WO2012119399A1 - Service bypass method, access network device and security gateway - Google Patents

Service bypass method, access network device and security gateway Download PDF

Info

Publication number
WO2012119399A1
WO2012119399A1 PCT/CN2011/078620 CN2011078620W WO2012119399A1 WO 2012119399 A1 WO2012119399 A1 WO 2012119399A1 CN 2011078620 W CN2011078620 W CN 2011078620W WO 2012119399 A1 WO2012119399 A1 WO 2012119399A1
Authority
WO
WIPO (PCT)
Prior art keywords
service
charging
access network
network device
sent
Prior art date
Application number
PCT/CN2011/078620
Other languages
French (fr)
Chinese (zh)
Inventor
张勇
朱伟
陈项
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN201180001840.4A priority Critical patent/CN102726075B/en
Priority to PCT/CN2011/078620 priority patent/WO2012119399A1/en
Publication of WO2012119399A1 publication Critical patent/WO2012119399A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • H04L12/1403Architecture for metering, charging or billing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/12Setup of transport tunnels

Definitions

  • the embodiments of the present invention relate to the field of communications technologies, and in particular, to a service bypass method, an access network device, and a security gateway. Background technique
  • GGSN Gateway GPRS Support Node
  • the embodiments of the present invention provide a service bypass method, an access network device, and a security gateway, so as to bypass the WAP service and save bandwidth resources.
  • An embodiment of the present invention provides a service bypass method, including:
  • the access network device receives the service request data packet sent by the user equipment, and determines, according to the context information of the user equipment, that the service request data packet is bypassed by the security gateway;
  • the access network device After receiving the charging response message sent by the wireless application protocol service gateway, the access network device sends a service request data packet to the security gateway, so that the security gateway sends a service request to the access network device.
  • the data packet is sent to the wireless application protocol service gateway after performing network address translation.
  • the embodiment of the invention further provides a service bypass method, including:
  • the security gateway receives the charging request message sent by the access network device, where the charging request message is that the access network device receives the service request data packet sent by the user equipment, and determines, according to the context information of the user equipment,
  • the service request packet is sent to the security gateway after the security gateway is bypassed, and the charging request message carries an Internet Protocol address of the user equipment and a mobile station international integrated service digital network number;
  • a determining module configured to determine, according to the context information of the user equipment, performing a security gateway bypass on the service request data packet;
  • a sending module configured to send the charging request message generated by the generating module to the security gateway, so that the security gateway performs network address translation on the charging request message, and then sends the information to the wireless application protocol service gateway;
  • the receiving module After receiving the charging response message sent by the wireless application protocol service gateway, the receiving module sends a service request data packet to the security gateway, so that the security gateway performs network address translation on the service request data packet sent by the sending module. Then sent to the wireless application protocol service gateway.
  • the embodiment of the invention further provides a security gateway, including:
  • An address translation module configured to perform network address translation on the charging request message received by the message receiving module, and perform the charging response message received by the message receiving module Network address translation, and performing network address translation on the service request data packet received by the message receiving module;
  • a message sending module configured to send a network address translated charging request message to the wireless application protocol service gateway, and send a network address translated charging response message to the access network device, and the network is to be performed.
  • the address-converted service request data packet is sent to the wireless application protocol service gateway.
  • the SeGW is bypassed.
  • the access network device generates an accounting request message and sends it to the SeGW.
  • the SeGW performs network address translation (NAT Address Translation) (hereinafter referred to as NAT) on the charging request message and sends it to the WAP GW.
  • NAT network address translation
  • the access network device sends a service request data packet to the SeGW, so that the SeGW performs NAT on the service request data packet sent by the access network device, and then sends the service request data packet to the WAP GW. Therefore, the WAP service can be bypassed, thereby saving bandwidth resources.
  • FIG. 1 is a flowchart of an embodiment of a service bypass method according to the present invention.
  • FIG. 2 is a flowchart of another embodiment of a service bypass method according to the present invention.
  • FIG. 3 is a schematic diagram of an embodiment of an application scenario of the present invention.
  • FIG. 4 is a flowchart of an embodiment of a method for configuring a network in the present invention.
  • FIG. 5 is a flowchart of still another embodiment of a service bypass method according to the present invention.
  • FIG. 6 is a schematic structural diagram of an embodiment of an access network device according to the present invention
  • 7 is a schematic structural diagram of another embodiment of an access network device according to the present invention.
  • FIG. 8 is a schematic structural diagram of an embodiment of a security gateway according to the present invention.
  • FIG. 9 is a schematic structural diagram of another embodiment of a security gateway according to the present invention. detailed description
  • FIG. 1 is a flowchart of an embodiment of a service bypass method according to the present invention. As shown in FIG. 1, the service bypass method may include:
  • Step 101 The access network device receives the service request data packet sent by the UE, and determines to perform SeGW bypass on the service request data packet according to the context information of the UE.
  • the access network device may further receive a packet data protocol (Packet Data Protocol; PDP) context establishment request message sent by the UE, according to the PDP context.
  • PDP Packet Data Protocol
  • the access point name (Access Point Name; APN) carried in the request message is determined to perform SeGW bypass on the UE, and record the context information of the UE.
  • the APN that needs to perform the SeGW bypass may be configured on the access network device in advance. For example, the access network device may save the APN that needs to be bypassed by the SeGW in a data table or a database, so that the UE is sent.
  • the access network device may determine to perform SeGW bypass on the UE according to the APN carried in the PDP context setup request message.
  • the subsequent access network device may determine to perform SeGW bypass on the service request data packet according to the context information of the UE recorded by the access network device.
  • the access network device corresponds to The home register may configure the MSISDN of the UE in the admission list, and the access network device may obtain the context identifier of the UE and the MSISDN of the UE from the home register corresponding to the access network device, establish a context identifier of the UE, and establish the UE Correspondence of MSISDN.
  • the access network device may obtain the context identifier corresponding to the MSISDN according to the MSISDN of the UE carried in the service request data packet; and then the access network device may search according to the obtained context identifier. To the context information corresponding to the context identifier, the access network device may determine, according to the found context information, a SeGW bypass of the service request data packet.
  • Step 102 The access network device generates an accounting request message and sends the message to the SeGW, where the charging request message carries the IP address of the UE and the MSISDN, so that the SeGW sends the NAT to the WAP GW by performing NAT on the charging request message.
  • Step 103 After receiving the charging response message sent by the WAP GW, the access network device sends a service request data packet to the SeGW, so that the SeGW performs NAT on the service request data packet sent by the access network device, and then sends the data to the WAP GW.
  • the access network device caches the service request data packet.
  • sending the service request data packet to the SeGW may be: the access network device deleting the cached service.
  • the user plane of the request packet is GPRS Tunneling Protocol-User plane (GTP-U)
  • the service request packet of the GTP-U header is deleted and sent to the SeGW through the tunnel.
  • the tunnel may be the same as the Internet Security (IP Security) (hereinafter referred to as IPsec) tunnel, or may be a dedicated IPsec tunnel, or may be another tunnel.
  • IP Security Internet Security
  • IPsec Internet Security
  • the access network device further, generating an accounting request message on the access network device and sending the message to the SeGW After receiving the charging response message sent by the WAP GW, if the access network device receives another service request message sent by the UE, the access network device discards the another service request message.
  • the access network device sends an Accounting End Request message to the SeGW, so that the SeGW sends the NAT to the WAP GW after the NAT is sent to the WAP GW;
  • the network access device may receive the charging end response message sent by the SeGW, and the charging end response message is sent by the SeGW to the access network device by performing NAT on the charging end response message sent by the WAP GW.
  • the access network device in this embodiment may be an access network device such as an AP, a micro (Micro) device, a base station (NodeB), or a radio network controller (Radio Network Controller; hereinafter referred to as RNC).
  • the device can also be an access network device of different standards, for example: Global System of Mobile communication (hereinafter referred to as GSM), Code Division Multiple Access (CDMA) system, Interoperability for Microwave Access (WMAX) system, Long Term Evolution (LTE) system or Ultra Mobile Broadband (UMB) system Access network equipment.
  • GSM Global System of Mobile communication
  • CDMA Code Division Multiple Access
  • WMAX Interoperability for Microwave Access
  • LTE Long Term Evolution
  • UMB Ultra Mobile Broadband
  • the access network device may determine, according to the context information of the user equipment, performing SeGW bypass on the service request data packet.
  • the access network device sends an accounting request message to the SeGW, and the SeGW sends the charging request message to the WAP GW.
  • the access network device After receiving the charging response message sent by the WAP GW, the access network device sends the service.
  • the request packet is sent to the SeGW, so that the SeGW performs NAT on the service request packet sent by the access network device, and then sends the packet to the WAP GW. Therefore, the WAP service can be bypassed, thereby saving bandwidth resources.
  • the service bypass method may include:
  • Step 201 The SeGW receives an accounting request message sent by the access network device, where the charging request message is that the access network device receives the service request data packet sent by the UE, and determines, according to the context information of the UE, the SeGW for the service request data packet. After the bypass is sent to the foregoing SeGW, the charging request message carries the IP address of the UE and the MSISDN.
  • Step 202 The SeGW performs NAT on the charging request message, and then sends the charging response message to the WAP GW, and receives the charging response message sent by the WAP GW, and sends the charging response message to the access network device.
  • Step 203 The SeGW receives the service request data packet sent by the access network device, and performs NAT on the service request data packet sent by the access network device, and then sends the service request data packet to the WAP GW.
  • the SeGW sends the charging request message to the WAP GW after the NAT is sent to the WAP GW.
  • the SeGW may replace the IP address of the UE carried in the IP header of the foregoing charging request message with the idle IP address in the address pool configured by the SeGW.
  • the address, and the IP address of the UE included in the charging information carried by the charging request message is replaced with an idle IP address in the address pool configured by the SeGW, and the IP address of the UE and the idle IP address are established and saved.
  • the SeGW may replace the IP address carried in the charging response message with the IP address of the UE according to the saved correspondence.
  • the service request data packet sent by the access network device is sent after NAT.
  • the WAP GW may be: The SeGW replaces the IP address of the UE in the service request packet sent by the access network device with the idle IP address according to the saved correspondence, and sends the replaced service request packet to the WAP. GW.
  • the SeGW may further receive the charging end request message sent by the access network device, and perform NAT on the charging end request message, and then send the message to the WAP GW; after receiving the charging end response message sent by the WAP GW.
  • the SeGW deletes the context information of the UE, and performs NAT on the charging end response message, and then sends the information to the access network device.
  • the SeGW may start a timer, and if the timer expires, the WAP GW does not receive the meter.
  • the SeGW deletes the context information of the UE.
  • the S eG W after receiving the charging request message sent by the access network device, the S eG W sends the charging request message to the WAP GW, and performs NAT on the charging response message sent by the WAP GW.
  • the SeGW may receive the service request data packet sent by the access network device, and perform NAT on the service request data packet sent by the access network device, and then send the service request data packet to the WAP GW. Therefore, the WAP service can be bypassed, thereby saving bandwidth resources.
  • FIG. 3 is a schematic diagram of an embodiment of an application scenario of the present invention.
  • an access network device is used as an AP for description.
  • the function of the GGSN is integrated in the AP, and the local data bypass operation is performed.
  • the charging request message needs to be sent first, and the MSISDN and IP address of the UE are carried in the charging request message. .
  • FIG. 4 is a flowchart of an embodiment of a method for configuring a network in the present invention.
  • the method may include:
  • Step 401 The SeGW configures a GRE tunnel between the SeGW and the GRE router, applies for an IP address segment allocated to the UE, configures an IP address pool on the SeGW, and configures a static route on the GRE Router.
  • the IP address segment that the SeGW applies for allocation to the UE is an IP address segment that is allocated by the SeGW to the UE, independent of the GGSN.
  • the number of IP addresses included in the IP address segment of the SeGW application depends on the number of UEs that the operator intends to support for concurrent SeGW bypass WAP services.
  • the IP address segment configured on the GGSN for allocation to the UE may be IP g i ⁇ IP g 2
  • the IP address segment requested by the SeGW may be IP sl ⁇ IP s2 o
  • static routes need to be configured on the GRE Router. For example, for the packets with the destination IP address in IPgi ⁇ IP g2 , the GRE Router routes to the GGSN. For the packets with the destination IP address in IP sl ⁇ IP s2 , The GRE Router routes to SeGW.
  • Step 402 Enable the Gi function switch of the AP through the access point manager (AP Manager; hereinafter referred to as APM), and configure the routing rule of the SeGW bypass service on the AP.
  • APM access point manager
  • the AP's Gi function switch includes Gi Enable and authorized user switches.
  • the routing rule for configuring the SeGW bypass service on the AP can be: Configure an APN that needs to be bypassed by the SeGW on the AP.
  • the access network device can save the APN that needs to be bypassed by the SeGW in a data table or a database.
  • the access network device may determine to perform SeGW bypass on the UE according to the APN carried in the PDP context setup request message.
  • Step 403 When the UE registers, the AP obtains the context identifier (Context ID) and the MSISDN of the UE from the AP Home Register (hereinafter referred to as AHR), and establishes the context identifier of the UE and the MSISDN on the AP. Correspondence relationship.
  • Context ID context identifier
  • AHR AP Home Register
