WO2012003781A1

WO2012003781A1 - Method and system for controlling service admission

Info

Publication number: WO2012003781A1
Application number: PCT/CN2011/076703
Authority: WO
Inventors: 毕以峰; 周晓云; 宗在峰; 霍玉臻; 蒋陶
Original assignee: 中兴通讯股份有限公司
Priority date: 2010-07-09
Filing date: 2011-06-30
Publication date: 2012-01-12
Also published as: CN102316529A; CN102316529B

Abstract

The invention provides a method and a system for controlling service admission, which improves the performance of controlling service admission of the system. The method includes: a security gateway transmits information of a security tunnel between a Home Base-station (HB) and the security gateway and a resource reconfiguration request initiated by the HB after the HB received policy information issued from a wireless network side, to the Policy Control Function Entity of the HB; the Policy Function Entity of the HB notifies the information of the security tunnel and the resource reconfiguration request to a Policy Control Function Entity of a fixed network, the Policy Control Function Entity of the fixed network judges whether the fixed network link corresponding to the information of the security tunnel satisfies content of the resource reconfiguration request or not, and feeds the judgment result back to the HB, and the HB makes an admission control decision according to the judgment result.

Description

Method and system for controlling business acceptance

Technical field

The present invention relates to the field of wireless communications, and in particular to a method and system for service admission control.

Background technique

The Evolved Packet System (EPS) of the 3rd Generation Partnership Project (3GPP) is evolved by the Evolved Universal Terrestrial Radio Access Network (E. -UTRAN), Mobility Management Entity (MME), Serving Gateway (S-GW), Packet Data Network Gateway (P-GW), Home Subscriber Server (Home Subscriber Server, abbreviated as HSS). FIG. 1 is a schematic diagram of an architecture of a Home evolved NodeB (HeNB) accessing an EPS in a non-roaming scenario according to the related art, and a roaming scenario (home route or local grooming) The architecture of the HeNB to access the EPS is mainly embodied in the EPS network, and has little relationship with the invention, and will not be described here.

The MME is connected to the EUTRAN, the S-GW, and the home base station gateway (HeNB GW), and is responsible for control planes such as mobility management, non-access stratum signaling processing, and user mobility management context management; S-GW is The E-UTRAN-connected access gateway device forwards data between the E-UTRAN and the P-GW and is responsible for buffering the paging waiting data. The P-GW is an EPS and packet data network (Packet Data Network, referred to as PDN) The border gateway of the network, responsible for PDN access and forwarding data between EPS and PDN.

If the EPS system supports the Policy and Charging Control (PCC), the Policy and Charging Rules Function (PCRF) performs the policy and charging rules. It is connected to an application function (Application Function, abbreviated as AF) in the service network protocol (Internet Protocol, IP for short) to obtain service information, which is used to generate service information of the PCC policy. When S-GW When the S5 interface with the P-GW uses the GTP protocol, the P-GW resides in the Policy and Charging Enforcement Function (PCEF), and the PCRF and the P-GW exchange through the Gx interface. The information is responsible for initiating the establishment, modification, and release of the bearer, ensuring the quality of service (QoS) of the service data, and performing charging control. When the S5 interface of the S-GW and the P-GW uses Proxy Mobile IP (PMIP), the Bearer Binding and Event Report Function (abbreviated as Bearer Binding and Event Report Function) BBERF), and the S-GW and the PCRF exchange information through the Gxc interface, and the BBERF is responsible for initiating the establishment, modification and release of the bearer to ensure the service quality of the service data, and the PCEF performs the charging control.

The EPS supports the access of the HeNB, which is a small, low-power base station deployed in indoor places such as homes and offices. The Closed Subscriber Group (CSG) is a new concept introduced after the introduction of the home base station. Usually a family or an internal user of a company forms a closed user group, which is identified by a CSG ID. The home base station serving the users in this closed subscriber group has the same CSG ID. When a closed subscriber group is served by only one home base station, the closed subscriber group can also directly identify the home base station identity (e.g., BS ID). According to the wishes of the home base station manager, CSG users and/or non-CSG users can distinguish different levels, and the priority of the service is different, and the service quality and service category can be different. By signing with the operator, the user can access the home base station corresponding to multiple closed user groups, for example, the user's office, home, and the like. The concept of allowing a closed user group list to be introduced is therefore introduced. This list is stored in the user's terminal and the user data server on the network side.

There are three usage modes for home base stations: closed mode, mixed mode, and open mode. When the home base station is in the closed mode, only the CSG subscription user to which the home base station belongs can access the base station and enjoy the services provided by the base station. When the home base station is in the open mode, any carrier subscription user can access the base station, and the home base station at this time is equivalent to the macro base station. When the home base station is in the hybrid mode, any operator subscription or roaming user is also allowed to access, but different levels are classified according to whether the user subscribes to the CSG, that is, the user who signs the CSG is using the hybrid home. Base stations have higher service priorities and enjoy better quality of service and service categories.

When the user initiates access, the user data server on the network side will sign the user. The closed subscriber group that allows access is sent to the mobility management entity of the core network. The core network mobility management entity will use this information to perform access control on the UE. If the UE accesses the core network from an unlicensed closed mode home base station, the core network will deny access to such users.

The HeNB usually accesses the core network of the EPS through the leased fixed line, as shown in Figure 1. In order to ensure the security of the access, the security gateway (Security Gateway, referred to as SeGW) is shielded in the core network, and the data between the HeNB and the SeGW is encapsulated by IPSec. The HeNB can directly connect to the MME and the S-GW of the core network through the IPSec tunnel established by the HeNB and the SeGW, and can also connect to the MME and the S-GW through the SeGW, that is, the HeNB GW is an optional network element, but whether the network element is The use does not affect the invention. At the same time, in order to implement management of the HeNB, a Home eNodeB Management System (HMS) is introduced, which has little relationship with the present invention, and is not shown in the figure.

Furthermore, the Universal Mobile Telecommunications System (UMTS) supports access to the home base station HNB (Home NodeB). Figure 2 is a schematic diagram of the architecture of the HNB accessing the UMTS in the non-roaming scenario according to the related technology. The architecture of the HNB accessing the UMTS in the roaming scenario is similar to that of the UMTS, and is not described here. The architecture in Figure 2 is similar to the architecture of Figure 1, except that the Serving General Packet Radio Service Support Node (SGSN) is used instead of the S-GW to use the gateway general packet radio service support. The Gateway General Packet Radio Service Supporting Node (GGSN) replaces the P-GW.

The QoS of the fixed line that is accessed by the HeNB/HNB is usually restricted by the contract of the owner of the HeNB/HNB and the fixed network operator. Therefore, when the 3GPP UE normally accesses the 3GPP core network access service by the HeNB/HNB, the required QoS cannot exceed the contracted QoS of the fixed network line that the fixed network operator can provide. Otherwise, the QoS of the UE access service will not be guaranteed, especially for the service of Guaranteed Bit Rate (GBR). Therefore, for 3GPP networks and fixed networks, there must be a unified control mechanism to control the admission of fixed network resources and services. For example: When a new service is initiated, the fixed network needs to ensure that there is enough resources/bandwidth to support the service. If the fixed network cannot provide the resource/bandwidth, the service cannot be initiated, even if 3GPP can provide enough Resources/bandwidth, as long as the fixed network cannot guarantee resources/bandwidth, the service (especially GBR) is not guaranteed. Thereby controlling the QoS of service access of all UEs accessed through the HeNB/HNB The total demand does not exceed the QoS guarantee for the fixed line subscription of the HeNB/HNB access, or it can reasonably manage the fixed network resources, and can properly control the users and services, ensuring that the authorized GBR service can be sufficient. Bandwidth.

In the current research process, there have been some architectural preliminary plans. As shown in Figure 1 (HeNB case). Interworking network element HeNB PF (Policy Function Entity), set in 3GPP HeNB subsystem (consisting of SeGW, HeNB GW and other network elements, such as HeMS) and BBF BPCF (Broadband Forum Policy Control Function) Between functional entities), business acceptance management and resource management are implemented.

In the HeNB scenario, how to implement service admission management and resource management, and how to manage resources when the HNB accesses the scenario is a problem that needs to be solved. The present invention is a solution to the problem.

Summary of the invention

In order to solve the above technical problem, the present invention provides a method and system for controlling service admission, which improves the performance of the system control service acceptance.

In order to solve the above technical problem, the present invention provides a method for service admission control, including: a security gateway, a security tunnel information between a home base station and a security gateway, and a policy information sent by the home base station to a wireless network side. The post-initiated resource reconfiguration request is sent to the home base station policy function entity; the home base station policy function entity notifies the information about the security tunnel and the resource reconfiguration request to the fixed network policy control function entity, the fixed network policy The control function entity determines whether the fixed network link corresponding to the information of the security tunnel can satisfy the content of the resource reconfiguration request, and feeds back a determination result to the home base station, and the home base station makes admission control according to the determination result. decision making.

Preferably, the above method may also have the following features:

The step of the security gateway transmitting the information about the security tunnel between the home base station and the security gateway and the resource reconfiguration request initiated by the home base station after receiving the policy information sent by the wireless network side to the home base station policy function entity Includes:

After the security gateway establishes a secure tunnel with the home base station, establishing a policy with the home base station a session of the functional entity, and sending the secure tunnel information to the home base station policy function entity in the process of establishing the session; after receiving the resource reconfiguration request, the security gateway passes the resource reconfiguration request The session is sent to the home base station policy function entity.

Preferably, in the above method, the session is a dedicated session established by the home base station through a dedicated interface with the security gateway when performing system initialization. Preferably, the session is a dedicated session established by the home base station through a dedicated interface when the system is initialized by the home base station.

Preferably, the above method may also have the following features:

After receiving the resource reconfiguration request sent by the home base station, the security gateway sends the information of the security tunnel together with the resource reconfiguration request to the home base station policy function entity.

