 3211 and a second learned subunit 3212. The first learned sub-unit 3211 learns the mapping relationship between the domain name of the service server and the IP address of the service server, and the second learned sub-unit 3212 maps the service control and the charging policy of the application protocol layer according to the domain name of the service server set in advance. The relationship between the domain name of the service server and the IP address of the service server, which is known by the relationship and the first learned sub-unit 3211, is used to learn the mapping relationship between the IP address of the service server and the service control and charging policy of the application protocol layer.
具体地,第一获知子单元 3211具体可以从 DNS获知业务服务器的域名与 业务服务器的 IP地址的映射关系,或者还可以从配置信息中获知业务服务器 的域名与业务服务器的 IP地址的映射关系。  Specifically, the first learned sub-unit 3211 may specifically learn the mapping relationship between the domain name of the service server and the IP address of the service server from the DNS, or may also obtain the mapping relationship between the domain name of the service server and the IP address of the service server from the configuration information.

Claims

权 利 要 求 书 Claim
1、 一种策略的获取方法,其特征在于,包括: A method for acquiring a policy, comprising:
对获取的业务报文进行网络层识别,识别出所述业务报文中包含的业务服 务器的 IP地址;  Performing network layer identification on the obtained service packet, and identifying the IP address of the service server included in the service packet;
根据获知的业务服务器的 IP 地址与应用协议层的业务控制和计费策略的 映射关系,获取与所述业务服务器的 IP地址对应的应用协议层的业务控制和 计费策略。  The service control and charging policy of the application protocol layer corresponding to the IP address of the service server is obtained according to the mapping between the IP address of the service server and the service control and the charging policy of the application protocol layer.
2、 根据权利要求 1 所述的方法,其特征在于,还包括:获知业务服务器 的 IP地址与应用协议层的业务控制和计费策略的映射关系。  The method according to claim 1, further comprising: learning a mapping relationship between an IP address of the service server and a service control and a charging policy of the application protocol layer.
3、 根据权利要求 2所述的方法,其特征在于,所述获知业务服务器的 IP 地址与应用协议层的业务控制和计费策略的映射关系包括: The method according to claim 2, wherein the mapping between the IP address of the service server and the service control and charging policy of the application protocol layer is as follows:
获知业务服务器的域名与业务服务器的 IP地址的映射关系; 根据预先设置的业务服务器的域名与应用协议层的业务控制和计费策略 的映射关系和所述业务服务器的域名与业务服务器的 IP地址的映射关系,获 知业务服务器的 IP地址与应用协议层的业务控制和计费策略的映射关系。  The mapping between the domain name of the service server and the IP address of the service server is obtained; the mapping between the domain name of the service server and the service control and charging policy of the application protocol layer and the domain name of the service server and the IP address of the service server are obtained according to the preset The mapping relationship is obtained by knowing the mapping relationship between the IP address of the service server and the service control and charging policy of the application protocol layer.
4、 根据权利要求 3所述的方法,其特征在于,所述获知业务服务器的域 名与业务服务器的 IP地址的映射关系包括:  The method according to claim 3, wherein the mapping relationship between the domain name of the service server and the IP address of the service server is as follows:
从域名服务器 DNS获知业务服务器的域名与业务服务器的 IP地址的映射 关系;或者 Obtain the mapping between the domain name of the service server and the IP address of the service server from the DNS of the domain name server. Relationship; or
从配置信息中获知业务服务器的域名与业务服务器的 IP地址的映射关系。  The mapping between the domain name of the service server and the IP address of the service server is obtained from the configuration information.
5、 一种策略的获取装置,其特征在于,包括: 报文识别模块,用于对获取的业务报文进行网络层识别,识别出所述业务 报文中包含的业务服务器的 IP地址; 策略获取模块,用于根据获知的业务服务器的 IP地址与应用协议层的业 务控制和计费策略的映射关系,获取与所述业务服务器的 IP 地址对应的应用 协议层的业务控制和计费策略。  A device for acquiring a policy, comprising: a message identification module, configured to perform network layer identification on the obtained service packet, and identify an IP address of the service server included in the service packet; The obtaining module is configured to obtain, according to the mapping relationship between the IP address of the service server and the service control and the charging policy of the application protocol layer, the service control and charging policy of the application protocol layer corresponding to the IP address of the service server.
6、 根据权利要求 5所述的装置,其特征在于,所述策略获取模块包括: 第一获知单元,用于获知业务服务器的 IP地址与应用协议层的业务控制 和计费策略的映射关系; The device according to claim 5, wherein the policy obtaining module comprises: a first learning unit, configured to learn a mapping relationship between an IP address of the service server and a service control and a charging policy of the application protocol layer;
第二获知单元,用于根据所述第一获知单元获知的所述业务服务器的 IP 地址与应用协议层的业务控制和计费策略的映射关系,获取与所述业务服务器 的 IP地址对应的应用协议层的业务控制和计费策略。  a second learning unit, configured to acquire an application corresponding to an IP address of the service server according to a mapping relationship between an IP address of the service server and a service control and a charging policy of the application protocol layer, which is learned by the first learning unit Service control and charging policies at the protocol layer.
7、 根据权利要求 6所述的装置,其特征在于,所述第一获知单元包括: 第一获知子单元,用于获知业务服务器的域名与业务服务器的 IP地址的 映射关系; The device according to claim 6, wherein the first learning unit comprises: a first learning subunit, configured to learn a mapping relationship between a domain name of the service server and an IP address of the service server;
第二获知子单元,用于根据预先设置的业务服务器的域名与应用协议层的 业务控制和计费策略的映射关系和所述第一获知子单元获知的所述业务服务 器的域名与业务服务器的 IP地址的映射关系,获知业务服务器的 IP地址与应 用协议层的业务控制和计费策略的映射关系。 a second learned sub-unit for using a domain name of the service server and an application protocol layer according to a preset The mapping relationship between the service control and the charging policy and the mapping between the domain name of the service server and the IP address of the service server learned by the first learned sub-unit, and the service control and accounting of the IP address of the service server and the application protocol layer are learned. The mapping relationship of the fee policy.
8、 根据权利要求 7所述的装置,其特征在于,所述第一获知子单元具体 用于:  8. The apparatus according to claim 7, wherein the first learned subunit is specifically configured to:
从域名服务器 DNS获知业务服务器的域名与业务服务器的 IP地址的映射 关系;或者  Obtain the mapping relationship between the domain name of the service server and the IP address of the service server from the DNS server; or
从配置信息中获知业务服务器的域名与业务服务器的 IP地址的映射关系。  The mapping between the domain name of the service server and the IP address of the service server is obtained from the configuration information.
PCT/CN2011/074417 2010-08-18 2011-05-20 Method and apparatus for obtaining policy WO2011137804A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010257923.7 2010-08-18
CN201010257923.7A CN102143135B (en) 2010-08-18 2010-08-18 Strategy acquisition method and device