  • Step 404 The AP receives the service request data packet sent by the UE, and determines that the service is requested. After requesting the packet to perform the SeGW bypass, the service request packet is sent to the SeGW through the SeGW.
  • WAP GW that is, the service path is UE ⁇ -> AP ⁇ -> SeGW ⁇ -> WAP GW (GRE Router).
  • the manner in which the AP determines the SeGW bypass of the service request data packet, and the manner in which the service request data packet is sent to the WAP GW through the SeGW may refer to the description in the embodiment shown in FIG. 1 of the present invention. Let me repeat.
  • FIG. 5 is a flowchart of still another embodiment of a service bypass method according to the present invention.
  • This embodiment uses an access network device as an AP as an example for description.
  • the service bypass method may include:
  • Step 501 The UE sends a PDP context setup request message to the AP.
  • Step 502 The AP determines to perform SeGW bypass on the UE according to the APN carried in the PDP context setup request message, and records context information of the UE.
  • the APN that needs to perform the SeGW bypass may be configured on the AP in advance.
  • the AP may save the APN that needs to be bypassed by the SeGW in a data table or a database, so that the PDP context setup request message sent by the UE is received.
  • the AP may determine to perform SeGW bypass on the UE according to the APN carried in the PDP context setup request message.
  • Step 503 The AP sends a PDP context establishment request message to the GGSN.
  • Step 504 the GGSN dials the authentication system to the remote user (Remote Authentication Dial
  • RADIUS Remote Authentication Dial
  • Step 505 The RADIUS server authenticates the UE, and then returns an authentication response message to the GGSN.
  • Step 506 The GGSN sends an Accounting Start Request message to the RADIUS server.
  • Step 507 The RADIUS server forwards the foregoing charging start request message to the WAP GW.
  • Step 509 The RADIUS server forwards a charging start response message to the GGSN.
  • the foregoing steps 501 to 510 are for the UE to go online.
  • Step 511 The UE sends a webpage request to the AP, and the AP determines, according to the context information of the UE, that the webpage request is required to perform a SeGW bypass, and the AP caches the webpage request, and performs step 512. In addition, if the AP determines that the fault is incorrect according to the context information of the UE.
  • the webpage is requested to perform the SeGW bypass, it is processed according to other existing bypass rules, and details are not described herein again.
  • the AP may obtain the context identifier corresponding to the MSISDN according to the MSISDN of the UE carried in the webpage request, and then the AP may find the corresponding context identifier according to the obtained context identifier. Context information, and the AP may determine to perform SeGW bypass on the webpage request according to the found context information.
  • Step 512 The AP generates an accounting request message and sends the message to the SeGW, where the charging request message carries the IP address of the UE and the MSISDN.
  • the IP address of the UE may be represented as IP X .
  • the AP may send the charging request message to the SeGW through a tunnel.
  • the above-mentioned tunnel may be the same IPsec tunnel as the Iuh, or may be a dedicated IPsec tunnel, or may be another tunnel.
  • the specific form of the tunnel is not limited in the embodiment of the present invention.
  • Step 513 The SeGW parses the foregoing charging request message, and performs a 1: 1 NAT on the charging request message, and then sends the message to the WAP GW.
  • the SeGW exchanges the IP address carried in the foregoing charging request message with an idle IP address in the address pool configured by the SeGW.
  • the SeGW can replace the IP X with the IP sl.
  • A free IP address in IP s2 , for example: IP y , establish and save 1? Correspondence with IP y .
  • Step 514 The WAP GW establishes and stores the correspondence between the MSISDN of the UE and the IP address after the NAT; that is, the WAP GW establishes and stores the correspondence between the MSISDN and the IPy of the UE.
  • Step 515 The WAP GW sends a charging response message to the SeGW.
  • Step 516 The SeGW sends the charging response message to the AP after performing a 1: 1 NAT.
  • the SeGW replaces the IP y carried in the charging response message with ⁇ according to the recorded correspondence, and sends the charging response message after performing the 1:1 NAT to the ⁇ .
  • the AP discards the other service request, that is, the AP only needs to buffer a service request of the UE.
  • Step 517 After receiving the charging response message, the AP deletes the GTP-U header of the cached webpage request, and sends the webpage request for deleting the GTP-U header to the SeGW through the tunnel.
  • the tunnel may be the same IPsec tunnel as the Iuh, or may be a dedicated IPsec tunnel, or may be another tunnel.
  • the specific form of the tunnel is not limited in the embodiment of the present invention.
  • Step 518 The SeGW sends the received webpage request to the WAP after 1 : 1 NAT
  • Step 519 the WAP GW sends the received webpage request to the service provider (Service Provider; hereinafter referred to as SP) / content provider (Content Provider; hereinafter referred to as CP) chorus
  • Step 520 SP/CP sends a webpage request response to WAP GW.
  • Step 521 The WAP GW sends a webpage request response to the SeGW.
  • Step 522 The SeGW sends the 1:1 response to the webpage request response to the AP. Specifically, the SeGW may respond to the webpage request response according to the recorded correspondence. IP y is replaced with IP X , and then a web page request response after 1:1 NAT is sent to the AP.
  • Step 523 The AP sends the received webpage request response to the UE.
  • the UE can perform normal service browsing.
  • the AP sends the subsequent service request packet of the UE, it does not need to send the charging request message again.
  • the NAT context on the SeGW is sufficient.
  • Step 524 The UE sends a PDP context deletion request message to the AP.
  • Step 525 The AP sends a PDP context delete request message to the xGSN.
  • the above xGSN may be a GGSN or an SGSN.
  • Step 526 The AP sends a charging end request message to the SeGW.
  • the SeGW may replace the IP X in the received charging end request message with the IP y according to the recorded correspondence, and then send the webpage request after performing the 1:1 NAT to the WAP.
  • Step 528 The WAP GW sends an Accounting End Response message to the SeGW.
  • the SeGW receives the charging end response message of the WAP GW before the timer ends. After receiving the charging end response message, the SeGW sends the 1:1 end NAT to the AP, and deletes the context information of the UE. If the SeGW does not receive the WAP GW after the timer expires, the SeGW does not receive the WAP GW. The charging end response message, the SeGW deletes the context information of the UE. In this case, the SeGW does not send a charging end response message to the AP.
  • Step 530 The xGSN sends a PDP context delete accept message to the AP.
  • Step 531 The AP deletes the context information of the UE.
  • ⁇ received xGSN After the PDP context deletion accept message is sent, the context information of the UE may be deleted, and the context information of the UE may not be deleted after receiving the charging end response message of the SeGW.
  • Step 532 The AP sends a PDP context deletion accept message to the UE.
  • the foregoing steps 524 to 532 are the UE offline process.
  • the foregoing embodiment can implement bypassing the WAP service, thereby saving bandwidth resources.
  • a person skilled in the art can understand that all or part of the steps of implementing the above method embodiments may be completed by using hardware related to program instructions, and the foregoing program may be stored in a computer readable storage medium, and the program is executed when executed.
  • the foregoing steps include the steps of the foregoing method embodiments; and the foregoing storage medium includes: a medium that can store program codes, such as a ROM, a RAM, a magnetic disk, or an optical disk.
  • FIG. 6 is a schematic structural diagram of an embodiment of an access network device according to the present invention.
  • the access network device in this embodiment can implement the process of the embodiment shown in Figure 1 of the present invention.
  • the access network device can be Includes:
  • the receiving module 61 is configured to receive a service request data packet sent by the user equipment, and receive a charging response message sent by the WAP GW;
  • the generating module 63 is configured to generate a charging request message, where the charging request message carries an IP address of the user equipment and an MSISDN;
  • the sending module 64 is configured to send the charging request message generated by the generating module 63 to the SeGW, so that the SeGW sends the charging request message to the WAP GW after receiving the NAT, and receives the charging response sent by the WAP GW at the receiving module 61.
  • the service request packet is sent to the SeGW, so that the SeGW performs NAT on the service request packet sent by the sending module 64, and then sends the packet to the WAP GW.
  • the receiving module 61 receives the number of service requests sent by the user equipment.
  • the determining module 62 may determine, according to the context information of the user equipment, that the service request data packet is subjected to SeGW bypass, and the generating module 63 generates a charging request message, and the sending module 64 sends the information to the SeGW for the SeGW to calculate.
  • the fee request message is sent to the WAP GW after the NAT is sent; after the receiving module 61 receives the charging response message sent by the WAP GW, the sending module 64 sends the service request data packet to the SeGW, so that the SeGW sends the service request data to the sending module 64.
  • the packet is NAT, it is sent to the WAP GW. Therefore, the WAP service can be bypassed, thereby saving bandwidth resources.
  • FIG. 7 is a schematic structural diagram of another embodiment of an access network device according to the present invention. The difference is that the access network device shown in FIG. 7 may further include: a recording module. 65;
  • the receiving module 61 is further configured to receive a PDP context establishment request message sent by the user equipment;
  • the determining module 62 is further configured to perform a SeGW bypass on the user equipment according to the APN carried in the PDP context setup request message;
  • the recording module 65 is configured to record context information of the user equipment.
  • the access network device may further include: a cache module 66 and a deletion module 67; a cache module 66, configured to cache the service request data packet received by the receiving module 61; and a deletion module 67, configured to delete the cached service of the cache module 66 Request the GTP-U header of the packet;
  • the sending module 64 is specifically configured to send the service request data packet after deleting the GTP-U header to the SeGW through the tunnel.
  • the tunnel may be the same IPsec tunnel as the Iuh, or may be a dedicated IPsec tunnel, or may be another tunnel.
  • the specific form of the tunnel is not limited in the embodiment of the present invention.
  • the foregoing access network device may further include:
  • the access network device may further include: a context deletion module 69;
  • the receiving module 61 is further configured to receive a PDP context deletion request message sent by the user equipment, and receive a PDP context deletion accept message sent by the xGSN.
  • the sending module 64 is further configured to: after the receiving module 61 receives the PDP context delete request message, send a PDP context delete request message to the xGSN;
  • the context deletion module 69 is configured to delete the context information of the user equipment after the receiving module 61 receives the PDP context deletion accept message.
  • the sending module 64 is further configured to send a charging end request message to the SeGW, so that the SeGW performs NAT on the charging end request message and sends the message to the WAP GW.
  • the access network device can bypass the WAP service, thereby saving bandwidth resources.
  • FIG. 8 is a schematic structural diagram of an embodiment of a security gateway according to the present invention.
  • the SeGW in this embodiment may implement the process of the embodiment shown in FIG. 2 of the present invention.
  • the SeGW may include:
  • the message sending module 83 is configured to send the charging request message after performing the NAT to the WAP GW, and send the charging response message after performing the NAT to the access network device, and send the service request data packet after the NAT is sent to the WAP GW.
  • the address converting module 82 performs NAT on the charging request message, and then sends the charging request to the WAP GW, and sends the charging response to the WAP GW.
  • the message is sent to the NAT, the message is sent to the access network device, and then the message sending module 83 can receive the service request data packet sent by the access network device, and the address conversion module 82 sends the service request to the access network device.
  • the packet is NATed, it is sent to the WAP GW. Therefore, the WAP service can be bypassed, thereby saving bandwidth resources.
  • FIG. 9 is a schematic structural diagram of another embodiment of the security gateway of the present invention. The difference is that, in the SeGW shown in FIG. 9, the address translation module 82 can include:
  • the sub-module 821 is configured to replace the IP address of the user equipment carried in the IP header of the charging request message with the IP address in the address pool configured by the SeGW, and the charging information carried in the charging request message.
  • the IP address of the UE is replaced with an idle IP address in the address pool configured by the foregoing SeGW;
  • the saving submodule 823 is configured to save the correspondence established by the establishing submodule 822.
  • the replacement sub-module 821 is further configured to replace the IP address carried in the charging response message with the IP address of the user equipment according to the corresponding relationship saved by the saving sub-module 823.
  • the replacement sub-module 821 may further replace the IP address of the user equipment in the service request data packet sent by the access network device with the idle IP address according to the corresponding relationship saved by the storage sub-module 823; thus, the message sending module 83
  • the service request packet replaced by the replacement submodule 821 can be sent to the WAP GW.
  • the foregoing SeGW may further include: an information deletion module 84;
  • the message receiving module 81 is further configured to receive an charging end request message sent by the access network device, and receive a charging end response message sent by the WAP GW;
  • the address conversion module 82 is further configured to perform NAT on the charging end request message received by the message receiving module 81, and perform NAT on the charging end response message received by the message receiving module 81.
  • the message sending module 83 is further configured to perform NAT.
  • the subsequent charging end request message is sent to the WAP GW, and the charging end response message after the NAT is sent to the access network device.
  • the information deleting module 84 is configured to: after the message receiving module 81 receives the charging end response message, , delete the context information of the above user equipment.
  • the security gateway may further include: a startup module 85;
  • the startup module 85 is configured to start a timer.
  • the information deletion module 84 may delete the foregoing after the timer ends, if the message receiving module 81 still does not receive the charging end response message sent by the WAP GW. Context information of the user device.
  • modules in the apparatus in the embodiments may be distributed in the apparatus of the embodiment according to the description of the embodiments, or may be correspondingly changed in one or more apparatuses different from the embodiment.
  • the modules of the above embodiments may be combined into one module, or may be further split into a plurality of sub-modules.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Provided are a service bypass method, an access network device and a security gateway. The service bypass method includes: an access network device receives a service request data packet sent by User Equipment (UE), and determines to carry out security gateway (SeGW) bypass on the service request data packet according to context information about the UE; generates a charging request message and sends the same to the SeGW, so that the SeGW performs NAT on the charging request message and sends the same to a Wireless Application Protocol Gateway (WAP GW); after receiving a charging response message sent by the WAP GW, sends the service request data packet to the SeGW, so that the SeGW performs NAT on the service request data packet sent by the access network device and then sends the service request data packet to the WAP GW. The present invention can bypass the WAP service, thus bandwidth resources can be saved.