Preferably, the above method may also have the following features:

The sending, by the wireless network, the policy information and the home base station to initiate the resource reconfiguration request includes: the wireless network side transmitting a bearer setup request message to the home base station, and carrying the policy information in the message, where the home base station sends the resource reconfiguration The request is used to request to allocate resources; the wireless network side sends a bearer modification request message to the home base station and carries policy information in the message, where the home base station sends a resource reconfiguration request for requesting reallocation or release of resources; Transmitting a session management request message to the home base station and carrying policy information in the message, where the home base station sends a resource reconfiguration request for requesting allocation or reallocation of resources; or, the wireless network side is under the home base station The bearer deactivation request message is sent and the policy information is carried in the message, and the home base station sends a resource release request for requesting release of the resource.

Preferably, the above method may also have the following features:

The step of determining, by the fixed network policy control function entity, whether the fixed network link corresponding to the information of the security tunnel can satisfy the content of the resource reconfiguration request includes: determining, by the fixed network policy control entity, whether the fixed network link is The bandwidth resource required to be allocated or reallocated by the home base station can be provided, or whether the fixed network link accepts release of the bandwidth resource required to be released by the home base station.

Preferably, the above method may also have the following features: The step of the home base station making an admission control decision according to the determination result includes: if the determination result indicates that the fixed network link corresponding to the information of the security tunnel can satisfy the content of the resource reconfiguration request, the home base station accepts a new task; if the judgment result indicates that the fixed network link corresponding to the information of the secure tunnel cannot satisfy the content of the resource reconfiguration request; the home base station rejects the new service. Preferably, the above method may also have the following features:

When the fixed network link corresponding to the information of the security tunnel cannot meet the content of the resource reconfiguration request, the home base station determines to preempt the existing service resource, and notifies the policy control function entity.

Preferably, the security tunnel information includes:

The identity of the home base station of the endpoint of the secure tunnel and the outer IP address; or

Inner IP address and outer IP address; or,

The identity of the home base station of the endpoint of the secure tunnel and the inner IP address and outer IP address.

Preferably, when the information about the secure tunnel includes the outer IP address, if the home base station accesses a fixed network through a home gateway functioning as a router, the outer IP address is the home. The private IP address of the base station is translated by the network address, and the information of the secure tunnel further includes a user data packet protocol UDP port number.

In order to solve the above technical problem, the present invention provides a service admission control system, which includes a wireless network side device, a security gateway, a home base station, a home base station policy function entity, and a fixed network policy control function entity; the wireless network The side device is configured to send the policy information to the home base station, where the home base station is configured to initiate a resource reconfiguration request after receiving the policy information sent by the wireless network side device, and is further configured to perform the function according to the fixed network policy. And determining, by the entity, whether the fixed network information corresponding to the security tunnel information meets the content of the resource reconfiguration request, and making an admission control decision; the security gateway is configured to be between the home base station and the security gateway The information of the security tunnel and the resource reconfiguration request are sent to the home base station policy function entity; the home base station policy function entity is set to the information of the security tunnel and the resource reconfiguration request notification to the fixed network policy control function Entity; the fixed network policy control function entity, set to And determining, according to the information of the security tunnel, whether the fixed network link corresponding to the information of the security tunnel can satisfy the content of the resource reconfiguration request, and feeding back the determination result to the home base station.

Preferably, the above system may also have the following characteristics:

The security gateway is further configured to establish a session with the home base station policy function entity after establishing a secure tunnel with the home base station, and send the secure tunnel information to the home base station policy during the establishment of the session. The functional entity is further configured to send the resource reconfiguration request to the home base station policy function entity through the session after receiving the resource reconfiguration request.

Preferably, in the above system, the session is a dedicated session established by the home base station through a dedicated interface with the security gateway when performing system initialization.

Preferably, the above system may also have the following characteristics:

And the security gateway is further configured to: after receiving the resource reconfiguration request sent by the home base station, send the information of the security tunnel to the home base station policy function entity together with the resource reconfiguration request.

Preferably, the above system may also have the following characteristics:

The home base station is further configured to: when it is known that the fixed network link cannot provide the required bandwidth of the home base station, determine to preempt the fixed network existing service resource, and notify the policy control function entity after the preemption is successful.

Preferably, the above system may also have the following characteristics:

The wireless network side device includes a core network device of an evolved packet system and an evolved home base station gateway; or the wireless network side device includes a universal mobile communication system core network device and a home base gateway.

The present invention also provides a home base station, including a resource reconfiguration request initiating module and an admission control decision module, where

The resource reconfiguration requesting module is configured to: initiate a resource reconfiguration request after receiving the policy information sent by the wireless network side device;

The admission control decision module is configured to: control security of functional entity feedback according to a fixed network policy Making an admission control decision as a result of whether the fixed network link corresponding to the information of the tunnel can satisfy the content of the resource reconfiguration request;

The information of the security tunnel is information about a secure tunnel between the home base station and the security gateway.

The present invention also provides a security gateway, including an information sending module, where

The information sending module is configured to: send the information about the security tunnel between the home base station and the security gateway, and the resource reconfiguration request initiated by the home base station after receiving the policy information sent by the wireless network side device to the home Base station policy function entity.

The security gateway further includes a session establishment module, where

The session establishing module is configured to: after the security gateway establishes a secure tunnel with the home base station, establish a session with the home base station policy function entity;

The information sending module is configured to: send the security tunnel information to the home base station policy function entity in the process of establishing the session; and reconfigure the resource after receiving the resource reconfiguration request The request is sent to the home base station policy function entity through the session.

The present invention also provides a home base station policy function entity, including an information receiving module and a notification module, where

The information receiving module is configured to: receive information about a secure tunnel between the home base station and the security gateway sent by the security gateway, and perform resource reconfiguration initiated by the home base station after receiving the policy information sent by the wireless network side device Request

The notification module is configured to: notify the information of the secure tunnel and the resource reconfiguration request to a fixed network policy control function entity.

The present invention also provides another method of service admission control, including:

The security gateway sends the secure tunnel information between the home base station and the security gateway to the home base station policy function entity, and the home base station policy function entity notifies the information of the secure tunnel to the fixed network policy control function entity;

After receiving the policy information sent by the wireless network side, the home base station initiates a resource reconfiguration request to the home base station policy function entity, where the home base station policy function entity notifies the content of the resource reconfiguration request to the fixed network policy Control function entity; The fixed network policy control function entity determines whether the fixed network link corresponding to the information of the security tunnel can satisfy the content of the resource reconfiguration request, and feeds back a determination result to the home base station, where the home base station according to the The judgment result makes an admission control decision.

After receiving the policy information sent by the wireless network side, the home base station initiates a resource reconfiguration request to the home base station policy function entity, where the home base station policy function entity notifies the content of the resource reconfiguration request to the fixed network policy Control function entity;

The fixed network policy control function entity determines whether the fixed network link corresponding to the information of the security tunnel can satisfy the content of the resource reconfiguration request, and feeds back a determination result to the home base station, where the home base station according to the The judgment result makes an admission control decision.

The present invention further provides another system for service admission control, including a wireless network side device, a security gateway, a home base station, a home base station policy function entity, and a fixed network policy control function entity; wherein, the wireless network side device is configured as: Sending policy information to the home base station;

The home base station is configured to: after receiving the policy information sent by the wireless network side, initiate a resource reconfiguration request to the home base station policy function entity; and the home base station and the feedback fed back by the functional entity according to the fixed network policy Making an admission control decision as to whether the fixed network link corresponding to the information of the security tunnel between the security gateways can satisfy the content of the resource reconfiguration request;

The security gateway is configured to: secure a tunnel between the home base station and the security gateway The information is sent to the home base station policy function entity;

The home base station policy function entity is configured to: notify the fixed network policy control function entity of the information of the security tunnel sent by the security gateway and the content of the resource reconfiguration request sent by the home base station;

The fixed network policy control function entity is configured to: determine, according to the information of the security tunnel, whether the fixed network link corresponding to the information of the security tunnel can satisfy the content of the resource reconfiguration request, and feed back the judgment result to the The home base station.

The present invention also provides another home base station, including a resource reconfiguration request initiating module and an admission control decision module, where

The resource reconfiguration requesting module is configured to: after receiving the policy information sent by the wireless network side, initiate a resource reconfiguration request to the home base station policy function entity;

The admission control decision module is configured to: determine, according to the fixed network policy, the fixed network link corresponding to the information about the security tunnel between the home base station and the security gateway fed back by the function entity, that is capable of satisfying the content of the resource reconfiguration request As a result, an admission control decision is made.

The present invention also provides another home base station policy function entity, including an information receiving module and a notification module, where the information receiving module is configured to: receive a secure tunnel between the home base station and the security gateway sent by the security gateway. Information, and a resource reconfiguration request initiated by the home base station after receiving the policy information sent by the wireless network side device;

The notification module is configured to: notify the fixed network policy control function entity of the information of the security tunnel sent by the security gateway and the content of the resource reconfiguration request sent by the home base station.

Preferably, in the above method, system, home base station, security gateway or home base station policy function entity, the security tunnel information includes:

Inner IP address and outer IP address; or,

Preferably, in the above method, system, home base station, security gateway or home base station policy function In the entity, when the information about the security tunnel includes the outer IP address, if the home base station accesses the fixed network through a home gateway functioning as a router, the outer IP address is the home The private IP address of the base station is translated by the network address, and the information of the secure tunnel further includes a user data packet protocol UDP port number.