Publications (1)

Publication Number Publication Date
WO2011137804A1 true WO2011137804A1 (en) 2011-11-10

Family

ID=44410363

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/074417 WO2011137804A1 (en) 2010-08-18 2011-05-20 Method and apparatus for obtaining policy

Country Status (2)

Country Link
CN (1) CN102143135B (en)
WO (1) WO2011137804A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017075781A1 (en) * 2015-11-05 2017-05-11 华为技术有限公司 Method, apparatus, and system for processing data packets

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1852263A (en) * 2006-05-23 2006-10-25 杭州华为三康技术有限公司 Message access controlling method and a network apparatus
CN1859128A (en) * 2005-05-16 2006-11-08 华为技术有限公司 Method for content charging of data service
CN101729266A (en) * 2008-11-03 2010-06-09 华为技术有限公司 Charging method and device for link building messages

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1859128A (en) * 2005-05-16 2006-11-08 华为技术有限公司 Method for content charging of data service
CN1852263A (en) * 2006-05-23 2006-10-25 杭州华为三康技术有限公司 Message access controlling method and a network apparatus
CN101729266A (en) * 2008-11-03 2010-06-09 华为技术有限公司 Charging method and device for link building messages

Also Published As

Publication number Publication date
CN102143135B (en) 2014-02-19
CN102143135A (en) 2011-08-03

Similar Documents

Publication Publication Date Title
US20210385154A1 (en) Multipath data transmission method and device
WO2021057889A1 (en) Data processing method and apparatus, electronic device, and storage medium
JP6007458B2 (en) Packet receiving method, deep packet inspection apparatus and system
CN110073647B (en) System and method for registering FQDN-based IP service endpoint at network attachment point
JP6085891B2 (en) Access control method and system, and access point
JP6091657B2 (en) A method for obtaining a mapping between a mobile subscriber identity and a dynamically assigned Internet Protocol (IP) address using a Diameter routing agent (DRA) and making the mapping accessible to an application; System and computer-readable medium
WO2015131741A1 (en) Service policy control method and system
CN117793952A (en) Communication method and device
CN111901135A (en) Data analysis method and device
US20190230484A1 (en) Policy control with mobile edge computing
WO2020253631A1 (en) Configuration method, device, and system for ip address
JP2018067927A (en) Layer-2 address management in 3 address only capable access points in networks with relays
WO2017215492A1 (en) Device detection method and apparatus
EP3668058B1 (en) Content distribution method and system
US11902890B2 (en) Application based routing of data packets in multi-access communication networks
WO2015096344A1 (en) Method and system for app to acquire mac address of terminal
WO2014101041A1 (en) Ipv6 address tracing method, device, and system
WO2011160587A1 (en) Method and system for connecting a dual-stack terminal to networks
US20140064196A1 (en) Layer 2 address management in 3 address only capable access points in networks with relays
JP6325664B2 (en) Data transmission method and gateway
WO2011137804A1 (en) Method and apparatus for obtaining policy
WO2020086159A2 (en) Mobile core dynamic tunnel end-point processing
JP2013192103A (en) Method, device and program for communication traffic control
WO2014101588A1 (en) Device location method and system thereof
WO2022270228A1 (en) Device and method for providing communication service for accessing ip network, and program therefor

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11777223

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11777223

Country of ref document: EP

Kind code of ref document: A1