Description

业务旁路方法、 接入网设备和安全网关  Service bypass method, access network device and security gateway
技术领域 Technical field
本发明实施例涉及通信技术领域, 尤其涉及一种业务旁路方法、 接入网 设备和安全网关。 背景技术  The embodiments of the present invention relate to the field of communications technologies, and in particular, to a service bypass method, an access network device, and a security gateway. Background technique
接入点( Access Point; 以下简称: AP )是基于固定因特网协议( Internet Protocol; 以下简称: IP ) 传输网, 为家庭 /企业提供无线接入服务的网络 设备。 用户设备( User Equipment; 以下简称: UE ) 通过空口接入 AP, AP通过家庭网关 ( Home Gateway; 以下简称: HGW )接入 IP传输网, 然后通过 IP传输网连接到移动核心网中的安全网关 ( Security Gateway; 以下简称: SeGW ) , 再连接到接入网关 (Access Gateway; 以下简称: AG ) 。 AG再连接到电路交换(Circuit Switched; 以下简称: CS )域核心 网和分组交换 ( Packet Switched; 以下简称: PS ) 域核心网。  An Access Point (AP) is a network device that provides wireless access services for homes/enterprises based on the Internet Protocol (IP) transmission network. The user equipment (User Equipment; hereinafter referred to as UE) accesses the AP through the air interface. The AP accesses the IP transport network through the Home Gateway (HGW), and then connects to the security gateway in the mobile core network through the IP transport network. (Security Gateway; hereinafter referred to as: SeGW), and then connected to the access gateway (Access Gateway; hereinafter referred to as: AG). The AG is connected to the Circuit Switched (hereinafter referred to as CS) domain core network and the Packet Switched (PS) domain core network.
这样 , UE通过 AP访问因特网 ( Internet ) 时 , 需要通过 PS域核心网 的网关通用分组无线业务( General Packet Radio Service; 以下简称: GPRS ) 支持节点 (Gateway GPRS Support Node; 以下简称: GGSN ) 网元的 Gi 接口, 来与 Internet连接。 这种方式下, UE访问 Internet的流量要通过移 动核心网, 浪费移动核心网的带宽。  In this way, when the UE accesses the Internet (Internet) through the AP, it needs to pass the Gateway GPRS Support Node (hereinafter referred to as GGSN) network element through the gateway of the PS domain core network. The Gi interface, to connect to the Internet. In this way, the UE accesses the Internet through the mobile core network, which wastes the bandwidth of the mobile core network.
现有技术提供了通过 AP或 AG实现数据旁路的方案, 但是现有技术 提供的通过 AP或 AG 实现数据旁路的方案中, 无线应用协议(Wireless Application Protocol; 以下简称: WAP ) 业务网关 ( Gateway; 以下简称: GW )会对数据包进行认证, 并需要根据 IP地址与移动台国际综合业务数 字网( Integrated Services Digital Network; 以下简称: ISDN )号码( Mobile Station International ISDN Number; 以下简称: MSISDN )的对应关系, 记 录每个 MSISDN的数据包。 因此, 现有技术提供的通过 AP或 AG实现数 据旁路的方案无法旁路 WAP业务。 发明内容 The prior art provides a solution for data bypassing by using an AP or an AG. However, in the solution for data bypassing by an AP or an AG provided by the prior art, a Wireless Application Protocol (hereinafter referred to as WAP) service gateway ( Gateway; hereinafter referred to as: GW) will authenticate the data packet and need to be based on the IP address and the mobile station International Integrated Services Digital Network (ISDN) number (Mobile Station International ISDN Number; hereinafter referred to as: MSISDN Correspondence relationship Record each MSISDN packet. Therefore, the solution provided by the prior art to implement data bypassing through an AP or an AG cannot bypass the WAP service. Summary of the invention
本发明实施例提供一种业务旁路方法、 接入网设备和安全网关, 以实 现对 WAP业务进行旁路, 节省带宽资源。  The embodiments of the present invention provide a service bypass method, an access network device, and a security gateway, so as to bypass the WAP service and save bandwidth resources.
本发明实施例提供一种业务旁路方法, 包括:  An embodiment of the present invention provides a service bypass method, including:
接入网设备接收用户设备发送的业务请求数据包, 根据所述用户设备 的上下文信息确定对所述业务请求数据包进行安全网关旁路;  The access network device receives the service request data packet sent by the user equipment, and determines, according to the context information of the user equipment, that the service request data packet is bypassed by the security gateway;
所述接入网设备生成计费请求消息发送给安全网关, 所述计费请求消 息携带所述用户设备的因特网协议地址和移动台国际综合业务数字网号 码, 以便所述安全网关对所述计费请求消息进行网络地址转换后发送给无 线应用协议业务网关;  The access network device generates an accounting request message and sends the charging request message to the security gateway, where the charging request message carries an Internet Protocol address of the user equipment and a mobile station international integrated service digital network number, so that the security gateway refers to the The fee request message is sent to the wireless application protocol service gateway after performing network address translation;
所述接入网设备接收到所述无线应用协议业务网关发送的计费应答消息 之后, 发送业务请求数据包给所述安全网关, 以便所述安全网关对所述接入 网设备发送的业务请求数据包进行网络地址转换后发送给所述无线应用协议 业务网关。  After receiving the charging response message sent by the wireless application protocol service gateway, the access network device sends a service request data packet to the security gateway, so that the security gateway sends a service request to the access network device. The data packet is sent to the wireless application protocol service gateway after performing network address translation.
本发明实施例还提供一种业务旁路方法, 包括:  The embodiment of the invention further provides a service bypass method, including:
安全网关接收接入网设备发送的计费请求消息, 所述计费请求消息是 所述接入网设备接收到用户设备发送的业务请求数据包, 根据所述用户设 备的上下文信息确定对所述业务请求数据包进行安全网关旁路之后发送 给所述安全网关的, 所述计费请求消息携带所述用户设备的因特网协议地 址和移动台国际综合业务数字网号码;  The security gateway receives the charging request message sent by the access network device, where the charging request message is that the access network device receives the service request data packet sent by the user equipment, and determines, according to the context information of the user equipment, The service request packet is sent to the security gateway after the security gateway is bypassed, and the charging request message carries an Internet Protocol address of the user equipment and a mobile station international integrated service digital network number;
所述安全网关对所述计费请求消息进行网络地址转换后发送给无线 应用协议业务网关, 接收所述无线应用协议业务网关发送的计费应答消 息, 对所述计费应答消息进行网络地址转换后发送给所述接入网设备; 所述安全网关接收所述接入网设备发送的业务请求数据包, 对所述接 入网设备发送的业务请求数据包进行网络地址转换后发送给所述无线应 用协议业务网关。 The security gateway performs network address translation on the charging request message, and then sends the information to the wireless application protocol service gateway, receives the charging response message sent by the wireless application protocol service gateway, and performs network address translation on the charging response message. And then sent to the access network device; The security gateway receives the service request data packet sent by the access network device, performs network address translation on the service request data packet sent by the access network device, and sends the service request data packet to the wireless application protocol service gateway.
本发明实施例还提供一种接入网设备, 包括:  An embodiment of the present invention further provides an access network device, including:
接收模块, 用于接收用户设备发送的业务请求数据包, 以及接收所述 无线应用协议业务网关发送的计费应答消息;  a receiving module, configured to receive a service request data packet sent by the user equipment, and receive a charging response message sent by the wireless application protocol service gateway;
确定模块, 用于根据所述用户设备的上下文信息确定对所述业务请求 数据包进行安全网关旁路;  a determining module, configured to determine, according to the context information of the user equipment, performing a security gateway bypass on the service request data packet;
生成模块, 用于生成计费请求消息, 所述计费请求消息携带所述用户 设备的因特网协议地址和移动台国际综合业务数字网号码;  a generating module, configured to generate a charging request message, where the charging request message carries an Internet Protocol address of the user equipment and a mobile station international integrated service digital network number;
发送模块, 用于将所述生成模块生成的计费请求消息发送给安全网 关, 以便所述安全网关对所述计费请求消息进行网络地址转换后发送给无 线应用协议业务网关; 以及在所述接收模块接收到所述无线应用协议业务 网关发送的计费应答消息之后, 发送业务请求数据包给所述安全网关, 以 便所述安全网关对所述发送模块发送的业务请求数据包进行网络地址转 换后发送给所述无线应用协议业务网关。  a sending module, configured to send the charging request message generated by the generating module to the security gateway, so that the security gateway performs network address translation on the charging request message, and then sends the information to the wireless application protocol service gateway; After receiving the charging response message sent by the wireless application protocol service gateway, the receiving module sends a service request data packet to the security gateway, so that the security gateway performs network address translation on the service request data packet sent by the sending module. Then sent to the wireless application protocol service gateway.
本发明实施例还提供一种安全网关, 包括:  The embodiment of the invention further provides a security gateway, including:
消息接收模块, 用于接收接入网设备发送的计费请求消息, 所述计费 请求消息是所述接入网设备接收到用户设备发送的业务请求数据包, 根据 所述用户设备的上下文信息确定对所述业务请求数据包进行安全网关旁 路之后发送给所述安全网关的, 所述计费请求消息携带所述用户设备的因 特网协议地址和移动台国际综合业务数字网号码; 以及接收所述无线应用 协议业务网关发送的计费应答消息; 以及接收所述接入网设备发送的业务 请求数据包;  a message receiving module, configured to receive an accounting request message sent by the access network device, where the charging request message is that the access network device receives the service request data packet sent by the user equipment, according to the context information of the user equipment Determining, after the security request gateway of the service request data packet is sent to the security gateway, the charging request message carries an Internet Protocol address of the user equipment and a mobile station international integrated service digital network number; and a receiving station And a charging response message sent by the wireless application protocol service gateway; and receiving a service request data packet sent by the access network device;
地址转换模块, 用于对所述消息接收模块接收的所述计费请求消息进 行网络地址转换, 以及对所述消息接收模块接收的所述计费应答消息进行 网络地址转换, 以及对所述消息接收模块接收的所述业务请求数据包进行 网络地址转换; An address translation module, configured to perform network address translation on the charging request message received by the message receiving module, and perform the charging response message received by the message receiving module Network address translation, and performing network address translation on the service request data packet received by the message receiving module;
消息发送模块, 用于将进行网络地址转换后的计费请求消息发送给无 线应用协议业务网关, 以及将进行网络地址转换后的计费应答消息发送给 所述接入网设备, 以及将进行网络地址转换后的业务请求数据包发送给所 述无线应用协议业务网关。  a message sending module, configured to send a network address translated charging request message to the wireless application protocol service gateway, and send a network address translated charging response message to the access network device, and the network is to be performed. The address-converted service request data packet is sent to the wireless application protocol service gateway.
通过本发明实施例, 接入网设备接收到用户设备发送的业务请求数据 包之后, 可以根据该用户设备的上下文信息确定对该业务请求数据包进行 After receiving the service request data packet sent by the user equipment, the access network device may determine, according to the context information of the user equipment, the service request data packet.
SeGW旁路,这时接入网设备会生成计费请求消息发送给 SeGW,由 SeGW 对计费请求消息进行网络地址转换( Network Address Translation; 以下简 称: NAT )后发送给 WAP GW; 在接收到 WAP GW发送的计费应答消息 之后, 接入网设备发送业务请求数据包给上述 SeGW, 以便 SeGW对接入 网设备发送的业务请求数据包进行 NAT后发送给 WAP GW。 从而可以实 现对 WAP业务进行旁路, 进而可以节省带宽资源。 附图说明 The SeGW is bypassed. At this time, the access network device generates an accounting request message and sends it to the SeGW. The SeGW performs network address translation (NAT Address Translation) (hereinafter referred to as NAT) on the charging request message and sends it to the WAP GW. After the charging response message is sent by the WAP GW, the access network device sends a service request data packet to the SeGW, so that the SeGW performs NAT on the service request data packet sent by the access network device, and then sends the service request data packet to the WAP GW. Therefore, the WAP service can be bypassed, thereby saving bandwidth resources. DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案, 下面将对实 施例或现有技术描述中所需要使用的附图作一简单地介绍, 显而易见地, 下 面描述中的附图是本发明的一些实施例, 对于本领域普通技术人员来讲, 在 不付出创造性劳动的前提下, 还可以根据这些附图获得其他的附图。  In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, a brief description of the drawings used in the embodiments or the prior art description will be briefly described below. Obviously, the drawings in the following description It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any creative work.
图 1为本发明业务旁路方法一个实施例的流程图;  1 is a flowchart of an embodiment of a service bypass method according to the present invention;
图 2为本发明业务旁路方法另一个实施例的流程图;  2 is a flowchart of another embodiment of a service bypass method according to the present invention;
图 3为本发明应用场景一个实施例的示意图;  3 is a schematic diagram of an embodiment of an application scenario of the present invention;
图 4为本发明组网配置方法一个实施例的流程图;  4 is a flowchart of an embodiment of a method for configuring a network in the present invention;
图 5为本发明业务旁路方法再一个实施例的流程图;  FIG. 5 is a flowchart of still another embodiment of a service bypass method according to the present invention; FIG.
图 6为本发明接入网设备一个实施例的结构示意图; 图 7为本发明接入网设备另一个实施例的结构示意图; 6 is a schematic structural diagram of an embodiment of an access network device according to the present invention; 7 is a schematic structural diagram of another embodiment of an access network device according to the present invention;
图 8为本发明安全网关一个实施例的结构示意图;  8 is a schematic structural diagram of an embodiment of a security gateway according to the present invention;
图 9为本发明安全网关另一个实施例的结构示意图。 具体实施方式  FIG. 9 is a schematic structural diagram of another embodiment of a security gateway according to the present invention. detailed description
为使本发明实施例的目的、 技术方案和优点更加清楚, 下面将结合本发 明实施例中的附图, 对本发明实施例中的技术方案进行清楚、 完整地描述, 显然, 所描述的实施例是本发明一部分实施例, 而不是全部的实施例。 基于 本发明中的实施例, 本领域普通技术人员在没有做出创造性劳动的前提下所 获得的所有其他实施例, 都属于本发明保护的范围。  The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is a partial embodiment of the invention, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
图 1为本发明业务旁路方法一个实施例的流程图, 如图 1所示, 该业 务旁路方法可以包括:  FIG. 1 is a flowchart of an embodiment of a service bypass method according to the present invention. As shown in FIG. 1, the service bypass method may include:
步骤 101 , 接入网设备接收 UE发送的业务请求数据包, 根据该 UE 的上下文信息确定对上述业务请求数据包进行 SeGW旁路。  Step 101: The access network device receives the service request data packet sent by the UE, and determines to perform SeGW bypass on the service request data packet according to the context information of the UE.
进一步地, 接入网设备接收 UE发送的业务请求数据包之前, 该接入 网设备还可以接收 UE发送的分组数据协议 ( Packet Data Protocol; 以下简 称: PDP )上下文建立请求消息, 根据该 PDP上下文建立请求消息中携带 的接入点名称 ( Access Point Name; 以下简称: APN ) 确定对上述 UE进 行 SeGW旁路, 并记录该 UE的上下文信息。 本实施例中, 可以预先在接 入网设备上配置需要进行 SeGW旁路的 APN, 例如: 接入网设备可以将 需要进行 SeGW旁路的 APN保存在数据表或数据库中, 这样接收到 UE 发送的 PDP上下文建立请求消息之后, 接入网设备就可以根据该 PDP上 下文建立请求消息中携带的 APN确定对上述 UE进行 SeGW旁路了。  Further, before the access network device receives the service request data packet sent by the UE, the access network device may further receive a packet data protocol (Packet Data Protocol; PDP) context establishment request message sent by the UE, according to the PDP context. The access point name (Access Point Name; APN) carried in the request message is determined to perform SeGW bypass on the UE, and record the context information of the UE. In this embodiment, the APN that needs to perform the SeGW bypass may be configured on the access network device in advance. For example, the access network device may save the APN that needs to be bypassed by the SeGW in a data table or a database, so that the UE is sent. After the PDP context setup request message, the access network device may determine to perform SeGW bypass on the UE according to the APN carried in the PDP context setup request message.