The invention can improve the performance of the system control service acceptance and improve the resource management capability of the system. BRIEF abstract

1 is a schematic diagram of an architecture of a HeNB accessing an EPS in a non-roaming scenario according to the related art; FIG. 2 is a schematic diagram of an architecture of an HNB accessing a UMTS through a fixed network in a non-roaming scenario according to the related art;

3 is a schematic structural diagram of Embodiment 1 of the present invention;

4 is a schematic structural diagram of Embodiment 2 of the present invention;

FIG. 5 is a flowchart of establishing a T1 session when the home base station is powered on according to the embodiment of the present invention; FIG. 6 is a schematic diagram of a method for controlling service admission according to Embodiment 1 of the present invention;

7 is a schematic diagram of a method for controlling service admission in Embodiment 2 of the present invention;

8 is a schematic diagram of a method for controlling service admission in Embodiment 3 of the present invention;

9 is a schematic diagram of a method for controlling service admission in Embodiment 4 of the present invention;

FIG. 10 is a schematic diagram of a method for controlling service admission according to Embodiment 5 of the present invention. Preferred embodiment of the invention

The system for service admission control in the embodiment includes: a wireless network side device, a security gateway, a home base station, a home base station policy function entity, and a fixed network policy control function entity.

The wireless network side device includes a core network device of the evolved packet system and an evolved home base station gateway; or the wireless network side device includes a universal mobile communication system core network device and a home base station gateway. The wireless network side device is configured to send policy information to the home base station.

The home base station is configured to initiate a resource reconfiguration request after receiving the policy information sent by the wireless network side device, and is further configured to: according to the fixed network link, the fixed network link corresponding to the information of the security tunnel fed back by the function entity An admission control decision is made as a result of being able to satisfy the content of the resource reconfiguration request.

The security gateway is configured to send the information of the secure tunnel between the home base station and the security gateway and the resource reconfiguration request to the home base station policy function entity.

The home base station policy function entity sets the information of the secure tunnel and the resource reconfiguration request notification to the fixed network policy control function entity.

The fixed network policy control function entity is configured to determine, according to the information of the security tunnel, whether the fixed network link corresponding to the information of the security tunnel can satisfy the content of the resource reconfiguration request, and feed back the determination result to the home base station .

The security gateway sends the information of the security tunnel in the following manner: The security gateway is further configured to establish a security tunnel with the home base station, establish a session with the home base station policy function entity, and establish the dedicated Sending the security tunnel information to the home base station policy function entity during the session; and further, after receiving the resource reconfiguration request, mapping the resource reconfiguration request to the security tunnel where the security gateway is located The corresponding private session is sent to the home base station policy function entity. The session may be a dedicated session established by the home base station through a dedicated interface when the system is initialized (e.g., when the system is initialized after power-on). This dedicated interface can be referred to as the T1 interface.

The security gateway sends the information about the security tunnel in the following manner: The security gateway is configured to send the information of the security tunnel together with the resource reconfiguration request after receiving the resource reconfiguration request sent by the home base station. Sended to the home base station policy function entity.

The process of sending the policy information by the wireless network side device and initiating the resource reconfiguration request by the home base station is one of the following message interaction processes:

The wireless network side device is configured to send a bearer setup request message to the home base station and carry policy information in the message; the home base station is configured to send a resource reconfiguration request for requesting allocation of resources. The wireless network side device is configured to send a bearer modification request message to the home base station and carry policy information in the message; the home base station is configured to send a resource reconfiguration request for requesting reallocation or release of resources.

The wireless network side device is configured to send a session management request message to the home base station and carry policy information in the message; the home base station is configured to send a resource reconfiguration request for requesting allocation or re-allocation of resources. The wireless network side device is configured to send a bearer deactivation request message to the home base station and carry policy information in the message; the home base station is configured to send a resource release request for requesting release of the resource.

The determining, by the fixed network policy control function entity, whether the fixed network link corresponding to the information of the security tunnel can satisfy the content of the resource reconfiguration request is: the fixed network policy control entity determining whether the fixed network link can provide the Determining, by the home base station, bandwidth resources allocated or reallocated, or determining whether the fixed network link accepts release of bandwidth resources required by the home base station.

The determining, by the home base station, the admission control decision according to the feedback result, is: if the feedback result indicates that the fixed network link corresponding to the information of the security tunnel can satisfy the content of the resource reconfiguration request, the home base station accepts a new Task; otherwise, the home base station rejects the new service.

The home base station is further configured to decide to preempt the existing service resource and notify the policy control function entity when the fixed network link corresponding to the information of the security tunnel is unable to satisfy the content of the resource reconfiguration request.

The above system is applicable to a system in which a home base station (HNB) is applied and a system in which an evolved home base station (HeNB) is applied. The corresponding corresponding device in the system is that the HeNB corresponds to the HNB, the HeNB GW/MME corresponds to the HNB GW, and the HeNB PF corresponds to the HNB PF.

As shown in FIG. 3, the method for the service admission control includes: the information about the security tunnel between the home base station and the security gateway, and the resource reconfiguration request initiated by the home base station after receiving the policy information sent by the wireless network side. Sending to the home base station policy function entity; the home base station policy function entity notifying the information of the secure tunnel and the resource reconfiguration request to the fixed network policy control function entity, where the fixed network policy control function entity determines the security Whether the fixed network link corresponding to the information of the tunnel can satisfy the content of the resource reconfiguration request, and feeds back the judgment result to the home The base station, the home base station makes an admission control decision according to the feedback result.

A dedicated interface T2 can be set between the HeNB and the HeNB PF for the information exchange between the HeNB and the HeNB PF in this embodiment. When the HeNB and the HeNB PF exchange messages through the T2 interface, the session on the T2 interface is called a T2 session. The T2 session between the HeNB and the HeNB PF is encapsulated by the IP sec between the SeGW and the HeNB. After receiving the signaling of the session, the SeGW strips the encapsulation header of the IPSec tunnel and sends it to the HeNB PF. The message sent by the HeNB is reversely transmitted through the same mechanism, and is not described here.

When the security gateway sends the information of the security tunnel, the security gateway establishes a secure tunnel with the home base station, establishes a session with the home base station policy function entity, and establishes the dedicated session in the process of establishing the private session. The security tunnel information is sent to the home base station policy function entity; after receiving the resource reconfiguration request, the security gateway maps the resource reconfiguration request to a session corresponding to the security tunnel where the security gateway is located. To the home base station policy function entity. The session may be a dedicated session established by the home base station through a dedicated interface with the secure gateway when the system is initialized. As shown in FIG. 4, the T1 interface between the SeGW and the HeNB PF is a dedicated interface, and the SeGW and the HeNB PF can exchange information according to the dedicated interface. There are two cases in the manner of sending the information of the security tunnel through the dedicated session. First, after the home base station is powered on, the security gateway establishes a secure tunnel with the home base station, and the security gateway establishes a dedicated session with the home base station policy function entity (ie, The T1 session), the security gateway maps the information of the secure tunnel to the private base station policy function entity on the T1 session corresponding to the information of the secure tunnel through the T1 interface. After receiving the resource reconfiguration request sent by the home base station, the security gateway maps the information of the security tunnel to the dedicated session corresponding to the information of the security tunnel, that is, the T1 session, and sends the information to the home base station policy function entity.

When the security gateway sends the information of the security tunnel, the security gateway may send the information about the security tunnel to the home together with the resource reconfiguration request after receiving the resource reconfiguration request sent by the home base station. Base station policy function entity. In this manner, the security gateway is implemented through the available channels between the SeGW and the HeNB PF in the prior art.

The process of sending the policy information and the security initiated resource reconfiguration request by the wireless network side is one of the following message interaction processes:

The wireless network side sends a bearer setup request message to the home base station and carries the policy in the message. For example, the home base station sends a resource reconfiguration request for requesting allocation of resources;

The wireless network side sends a bearer modification request message to the home base station and carries policy information in the message, where the home base station sends a resource reconfiguration request for requesting reallocation or release of resources; the wireless network side is under the home base station Sending a session management request message and carrying policy information in the message, the home base station sends a resource reconfiguration request for requesting allocation or reallocation of resources; the wireless network side sends a bearer deactivation request message to the home base station and is here The message carries policy information, and the home base station sends a resource release request for requesting release of resources.

The determining, by the fixed network policy control function entity, whether the fixed network link corresponding to the information of the security tunnel can satisfy the content of the resource reconfiguration request: the fixed network policy control entity determines whether the fixed network link can Providing bandwidth resources required to be allocated or reallocated by the home base station, or determining whether the fixed network link accepts release of bandwidth resources required to be released by the home base station.

The feedback result of the fixed network policy control function entity to the home base station may be information about whether the fixed network can provide the requested resource, or the usage information of the fixed network current resource or the success or failure of the fixed network reconfiguration resource. If the feedback result is "fixed network release resource success", it can be optional. When the feedback result is not sent, the home base station defaults to the fixed network release resource successfully.

When the fixed network link cannot provide the bandwidth required by the home base station, the home base station may also decide to preempt the existing service resources of the fixed network, and notify the policy control function entity after the preemption succeeds.

The fixed network link described in this method may refer to a backhaul link.

First, the tunnel information in the embodiment of the present invention, that is, the information of the security tunnel, or the information of the IP security (IPsec) tunnel is introduced. In the prior art, when the home base station HeNB accesses the EPC, an IPsec tunnel is established between the HeNB and the SeGW, where the HeNB and the SeGW are respectively two endpoints of the IPsec tunnel. The tunnel information in the embodiment of the present invention includes an outer IP address of the HeNB, which is one of the endpoints of the IPsec tunnel, or a local IP address of the HeNB, and may include one or more of the following information: BPCF full domain name (FQDN, Fully Qualified Domain Name);

The outer port number of the HeNB (or the local port number of the HeNB);

The address and/or port number of the security gateway SeGW, one of the endpoints of the IPsec tunnel;

The identity of the HeNB, such as the International Mobile Station Identity (IMSI);

The virtual local area network identifier (VLAN ID) where the HeNB is located.

The outer/local IP address of the HeNB is allocated by the fixed network. If the private network address is allocated for the HeNB, the network address translation (NAT) exists in the fixed network, and the NAT converter is configured by the home gateway (RG). The Residential Gateway acts as the public network IP address of the private network address of the HeNB. The tunnel information also includes the port number of the User Datagram Protocol (UDP).

The tunnel information contains fixed network information such as the local/outer IP address (and port number) of the HeNB. Because the tunnel information is provided by the fixed network, the PCRF can select the BPCF serving the line where the address is located. In addition, the WLAN access network/fixed network can locate the fixed network line where the HeNB is located according to the tunnel information, and can guarantee the QoS on the line according to the policy rules.

If the eNB or the RG that functions as a router does not work in the bridging mode, the IP address obtained by the HeNB during the access is uniquely identified and located by the fixed network, and the HeNB can be located according to the address. Fixed network line; this address is allocated by the relevant network element when the HeNB accesses the fixed network/WLAN access network (such as broadband network gateway/broadband remote access server (BNG/BRAS, Broadband Network Gateway/Broadband) Remote Access Server ) ) , this address is the local / outer IP address.

If the HeNB accesses the fixed network and passes the RG function as a router, the address obtained by the HeNB during the access is the private IP address assigned by the RG, and the address cannot participate in the tunnel information. In this case, when the HeNB and the SeGW When the IPsec tunnel is established, the SeGW feeds back the outer/local IP address and UDP port number of the RG to the HeNB. The HeNB uses the address to construct the tunnel information, and the fixed network line where the HeNB is located can be located according to the address. In addition to local/outer IP The address (and port number), the tunnel information may also include information such as the FQDN of the BPCF.

The fixed network may be an access network of a wireless local area network (WLAN, Wireless LAN).

Embodiment 1:

FIG. 3 is a schematic structural diagram of Embodiment 1 of the present invention.

An interface T2 is set between the HeNB and the HeNB PF.

When the QoS policy is sent to the HeNB GW/MME on the network side (or is initiated by the network side, or the UE applies), the HeNB GW or MME sends the QoS policy to the HeNB, and the HeNB sends the resource configuration to the HeNB PF through the T2 interface. The request message is used to request a resource. When the resource configuration request message passes through the SeGW, the information of the secure tunnel (IPsec) between the SeGW and the HeNB is sent by the SeGW together with the resource configuration request message to the HeNB PF, and then the HeNB PF passes the S9. The interface is advertised to the BPCF. The BPCF finds the backhaul link where the HeNB is located according to the tunnel information, and checks whether the backhaul link where the HeNB is located can provide the resources requested by the HeNB. If the backhaul link can provide the resource requested by the HeNB, the BPCF feeds back the resource request success message to the HeNB PF, and the HeNB PF feeds back the resource request success message to the HeNB, and the HeNB accepts the service; if the Backhaul cannot provide the resource requested by the HeNB, Then, the BPCF feeds back the resource request failure message to the HeNB PF, and the HeNB PF feeds back the resource request failure message to the HeNB, and the HeNB rejects the service.

Wherein, because 3GPP and BBF describe the service quality of the service in different ways, the parameters used are also different. Therefore, the parameter information in the resource configuration request/response message is mapped or reversed by the 3GPP to BBF in the HeNB PF, or the BPCF. Mapping to.

The security tunnel information includes but is not limited to:

Inner IP address and outer IP address; or,

Wherein, when the information of the security tunnel includes the outer IP address or the inner layer IP address, if the home base station accesses a fixed network through a home gateway functioning as a router, the outer layer The IP address and the inner layer IP address are public network IP addresses translated by the network address of the private IP address of the home base station, and the information of the secure tunnel further includes a user data packet protocol UDP. The port number.

In addition, the security tunnel information may also be displayed or implicitly included: the correspondence between the identity of the home base station and the outer IP address or IP address plus the port number, the inner and outer IP addresses, or the IP address plus the port number.

In another implementation manner, if the current Backhaul cannot provide the resource requested by the HeNB, the BPCF may feed back the fixed network resource status to the HeNB via the HeNB P, and the HeNB may decide to preempt the existing service according to the user type, the service nature, the fixed network status, and the like. Resources, after resource seizure success, and notified to the fixed network.

Embodiment 2:

4 is a schematic structural diagram of Embodiment 2 of the present invention.

A T1 interface is set between the SeGW and the HeNB PF, and a T2 interface is set between the HeNB and the HeNB PF.

The HeNB is powered on, and the IPsec tunnel is established between the HeNB and the SeGW (herein the prior art); the SeGW advertises the IPsec tunnel information between the HeNB and the SeGW to the HeNB PF through the T1 interface, and then the HeNB PF advertises the information through the S9* interface. Based on the tunnel information, the BPCF learns the location and/or identity of the fixed network Backhaul (backhaul network) currently accessed by the HeNB. The HeNB PF and/or BPCF store the information after receiving the security (IPsec) tunnel information.

The HeNB PF and the BPCF may be simple interactions, and transmit security (IPsec) tunnel information, or may simultaneously establish an S9* session through interaction information.

The composition of the security (IPsec) tunnel information is described in the first embodiment (Fig. 3).

When the QoS policy is sent to the HeNB GW/MME on the EPS network side (or the network side is active, or the UE requests), the HeNB GW/MME sends the QoS policy to the HeNB through the S1 interface, and the HeNB sends the resource to the HeNB PF through the T2 interface. The reconfiguration request is used to request the resource. When the resource reconfiguration request passes through the SeGW, the SeGW sends the resource reconfiguration request to the HeNB PF through the T1 session corresponding to the IPsec tunnel, and the HeNB PF advertises to the BPCF through the S9* interface. Checking whether the backhaul link where the HeNB is located can also provide the resource/bandwidth requested by the HeNB: If the Backhaul can provide the resource requested by the HeNB, the BPCF feeds back the resource request success message to the HeNB PF, and the HeNB PF feeds back the resource request success message to the HeNB. The HeNB accepts the service; if the Backhaul cannot provide the resource requested by the HeNB, the BPCF feeds back the resource request failure message to the HeNB PF, and the HeNB PF feeds back the resource request failure message to the HeNB, and the HeNB rejects the service.

In the foregoing solution, a specific processing method of the message and the information in each network element is: when the HeNB is powered on, the fixed network allocates an IP address or an IP address plus a port number to the HeNB; the IP address or the IP address. After the port number is passed through the fixed network (NAT) network address, the IP address or IP address plus the port number may be converted into another IP address or IP address plus port number, which is the external Layer IP address or IP address plus port number (when there is no NAT device, the original IP address or IP address plus port number is the outer IP address or IP address plus port number); During the IPsec tunnel establishment, the SeGW allocates the HeNB. An IP address or IP address plus a port number. The IP address or IP address plus port number is called an inner IP address or an IP address plus a port number.

When the HeNB is powered on, the SeGW and the HeNB PF pass the security (IPsec) tunnel information through the T2 interface, where the information includes the inner and outer IP addresses or the IP address plus the port number and their correspondence, the HeNB identifier, and The HeNB PF stores the relationship between the outer IP address or the IP address plus the port number.

The "resource reconfiguration request" message sent by the HeNB carries the inner layer IP address or the IP address plus the port number, and the message is encapsulated by the IPsec tunnel to reach the SeGW. The IPsec encapsulation carries the outer IP address or IP address plus the port number. When the message arrives at the SeGW, the SeGW removes the IPsec encapsulation, and the outer IP address or IP address plus the port number is removed. The "Resource Reconfiguration Request" message is further routed by the SeGW to the HeNB PF, which is not parsed by the SeGW (prior art).

The HeNB PF maps the inner IP address or IP address plus the port number and/or the HeNB identifier of the "resource reconfiguration request" message to the outer layer according to the inner and outer IP addresses or IP addresses plus the port number, and/or the HeNB identity. The IP address or IP address plus the port number, and the content and the outer IP address or IP address plus the port number in the "Resource Reconfiguration Request" message are sent to the BPCF.

BPCF verifies whether the outer IP address or IP address plus the port number in the fixed network link can provide "resources" Reconfigure the requested resource in the request message. Or, after receiving the "resource reconfiguration request" message, the HeNB PF adds the port number and/or the identity of the HeNB according to the inner IP address or IP address of the "resource reconfiguration request". And the stored tunnel information finds the outer IP address or IP address plus the port number, and then adds the port number according to the external IP address or IP address, or directly according to the inner IP address or IP address plus the port number, "reconfigure the resource" The content of the request "matches to the appropriate S9* session and is sent to the BPCF. The BPCF verifies whether the requested resource in the "Resource Reconfiguration Request" message can be provided in the fixed network link. In addition, the message and information are in each The processing in the network element can have other different solutions:

On the T1 interface, when the SeGW and the HeNB PF exchange information, a T1 session is established; on the S9* interface, when the HeNB PF and the BPCF interact, an S9* session is established; when the "resource reconfiguration request" message sent by the HeNB passes through the SeGW, The SeGW sends the resource reconfiguration request to the HeNB PF through a T1 session corresponding to the IPsec tunnel. The HeNB PF sends the "resource reconfiguration request" to the appropriate S9* session and sends it to the BPCF according to the stored IPsec tunnel information and the correspondence between the T1 session and the S9* session establishment. The BPCF verifies the fixed network link. Is it possible to provide the resource requested in the "Resource Reconfiguration Request" message.

The above processing methods are applicable to the subsequent various flowcharts.

FIG. 5 is a flow chart of the process of establishing a T1 session when the HeNB is powered on in the embodiment of the present invention. The BBF BPCF can determine the fixed network backhaal (the fixed network backhaul network) where the HeNB is located according to the tunnel information reported by the SeGW. The establishment of the T1 callback is an optional step. The detailed steps are described as follows:

501. The HeNB is powered on and accesses the fixed network, and the fixed network allocates a local IP address to the HeNB through a related mechanism, and the address is used as an external IP address of the encapsulated data packet;

502. HeNB and SeGW establish an IPsec tunnel to ensure data security during transmission. Sex and integrity.

503. The SeGW reports the IPsec tunnel information between the HeNB and the SeGW to the HeNB PF through the T1 interface, and establishes a T1 session.