接下来, 后续接入网设备接收到该 UE发送的业务请求数据包之后, 就可以根据该接入网设备记录的 UE的上下文信息确定对该业务请求数据 包进行 SeGW旁路。 本实施例中, 在 UE注册时, 上述接入网设备对应的 归属寄存器会在准入列表中配置该 UE的 MSISDN, 接入网设备可以从该 接入网设备对应的归属寄存器获取该 UE 的上下文标识和该 UE 的 MSISDN, 建立该 UE的上下文标识和该 UE的 MSISDN的对应关系。 因 此接收到 UE发送的业务请求数据包之后, 接入网设备可以根据该业务请 求数据包中携带的 UE的 MSISDN, 获得该 MSISDN对应的上下文标识; 然后接入网设备可以根据获得的上下文标识查找到该上下文标识对应的 上下文信息, 进而接入网设备可以根据查找到的上下文信息确定对该业务 请求数据包进行 SeGW旁路。 Next, after receiving the service request data packet sent by the UE, the subsequent access network device may determine to perform SeGW bypass on the service request data packet according to the context information of the UE recorded by the access network device. In this embodiment, when the UE registers, the access network device corresponds to The home register may configure the MSISDN of the UE in the admission list, and the access network device may obtain the context identifier of the UE and the MSISDN of the UE from the home register corresponding to the access network device, establish a context identifier of the UE, and establish the UE Correspondence of MSISDN. Therefore, after receiving the service request data packet sent by the UE, the access network device may obtain the context identifier corresponding to the MSISDN according to the MSISDN of the UE carried in the service request data packet; and then the access network device may search according to the obtained context identifier. To the context information corresponding to the context identifier, the access network device may determine, according to the found context information, a SeGW bypass of the service request data packet.
步骤 102, 接入网设备生成计费请求消息发送给 SeGW, 该计费请求 消息携带 UE的 IP地址和 MSISDN, 以便 SeGW对上述计费请求消息进 行 NAT后发送给 WAP GW。  Step 102: The access network device generates an accounting request message and sends the message to the SeGW, where the charging request message carries the IP address of the UE and the MSISDN, so that the SeGW sends the NAT to the WAP GW by performing NAT on the charging request message.
进一步地, SeGW对上述计费请求消息进行 NAT后发送给 WAP GW 之后 , WAP GW建立并保存上述 UE的 MSISDN和进行 NAT后的 IP地址 的对应关系。  Further, after the SeGW performs NAT on the charging request message and sends the message to the WAP GW, the WAP GW establishes and stores the correspondence between the MSISDN of the UE and the IP address after NAT.
步骤 103 ,接入网设备接收到 WAP GW发送的计费应答消息之后,发 送业务请求数据包给 SeGW, 以便 SeGW对接入网设备发送的业务请求数 据包进行 NAT后发送给 WAP GW。  Step 103: After receiving the charging response message sent by the WAP GW, the access network device sends a service request data packet to the SeGW, so that the SeGW performs NAT on the service request data packet sent by the access network device, and then sends the data to the WAP GW.
本实施例中, 确定对上述业务请求数据包进行 SeGW旁路之后, 接入 网设备緩存上述业务请求数据包; 这时, 发送业务请求数据包给 SeGW可 以为: 接入网设备删除緩存的业务请求数据包的用户面通用分组无线业务 隧道协议( GPRS Tunneling Protocol-User plane; 以下简称: GTP-U )头部 之后,将删除 GTP-U头部的业务请求数据包通过隧道发送给 SeGW。其中, 上述隧道可以为与 Iuh相同的因特网协议安全(IP Security; 以下简称: IPsec ) 隧道, 也可以为专用的 IPsec隧道, 或者也可以为其他的隧道, 本 发明实施例对上述隧道的具体形式不作限定。  In this embodiment, after determining that the service request data packet is subjected to the SeGW bypass, the access network device caches the service request data packet. In this case, sending the service request data packet to the SeGW may be: the access network device deleting the cached service. After the user plane of the request packet is GPRS Tunneling Protocol-User plane (GTP-U), the service request packet of the GTP-U header is deleted and sent to the SeGW through the tunnel. The tunnel may be the same as the Internet Security (IP Security) (hereinafter referred to as IPsec) tunnel, or may be a dedicated IPsec tunnel, or may be another tunnel. The specific form of the tunnel in the embodiment of the present invention Not limited.
本实施例中 ,进一步地,在接入网设备生成计费请求消息发送给 SeGW 之后 , 接收到 WAP GW发送的计费应答消息之前 , 如果接入网设备接收 到 UE发送的另一业务请求消息, 则该接入网设备丟弃上述另一业务请求 消息。 In this embodiment, further, generating an accounting request message on the access network device and sending the message to the SeGW After receiving the charging response message sent by the WAP GW, if the access network device receives another service request message sent by the UE, the access network device discards the another service request message.
进一步地,接入网设备接收到 UE发送的 PDP上下文删除请求消息之 后, 向通用分组无线业务支持节点 (X GPRS Support Node; 以下简称: xGSN )发送 PDP上下文删除请求消息, 其中上述 xGSN可以为 GGSN或 服务通用分组无线业务支持节点( Serving GPRS Support Node; 以下简称: SGSN ) ; 接入网设备接收到上述 xGSN发送的 PDP上下文删除接受消息 之后, 删除上述 UE的上下文信息。  Further, after receiving the PDP context deletion request message sent by the UE, the access network device sends a PDP context deletion request message to the general packet radio service support node (X GPRS Support Node; hereinafter referred to as xGSN), where the xGSN may be a GGSN Or the Serving GPRS Support Node (hereinafter referred to as: SGSN); after receiving the PDP Context Delete Accept message sent by the xGSN, the access network device deletes the context information of the UE.
另夕卜, 向 xGSN发送 PDP上下文删除请求消息之后,接入网设备还会 向 SeGW发送计费结束请求消息,以便该 SeGW对上述计费结束请求消息 进行 NAT后发送给 WAP GW; 然后, 接入网设备可以接收 SeGW发送的 计费结束响应消息, 该计费结束响应消息是 SeGW对 WAP GW发送的计 费结束响应消息进行 NAT后发送给上述接入网设备的。  In addition, after the PDP Context Delete Request message is sent to the xGSN, the access network device sends an Accounting End Request message to the SeGW, so that the SeGW sends the NAT to the WAP GW after the NAT is sent to the WAP GW; The network access device may receive the charging end response message sent by the SeGW, and the charging end response message is sent by the SeGW to the access network device by performing NAT on the charging end response message sent by the WAP GW.
本实施例中的接入网设备可以为 AP、微( Micro )设备、基站( NodeB ) 或无线网络控制器 (Radio Network Controller; 以下简称: RNC ) 等接入 网设备, 另外, 上述接入网设备也可以为不同制式的接入网设备, 例如: 全求移动通讯系统 ( Global System of Mobile communication; 以下简称: GSM ) 、 码分多址 ( Code Division Multiple Access; 以下简称: CDMA ) 系统、 全求啟波互联接入 ( Worldwide Interoperability for Microwave Access; 以下简称: WiMAX ) 系统、 长期演进( Long Term Evolution; 以 下简称: LTE ) 系统或超移动宽带 ( Ultra Mobile Broadband; 以下简称: UMB )系统中的接入网设备。 本发明实施例对接入网设备的具体实现形式 不作限定。  The access network device in this embodiment may be an access network device such as an AP, a micro (Micro) device, a base station (NodeB), or a radio network controller (Radio Network Controller; hereinafter referred to as RNC). The device can also be an access network device of different standards, for example: Global System of Mobile communication (hereinafter referred to as GSM), Code Division Multiple Access (CDMA) system, Interoperability for Microwave Access (WMAX) system, Long Term Evolution (LTE) system or Ultra Mobile Broadband (UMB) system Access network equipment. The specific implementation form of the access network device is not limited in the embodiment of the present invention.
上述实施例中, 接入网设备接收到 UE发送的业务请求数据包之后, 可 以根据该用户设备的上下文信息确定对该业务请求数据包进行 SeGW旁路, 这时接入网设备会生成计费请求消息发送给 SeGW, 由 SeGW对计费请求消 息进行 NAT后发送给 WAP GW; 在接收到 WAP GW发送的计费应答消息之 后, 接入网设备发送业务请求数据包给上述 SeGW, 以便 SeGW对接入网设 备发送的业务请求数据包进行 NAT后发送给 WAP GW。从而可以实现对 WAP 业务进行旁路, 进而可以节省带宽资源。 In the foregoing embodiment, after receiving the service request data packet sent by the UE, the access network device may determine, according to the context information of the user equipment, performing SeGW bypass on the service request data packet. The access network device sends an accounting request message to the SeGW, and the SeGW sends the charging request message to the WAP GW. After receiving the charging response message sent by the WAP GW, the access network device sends the service. The request packet is sent to the SeGW, so that the SeGW performs NAT on the service request packet sent by the access network device, and then sends the packet to the WAP GW. Therefore, the WAP service can be bypassed, thereby saving bandwidth resources.
图 2为本发明业务旁路方法另一个实施例的流程图, 如图 2所示, 该 业务旁路方法可以包括:  2 is a flowchart of another embodiment of a service bypass method according to the present invention. As shown in FIG. 2, the service bypass method may include:
步骤 201 , SeGW接收接入网设备发送的计费请求消息, 该计费请求 消息是接入网设备接收到 UE发送的业务请求数据包, 根据该 UE的上下 文信息确定对业务请求数据包进行 SeGW旁路之后发送给上述 SeGW的 , 该计费请求消息携带 UE的 IP地址和 MSISDN。  Step 201: The SeGW receives an accounting request message sent by the access network device, where the charging request message is that the access network device receives the service request data packet sent by the UE, and determines, according to the context information of the UE, the SeGW for the service request data packet. After the bypass is sent to the foregoing SeGW, the charging request message carries the IP address of the UE and the MSISDN.
步骤 202, SeGW对上述计费请求消息进行 NAT后发送给 WAP GW, 接收上述 WAP GW发送的计费应答消息,对该计费应答消息进行 NAT后 发送给上述接入网设备。  Step 202: The SeGW performs NAT on the charging request message, and then sends the charging response message to the WAP GW, and receives the charging response message sent by the WAP GW, and sends the charging response message to the access network device.
步骤 203 , SeGW接收接入网设备发送的业务请求数据包, 对该接入 网设备发送的业务请求数据包进行 NAT后发送给上述 WAP GW。  Step 203: The SeGW receives the service request data packet sent by the access network device, and performs NAT on the service request data packet sent by the access network device, and then sends the service request data packet to the WAP GW.
本实施例中, SeGW对计费请求消息进行 NAT后发送给 WAP GW可 以为: SeGW将上述计费请求消息的 IP头中携带的 UE的 IP地址替换为 上述 SeGW配置的地址池中空闲的 IP地址, 以及将上述计费请求消息携 带的计费信息中包含的 UE的 IP地址替换为上述 SeGW配置的地址池中 空闲的 IP地址, 建立并保存上述 UE的 IP地址与上述空闲的 IP地址的对 应关系;  In this embodiment, the SeGW sends the charging request message to the WAP GW after the NAT is sent to the WAP GW. The SeGW may replace the IP address of the UE carried in the IP header of the foregoing charging request message with the idle IP address in the address pool configured by the SeGW. The address, and the IP address of the UE included in the charging information carried by the charging request message is replaced with an idle IP address in the address pool configured by the SeGW, and the IP address of the UE and the idle IP address are established and saved. Correspondence relationship
这时, 对计费应答消息进行 NAT后发送给上述接入网设备可以为: SeGW根据保存的上述对应关系将计费应答消息中携带的 IP地址替换为 上述 UE的 IP地址。  At this time, the NAT of the charging response message is sent to the access network device. The SeGW may replace the IP address carried in the charging response message with the IP address of the UE according to the saved correspondence.
本实施例中, 对接入网设备发送的业务请求数据包进行 NAT后发送 给 WAP GW可以为: SeGW根据保存的上述对应关系, 将接入网设备发 送的业务请求数据包中 UE的 IP地址替换为上述空闲的 IP地址, 并将替 换后的业务请求数据包发送给 WAP GW。 In this embodiment, the service request data packet sent by the access network device is sent after NAT. The WAP GW may be: The SeGW replaces the IP address of the UE in the service request packet sent by the access network device with the idle IP address according to the saved correspondence, and sends the replaced service request packet to the WAP. GW.
进一步地, SeGW还可以接收接入网设备发送的计费结束请求消息, 对该计费结束请求消息进行 NAT后发送给 WAP GW; 这样, 在接收到上 述 WAP GW发送的计费结束响应消息之后 , SeGW删除上述 UE的上下文 信息, 并对该计费结束响应消息进行 NAT后发送给上述接入网设备。  Further, the SeGW may further receive the charging end request message sent by the access network device, and perform NAT on the charging end request message, and then send the message to the WAP GW; after receiving the charging end response message sent by the WAP GW. The SeGW deletes the context information of the UE, and performs NAT on the charging end response message, and then sends the information to the access network device.
本实施例中, SeGW对接入网设备发送的计费结束请求消息进行 NAT 后发送给 WAP GW之后, SeGW可以启动定时器, 如果在上述定时器结 束之后, 仍未收到 WAP GW发送的计费结束响应消息, 则 SeGW删除上 述 UE的上下文信息。  In this embodiment, after the SeGW sends the charging end request message sent by the access network device to the WAP GW, the SeGW may start a timer, and if the timer expires, the WAP GW does not receive the meter. When the fee ends the response message, the SeGW deletes the context information of the UE.
上述实施例中, S eG W接收到接入网设备发送的计费请求消息之后, 对该计费请求消息进行 NAT后发送给 WAP GW, 并对上述 WAP GW发 送的计费应答消息进行 NAT后发送给上述接入网设备, 然后 SeGW可以 在接收到接入网设备发送的业务请求数据包, 并对该接入网设备发送的业 务请求数据包进行 NAT后发送给上述 WAP GW。 从而可以实现对 WAP 业务进行旁路, 进而可以节省带宽资源。  In the foregoing embodiment, after receiving the charging request message sent by the access network device, the S eG W sends the charging request message to the WAP GW, and performs NAT on the charging response message sent by the WAP GW. After being sent to the access network device, the SeGW may receive the service request data packet sent by the access network device, and perform NAT on the service request data packet sent by the access network device, and then send the service request data packet to the WAP GW. Therefore, the WAP service can be bypassed, thereby saving bandwidth resources.
本发明图 1和图 2所示实施例提供的业务旁路方法可以应用于图 3所 示的场景中, 图 3为本发明应用场景一个实施例的示意图。 本发明以下实 施例的描述中以接入网设备为 AP为例进行说明。图 3中, AP内集成 GGSN 的功能, 执行本地数据旁路操作, 在首次发送业务请求数据包之前, 需要 先发送计费请求消息, 并在该计费请求消息中携带 UE的 MSISDN和 IP 地址。 SeGW解析 AP发送的计费请求消息, 替换该计费请求消息的源 IP 地址, 并对计费请求消息进行 1 : 1NAT后发送给 WAP GW。 在对 WAP业 务进行 SeGW旁路之前, 需要先进行在 SeGW上配置 IP地址池, 在通用 路由封装( Generic Routing Encapsulation; 以下简称: GRE )路由器( Router ) 上配置静态路由等操作, 如图 4所示, 图 4为本发明组网配置方法一个实 施例的流程图, 该方法可以包括: The service bypass method provided by the embodiment shown in FIG. 1 and FIG. 2 can be applied to the scenario shown in FIG. 3. FIG. 3 is a schematic diagram of an embodiment of an application scenario of the present invention. In the following description of the embodiments of the present invention, an access network device is used as an AP for description. In Figure 3, the function of the GGSN is integrated in the AP, and the local data bypass operation is performed. Before the service request packet is sent for the first time, the charging request message needs to be sent first, and the MSISDN and IP address of the UE are carried in the charging request message. . The SeGW parses the charging request message sent by the AP, replaces the source IP address of the charging request message, and performs 1:1 NAT on the charging request message, and then sends the charging request message to the WAP GW. Before performing the SeGW bypass on the WAP service, you need to configure the IP address pool on the SeGW. In the Generic Routing Encapsulation (GRE) router (Router) As shown in FIG. 4, FIG. 4 is a flowchart of an embodiment of a method for configuring a network in the present invention. The method may include:
步骤 401 , SeGW配置该 SeGW与 GRE路由器( GRE Router )之间的 GRE隧道, 申请用于分配给 UE的 IP地址段,在 SeGW上配置 IP地址池, 并在 GRE Router上配置静态路由。  Step 401: The SeGW configures a GRE tunnel between the SeGW and the GRE router, applies for an IP address segment allocated to the UE, configures an IP address pool on the SeGW, and configures a static route on the GRE Router.
具体地, SeGW申请的用于分配给 UE的 IP地址段是独立于 GGSN的 , 由 SeGW为 UE分配的 IP地址段。 SeGW申请的 IP地址段中包含的 IP地 址的数量取决于运营商打算支持的并发进行 SeGW旁路 WAP业务的 UE 的数量。 举例来说, GGSN上配置的用于分配给 UE的 IP地址段可以为 IPgi〜IPg2 , SeGW申请的 IP地址段可以为 IPsl ~IPs2 o Specifically, the IP address segment that the SeGW applies for allocation to the UE is an IP address segment that is allocated by the SeGW to the UE, independent of the GGSN. The number of IP addresses included in the IP address segment of the SeGW application depends on the number of UEs that the operator intends to support for concurrent SeGW bypass WAP services. For example, the IP address segment configured on the GGSN for allocation to the UE may be IP g i~IP g 2 , and the IP address segment requested by the SeGW may be IP sl ~IP s2 o
另外, 需要在 GRE Router上配置静态路由, 举例来说, 对于目的 IP 地址在 IPgi〜IPg2中的数据包, GRE Router路由到 GGSN; 对于目的 IP地 址在 IPsl 〜IPs2中的数据包, GRE Router路由到 SeGW。 In addition, static routes need to be configured on the GRE Router. For example, for the packets with the destination IP address in IPgi~IP g2 , the GRE Router routes to the GGSN. For the packets with the destination IP address in IP sl ~ IP s2 , The GRE Router routes to SeGW.