504. The HeNB PF reports the tunnel information to the BPCF through the S9* interface, and establishes an S9* interface session. The BPCF determines the Backhaul of the fixed network where the HeNB is located through the tunnel information.

In the above process, when the HeNB is powered on, the SeGW and the HeNB PF establish a T1 session and transmit tunnel information. The present invention also provides another implementation method. When the HeNB is powered on, the SeGW and the HeNB PF only transmit tunnel information, and do not establish a T1 session.

The detailed steps are described as follows:

501a. The HeNB is powered on and accesses the fixed network, and the fixed network allocates a local IP address to the HeNB through a related mechanism, and the address is used as an external IP address of the encapsulated data packet;

502a. The HeNB and the SeGW establish an IPsec tunnel to ensure the security and integrity of the data during transmission.

The SeGW allocates an inner layer IP address or an IP address plus a port number to the HeNB, and carries the message to the HeNB in response to the message addressed to the HeNB.

503a. The SeGW reports only the IPsec tunnel information between the HeNB and the SeGW to the HeNB PF through the T1 interface, and does not need to establish a T1 session;

504a. The HeNB PF reports the tunnel information to the BPCF through the S9* interface, and establishes an S9* interface session. The BPCF determines the Backhaul of the fixed network where the HeNB is located through the tunnel information.

The invention will now be described in detail by way of specific examples.

Embodiment 1

This embodiment is a specific example in which a service is initiated and successfully accepted in a HeNB system. The service admission control point is at the HeNB. In addition to the existing technologies, such as CSG, ARP, and access mode, the HeNB also integrates the resources of the fixed network. For details, see the process. Description. As shown in Figure 6:

601. The HeNB is powered on, and an IPsec tunnel between the HeNB and the SeGW is established.

A T1 session is established between the SeGW and the HeNB PF through the operation of Embodiment 3. The establishment of this T1 session is an optional step.

This step is performed when the HeNB is powered on, not every time the service is initiated.

602. The new service is initiated. The initiation of the service may be initiated by the network side, or may be the service requested by the UE to the network side. The related network element (HeNB GW or MME) of the EPS core network sends a "bearer setup request/session management request" message to the HeNB through the S1 interface, and carries information such as QoS policy.

603. The HeNB sends resource request signaling to the HeNB PF through the T2 interface, and requests the resource from the fixed network.

The signaling is first arrived at the SeGW through an IPsec channel between the HeNB and the SeGW. If a T1 session is established between the SeGW and the PF in step 601, the SeGW matches the signaling to the appropriate T1 session and sends it to the PF.

If the T1 session is not established between the SeGW and the PF in step 601, after the signaling arrives at the SeGW, the SeGW sends the IPsec tunnel information of the signaling to the HeNB PF.

604. The HeNB PF advertises the resource request information sent by the HeNB and the tunnel information sent by the SeGW to the BPCF and its fixed network policy execution device through the S9* interface.

605. If the T1 session and the S9* session are established in step 601, the BPCF can find the fixed network backhaul where the HeNB is located through the corresponding session information; if the T1 session and the S9* session are not established in step 601, the BPCF passes the tunnel. Information, find the Backhaul of the fixed network where the HeNB is located

The BPCF and the fixed network policy enforcement device check whether the fixed network Backhaul where the HeNB is located can provide the resources requested by the HeNB. If available, allocate resources and return the S9* interface to the PF: The resource allocation was successfully responded.

606. BPCF returns S9* interface to PF: Resource allocation successfully responded.

607. The PF returns a T2* interface to the HeNB: The resource allocation is successfully responded.

608. The HeNB responds according to the successful response returned by the fixed network, and other existing attributes of the service. Such as ARP, CSG and other information, the implementation of the acceptance control of the business.

If the service is admitted, radio resources are allocated between the HeNB and the UE, and a bearer is established.

609. The HeNB returns a "bearer setup response/session management response" to the EPS core network to notify the core network to successfully allocate resources for the service.

610. Relevant processing of the core network.

For the flow shown in FIG. 6, the present invention also provides another implementation method, and the detailed steps are as follows:

601a. The HeNB is powered on, and an IPsec tunnel between the HeNB and the SeGW is established.

Only the IPsec tunnel information is transmitted between the SeGW and the HeNB PF through the operation of FIG. This step is performed when the HeNB is powered on, not every time the service is initiated.

602a. The new service is initiated, and the initiation of the service may be initiated by the network side, or may be the service requested by the UE to the network side. The related network element (HeNB GW or MME) of the EPS core network sends a "bearer setup request/session management request" message to the HeNB through the S1 interface, and carries information such as QoS policy.

603a. The HeNB sends resource request signaling to the HeNB PF through the T2 interface, and requests the resource from the fixed network.

604a. The HeNB PF finds a corresponding S9* session according to the security (IPsec) tunnel information; and sends the resource request information to the BPCF and its fixed network policy execution device;

Or, the resource request information sent by the HeNB and the tunnel information sent by the SeGW are advertised to the BPCF and its fixed network policy execution device through the S9* interface.

605a. The BPCF and the fixed network policy enforcement device verify whether the fixed network Backhaul where the HeNB is located can provide the resources requested by the HeNB. If available, allocate resources and return the S9* interface to the PF: The resource allocation was successfully responded.

606a. BPCF returns the S9* interface to the PF: The resource allocation is successfully responded.

607a. The PF returns a T2* interface to the HeNB: The resource allocation is successfully responded.

608a. The HeNB responds according to the successful response returned by the fixed network, and other existing attributes of the service. Such as ARP, CSG and other information, the implementation of the acceptance control of the business.

609a. The HeNB returns a "bearer setup response/session management response" to the EPS core network to notify the core network to successfully allocate resources for the service.

610a. Correlation processing of the core network.

Specific embodiment 2:

This embodiment is a specific example in which a service is initiated and rejected in a HeNB system. The service access control point is at the HeNB. In addition to the existing technologies, such as CSG, ARP, and access mode, the HeNB also integrates the resources of the fixed network. For details, see the process description. As shown in Figure 7:

701. The HeNB is powered on, and an IPsec tunnel between the HeNB and the SeGW is established.

702. The new service is initiated. The initiation of the service may be initiated by the network side, or may be the service requested by the UE to the network side. The related network element (HeNB GW or MME) of the EPS core network sends a "bearer setup request/session management request" message to the HeNB through the S1 interface, and carries information such as QoS policy.

703. The HeNB sends resource request signaling to the HeNB PF through the T2 interface, and requests the resource from the fixed network.

The signaling is first arrived at the SeGW through an IPsec channel between the HeNB and the SeGW. If a T1 session is established between the SeGW and the PF in step 701, the SeGW matches the signaling to the appropriate T1 session and sends it to the PF.

If the T1 session is not established between the SeGW and the PF in step 701, after the signaling arrives at the SeGW, the SeGW sends the IPsec tunnel information of the signaling to the HeNB PF.

704. The HeNB PF sends the resource request information sent by the HeNB and the SeGW through the S9* interface. The tunnel information is sent to the BPCF and its fixed network policy enforcement device.

705. If the T1 session and the S9* session are established in step 701, the BPCF can find the fixed network backhaul where the HeNB is located through the corresponding session information; if the T1 session and the S9* session are not established in step 701, the BPCF passes the tunnel. Information, determining the Backhaul of the fixed network where the HeNB is located

The BPCF and the fixed network policy enforcement device check whether the fixed network Backhaul where the HeNB is located can provide the resources requested by the HeNB. If the resource cannot be allocated, return the S9* interface to the PF: Resource allocation failure response.

706. BPCF returns S9* interface to PF: Resource allocation failure response.

707. The PF returns a T2* interface to the HeNB: Resource allocation failure response.

708. The HeNB refuses to accept the service according to the failure response returned by the fixed network.

709. The HeNB returns a "bearer setup response/session management response" failure notification to the EPS core network.

710. Relevant processing of the core network.

For the flow shown in FIG. 7, the present invention also provides another implementation method, and the detailed steps are as follows:

701a. The HeNB is powered on, and an IPsec tunnel between the HeNB and the SeGW is established.

702a. The new service is initiated, and the initiation of the service may be initiated by the network side, or may be the service requested by the UE to the network side. The related network element (HeNB GW or MME) of the EPS core network sends a "bearer setup request/session management request" message to the HeNB through the S1 interface, and carries information such as QoS policy.

703a. The HeNB sends resource request signaling to the HeNB PF through the T2 interface, and requests the resource from the fixed network.

704a. The HeNB PF finds a corresponding S9* session according to the security (IPsec) tunnel information, and sends the resource request information to the BPCF and its fixed network policy execution device;

Or sending the resource request information sent by the HeNB and the SeGW to the tunnel through the S9* interface. The channel information is advertised to BPCF and its fixed network policy enforcement equipment.

705a. The BPCF and the fixed network policy enforcement device verify whether the fixed network Backhaul where the HeNB is located can provide the resources requested by the HeNB. If the resource cannot be allocated, return the S9* interface to the PF: Resource allocation failure response.

706a. BPCF returns S9* interface to PF: Resource allocation failure response.

707a. The PF returns a T2* interface to the HeNB: Resource allocation failure response.

708a. The HeNB refuses to accept the service according to the failure response returned by the fixed network.

709a. The HeNB returns a "bearer setup response/session management response" failure notification to the EPS core network.

710a. Correlation processing of the core network.

Specific embodiment 3:

This embodiment is a specific example of resource deactivation in the HeNB system. See the process description for specific operations. As shown in Figure 8:

801. The HeNB is powered on, and an IPsec tunnel between the HeNB and the SeGW is established.

This step is performed when the HeNB is powered on, not every time the related business operation is performed.

802. Bearer deactivation, the initiation of the operation may be initiated by the network side, or may be requested by the UE to the network side. The relevant network element (HeNB GW or MME) of the EPS core network sends a "bearer deactivation request" message to the HeNB through the SI interface, and carries information such as QoS policy.

803. HeNB related mechanism, deleting bearers and releasing radio resources.

804. The HeNB sends the resource release request signaling to the HeNB PF through the T2 interface.

The signaling is first arrived at the SeGW through an IPsec channel between the HeNB and the SeGW. If a T1 session is established between the SeGW and the PF in step 801, the SeGW matches the signaling to the appropriate T1 session and sends it to the PF. If the T1 session is not established between the SeGW and the PF in step 801, after the signaling arrives at the SeGW, the SeGW sends the IPsec tunnel information of the signaling to the HeNB PF.

805. The HeNB PF advertises the resource release request information sent by the HeNB and the tunnel information sent by the SeGW to the BPCF and its fixed network policy execution device through the S9* interface.

806. If the T1 session and the S9* session are established in step 801, the BPCF can find the fixed network backhaul where the HeNB is located through the corresponding session information; if the T1 session and the S9* session are not established in step 801, the BPCF passes the tunnel. Information, find the Backhaul of the fixed network where the HeNB is located

The BPCF and the fixed network policy enforcement device reconfigure the fixed network resources according to the signaling, and return the S9* interface to the PF: the resource release response.

807. BPCF returns the S9* interface to the PF: Resource Release Response.

808. The PF returns a T2* interface to the HeNB: a resource release response.

809. The HeNB returns a "bearer setup response/session management response" to the EPS core network to notify the core network that the bearer deactivation is successful.

810. Relevant processing of the core network.

For the flow shown in FIG. 8, the present invention also provides another implementation method, and the detailed steps are as follows:

801a. The HeNB is powered on, and an IPsec tunnel between the HeNB and the SeGW is established.

Only the IPsec tunnel information is transmitted between the SeGW and the HeNB PF through the operation of FIG. This step is performed when the HeNB is powered on, not every time the related business operation is performed.

802a. The bearer is deactivated. The initiation of the operation may be initiated by the network side, or may be requested by the UE to the network side. The relevant network element (HeNB GW or MME) of the EPS core network sends a "bearer deactivation request" message to the HeNB through the SI interface, and carries information such as QoS policy.

803a. HeNB related mechanism, deleting bearers and releasing radio resources.

804a. The HeNB sends a resource release request signaling to the HeNB PF through the T2 interface.

805a. The HeNB PF finds a corresponding S9* session according to the security (IPsec) tunnel information, and sends the resource release request information to the BPCF and its fixed network policy execution device. Or, the resource release request information sent by the HeNB and the tunnel information sent by the SeGW are advertised to the BPCF and the fixed network policy execution device by using the S9* interface.

806a. The BPCF and the fixed network policy enforcement device reconfigure the fixed network resources according to the signaling, and return the S9* interface to the PF: the resource release response.

807a. BPCF returns the S9* interface to the PF: Resource Release Response.

808a. The PF returns a T2* interface to the HeNB: a resource release response.

809a. The HeNB returns a "bearer setup response/session management response" to the EPS core network to notify the core network that the activation is successful.

810a. Correlation processing of the core network.

Specific Embodiment 4:

This embodiment is a specific example of bearer modification in the HeNB system. The service admission control point is at the HeNB. When the HeNB performs bearer modification control, in addition to the factors in the prior art, such as CSG, ARP, and access mode, the resource status of the fixed network is also integrated. For details, see the process description. As shown in Figure 9:

901. The HeNB is powered on, and an IPsec tunnel between the HeNB and the SeGW is established.

This step is performed when the HeNB is powered on, not when each operation is initiated.

902. The bearer modification is initiated, and the initiation of the service may be initiated by the network side, or may be requested by the UE to the network side. The related network element (HeNB GW or MME) of the EPS core network sends a "bearer modification request/session management request" message to the HeNB through the SI interface, and carries information such as QoS policy.

903. The HeNB sends resource reconfiguration signaling to the HeNB PF through the T2 interface.

The signaling is first arrived at the SeGW through an IPsec channel between the HeNB and the SeGW. If a T1 session is established between the SeGW and the PF in step 901, the SeGW matches the signaling to the appropriate T1 session and sends it to the PF. If, in step 901, a T1 session is not established between the SeGW and the PF, after the signaling arrives at the SeGW, the SeGW sends the IPsec tunnel information in which the signaling is located to the HeNB PF.

904. The HeNB PF advertises the resource reconfiguration request information sent by the HeNB and the tunnel information sent by the SeGW to the BPCF and its fixed network policy execution device through the S9* interface.

905. If the T1 session and the S9* session are established in step 901, the BPCF can find the fixed network backhaul where the HeNB is located through the corresponding session information; if the T1 session and the S9* session are not established in step 901, the BPCF passes the tunnel. Information, determining the Backhaul of the fixed network where the HeNB is located

The BPCF and the fixed network policy enforcement device verify whether the fixed network Backhaul where the HeNB is located can accept the resource reconfiguration operation in the request.

906. BPCF returns S9* interface to PF: Resource reconfiguration success/failure response.

907. The PF returns a T2* interface to the HeNB: Resource Reconfiguration Success/Failure Response.

908. The HeNB accepts/rejects the bearer modification according to the response returned by the fixed network.

909. The HeNB returns a "bearer setup response/session management response" to the EPS core network.

910. Relevant processing of the core network.

For the flow shown in FIG. 9, the present invention also provides another implementation method, and the detailed steps are as follows:

901a. The HeNB is powered on, and an IPsec tunnel between the HeNB and the SeGW is established.

Only the IPsec tunnel information is transmitted between the SeGW and the HeNB PF through the operation of FIG. This step is performed when the HeNB is powered on, not when each operation is initiated.

902a. The bearer modification is initiated, and the initiation of the service may be initiated by the network side, or may be requested by the UE to the network side. The related network element (HeNB GW or MME) of the EPS core network sends a "bearer modification request/session management request" message to the HeNB through the SI interface, and carries information such as QoS policy.

903a. The HeNB sends resource reconfiguration signaling to the HeNB PF through the T2 interface.

904a. The HeNB PF finds a corresponding S9* session according to the security (IPsec) tunnel information; and sends the resource reconfiguration request information to the BPCF and its fixed network policy execution device; Or, the resource reconfiguration request information sent by the HeNB and the tunnel information sent by the SeGW are advertised to the BPCF and the fixed network policy execution device by using the S9* interface.

905a. The BPCF and the fixed network policy enforcement device verify whether the fixed network Backhaul where the HeNB is located can accept the resource reconfiguration operation in the request.

906a. BPCF returns S9* interface to PF: Resource reconfiguration success/failure response.

907a. The PF returns a T2* interface to the HeNB: Resource Reconfiguration Success/Failure Response.

908a. The HeNB accepts/rejects bearer modification according to the response returned by the fixed network.

909a. The HeNB returns a "bearer setup response/session management response" to the EPS core network.

910a. Correlation processing of the core network.

Embodiment 5:

This embodiment is a specific example of bearer establishment/modification in the HeNB system. The service admission control point is at the HeNB. When the HeNB performs bearer setup/modification control, it integrates existing technology factors, such as CSG and ARP, according to the resource status returned by the fixed network, and decides to preempt the resources of the existing service to establish/modify the bearer for the new service. See the process description for specific operations. As shown in Figure 10:

1001. The HeNB is powered on, and an IPsec tunnel between the HeNB and the SeGW is established.

1002. The bearer setup/modification initiation may be initiated by the network side or may be requested by the UE to the network side. The relevant network element (HeNB GW or MME) of the EPS core network sends a "bearer setup/modification request/session management request" message to the HeNB through the SI interface, and carries information such as QoS policy.

1003. The HeNB sends resource reconfiguration signaling to the HeNB PF through the T2 interface.

The signaling is first arrived at the SeGW through an IPsec channel between the HeNB and the SeGW. If a T1 session is established between the SeGW and the PF in step 1001, the SeGW matches the signaling to the appropriate T1 session and sends it to the PF. If, in step 1001, the T1 session is not established between the SeGW and the PF, after the signaling arrives at the SeGW, the SeGW sends the IPsec tunnel information of the signaling to the HeNB PF.

1004. The HeNB PF advertises the resource allocation/reconfiguration request information sent by the HeNB and the tunnel information sent by the SeGW to the BPCF and its fixed network policy execution device through the S9* interface.

1005. If, in step 1001, a T1 session and an S9* session are established, the BPCF can find the fixed network backhaul where the HeNB is located through the corresponding session information; if the T1 session and the S9* session are not established in step 1001, the BPCF passes the tunnel. Information, determine the Backhaul of the fixed network where the HeNB is located

The BPCF and the fixed network policy enforcement device check whether the fixed network Backhaul where the HeNB is located can accept the resource establishment/reconfiguration operation in the request. One scenario is that the fixed network cannot provide the resources required for the service request.

1006. BPCF returns the S9* interface to the PF: The resource reconfiguration response, and may return the fixed network resource status to the PF.

1007. The PF returns a T2* interface to the HeNB: a resource reconfiguration response, and may return the resource status of the fixed network to the HeNB.

1008. The HeNB combines the factors in the prior art, such as CSG, ARP, etc., according to the response returned by the fixed network, and decides to preempt the resources of the existing service to establish/modify the bearer for the new service.

1009. Radio resource reconfiguration.

1010. The HeNB informs the PF resource that the PF resource is preempted through the T2 interface.

1011. The PF informs the BPCF resource that it is preempted through the S9* interface.

1012. Fixed network reconfiguration resources.

1013. The HeNB returns a "bearer setup response/session management response" to the EPS core network.

1014. Relevant processing of the core network.

For the flow shown in FIG. 10, the present invention also provides another implementation method, and the detailed steps are as follows:

1001a. The HeNB is powered on, and an IPsec tunnel between the HeNB and the SeGW is established. Only the IPsec tunnel information is transmitted between the SeGW and the HeNB PF through the operation of FIG. This step is performed when the HeNB is powered on, not when each operation is initiated.