步骤 402, 通过接入点管理器(AP Manager; 以下简称: APM )开启 AP的 Gi功能开关, 并在 AP上配置 SeGW旁路业务的路由规则。  Step 402: Enable the Gi function switch of the AP through the access point manager (AP Manager; hereinafter referred to as APM), and configure the routing rule of the SeGW bypass service on the AP.
具体地, AP的 Gi功能开关包括 Gi使能 ( Gi Enable ) 及授权用户开 关。  Specifically, the AP's Gi function switch includes Gi Enable and authorized user switches.
在 AP上配置 SeGW旁路业务的路由规则可以为: 在 AP上配置需要 进行 SeGW旁路的 APN, 例如: 接入网设备可以将需要进行 SeGW旁路 的 APN保存在数据表或数据库中, 这样接收到 UE发送的 PDP上下文建 立请求消息之后,接入网设备就可以根据该 PDP上下文建立请求消息中携 带的 APN确定对上述 UE进行 SeGW旁路了。  The routing rule for configuring the SeGW bypass service on the AP can be: Configure an APN that needs to be bypassed by the SeGW on the AP. For example, the access network device can save the APN that needs to be bypassed by the SeGW in a data table or a database. After receiving the PDP context setup request message sent by the UE, the access network device may determine to perform SeGW bypass on the UE according to the APN carried in the PDP context setup request message.
步骤 403 , UE注册时 , AP从接入点归属寄存器 ( AP Home Register; 以下简称: AHR ) 获取该 UE的上下文标识 (Context ID ) 和 MSISDN, 并在该 AP上建立 UE的上下文标识与 MSISDN的对应关系。  Step 403: When the UE registers, the AP obtains the context identifier (Context ID) and the MSISDN of the UE from the AP Home Register (hereinafter referred to as AHR), and establishes the context identifier of the UE and the MSISDN on the AP. Correspondence relationship.
步骤 404, AP接收到 UE发送的业务请求数据包, 并确定对该业务请 求数据包进行 SeGW旁路之后, 将该业务请求数据包通过 SeGW发送给Step 404: The AP receives the service request data packet sent by the UE, and determines that the service is requested. After requesting the packet to perform the SeGW bypass, the service request packet is sent to the SeGW through the SeGW.
WAP GW, 即业务路径为 UE〈-〉 AP〈-〉 SeGW〈-〉 WAP GW ( GRE Router )。 WAP GW, that is, the service path is UE<-> AP<-> SeGW<-> WAP GW (GRE Router).
具体地, AP确定对该业务请求数据包进行 SeGW旁路的方式, 以及 将该业务请求数据包通过 SeGW发送给 WAP GW的方式可以参照本发明 图 1所示实施例中的描述, 在此不再赘述。  For example, the manner in which the AP determines the SeGW bypass of the service request data packet, and the manner in which the service request data packet is sent to the WAP GW through the SeGW may refer to the description in the embodiment shown in FIG. 1 of the present invention. Let me repeat.
图 5为本发明业务旁路方法再一个实施例的流程图, 本实施例以接入 网设备为 AP为例进行说明。  FIG. 5 is a flowchart of still another embodiment of a service bypass method according to the present invention. This embodiment uses an access network device as an AP as an example for description.
如图 5所示, 该业务旁路方法可以包括:  As shown in FIG. 5, the service bypass method may include:
步骤 501 , UE向 AP发送 PDP上下文建立请求消息。  Step 501: The UE sends a PDP context setup request message to the AP.
步骤 502, AP根据该 PDP上下文建立请求消息中携带的 APN确定对 该 UE进行 SeGW旁路, 并记录该 UE的上下文信息。  Step 502: The AP determines to perform SeGW bypass on the UE according to the APN carried in the PDP context setup request message, and records context information of the UE.
本实施例中, 可以预先在 AP上配置需要进行 SeGW旁路的 APN, 例 如: AP可以将需要进行 SeGW旁路的 APN保存在数据表或数据库中, 这 样接收到 UE发送的 PDP上下文建立请求消息之后, AP就可以根据该 PDP 上下文建立请求消息中携带的 APN确定对上述 UE进行 SeGW旁路了。  In this embodiment, the APN that needs to perform the SeGW bypass may be configured on the AP in advance. For example, the AP may save the APN that needs to be bypassed by the SeGW in a data table or a database, so that the PDP context setup request message sent by the UE is received. Afterwards, the AP may determine to perform SeGW bypass on the UE according to the APN carried in the PDP context setup request message.
步骤 503 , AP向 GGSN发送 PDP上下文建立请求消息。  Step 503: The AP sends a PDP context establishment request message to the GGSN.
步骤 504, GGSN向远程用户拨号认证系统( Remote Authentication Dial Step 504, the GGSN dials the authentication system to the remote user (Remote Authentication Dial
In User Service; 以下简称: RADIUS )服务器发送接入鉴权请求。 In User Service; hereinafter referred to as: RADIUS) The server sends an access authentication request.
步骤 505 , RADIUS服务器对上述 UE进行鉴权, 然后向 GGSN返回 鉴权应答消息。  Step 505: The RADIUS server authenticates the UE, and then returns an authentication response message to the GGSN.
步骤 506, GGSN向 RADIUS服务器发送计费开始请求消息。  Step 506: The GGSN sends an Accounting Start Request message to the RADIUS server.
步骤 507, RADIUS服务器向 WAP GW转发上述计费开始请求消息。 步骤 508, WAP GW向 RADIUS服务器发送计费开始应答消息, 然后 WAP GW创建 UE会话信息, 启动对 UE的实时会话监控, 并统计流量和 时长等计费信息。  Step 507: The RADIUS server forwards the foregoing charging start request message to the WAP GW. Step 508: The WAP GW sends a charging start response message to the RADIUS server, and then the WAP GW creates UE session information, starts real-time session monitoring for the UE, and collects charging information such as traffic and duration.
步骤 509, RADIUS服务器向 GGSN转发计费开始应答消息。 步骤 510, GGSN向 UE发送 PDP上下文建立接受消息。 Step 509: The RADIUS server forwards a charging start response message to the GGSN. Step 510: The GGSN sends a PDP context establishment accept message to the UE.
上述步骤 501〜步骤 510为 UE上线过程。  The foregoing steps 501 to 510 are for the UE to go online.
步骤 511 , UE发送网页请求给 AP, AP根据该 UE的上下文信息确定 需要对该网页请求进行 SeGW旁路, AP緩存该网页请求,并执行步骤 512; 另外, 如果 AP根据 UE的上下文信息确定不对该网页请求进行 SeGW旁 路时, 按已有其它旁路规则进行处理, 在此不再赘述。  Step 511: The UE sends a webpage request to the AP, and the AP determines, according to the context information of the UE, that the webpage request is required to perform a SeGW bypass, and the AP caches the webpage request, and performs step 512. In addition, if the AP determines that the fault is incorrect according to the context information of the UE. When the webpage is requested to perform the SeGW bypass, it is processed according to other existing bypass rules, and details are not described herein again.
本实施例中 , AP接收到 UE发送的网页请求之后 , AP可以根据该网 页请求中携带的 UE的 MSISDN, 获得该 MSISDN对应的上下文标识; 然 后 AP 可以根据获得的上下文标识查找到该上下文标识对应的上下文信 息, 进而 AP可以根据查找到的上下文信息确定对该网页请求进行 SeGW 旁路。  In this embodiment, after receiving the webpage request sent by the UE, the AP may obtain the context identifier corresponding to the MSISDN according to the MSISDN of the UE carried in the webpage request, and then the AP may find the corresponding context identifier according to the obtained context identifier. Context information, and the AP may determine to perform SeGW bypass on the webpage request according to the found context information.
步骤 512, AP生成计费请求消息发送给 SeGW, 该计费请求消息携带 UE的 IP地址和 MSISDN。 本实施例中, UE的 IP地址可以表示为 IPXStep 512: The AP generates an accounting request message and sends the message to the SeGW, where the charging request message carries the IP address of the UE and the MSISDN. In this embodiment, the IP address of the UE may be represented as IP X .
具体地, AP 可以将计费请求消息通过隧道发送给 SeGW。 其中, 上 述隧道可以为与 Iuh相同的 IPsec隧道, 也可以为专用的 IPsec隧道, 或者 也可以为其他的隧道, 本发明实施例对上述隧道的具体形式不作限定。  Specifically, the AP may send the charging request message to the SeGW through a tunnel. The above-mentioned tunnel may be the same IPsec tunnel as the Iuh, or may be a dedicated IPsec tunnel, or may be another tunnel. The specific form of the tunnel is not limited in the embodiment of the present invention.
步骤 513 , SeGW解析上述计费请求消息, 对该计费请求消息进行 1 : 1 NAT后发送给 WAP GW。  Step 513: The SeGW parses the foregoing charging request message, and performs a 1: 1 NAT on the charging request message, and then sends the message to the WAP GW.
具体地, SeGW将上述计费请求消息中携带的 IP^ 换为该 SeGW配 置的地址池中的一个空闲的 IP地址, 结合本发明图 4所示实施例, SeGW 可以将 IPX替换为 IPsl 〜: IPs2中一个空闲的 IP地址, 例如: IPy, 建立并保 存 1? 与 IPy的对应关系。 Specifically, the SeGW exchanges the IP address carried in the foregoing charging request message with an idle IP address in the address pool configured by the SeGW. In combination with the embodiment shown in FIG. 4, the SeGW can replace the IP X with the IP sl. ~: A free IP address in IP s2 , for example: IP y , establish and save 1? Correspondence with IP y .
步骤 514, WAP GW建立并保存上述 UE的 MSISDN和进行 NAT后 的 IP地址的对应关系;也就是说 WAP GW建立并保存上述 UE的 MSISDN 与 IPy的对应关系。  Step 514: The WAP GW establishes and stores the correspondence between the MSISDN of the UE and the IP address after the NAT; that is, the WAP GW establishes and stores the correspondence between the MSISDN and the IPy of the UE.
步骤 515 , WAP GW发送计费应答消息给 SeGW。 步骤 516, SeGW对该计费应答消息进行 1 : 1 NAT后发送给 AP。 Step 515: The WAP GW sends a charging response message to the SeGW. Step 516: The SeGW sends the charging response message to the AP after performing a 1: 1 NAT.
具体地, SeGW根据记录的对应关系, 将计费应答消息中携带的 IPy 替换为 ΙΡχ, 将进行 1 : 1 NAT后的计费应答消息发送给 ΑΡ。 Specifically, the SeGW replaces the IP y carried in the charging response message with ΙΡχ according to the recorded correspondence, and sends the charging response message after performing the 1:1 NAT to the ΑΡ.
异常处理: 如果 ΑΡ发送计费请求消息后长时间没有接收到计费应答 消息, 则 ΑΡ重新发送计费请求消息, 如果连续发送 3次计费请求消息后 ΑΡ依然没有接收到计费应答消息, 则 ΑΡ停止发送计费请求消息, 而相应 的旁路规则自动变为 "Gi旁路规则" , 在 AP日志中记录 "计费请求不成 功, 旁路规则由 "SeGW旁路" 变为 "Gi旁路" 。  Exception handling: If the charging response message is not received for a long time after sending the charging request message, the charging request message is resent, and if the charging request message is not received after 3 consecutive charging request messages are received, Then, the charging request message is stopped, and the corresponding bypass rule is automatically changed to "Gi Bypass Rule", and the "Accounting Request is unsuccessful, and the Bypass Rule is changed from "SeGW Bypass" to "Gi" in the AP log. Bypass".
另外, 在发送计费请求消息与接收到计费应答消息之间, 如果 AP接 收到 UE的另一业务请求, AP丟弃该另一业务请求, 即 AP只需緩存上述 UE的一条业务请求。  In addition, between the sending of the charging request message and the receiving of the charging response message, if the AP receives another service request from the UE, the AP discards the other service request, that is, the AP only needs to buffer a service request of the UE.
步骤 517 , AP 接收到计费应答消息之后, 删除緩存的网页请求的 GTP-U头部, 并将删除 GTP-U头部的网页请求通过隧道发送给 SeGW。  Step 517: After receiving the charging response message, the AP deletes the GTP-U header of the cached webpage request, and sends the webpage request for deleting the GTP-U header to the SeGW through the tunnel.
本实施例中, 上述隧道可以为与 Iuh相同的 IPsec隧道, 也可以为专 用的 IPsec隧道, 或者也可以为其他的隧道, 本发明实施例对上述隧道的 具体形式不作限定。  In this embodiment, the tunnel may be the same IPsec tunnel as the Iuh, or may be a dedicated IPsec tunnel, or may be another tunnel. The specific form of the tunnel is not limited in the embodiment of the present invention.
步骤 518, SeGW对接收到的网页请求进行 1 : 1 NAT后发送给 WAP Step 518: The SeGW sends the received webpage request to the WAP after 1 : 1 NAT
GW。 GW.
具体地, SeGW可以根据记录的对应关系, 将接收到的网页请求中的 IPX替换为 IPy, 然后将进行 1 : 1 NAT后的网页请求发送给 WAP GW。 Specifically, the SeGW may replace the IP X in the received webpage request with the IP y according to the recorded correspondence, and then send the webpage request after the 1:1 NAT to the WAP GW.
步骤 519, WAP GW将接收到的网页请求发送给业务提供商( Service Provider; 以下简称: SP ) /内容提供商 ( Content Provider; 以下简称: CP )„ 步骤 520, SP/CP发送网页请求应答给 WAP GW。  Step 519, the WAP GW sends the received webpage request to the service provider (Service Provider; hereinafter referred to as SP) / content provider (Content Provider; hereinafter referred to as CP) „ Step 520, SP/CP sends a webpage request response to WAP GW.
步骤 521 , WAP GW发送网页请求应答给 SeGW。  Step 521: The WAP GW sends a webpage request response to the SeGW.
步骤 522, SeGW对上述网页请求应答进行 1 : 1 NAT后发送给 AP。 具体地, SeGW可以根据记录的对应关系, 将上述网页请求应答中的 IPy替换为 IPX, 然后将进行 1 : 1 NAT后的网页请求应答发送给 AP。 Step 522: The SeGW sends the 1:1 response to the webpage request response to the AP. Specifically, the SeGW may respond to the webpage request response according to the recorded correspondence. IP y is replaced with IP X , and then a web page request response after 1:1 NAT is sent to the AP.
步骤 523 , AP将接收到的网页请求应答发送给 UE。  Step 523: The AP sends the received webpage request response to the UE.
这样, 接收到网页请求应答之后, UE可进行正常的业务浏览。 AP发 送该 UE的后续业务请求数据包时, 不需再发送计费请求消息, 只需保活 In this way, after receiving the webpage request response, the UE can perform normal service browsing. When the AP sends the subsequent service request packet of the UE, it does not need to send the charging request message again.
SeGW上的 NAT上下文即可。 The NAT context on the SeGW is sufficient.
上述步骤 511〜步骤 523为 SeGW旁路过程。  The above steps 511 to 523 are SeGW bypass processes.
步骤 524, UE向 AP发送 PDP上下文删除请求消息。  Step 524: The UE sends a PDP context deletion request message to the AP.
步骤 525 , AP向 xGSN发送 PDP上下文删除请求消息。  Step 525: The AP sends a PDP context delete request message to the xGSN.
其中, 上述 xGSN可以为 GGSN或 SGSN。  The above xGSN may be a GGSN or an SGSN.
步骤 526, AP向 SeGW发送计费结束请求消息。  Step 526: The AP sends a charging end request message to the SeGW.
步骤 527, SeGW对该计费结束请求消息进行 1 : 1 NAT后发送给 WAP Step 527: The SeGW sends the 1 to 1 NAT to the charging end request message and sends the message to the WAP.
GW, 并启动定时器等待 WAP GW的计费结束响应消息。 GW, and starts a timer to wait for the WAP GW's charging end response message.
具体地, SeGW可以根据记录的对应关系, 将接收到的计费结束请求 消息中的 IPX替换为 IPy, 然后将进行 1 : 1 NAT后的网页请求发送给 WAPSpecifically, the SeGW may replace the IP X in the received charging end request message with the IP y according to the recorded correspondence, and then send the webpage request after performing the 1:1 NAT to the WAP.
GW。 GW.
步骤 528, WAP GW发送计费结束响应消息给 SeGW。  Step 528: The WAP GW sends an Accounting End Response message to the SeGW.
步骤 529 , SeGW对上述计费结束响应消息进行 1: 1 NAT后发送给 AP , 并删除上述 UE的上下文信息。  Step 529: The SeGW sends 1:1 NAT to the foregoing charging end response message, and then sends the context information of the UE.
需要说明的是: 正常情况下, SeGW 在定时器结束前会接收到 WAP GW的计费结束响应消息。 SeGW接收到该计费结束响应消息之后, 对该 计费结束响应消息进行 1 : 1 NAT后发送给 AP, 并删除上述 UE的上下文 信息; 如果 SeGW在定时器结束之后, 仍未接收到 WAP GW的计费结束 响应消息, 则 SeGW删除上述 UE的上下文信息, 这种情形下, SeGW不 会向 AP发送计费结束响应消息。  It should be noted that: Under normal circumstances, the SeGW receives the charging end response message of the WAP GW before the timer ends. After receiving the charging end response message, the SeGW sends the 1:1 end NAT to the AP, and deletes the context information of the UE. If the SeGW does not receive the WAP GW after the timer expires, the SeGW does not receive the WAP GW. The charging end response message, the SeGW deletes the context information of the UE. In this case, the SeGW does not send a charging end response message to the AP.
步骤 530, xGSN发送 PDP上下文删除接受消息给 AP。  Step 530: The xGSN sends a PDP context delete accept message to the AP.
步骤 531 , AP删除上述 UE的上下文信息。也就是说,ΑΡ接收到 xGSN 发送的 PDP上下文删除接受消息之后, 即可删除上述 UE的上下文信息, 不需要等接收到 SeGW的计费结束响应消息之后, 才删除上述 UE的上下 文信息。 Step 531: The AP deletes the context information of the UE. In other words, ΑΡ received xGSN After the PDP context deletion accept message is sent, the context information of the UE may be deleted, and the context information of the UE may not be deleted after receiving the charging end response message of the SeGW.
步骤 532, AP发送 PDP上下文删除接受消息给 UE。  Step 532: The AP sends a PDP context deletion accept message to the UE.
上述步骤 524〜步骤 532为 UE下线过程。  The foregoing steps 524 to 532 are the UE offline process.
上述实施例可以实现对 WAP业务进行旁路,进而可以节省带宽资源。 本领域普通技术人员可以理解: 实现上述方法实施例的全部或部分步骤 可以通过程序指令相关的硬件来完成, 前述的程序可以存储于一计算机可读 取存储介质中, 该程序在执行时, 执行包括上述方法实施例的步骤; 而前述 的存储介质包括: ROM、 RAM, 磁碟或者光盘等各种可以存储程序代码的介 质。  The foregoing embodiment can implement bypassing the WAP service, thereby saving bandwidth resources. A person skilled in the art can understand that all or part of the steps of implementing the above method embodiments may be completed by using hardware related to program instructions, and the foregoing program may be stored in a computer readable storage medium, and the program is executed when executed. The foregoing steps include the steps of the foregoing method embodiments; and the foregoing storage medium includes: a medium that can store program codes, such as a ROM, a RAM, a magnetic disk, or an optical disk.