1002a. Bearer setup/modification initiation, the initiation of the service may be initiated by the network side, or may be requested by the UE to the network side. The relevant network element (HeNB GW or MME) of the EPS core network sends a "bearer setup/modification request/session management request" message to the HeNB through the SI interface, and carries information such as QoS policy.

1003a. The HeNB sends resource reconfiguration signaling to the HeNB PF through the T2 interface.

1004a. The HeNB PF finds a corresponding S9* session according to the security (IPsec) tunnel information; and sends the resource allocation/reconfiguration reconfiguration request information to the BPCF and its fixed network policy execution device;

Or, the resource allocation/reconfiguration request information sent by the HeNB and the tunnel information sent by the SeGW are advertised to the BPCF and its fixed network policy execution device through the S9* interface.

1005a. The BPCF and the fixed network policy enforcement device verify whether the fixed network Backhaul where the HeNB is located can accept the resource establishment/reconfiguration operation in the request. One scenario is that the fixed network cannot provide the resources required for the service request.

1006a. BPCF returns the S9* interface to the PF: The resource reconfiguration response, and may return the resource status of the fixed network to the PF.

1007a. The PF returns a T2* interface to the HeNB: a resource reconfiguration response, and may return the resource status of the fixed network to the HeNB.

1008a. The HeNB combines the factors in the prior art, such as CSG, ARP, etc., according to the response returned by the fixed network, and decides to preempt the resources of the existing service to establish/modify the bearer for the new service.

1009a. Radio resource reconfiguration.

1010a. The HeNB informs the PF resource that it is preempted through the T2 interface.

1011a. The PF informs the BPCF resource that it is preempted through the S9* interface.

1012a. Fixed network reconfiguration resources.

1013a. The HeNB returns a "bearer setup response/session management response" to the EPS core network.

1014a. Related processing of the core network. Note: In the above embodiment, the S9* session is an interworking policy between the HeNB PF in the 3GPP access system and the BPCF in the BBF access network. The S9* session is only a specific name. Of course, other names can be used. In order to be not limited to the S9* session, it is referred to as an "interworking policy session" in the present invention, and the corresponding S9* interface is called an interworking policy interface.

Similarly, the session between BNG/BRAS and BPCF can be implemented using different protocols, and the name of the interworking is referred to as a "fixed network policy session" in the present invention.

The above described embodiment is discussed by taking an evolved home base station (HeNB) system as an example, and the method is equally applicable to a home base station (HNB) system.

For the sake of uniform description, the "home base station" in the present invention covers the HeNB and the HNB.

In summary, the foregoing embodiments of the present invention solve the problem that the total requirement of the user equipment that cannot share the same subscription fixed network line but selects different PCRFs in the related art does not exceed the subscription QoS guarantee of the contracted fixed network line. In addition, QoS control can be performed on all UEs accessed through the home base station, so that the total QoS requirement does not exceed the QoS that the fixed base line accessed by the home base station can provide.

Obviously, those skilled in the art should understand that the above modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein. The steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps are fabricated as a single integrated circuit module. Thus, the invention is not limited to any particular combination of hardware and software.

The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention. Industrial applicability

The present invention provides a method and system for controlling service admission, improving system control service acceptance performance, and improving system resource management capabilities. The problem that the total requirement of the user equipment in the related art that cannot share the same fixed-line fixed line but selects different PCRFs does not exceed the contracted QoS guarantee of the contracted fixed line is solved. The service admission management and resource management in the HeNB scenario and the resource management when the HNB accesses the scenario are implemented by the method and the system of the present invention.

Claims

Claim

1. A method of business admission control, comprising:

The security gateway sends the information about the security tunnel between the home base station and the security gateway and the resource reconfiguration request initiated by the home base station to the home base station policy function entity after receiving the policy information sent by the wireless network side;

The home base station policy function entity notifies the information about the security tunnel and the resource reconfiguration request to a fixed network policy control function entity, where the fixed network policy control function entity determines a fixed network chain corresponding to the information of the security tunnel Whether the path can satisfy the content of the resource reconfiguration request, and feeds back a determination result to the home base station, and the home base station makes an admission control decision according to the determination result.

2. The method according to claim 1, wherein the security gateway initiates the information of the secure tunnel between the home base station and the security gateway and the policy information sent by the home base station to the wireless network side. The step of sending the resource reconfiguration request to the home base station policy function entity includes: after the security gateway establishes a secure tunnel with the home base station, establishing a session with the home base station policy function entity, and in the process of establishing the session, The information about the security tunnel is sent to the home base station policy function entity; after receiving the resource reconfiguration request, the security gateway sends the resource reconfiguration request to the home base station policy function entity through the session. .

3. The method according to claim 2, wherein the session is a dedicated session established by the security gateway with a dedicated interface when the home base station performs system initialization.

4. The method according to claim 1 or 2 or 3, wherein, in the step of the security gateway transmitting the information of the security tunnel and the resource reconfiguration request to a home base station policy function entity:

5. The method of claim 1, wherein

The sending, by the wireless network, the policy information, and the sending, by the home base station, the resource reconfiguration request includes: The wireless network side sends a bearer setup request message to the home base station, and carries the policy information in the message, where the home base station sends the resource reconfiguration request for requesting allocation of resources;

The wireless network side sends a bearer modification request message to the home base station and carries the policy information in the message, where the home base station sends the resource reconfiguration request for requesting reallocation or release of resources;

Sending, by the wireless network, a session management request message to the home base station, and carrying the policy information in the message, where the home base station sends the resource reconfiguration request for requesting allocation or reallocation of resources; or

The wireless network side sends a bearer deactivation request message to the home base station and carries the policy information in the message, and the home base station sends the resource release request for requesting release of resources.

6. The method of claim 1, wherein

7. The method of claim 1, wherein

The step of the home base station making an admission control decision according to the determination result includes: if the determination result indicates that the fixed network link corresponding to the information of the security tunnel can satisfy the content of the resource reconfiguration request, the family The base station accepts a new task; if the judgment result indicates that the fixed network link corresponding to the information of the secure tunnel cannot satisfy the content of the resource reconfiguration request; the home base station rejects the new service.

8. The method of claim 1 further comprising:

When the fixed network link corresponding to the information of the security tunnel fails to meet the content of the resource reconfiguration request, the home base station determines to preempt the existing service resource, and notifies the fixed network policy control function entity.

The method of any of claims 1-8, wherein the secure tunnel information comprises: The identity of the home base station of the endpoint of the secure tunnel and the outer IP address; or

Inner IP address and outer IP address; or,

10. The method according to claim 9, wherein, when the information of the secure tunnel includes the outer IP address, if the home base station accesses a fixed network through a home gateway functioning as a router, The outer IP address is a public network IP address of the private IP address of the home base station converted by the network address, and the information of the secure tunnel further includes a user data packet protocol UDP port number.

11. A system for business acceptance control,

The system includes a wireless network side device, a security gateway, a home base station, a home base station policy function entity, and a fixed network policy control function entity;

The wireless network side device is configured to: send policy information to the home base station;

The home base station is configured to: initiate a resource reconfiguration request after receiving the policy information sent by the wireless network side device; and control, between the home base station and the security gateway, fed back by the functional entity according to the fixed network policy The information of the security tunnel corresponding to the fixed network link can satisfy the content of the resource reconfiguration request, and make an admission control decision;

The security gateway is configured to: send information about a secure tunnel between the home base station and the security gateway, and the resource reconfiguration request to the home base station policy function entity;

The home base station policy function entity is configured to: notify the fixed network policy control function entity by the information about the security tunnel and the resource reconfiguration request;

12. The system of claim 11 wherein:

The security gateway is configured to: establish a session with the home base station policy function entity after establishing a secure tunnel with the home base station, and send the security tunnel information to the The home base station policy function entity: after receiving the resource reconfiguration request, sending the resource reconfiguration request to the home base station policy function entity through the session.

13. The system according to claim 11, wherein the session is a dedicated session established by the home base station through a dedicated interface when the system is initialized by the home base station.

14. The system of claim 11 or 12, wherein

The security gateway is configured to: after receiving the resource reconfiguration request sent by the home base station, send the information of the security tunnel to the home base station policy function entity together with the resource reconfiguration request.

15. The system of claim 11 wherein

The home base station is further configured to: when it is known that the fixed network link cannot provide the required bandwidth of the home base station, determine to preempt the fixed network existing service resource, and notify the fixed network policy control function entity after the preemption succeeds .

16. The system of claim 11 wherein:

The wireless network side device includes a core network device of an evolved packet system and an evolved home base station gateway; or the wireless network side device includes a universal mobile communication system core network device and a home base station gateway.

The system according to any one of claims 11-16, wherein the secure tunnel information comprises:

Inner IP address and outer IP address; or,

The system according to claim 17, wherein, when the information of the secure tunnel includes the outer IP address, if the home base station accesses a fixed network through a home gateway functioning as a router, The outer IP address is a public network IP address of the private IP address of the home base station converted by the network address, and the information of the secure tunnel further includes a user data packet protocol UDP port number.

19. A home base station, comprising a resource reconfiguration request initiating module and an admission control decision module, where

The resource reconfiguration request module is configured to: receive a policy letter sent by the wireless network side device Initiate a resource reconfiguration request after the message;

The admission control decision module is configured to: determine whether the fixed network link corresponding to the information of the security tunnel fed back by the functional entity according to the fixed network policy can satisfy the content of the content of the resource reconfiguration request, and make an admission control decision;

The home base station according to claim 19, further comprising a resource preemption decision module, wherein the resource preemption decision module is configured to: when it is known that the fixed network link cannot provide the required bandwidth of the home base station, determine the preemption The network has existing service resources, and notifies the fixed network policy control function entity after the preemption succeeds.

The home base station according to claim 19 or 20, wherein the secure tunnel information includes:

Inner IP address and outer IP address; or,

The home base station according to claim 21, wherein, when the information of the secure tunnel includes the outer layer IP address, if the home base station accesses a fixed network through a home gateway functioning as a router, The outer IP address is a public network IP address of the private IP address of the home base station converted by the network address, and the information of the secure tunnel further includes a user data packet protocol UDP port number.

A security gateway, comprising an information sending module, wherein

The security gateway of claim 23, further comprising a session establishing module, wherein the session establishing module is configured to: establish a security tunnel with the home base station, establish a session of a base station policy function entity; The information sending module is configured to: send the security tunnel information to the home base station policy function entity in the process of establishing the session; and reconfigure the resource after receiving the resource reconfiguration request The request is sent to the home base station policy function entity through the session.

25. The security gateway of claim 24, wherein

The session establishing module is configured to: establish a dedicated session with the security gateway through a dedicated interface when the home base station performs system initialization.

The security gateway according to claim 23 or 24, wherein

The information sending module is configured to: after receiving the resource reconfiguration request sent by the home base station, send the information of the secure tunnel to the home base station policy function entity together with the resource reconfiguration request .

The security gateway according to any one of claims 23-26, wherein the security tunnel information comprises:

Inner IP address and outer IP address; or,

The security gateway according to claim 27, wherein, when the information of the secure tunnel includes the outer IP address, if the home base station accesses a fixed network through a home gateway functioning as a router, The outer IP address is a public network IP address of the private IP address of the home base station converted by the network address, and the information of the secure tunnel further includes a user data packet protocol UDP port number.

A home base station policy function entity, comprising: an information receiving module and a notification module, wherein the information receiving module is configured to: receive information about a secure tunnel between a home base station and the security gateway sent by the security gateway, and a resource reconfiguration request initiated by the home base station after receiving the policy information sent by the wireless network side device;

The home base station policy function entity of claim 29, wherein the secure tunnel information comprises: The identity of the home base station of the endpoint of the secure tunnel and the outer IP address; or

Inner IP address and outer IP address; or,

The home base station policy function entity according to claim 30, wherein, when the information of the security tunnel includes the outer layer IP address, if the home base station is connected through a home gateway functioning as a router function For the network, the outer IP address is a public network IP address of the private IP address of the home base station after the network address is translated, and the information of the security tunnel further includes a user data packet protocol UDP port number.

32. A method for business admission control, comprising:

The method according to claim 30, wherein, when the home base station policy function entity notifies the information of the security tunnel to the fixed network policy control function entity, the method further includes: the home base station policy function entity and the solid An interworking policy session is established between the network policy control function entities.

The method of claim 33, wherein the secure tunnel information comprises: an identifier of an end point home base station of the secure tunnel and an outer layer IP address; or

Inner IP address and outer IP address; or,

The system according to claim 34, wherein, when the information of the secure tunnel includes the outer layer IP address, if the home base station accesses a fixed network through a home gateway functioning as a router, The outer IP address is a public network IP address translated by the network address of the private IP address of the home base station, and the information of the security tunnel further includes a user data packet protocol UDP port. number.

36. The method of claim 33 or 34 or 35, wherein

The step of the home base station policy function entity notifying the content of the resource reconfiguration request to the fixed network policy control function entity includes: the home base station policy function entity reconfiguring the inner IP address or the inner layer IP address of the resource reconfiguration request The port number or the identity of the home base station is mapped to the outer IP address or the outer IP address plus the port number according to the stored security tunnel information, and the content of the resource reconfiguration request and its outer IP address or outer IP address are added. The port number is sent to the fixed network policy control function entity together; or

The home base station policy function entity maps the content of the resource reconfiguration request to the corresponding interworking policy session according to the inner layer IP address or the inner layer IP address of the resource reconfiguration request plus the port number or the identifier of the home base station, and sends the content of the resource reconfiguration request to the corresponding interworking policy session. Go to the fixed network policy control function entity.

37. The method of claim 32, wherein

The sending, by the wireless network side, the policy information, and the sending, by the home base station, the resource reconfiguration request includes:

The wireless network side sends a bearer setup request message to the home base station and carries policy information in the message, where the home base station sends a resource reconfiguration request for requesting allocation of resources;

The wireless network side sends a bearer modification request message to the home base station and carries policy information in the message, where the home base station sends a resource reconfiguration request for requesting reallocation or release of resources;

The wireless network side sends a session management request message to the home base station and carries policy information in the message, where the home base station sends a resource reconfiguration request for requesting allocation or reallocation of resources;

The wireless network side sends a bearer deactivation request message to the home base station and carries policy information in the message, where the home base station sends a resource release request for requesting release of resources.

38. The method of claim 32, wherein

The step of determining, by the fixed network policy control function entity, whether the fixed network link corresponding to the information of the security tunnel can satisfy the content of the resource reconfiguration request includes: determining, by the fixed network policy control entity, whether the fixed network link is Capable of providing bandwidth resources required to be allocated or reallocated by the home base station, or determining whether the fixed network link accepts release of bandwidth required by the home base station Resources.

39. The method of claim 32, wherein

The step of the home base station making an admission control decision according to the determination result includes: if the determination result indicates that the fixed network link corresponding to the information of the security tunnel can satisfy the content of the resource reconfiguration request, the home base station accepts a new task; if the judgment result indicates that the fixed network link corresponding to the information of the secure tunnel cannot satisfy the content of the resource reconfiguration request, the home base station rejects the new service.

40. The method of claim 32, wherein

41. A service admission control system, comprising: a wireless network side device, a security gateway, a home base station, a home base station policy function entity, and a fixed network policy control function entity;

The security gateway is configured to: send information about a secure tunnel between the home base station and the security gateway to the home base station policy function entity;

42. The system of claim 41, wherein

The home base station policy function entity is further configured to: notify the fixed network policy control function entity in the process of notifying the information about the security tunnel sent by the security gateway, and the fixed network policy control function entity Establish an interworking policy session.

43. The system of claim 42, wherein

The home base station policy function entity is further configured to: in the process of notifying the content of the resource reconfiguration request sent by the home base station to the fixed network policy control function entity, the inner layer IP address or the inner layer of the resource reconfiguration request The IP address plus the port number or the identity of the home base station is mapped to the outer IP address or the outer IP address plus the port number according to the stored security tunnel information, and then the content of the resource reconfiguration request and its outer IP address or outer IP address. The address plus the port number is sent to the fixed network policy control function entity; or

Mapping the content of the resource reconfiguration request to the corresponding interworking policy session according to the inner layer IP address or the inner layer IP address of the resource reconfiguration request plus the port number or the identifier of the home base station, and sending the content to the fixed network policy control function entity .

44. The system of claim 41, wherein

45. The system of claim 41, wherein

The system according to any one of claims 41 to 45, wherein the secure tunnel information comprises:

Inner IP address and outer IP address; or,

47. The system according to claim 46, wherein, when the information of the secure tunnel includes the outer layer IP address, if the home base station accesses a fixed network through a home gateway functioning as a router, The outer IP address is a public network IP address of the private IP address of the home base station converted by the network address, and the information of the secure tunnel further includes a user data packet protocol UDP port number.

48. A home base station, including a resource reconfiguration request initiating module and an admission control decision module, where

The home base station according to claim 48, further comprising a resource preemption decision module, wherein the resource preemption decision module is configured to: when it is known that the fixed network link cannot provide the required bandwidth of the home base station, Seize the existing service resources of the fixed network, and notify the fixed network policy control function entity after the preemption succeeds.

The home base station according to claim 48 or 49, wherein the secure tunnel information comprises:

Inner IP address and outer IP address; or,

The home base station according to claim 50, wherein, when the information of the secure tunnel includes the outer layer IP address, if the home base station accesses a fixed network through a home gateway functioning as a router, The outer IP address is a public network IP address of the private IP address of the home base station converted by the network address, and the information of the secure tunnel further includes a user data packet protocol UDP port number.

52. A home base station policy function entity, comprising: an information receiving module and a notification module, where the information receiving module is configured to: receive information about a secure tunnel between a home base station and the security gateway sent by the security gateway, and a resource reconfiguration request initiated by the home base station after receiving the policy information sent by the wireless network side device;

53. The home base station policy function entity of claim 41, further comprising an interworking policy session establishing module, wherein The interworking policy session establishing module is configured to: when the notification module notifies the information about the security tunnel sent by the security gateway to the fixed network policy control function entity, the interworking policy session establishing module establishes the An interworking policy session between the home base station policy function entity and the fixed network policy control function entity.

54. The home base station policy function entity of claim 41, wherein

The notification module is further configured to: add an inner layer IP address or an inner layer IP address of the resource reconfiguration request in the process of notifying the content of the resource reconfiguration request sent by the home base station to the fixed network policy control function entity The port number or the identity of the home base station is mapped to the outer IP address or the outer IP address plus the port number according to the stored security tunnel information, and the content of the resource reconfiguration request and its outer IP address or outer IP address are added to the port. The number is sent to the fixed network policy control function entity; or the content of the resource reconfiguration request is mapped to the corresponding interworking policy according to the inner layer IP address or the inner layer IP address of the resource reconfiguration request plus the port number or the identifier of the home base station. On the session, send it to the fixed network policy control function entity.

The home base station policy function entity according to any one of claims 52-54, wherein the security tunnel information includes:

Inner IP address and outer IP address; or,

The home base station policy function entity according to claim 55, wherein, when the information of the security tunnel includes the outer IP address, if the home base station is connected through a home gateway functioning as a router For the network, the outer IP address is a public network IP address of the private IP address of the home base station after the network address is translated, and the information of the security tunnel further includes a user data packet protocol UDP port number.