图 6为本发明接入网设备一个实施例的结构示意图, 本实施例中的接 入网设备可以实现本发明图 1所示实施例的流程, 如图 6所示, 该接入网 设备可以包括:  Figure 6 is a schematic structural diagram of an embodiment of an access network device according to the present invention. The access network device in this embodiment can implement the process of the embodiment shown in Figure 1 of the present invention. As shown in Figure 6, the access network device can be Includes:
接收模块 61 , 用于接收用户设备发送的业务请求数据包, 以及接收所 述 WAP GW发送的计费应答消息;  The receiving module 61 is configured to receive a service request data packet sent by the user equipment, and receive a charging response message sent by the WAP GW;
确定模块 62,用于根据用户设备的上下文信息确定对上述业务请求数 据包进行 SeGW旁路;  The determining module 62 is configured to perform SeGW bypass on the service request data packet according to the context information of the user equipment.
生成模块 63 , 用于生成计费请求消息, 该计费请求消息携带用户设备 的 IP地址和 MSISDN;  The generating module 63 is configured to generate a charging request message, where the charging request message carries an IP address of the user equipment and an MSISDN;
发送模块 64,用于将生成模块 63生成的计费请求消息发送给 SeGW, 以便 SeGW对上述计费请求消息进行 NAT后发送给 WAP GW; 以及在接 收模块 61接收到 WAP GW发送的计费应答消息之后,发送业务请求数据 包给 SeGW, 以便 SeGW对发送模块 64发送的业务请求数据包进行 NAT 后发送给 WAP GW。  The sending module 64 is configured to send the charging request message generated by the generating module 63 to the SeGW, so that the SeGW sends the charging request message to the WAP GW after receiving the NAT, and receives the charging response sent by the WAP GW at the receiving module 61. After the message, the service request packet is sent to the SeGW, so that the SeGW performs NAT on the service request packet sent by the sending module 64, and then sends the packet to the WAP GW.
上述接入网设备中, 接收模块 61接收到用户设备发送的业务请求数 据包之后, 确定模块 62可以根据该用户设备的上下文信息确定对该业务 请求数据包进行 SeGW旁路, 这时生成模块 63会生成计费请求消息由发 送模块 64发送给 SeGW, 以便 SeGW对计费请求消息进行 NAT后发送给 WAP GW; 在接收模块 61接收到 WAP GW发送的计费应答消息之后, 发 送模块 64发送业务请求数据包给上述 SeGW, 以便 SeGW对发送模块 64 发送的业务请求数据包进行 NAT后发送给 WAP GW。 从而可以实现对 WAP业务进行旁路, 进而可以节省带宽资源。 In the foregoing access network device, the receiving module 61 receives the number of service requests sent by the user equipment. After the packet, the determining module 62 may determine, according to the context information of the user equipment, that the service request data packet is subjected to SeGW bypass, and the generating module 63 generates a charging request message, and the sending module 64 sends the information to the SeGW for the SeGW to calculate. The fee request message is sent to the WAP GW after the NAT is sent; after the receiving module 61 receives the charging response message sent by the WAP GW, the sending module 64 sends the service request data packet to the SeGW, so that the SeGW sends the service request data to the sending module 64. After the packet is NAT, it is sent to the WAP GW. Therefore, the WAP service can be bypassed, thereby saving bandwidth resources.
图 7为本发明接入网设备另一个实施例的结构示意图, 与图 6所示的 接入网设备相比, 不同之处在于, 图 7所示的接入网设备还可以包括: 记 录模块 65;  FIG. 7 is a schematic structural diagram of another embodiment of an access network device according to the present invention. The difference is that the access network device shown in FIG. 7 may further include: a recording module. 65;
进一步地, 接收模块 61 , 还用于接收用户设备发送的 PDP上下文建 立请求消息;  Further, the receiving module 61 is further configured to receive a PDP context establishment request message sent by the user equipment;
确定模块 62,还用于根据 PDP上下文建立请求消息中携带的 APN确 定对上述用户设备进行 SeGW旁路;  The determining module 62 is further configured to perform a SeGW bypass on the user equipment according to the APN carried in the PDP context setup request message;
记录模块 65 , 用于记录上述用户设备的上下文信息。  The recording module 65 is configured to record context information of the user equipment.
进一步地, 该接入网设备还可以包括: 緩存模块 66和删除模块 67; 緩存模块 66, 用于緩存接收模块 61接收的业务请求数据包; 删除模块 67 , 用于删除緩存模块 66緩存的业务请求数据包的 GTP-U 头部;  Further, the access network device may further include: a cache module 66 and a deletion module 67; a cache module 66, configured to cache the service request data packet received by the receiving module 61; and a deletion module 67, configured to delete the cached service of the cache module 66 Request the GTP-U header of the packet;
发送模块 64, 具体用于将删除 GTP-U头部后的业务请求数据包通过 隧道发送给 SeGW。  The sending module 64 is specifically configured to send the service request data packet after deleting the GTP-U header to the SeGW through the tunnel.
其中,上述隧道可以为与 Iuh相同的 IPsec隧道,也可以为专用的 IPsec 隧道, 或者也可以为其他的隧道, 本发明实施例对上述隧道的具体形式不 作限定。  The tunnel may be the same IPsec tunnel as the Iuh, or may be a dedicated IPsec tunnel, or may be another tunnel. The specific form of the tunnel is not limited in the embodiment of the present invention.
进一步地, 上述接入网设备还可以包括:  Further, the foregoing access network device may further include:
丟弃模块 68,用于在发送模块 64将计费请求消息发送给 SeGW之后, 接收模块 61接收到 WAP GW发送的计费应答消息之前, 当接收模块 61 接收到用户设备发送的另一业务请求消息时, 丟弃另一业务请求消息。 The discarding module 68 is configured to send, after the sending module 64 sends the charging request message to the SeGW, Before the receiving module 61 receives the charging response message sent by the WAP GW, when the receiving module 61 receives another service request message sent by the user equipment, the receiving module 61 discards another service request message.
进一步地, 上述接入网设备还可以包括: 上下文删除模块 69;  Further, the access network device may further include: a context deletion module 69;
具体地, 接收模块 61 , 还用于接收用户设备发送的 PDP上下文删除 请求消息, 以及接收 xGSN发送的 PDP上下文删除接受消息;  Specifically, the receiving module 61 is further configured to receive a PDP context deletion request message sent by the user equipment, and receive a PDP context deletion accept message sent by the xGSN.
发送模块 64,还用于在接收模块 61接收到 PDP上下文删除请求消息 之后, 向 xGSN发送 PDP上下文删除请求消息;  The sending module 64 is further configured to: after the receiving module 61 receives the PDP context delete request message, send a PDP context delete request message to the xGSN;
上下文删除模块 69, 用于在接收模块 61接收到 PDP上下文删除接受 消息之后, 删除上述用户设备的上下文信息。  The context deletion module 69 is configured to delete the context information of the user equipment after the receiving module 61 receives the PDP context deletion accept message.
本实施例中, 发送模块 64, 还用于向 SeGW发送计费结束请求消息, 以便 SeGW对上述计费结束请求消息进行 NAT后发送给 WAP GW;  In this embodiment, the sending module 64 is further configured to send a charging end request message to the SeGW, so that the SeGW performs NAT on the charging end request message and sends the message to the WAP GW.
接收模块 61 , 还用于接收 SeGW发送的计费结束响应消息, 该计费 结束响应消息是 S eG W对 WAP GW发送的计费结束响应消息进行 NAT后 发送给接入网设备的。  The receiving module 61 is further configured to receive a charging end response message sent by the SeGW, where the charging end response message is sent by the S eG W to the access network device by performing NAT on the charging end response message sent by the WAP GW.
上述接入网设备可以实现对 WAP业务进行旁路, 进而可以节省带宽 资源。  The access network device can bypass the WAP service, thereby saving bandwidth resources.
图 8 为本发明安全网关一个实施例的结构示意图, 本实施例中的 SeGW可以实现本发明图 2所示实施例的流程, 如图 8所示, 该 SeGW可 以包括:  FIG. 8 is a schematic structural diagram of an embodiment of a security gateway according to the present invention. The SeGW in this embodiment may implement the process of the embodiment shown in FIG. 2 of the present invention. As shown in FIG. 8, the SeGW may include:
消息接收模块 81 , 用于接收接入网设备发送的计费请求消息, 该计费 请求消息是接入网设备接收到用户设备发送的业务请求数据包, 根据用户 设备的上下文信息确定对上述业务请求数据包进行 SeGW 旁路之后发送 给上述 SeGW的, 该计费请求消息携带用户设备的 IP地址和 MSISDN; 以及接收 WAP GW发送的计费应答消息; 以及接收接入网设备发送的业 务请求数据包; 地址转换模块 82, 用于对消息接收模块 81接收的计费请求消息进行 NAT, 以及对消息接收模块 81接收的计费应答消息进行 NAT, 以及对消 息接收模块 81接收的业务请求数据包进行 NAT; The message receiving module 81 is configured to receive an accounting request message sent by the access network device, where the charging request message is that the access network device receives the service request data packet sent by the user equipment, and determines the service according to the context information of the user equipment. After the request packet is sent to the SeGW by the SeGW, the charging request message carries the IP address and the MSISDN of the user equipment; and receives the charging response message sent by the WAP GW; and receives the service request data sent by the access network device. The packet conversion module 82 is configured to perform the charging request message received by the message receiving module 81. NAT, and performing NAT on the charging response message received by the message receiving module 81, and performing NAT on the service request data packet received by the message receiving module 81;
消息发送模块 83 , 用于将进行 NAT后的计费请求消息发送给 WAP GW, 以及将进行 NAT后的计费应答消息发送给接入网设备, 以及将进行 NAT后的业务请求数据包发送给 WAP GW。  The message sending module 83 is configured to send the charging request message after performing the NAT to the WAP GW, and send the charging response message after performing the NAT to the access network device, and send the service request data packet after the NAT is sent to the WAP GW.
上述 SeGW中, 消息接收模块 81接收到接入网设备发送的计费请求 消息之后, 地址转换模块 82对该计费请求消息进行 NAT后发送给 WAP GW, 并对上述 WAP GW发送的计费应答消息进行 NAT后发送给上述接 入网设备, 然后消息发送模块 83可以在消息接收模块 81接收到接入网设 备发送的业务请求数据包, 地址转换模块 82对该接入网设备发送的业务 请求数据包进行 NAT后发送给上述 WAP GW。 从而可以实现对 WAP业 务进行旁路, 进而可以节省带宽资源。  In the foregoing SeGW, after the message receiving module 81 receives the charging request message sent by the access network device, the address converting module 82 performs NAT on the charging request message, and then sends the charging request to the WAP GW, and sends the charging response to the WAP GW. After the message is sent to the NAT, the message is sent to the access network device, and then the message sending module 83 can receive the service request data packet sent by the access network device, and the address conversion module 82 sends the service request to the access network device. After the packet is NATed, it is sent to the WAP GW. Therefore, the WAP service can be bypassed, thereby saving bandwidth resources.
图 9 为本发明安全网关另一个实施例的结构示意图, 与图 8 所示的 SeGW相比, 不同之处在于, 图 9所示的 SeGW中, 地址转换模块 82可 以包括:  FIG. 9 is a schematic structural diagram of another embodiment of the security gateway of the present invention. The difference is that, in the SeGW shown in FIG. 9, the address translation module 82 can include:
替换子模块 821 ,用于将计费请求消息的 IP头中携带的用户设备的 IP 地址替换为 SeGW配置的地址池中空闲的 IP地址, 以及将计费请求消息 携带的计费信息中包含的 UE的 IP地址替换为上述 SeGW配置的地址池 中空闲的 IP地址;  The sub-module 821 is configured to replace the IP address of the user equipment carried in the IP header of the charging request message with the IP address in the address pool configured by the SeGW, and the charging information carried in the charging request message. The IP address of the UE is replaced with an idle IP address in the address pool configured by the foregoing SeGW;
建立子模块 822, 用于建立用户设备的 IP地址与上述空闲的 IP地址 的对应关系;  Establishing a sub-module 822, configured to establish a correspondence between an IP address of the user equipment and the idle IP address;
保存子模块 823 , 用于保存建立子模块 822建立的对应关系。  The saving submodule 823 is configured to save the correspondence established by the establishing submodule 822.
本实施例中, 替换子模块 821 , 还用于根据保存子模块 823保存的对 应关系将计费应答消息中携带的 IP地址替换为用户设备的 IP地址。  In this embodiment, the replacement sub-module 821 is further configured to replace the IP address carried in the charging response message with the IP address of the user equipment according to the corresponding relationship saved by the saving sub-module 823.
进一步地, 替换子模块 821还可以根据保存子模块 823保存的对应关 系, 将接入网设备发送的业务请求数据包中用户设备的 IP 地址替换为上 述空闲的 IP地址; 这样, 消息发送模块 83可以将替换子模块 821替换后 的业务请求数据包发送给 WAP GW。 进一步地, 上述 SeGW还可以包括: 信息删除模块 84; Further, the replacement sub-module 821 may further replace the IP address of the user equipment in the service request data packet sent by the access network device with the idle IP address according to the corresponding relationship saved by the storage sub-module 823; thus, the message sending module 83 The service request packet replaced by the replacement submodule 821 can be sent to the WAP GW. Further, the foregoing SeGW may further include: an information deletion module 84;
消息接收模块 81 , 还用于接收接入网设备发送的计费结束请求消息, 以及接收 WAP GW发送的计费结束响应消息;  The message receiving module 81 is further configured to receive an charging end request message sent by the access network device, and receive a charging end response message sent by the WAP GW;
地址转换模块 82, 还用于对消息接收模块 81接收的计费结束请求消 息进行 NAT,以及对消息接收模块 81接收的计费结束响应消息进行 NAT; 消息发送模块 83 , 还用于将进行 NAT后的计费结束请求消息发送给 WAP GW, 以及将进行 NAT后的计费结束响应消息发送给接入网设备; 信息删除模块 84, 用于在消息接收模块 81接收到计费结束响应消息 之后, 删除上述用户设备的上下文信息。  The address conversion module 82 is further configured to perform NAT on the charging end request message received by the message receiving module 81, and perform NAT on the charging end response message received by the message receiving module 81. The message sending module 83 is further configured to perform NAT. The subsequent charging end request message is sent to the WAP GW, and the charging end response message after the NAT is sent to the access network device. The information deleting module 84 is configured to: after the message receiving module 81 receives the charging end response message, , delete the context information of the above user equipment.
进一步地, 上述安全网关还可以包括: 启动模块 85;  Further, the security gateway may further include: a startup module 85;
具体地, 启动模块 85 , 用于启动定时器; 这时, 信息删除模块 84可 以在上述定时器结束之后,如果消息接收模块 81仍未收到 WAP GW发送 的计费结束响应消息, 则删除上述用户设备的上下文信息。  Specifically, the startup module 85 is configured to start a timer. At this time, the information deletion module 84 may delete the foregoing after the timer ends, if the message receiving module 81 still does not receive the charging end response message sent by the WAP GW. Context information of the user device.
上述 SeGW可以实现对 WAP业务进行旁路, 进而可以节省带宽资源。 本领域技术人员可以理解附图只是一个优选实施例的示意图, 附图中 的模块或流程并不一定是实施本发明所必须的。  The foregoing SeGW can bypass the WAP service, thereby saving bandwidth resources. A person skilled in the art can understand that the drawings are only a schematic diagram of a preferred embodiment, and the modules or processes in the drawings are not necessarily required to implement the invention.
本领域技术人员可以理解实施例中的装置中的模块可以按照实施例描述 进行分布于实施例的装置中, 也可以进行相应变化位于不同于本实施例的一 个或多个装置中。 上述实施例的模块可以合并为一个模块, 也可以进一步拆 分成多个子模块。  Those skilled in the art can understand that the modules in the apparatus in the embodiments may be distributed in the apparatus of the embodiment according to the description of the embodiments, or may be correspondingly changed in one or more apparatuses different from the embodiment. The modules of the above embodiments may be combined into one module, or may be further split into a plurality of sub-modules.
最后应说明的是: 以上实施例仅用以说明本发明的技术方案, 而非对 其限制; 尽管参照前述实施例对本发明进行了详细的说明, 本领域的普通 技术人员应当理解: 其依然可以对前述各实施例所记载的技术方案进行修 改, 或者对其中部分技术特征进行等同替换; 而这些修改或者替换, 并不 使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。  It should be noted that the above embodiments are only for explaining the technical solutions of the present invention, and are not intended to be limiting; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those skilled in the art that: The technical solutions described in the foregoing embodiments are modified, or some of the technical features are equivalently replaced. The modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims

权利要求 Rights request
1、 一种业务旁路方法, 其特征在于, 包括: A service bypass method, characterized in that it comprises:
接入网设备接收用户设备发送的业务请求数据包, 根据所述用户设备 的上下文信息确定对所述业务请求数据包进行安全网关旁路;  The access network device receives the service request data packet sent by the user equipment, and determines, according to the context information of the user equipment, that the service request data packet is bypassed by the security gateway;
所述接入网设备生成计费请求消息发送给安全网关, 所述计费请求消 息携带所述用户设备的因特网协议地址和移动台国际综合业务数字网号 码, 以便所述安全网关对所述计费请求消息进行网络地址转换后发送给无 线应用协议业务网关;  The access network device generates an accounting request message and sends the charging request message to the security gateway, where the charging request message carries an Internet Protocol address of the user equipment and a mobile station international integrated service digital network number, so that the security gateway refers to the The fee request message is sent to the wireless application protocol service gateway after performing network address translation;
所述接入网设备接收到所述无线应用协议业务网关发送的计费应答 消息之后, 发送业务请求数据包给所述安全网关, 以便所述安全网关对所 述接入网设备发送的业务请求数据包进行网络地址转换后发送给所述无 线应用协议业务网关。  After receiving the charging response message sent by the wireless application protocol service gateway, the access network device sends a service request data packet to the security gateway, so that the security gateway sends a service request to the access network device. The data packet is sent to the wireless application protocol service gateway after performing network address translation.
2、 根据权利要求 1 所述的方法, 其特征在于, 所述接入网设备接收 用户设备发送的业务请求数据包之前, 还包括:  The method according to claim 1, wherein before the access network device receives the service request data packet sent by the user equipment, the method further includes:
所述接入网设备接收所述用户设备发送的分组数据协议上下文建立 请求消息, 根据所述分组数据协议上下文建立请求消息中携带的接入点名 称确定对所述用户设备进行安全网关旁路, 并记录所述用户设备的上下文 信息。  Receiving, by the access network device, a packet data protocol context establishment request message sent by the user equipment, and determining, by the access point name carried in the packet data protocol context establishment request message, performing a security gateway bypass on the user equipment, And recording context information of the user equipment.
3、 根据权利要求 1或 2所述的方法, 其特征在于, 所述根据所述用 户设备的上下文信息确定对所述业务请求数据包进行安全网关旁路之后, 还包括:  The method according to claim 1 or 2, wherein, after determining, according to the context information of the user equipment, the security gateway bypassing the service request data packet, the method further includes:
所述接入网设备緩存所述业务请求数据包;  The access network device buffers the service request data packet;
所述发送业务请求数据包给所述安全网关包括:  The sending the service request data packet to the security gateway includes:
所述接入网设备删除緩存的业务请求数据包的用户面通用分组无线 业务隧道协议头部之后, 将删除所述用户面通用分组无线业务隧道协议头 部的业务请求数据包通过隧道发送给所述安全网关。 After the access network device deletes the user plane general packet radio service tunnel protocol header of the buffered service request data packet, the user plane general packet radio service tunnel protocol header is deleted. The service request packet of the department is sent to the security gateway through a tunnel.
4、 根据权利要求 1或 2所述的方法, 其特征在于, 所述接入网设备 生成计费请求消息发送给安全网关之后, 所述接入网设备接收到所述无线 应用协议业务网关发送的计费应答消息之前, 还包括:  The method according to claim 1 or 2, wherein after the access network device generates a charging request message and sends the message to the security gateway, the access network device receives the wireless application protocol service gateway to send Before the billing response message, it also includes:
如果所述接入网设备接收到所述用户设备发送的另一业务请求消息, 则所述接入网设备丟弃所述另一业务请求消息。  And if the access network device receives another service request message sent by the user equipment, the access network device discards the another service request message.
5、 根据权利要求 1或 2所述的方法, 其特征在于, 还包括: 所述接入网设备接收到所述用户设备发送的分组数据协议上下文删 除请求消息之后, 向通用分组无线业务支持节点发送分组数据协议上下文 删除请求消息;  The method according to claim 1 or 2, further comprising: after the access network device receives the packet data protocol context deletion request message sent by the user equipment, to the general packet radio service support node Sending a packet data protocol context delete request message;
所述接入网设备接收到所述通用分组无线业务支持节点发送的分组 数据协议上下文删除接受消息之后, 删除所述用户设备的上下文信息。  After receiving the packet data protocol context deletion accept message sent by the general packet radio service support node, the access network device deletes the context information of the user equipment.
6、 根据权利要求 5 所述的方法, 其特征在于, 所述向通用分组无线 业务支持节点发送分组数据协议上下文删除请求消息之后, 还包括:  The method according to claim 5, wherein after the sending the packet data protocol context deletion request message to the general packet radio service support node, the method further includes:
所述接入网设备向所述安全网关发送计费结束请求消息, 以便所述安 全网关对所述计费结束请求消息进行网络地址转换后发送给所述无线应 用协议业务网关;  The access network device sends a charging end request message to the security gateway, so that the security gateway performs network address translation on the charging end request message and sends the information to the wireless application protocol service gateway;
所述接入网设备接收所述安全网关发送的计费结束响应消息, 所述计 费结束响应消息是所述安全网关对所述无线应用协议业务网关发送的计 费结束响应消息进行网络地址转换后发送给所述接入网设备的。  The access network device receives the charging end response message sent by the security gateway, where the charging end response message is that the security gateway performs network address translation on the charging end response message sent by the wireless application protocol service gateway. And then sent to the access network device.
7、 根据权利要求 1或 2所述的方法, 其特征在于, 所述安全网关对 所述计费请求消息进行网络地址转换后发送给无线应用协议业务网关之 后, 还包括:  The method according to claim 1 or 2, wherein after the security gateway performs network address translation on the charging request message and sends the message to the wireless application protocol service gateway, the method further includes:
所述无线应用协议业务网关建立并保存所述用户设备的移动台国际 综合业务数字网号码和进行网络地址转换后的因特网协议地址的对应关 系。 The wireless application protocol service gateway establishes and stores a correspondence between the mobile station international integrated service digital network number of the user equipment and an internet protocol address after performing network address translation.
8、 一种业务旁路方法, 其特征在于, 包括: 8. A service bypass method, characterized in that:
安全网关接收接入网设备发送的计费请求消息, 所述计费请求消息是 所述接入网设备接收到用户设备发送的业务请求数据包, 根据所述用户设 备的上下文信息确定对所述业务请求数据包进行安全网关旁路之后发送 给所述安全网关的, 所述计费请求消息携带所述用户设备的因特网协议地 址和移动台国际综合业务数字网号码;  The security gateway receives the charging request message sent by the access network device, where the charging request message is that the access network device receives the service request data packet sent by the user equipment, and determines, according to the context information of the user equipment, The service request packet is sent to the security gateway after the security gateway is bypassed, and the charging request message carries an Internet Protocol address of the user equipment and a mobile station international integrated service digital network number;
所述安全网关对所述计费请求消息进行网络地址转换后发送给无线 应用协议业务网关, 接收所述无线应用协议业务网关发送的计费应答消 息, 对所述计费应答消息进行网络地址转换后发送给所述接入网设备; 所述安全网关接收所述接入网设备发送的业务请求数据包, 对所述接 入网设备发送的业务请求数据包进行网络地址转换后发送给所述无线应 用协议业务网关。  The security gateway performs network address translation on the charging request message, and then sends the information to the wireless application protocol service gateway, receives the charging response message sent by the wireless application protocol service gateway, and performs network address translation on the charging response message. And transmitting to the access network device; the security gateway receives the service request data packet sent by the access network device, performs network address translation on the service request data packet sent by the access network device, and sends the service request data packet to the Wireless Application Protocol Service Gateway.
9、 根据权利要求 8 所述的方法, 其特征在于, 所述安全网关对所述 计费请求消息进行网络地址转换包括:  The method according to claim 8, wherein the security gateway performs network address translation on the charging request message, including:
所述安全网关将所述计费请求消息的因特网协议头中携带的所述用 户设备的因特网协议地址替换为所述安全网关配置的地址池中空闲的因 特网协议地址, 以及将所述计费请求消息携带的计费信息中包含的所述用 户设备的因特网协议地址替换为所述安全网关配置的地址池中空闲的因 特网协议地址, 建立并保存所述用户设备的因特网协议地址与所述空闲的 因特网协议地址的对应关系;  The security gateway replaces an Internet Protocol address of the user equipment carried in an Internet Protocol Head of the Accounting Request message with an Internet Protocol address that is idle in an address pool configured by the security gateway, and the charging request is The Internet Protocol address of the user equipment included in the charging information carried by the message is replaced with an Internet Protocol address that is free in the address pool configured by the security gateway, and the Internet Protocol address of the user equipment is established and saved. Correspondence of Internet Protocol addresses;
所述对所述计费应答消息进行网络地址转换包括:  The performing network address translation on the charging response message includes:
所述安全网关根据保存的所述对应关系将所述计费应答消息中携带 的因特网协议地址替换为所述用户设备的因特网协议地址。  The security gateway replaces the Internet Protocol address carried in the charging response message with the Internet Protocol address of the user equipment according to the saved correspondence.
10、 根据权利要求 9所述的方法, 其特征在于, 所述对所述接入网设 备发送的业务请求数据包进行网络地址转换后发送给所述无线应用协议 业务网关包括: 所述安全网关根据保存的所述对应关系, 将所述接入网设备发送的业 务请求数据包中所述用户设备的因特网协议地址替换为所述空闲的因特 网协议地址, 并将替换后的业务请求数据包发送给所述无线应用协议业务 网关。 The method according to claim 9, wherein the performing the network address translation on the service request data packet sent by the access network device and transmitting the information to the wireless application protocol service gateway comprises: The security gateway replaces the Internet Protocol address of the user equipment in the service request data packet sent by the access network device with the idle Internet protocol address according to the saved correspondence, and replaces the replaced service The request packet is sent to the wireless application protocol service gateway.
11、 根据权利要求 8-10任意一项所述的方法, 其特征在于, 还包括: 所述安全网关接收所述接入网设备发送的计费结束请求消息, 对所述 计费结束请求消息进行网络地址转换后发送给所述无线应用协议业务网 关;  The method according to any one of claims 8 to 10, further comprising: the security gateway receiving an charging end request message sent by the access network device, and the charging end request message Transmitting to the wireless application protocol service gateway after performing network address translation;
所述安全网关接收所述无线应用协议业务网关发送的计费结束响应 消息, 删除所述用户设备的上下文信息, 并对所述计费结束响应消息进行 网络地址转换后发送给所述接入网设备。  The security gateway receives the charging end response message sent by the wireless application protocol service gateway, deletes the context information of the user equipment, and performs network address translation on the charging end response message, and then sends the information to the access network. device.
12、 根据权利要求 11所述的方法, 其特征在于, 还包括:  12. The method according to claim 11, further comprising:
所述安全网关启动定时器, 如果在所述定时器结束之后, 仍未收到所 述无线应用协议业务网关发送的计费结束响应消息, 则所述安全网关删除 所述用户设备的上下文信息。  The security gateway starts a timer, and if the charging end response message sent by the wireless application protocol service gateway is not received after the timer ends, the security gateway deletes the context information of the user equipment.
13、 一种接入网设备, 其特征在于, 包括:  13. An access network device, comprising:
接收模块, 用于接收用户设备发送的业务请求数据包, 以及接收所述 无线应用协议业务网关发送的计费应答消息;  a receiving module, configured to receive a service request data packet sent by the user equipment, and receive a charging response message sent by the wireless application protocol service gateway;
确定模块, 用于根据所述用户设备的上下文信息确定对所述业务请求 数据包进行安全网关旁路;  a determining module, configured to determine, according to the context information of the user equipment, performing a security gateway bypass on the service request data packet;
生成模块, 用于生成计费请求消息, 所述计费请求消息携带所述用户 设备的因特网协议地址和移动台国际综合业务数字网号码;  a generating module, configured to generate a charging request message, where the charging request message carries an Internet Protocol address of the user equipment and a mobile station international integrated service digital network number;
发送模块, 用于将所述生成模块生成的计费请求消息发送给安全网 关, 以便所述安全网关对所述计费请求消息进行网络地址转换后发送给无 线应用协议业务网关; 以及在所述接收模块接收到所述无线应用协议业务 网关发送的计费应答消息之后, 发送业务请求数据包给所述安全网关, 以 便所述安全网关对所述发送模块发送的业务请求数据包进行网络地址转 换后发送给所述无线应用协议业务网关。 a sending module, configured to send the charging request message generated by the generating module to the security gateway, so that the security gateway performs network address translation on the charging request message, and then sends the information to the wireless application protocol service gateway; After receiving the charging response message sent by the wireless application protocol service gateway, the receiving module sends a service request data packet to the security gateway, to The security gateway performs network address translation on the service request data packet sent by the sending module, and then sends the service request data packet to the wireless application protocol service gateway.
14、 根据权利要求 13 所述的接入网设备, 其特征在于, 还包括: 记 录模块;  The access network device according to claim 13, further comprising: a recording module;
所述接收模块, 还用于接收所述用户设备发送的分组数据协议上下文 建立请求消息;  The receiving module is further configured to receive a packet data protocol context establishment request message sent by the user equipment;
所述确定模块, 还用于根据所述分组数据协议上下文建立请求消息中 携带的接入点名称确定对所述用户设备进行安全网关旁路;  The determining module is further configured to: perform a security gateway bypass on the user equipment according to an access point name carried in the packet data protocol context setup request message;
所述记录模块, 用于记录所述用户设备的上下文信息。  The recording module is configured to record context information of the user equipment.
15、根据权利要求 13或 14所述的接入网设备, 其特征在于,还包括: 删除模块和緩存模块;  The access network device according to claim 13 or 14, further comprising: a deleting module and a cache module;
所述緩存模块, 用于緩存所述接收模块接收的业务请求数据包; 所述删除模块, 用于删除所述緩存模块緩存的业务请求数据包的用户 面通用分组无线业务隧道协议头部;  The cache module is configured to cache a service request data packet received by the receiving module, and the deleting module is configured to delete a user-side general packet radio service tunnel protocol header of the service request data packet buffered by the cache module;
所述发送模块, 具体用于将删除所述用户面通用分组无线业务隧道协 议头部后的业务请求数据包通过隧道发送给所述安全网关。  The sending module is specifically configured to send, by using a tunnel, a service request data packet that is deleted from the user plane general packet radio service tunneling protocol header to the security gateway.
16、根据权利要求 13或 14所述的接入网设备, 其特征在于,还包括: 丟弃模块, 用于在所述发送模块将所述计费请求消息发送给安全网关 之后, 所述接收模块接收到所述无线应用协议业务网关发送的计费应答消 息之前, 当所述接收模块接收到所述用户设备发送的另一业务请求消息 时, 丟弃所述另一业务请求消息。  The access network device according to claim 13 or 14, further comprising: a discarding module, configured to: after the sending module sends the charging request message to the security gateway, the receiving Before receiving the charging response message sent by the wireless application protocol service gateway, the module discards the another service request message when the receiving module receives another service request message sent by the user equipment.
17、根据权利要求 13或 14所述的接入网设备, 其特征在于,还包括: 上下文删除模块;  The access network device according to claim 13 or 14, further comprising: a context deletion module;
所述接收模块, 还用于接收所述用户设备发送的分组数据协议上下文 删除请求消息, 以及接收所述通用分组无线业务支持节点发送的分组数据 协议上下文删除接受消息; 所述发送模块, 还用于在所述接收模块接收到所述分组数据协议上下 文删除请求消息之后, 向通用分组无线业务支持节点发送分组数据协议上 下文删除请求消息; The receiving module is further configured to receive a packet data protocol context deletion request message sent by the user equipment, and receive a packet data protocol context deletion accept message sent by the general packet radio service support node; The sending module is further configured to: after the receiving module receives the packet data protocol context deletion request message, send a packet data protocol context deletion request message to the general packet radio service support node;
所述上下文删除模块, 用于在所述接收模块接收到所述分组数据协议 上下文删除接受消息之后, 删除所述用户设备的上下文信息。  The context deletion module is configured to delete context information of the user equipment after the receiving module receives the packet data protocol context deletion accept message.
18、 根据权利要求 17所述的接入网设备, 其特征在于,  18. The access network device of claim 17, wherein
所述发送模块, 还用于向所述安全网关发送计费结束请求消息, 以便 所述安全网关对所述计费结束请求消息进行网络地址转换后发送给所述 无线应用协议业务网关;  The sending module is further configured to send a charging end request message to the security gateway, so that the security gateway performs network address translation on the charging end request message and sends the information to the wireless application protocol service gateway.
所述接收模块, 还用于接收所述安全网关发送的计费结束响应消息, 所述计费结束响应消息是所述安全网关对所述无线应用协议业务网关发 送的计费结束响应消息进行网络地址转换后发送给所述接入网设备的。  The receiving module is further configured to receive a charging end response message sent by the security gateway, where the charging end response message is a network that is sent by the security gateway to the charging end response message sent by the wireless application protocol service gateway. The address is translated and sent to the access network device.
19、 一种安全网关, 其特征在于, 包括:  19. A security gateway, comprising:
消息接收模块, 用于接收接入网设备发送的计费请求消息, 所述计费 请求消息是所述接入网设备接收到用户设备发送的业务请求数据包, 根据 所述用户设备的上下文信息确定对所述业务请求数据包进行安全网关旁 路之后发送给所述安全网关的, 所述计费请求消息携带所述用户设备的因 特网协议地址和移动台国际综合业务数字网号码; 以及接收所述无线应用 协议业务网关发送的计费应答消息; 以及接收所述接入网设备发送的业务 请求数据包;  a message receiving module, configured to receive an accounting request message sent by the access network device, where the charging request message is that the access network device receives the service request data packet sent by the user equipment, according to the context information of the user equipment Determining, after the security request gateway of the service request data packet is sent to the security gateway, the charging request message carries an Internet Protocol address of the user equipment and a mobile station international integrated service digital network number; and a receiving station And a charging response message sent by the wireless application protocol service gateway; and receiving a service request data packet sent by the access network device;
地址转换模块, 用于对所述消息接收模块接收的所述计费请求消息进 行网络地址转换, 以及对所述消息接收模块接收的所述计费应答消息进行 网络地址转换, 以及对所述消息接收模块接收的所述业务请求数据包进行 网络地址转换;  An address translation module, configured to perform network address translation on the charging request message received by the message receiving module, and perform network address translation on the charging response message received by the message receiving module, and the message Receiving, by the receiving module, the service request data packet to perform network address translation;
消息发送模块, 用于将进行网络地址转换后的计费请求消息发送给无 线应用协议业务网关, 以及将进行网络地址转换后的计费应答消息发送给 所述接入网设备, 以及将进行网络地址转换后的业务请求数据包发送给所 述无线应用协议业务网关。 a message sending module, configured to send a charging request message after performing network address translation to a wireless application protocol service gateway, and send a charging response message after performing network address translation to The access network device, and the service request data packet that performs network address translation, is sent to the wireless application protocol service gateway.
20、 根据权利要求 19所述的安全网关, 其特征在于, 所述地址转换 模块包括:  The security gateway according to claim 19, wherein the address translation module comprises:
替换子模块, 用于将所述计费请求消息的因特网协议头中携带的所述 用户设备的因特网协议地址替换为所述安全网关配置的地址池中空闲的 因特网协议地址, 以及将所述计费请求消息携带的计费信息中包含的所述 用户设备的因特网协议地址替换为所述安全网关配置的地址池中空闲的 因特网协议地址;  a replacement submodule, configured to replace an internet protocol address of the user equipment carried in an internet protocol header of the charging request message with an idle internet protocol address in an address pool configured by the security gateway, and The Internet Protocol address of the user equipment included in the charging information carried in the fee request message is replaced with an idle Internet protocol address in the address pool configured by the security gateway;
建立子模块, 用于建立所述用户设备的因特网协议地址与所述空闲的 因特网协议地址的对应关系;  Establishing a submodule, configured to establish a correspondence between an Internet Protocol address of the user equipment and the idle Internet Protocol address;
保存子模块, 用于保存所述建立子模块建立的对应关系。  The saving submodule is configured to save the correspondence established by the establishing submodule.
21、 根据权利要求 20所述的安全网关, 其特征在于,  21. The security gateway of claim 20, wherein
所述替换子模块, 还用于根据所述保存子模块保存的所述对应关系将 所述计费应答消息中携带的因特网协议地址替换为所述用户设备的因特 网协议地址。  The replacement sub-module is further configured to replace the Internet Protocol address carried in the charging response message with the Internet Protocol address of the user equipment according to the correspondence relationship saved by the saving sub-module.
22、 根据权利要求 20所述的安全网关, 其特征在于,  22. The security gateway of claim 20, wherein
所述替换子模块, 还用于根据所述保存子模块保存的所述对应关系, 将所述接入网设备发送的业务请求数据包中所述用户设备的因特网协议 地址替换为所述空闲的因特网协议地址;  The replacement sub-module is further configured to: replace the Internet Protocol address of the user equipment in the service request data packet sent by the access network device with the idle relationship according to the correspondence relationship saved by the save submodule Internet protocol address;
所述消息发送模块, 具体用于将所述替换子模块替换后的业务请求数 据包发送给所述无线应用协议业务网关。  The message sending module is specifically configured to send the service request data packet that is replaced by the replacement submodule to the wireless application protocol service gateway.
23、 根据权利要求 19-22任意一项所述的安全网关, 其特征在于, 还 包括: 信息删除模块;  The security gateway according to any one of claims 19 to 22, further comprising: an information deletion module;
所述消息接收模块, 还用于接收所述接入网设备发送的计费结束请求 消息, 以及接收所述无线应用协议业务网关发送的计费结束响应消息; 所述地址转换模块, 还用于对所述消息接收模块接收的所述计费结束 请求消息进行网络地址转换, 以及对所述消息接收模块接收的所述计费结 束响应消息进行网络地址转换; The message receiving module is further configured to receive a charging end request message sent by the access network device, and receive a charging end response message sent by the wireless application protocol service gateway; The address translation module is further configured to: perform network address translation on the charging end request message received by the message receiving module, and perform network address translation on the charging end response message received by the message receiving module;
所述消息发送模块, 还用于将进行网络地址转换后的计费结束请求消 息发送给所述无线应用协议业务网关, 以及将进行网络地址转换后的计费 结束响应消息发送给所述接入网设备;  The message sending module is further configured to send a charging end request message after performing network address translation to the wireless application protocol service gateway, and send a charging end response message after performing network address translation to the access Network equipment;
所述信息删除模块, 用于在所述消息接收模块接收到计费结束响应消 息之后, 删除所述用户设备的上下文信息。  The information deleting module is configured to delete the context information of the user equipment after the message receiving module receives the charging end response message.
24、 根据权利要求 23 所述的安全网关, 其特征在于, 还包括: 启动 模块;  The security gateway according to claim 23, further comprising: a startup module;
所述启动模块, 用于启动定时器;  The startup module is configured to start a timer;
所述信息删除模块, 具体用于在所述定时器结束之后, 如果所述消息 接收模块仍未收到所述无线应用协议业务网关发送的计费结束响应消息, 则删除所述用户设备的上下文信息。  The information deleting module is specifically configured to delete the context of the user equipment if the message receiving module does not receive the charging end response message sent by the wireless application protocol service gateway after the timer is ended. information.
PCT/CN2011/078620 2011-08-19 2011-08-19 Service bypass method, access network device and security gateway WO2012119399A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201180001840.4A CN102726075B (en) 2011-08-19 2011-08-19 Business by-pass method, access network device and secure gateway
PCT/CN2011/078620 WO2012119399A1 (en) 2011-08-19 2011-08-19 Service bypass method, access network device and security gateway

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2011/078620 WO2012119399A1 (en) 2011-08-19 2011-08-19 Service bypass method, access network device and security gateway

Publications (1)

Publication Number Publication Date
WO2012119399A1 true WO2012119399A1 (en) 2012-09-13

Family

ID=46797447

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/078620 WO2012119399A1 (en) 2011-08-19 2011-08-19 Service bypass method, access network device and security gateway

Country Status (2)

Country Link
CN (1) CN102726075B (en)
WO (1) WO2012119399A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114125818A (en) * 2021-11-23 2022-03-01 北京字节跳动网络技术有限公司 Service parameter transmission method, device, system, electronic equipment and storage medium

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103139205B (en) * 2013-01-30 2016-10-26 华为技术有限公司 Message processing method, device and the webserver
CN104427551A (en) * 2013-08-22 2015-03-18 中兴通讯股份有限公司 A business message transmitting method and apparatus
CN108134857B (en) * 2017-12-26 2020-03-13 中国联合网络通信集团有限公司 IP address allocation method, device and system
CN108900314B (en) * 2018-07-19 2022-03-01 网宿科技股份有限公司 Request number charging method and device for network acceleration service
CN115150353B (en) * 2022-06-30 2024-01-23 北京天融信网络安全技术有限公司 Method, device, electronic equipment and storage medium for realizing bypass of reverse proxy service

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101754318A (en) * 2009-12-23 2010-06-23 华为技术有限公司 Bypass data transmission method and system, and access point network device
CN101753414A (en) * 2008-12-08 2010-06-23 华为技术有限公司 Data sending method, system and device
CN101795478A (en) * 2010-03-31 2010-08-04 华为技术有限公司 Method for data bypass, network side equipment and access gateway

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101399853B (en) * 2007-09-24 2010-12-08 中国移动通信集团公司 Customer identification server, data service processing system and method
US8265046B2 (en) * 2008-04-10 2012-09-11 Nokia Corporation System and method for generic access network registration by a mobile station during network congestion
CN101925038B (en) * 2009-06-12 2013-01-02 华为技术有限公司 Data transmission method, communication device and network system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101753414A (en) * 2008-12-08 2010-06-23 华为技术有限公司 Data sending method, system and device
CN101754318A (en) * 2009-12-23 2010-06-23 华为技术有限公司 Bypass data transmission method and system, and access point network device
CN101795478A (en) * 2010-03-31 2010-08-04 华为技术有限公司 Method for data bypass, network side equipment and access gateway

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114125818A (en) * 2021-11-23 2022-03-01 北京字节跳动网络技术有限公司 Service parameter transmission method, device, system, electronic equipment and storage medium
CN114125818B (en) * 2021-11-23 2023-08-22 北京字节跳动网络技术有限公司 Service parameter transmission method, device, system, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN102726075A (en) 2012-10-10
CN102726075B (en) 2014-12-03

Similar Documents

Publication Publication Date Title
JP2016507930A5 (en)
WO2011079634A1 (en) Traffic offload method, traffic offload function entity and traffic offload system
WO2011006447A1 (en) Method, device and system for transmitting packet service data
US20190394647A1 (en) Communication system, connection control apparatus, mobile terminal, base station control method, service request method, and program
WO2011035473A1 (en) Method, equipment and system for offloading network traffic
WO2007006227A1 (en) Negotiation method and system for establishing interface data paths
WO2012119399A1 (en) Service bypass method, access network device and security gateway
WO2013017098A1 (en) Method, device, and system for ue access to evolved packet core network
JP5617932B2 (en) Gateway apparatus, communication system and method
US11575649B2 (en) Supporting dynamic host configuration protocol-based customer premises equipment in fifth generation wireline and wireless convergence
US20190223013A1 (en) Method for establishing public data network connection and related device
KR102017167B1 (en) Method and apparatus for data traffic offload in a wireless communication system
KR20120080216A (en) Method and apparatus for status transition
WO2016000172A1 (en) Network device and method for allocating access point names
WO2010133107A1 (en) Method and system for home node b gateway forwarding messages to home node b
WO2014101755A1 (en) Service data shunting method and system
WO2012130068A1 (en) Data packet transmission method and related apparatus
US20230146807A1 (en) Supporting dynamic host configuration protocol-based customer premises equipment in fifth generation wireline and wireless convergence
JP2012515477A (en) Method and apparatus for assisting in setting up a multicast backhaul channel in a fixed network for mobile multicast services
WO2011023061A1 (en) Method and system for obtaining ip traffic offload charging information
WO2012100611A1 (en) Method and system for accessing evolved packet system
WO2011147332A1 (en) Method, apparatus and communication system for processing network messages
WO2012028071A1 (en) Method and system for searching local gateway
WO2011020418A1 (en) Connection activation method for changing serving gateway while terminal is converted to connection state and system thereof
WO2013107243A1 (en) Session establishing method and device

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 201180001840.4

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11860568

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11860568

Country of ref document: EP

Kind code of ref document: A1