WO2013044759A1 - Procédé, système et dispositif pour la mise en œuvre d'un contrôle de dérivation de service transparente - Google Patents

Procédé, système et dispositif pour la mise en œuvre d'un contrôle de dérivation de service transparente Download PDF

Info

Publication number
WO2013044759A1
WO2013044759A1 PCT/CN2012/081755 CN2012081755W WO2013044759A1 WO 2013044759 A1 WO2013044759 A1 WO 2013044759A1 CN 2012081755 W CN2012081755 W CN 2012081755W WO 2013044759 A1 WO2013044759 A1 WO 2013044759A1
Authority
WO
WIPO (PCT)
Prior art keywords
epc
access
allowed
service
bng
Prior art date
Application number
PCT/CN2012/081755
Other languages
English (en)
Chinese (zh)
Inventor
刘国燕
朱春晖
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2013044759A1 publication Critical patent/WO2013044759A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/08Access restriction or access information delivery, e.g. discovery data delivery

Definitions

  • the invention relates to the field of mobile communications, and in particular to a method, system and device for implementing a service split control with seams. Background technique
  • the Evolved Packet System (EPS) of the 3rd Generation Partnership Project (3GPP) is evolved by Evolved Universal Terrestrial Radio Access Network (E-UTRAN), mobile The Mobility Management Entity (MME), the Serving Gateway (S-GW), the Packet Data Network Gateway (P-GW), and the Home Subscriber Server (HSS) are formed.
  • E-UTRAN Evolved Universal Terrestrial Radio Access Network
  • MME mobile The Mobility Management Entity
  • S-GW Serving Gateway
  • P-GW Packet Data Network Gateway
  • HSS Home Subscriber Server
  • the EPS supports interworking with non-3GPP systems, as shown in Figure 1, where interworking with non-3GPP systems is implemented through the S2a/b/c interface, and the P-GW acts as an anchor between 3GPP and non-3GPP systems.
  • non-3GPP system access is divided into untrusted non-3GPP access and trusted non-3GPP access; wherein, untrusted non-3GPP access requires evolved packet data gateway (Evolved Packet Data Gateway) , ePDG) is connected to the P-GW, the interface between the ePDG and the P-GW is S2b; the trusted non-3GPP access can be directly connected to the P-GW through the S2a interface, and the S2a interface uses the PMIP protocol for information exchange; in addition, the S2c interface Provides user plane-related control and mobility support between User Equipment (UE) and P-GW.
  • the supported mobility management protocol is dual-stack mobile IPv6 (Moblie IPv6 Support for Dual Stack Hosts and Route
  • Wireless Local Area Network can be trusted Or the untrusted non-3GPP system accesses the EPS, which involves the interworking problem of non-3GPP systems and mobile convergence that many operators pay attention to.
  • BE Best Effort
  • the above two types of services obtain the same bandwidth. The bandwidth is sufficient for the BE service, but may not meet the requirements of services such as voice, resulting in poor transmission quality or even business failure of voice-type services. Therefore, when the mobile terminal accesses the EPS through the WLAN, it is necessary to effectively split the service, as shown in FIG. 2 .
  • the factors that determine whether the UE performs the split traffic is multi-faceted, including the willingness of the UE, the trusted non-3 GPP IP access network (TNAN) network. It is more appropriate for the operator's willingness and the willingness of the mobile network operator, and on which network element the UE is sewn.
  • the main object of the present invention is to provide a method, system and device for implementing a service split control according to a UE, and according to the will of the UE, the will of the TNAN network, and the willingness of the mobile network to comprehensively determine whether the UE performs a slotted service. Diversion.
  • the present invention provides a method for implementing a slotted service offload control, comprising: determining, by a decision network element, whether to allow access to an evolved packet core network (EPC), and/or whether to allow access to an EPC capability indication, and/or Or a local policy to determine whether to allow access to the EPC;
  • EPC evolved packet core network
  • the performing network element performs the operation of the service access according to whether the decision is allowed to access the EPC.
  • the determining network element is an access control device (AC) or a broadband network gateway (BNG) supporting the AC function
  • the method further includes: obtaining, by the AC or the BNG, whether the subscription is allowed to access the EPC. , for:
  • EAP Extensible Authentication Protocol
  • AAA authentication, authorization, and accounting
  • ⁇ ' authentication and key agreement protocol
  • HSS home subscriber server
  • the AAA server sends the subscribed EPC to the AC/BNG through an EAP Request/AKA' Challenge (EAP-REQ/AKA'-Challenge) message in the EAP authentication process.
  • EAP Request/AKA' Challenge EAP-REQ/AKA'-Challenge
  • the method before the EAP authentication, the method further includes: obtaining, by the AC or the BNG, a service set identifier (SSID) accessed by the UE, that is, an access point device (AP) or a home gateway supporting the AP function (RG) determining the SSID accessed by the UE according to the medium access control layer (MAC) address of the accessed UE and the local MAC mapping relationship, and notifying the AC or BNG.
  • SSID service set identifier
  • AP access point device
  • RG home gateway supporting the AP function
  • the method further includes: determining, by the AC or the BNG, whether to allow access to the EPC capability indication according to the SSID and/or the local policy.
  • the method further includes: obtaining, by the AAA server, whether the EPC capability indication is allowed to be accessed, where:
  • the AC or the BNG determines whether the EPC capability indication is allowed to be accessed according to the SSID and/or the local policy, and sends the EAP-RES/Identity message in the EAP authentication process to the AAA server; or
  • the AC or BNG sends the SSID through the EAP-RES/Identity message in the EAP authentication process. And sending to the AAA server, the AAA server determining, according to the SSID and/or the local policy, whether to allow access to the EPC capability indication.
  • the method further includes: acquiring the SSID by the AC or the BNG, as follows:
  • the AP or the RG determines the SSID accessed by the UE according to the MAC address of the accessed UE and the local MAC mapping relationship, and notifies the AC or the BNG.
  • the method further includes: after obtaining the AKA' vector in the EAP authentication process, the AAA server obtains, from the HSS, whether the subscription is allowed to access the EPC.
  • the decision network element determines whether to allow access to the EPC according to whether the subscription is allowed to access the EPC, and/or whether to allow access to the EPC capability indication, and/or the local policy: when the subscription is allowed to access
  • the determining network element according to the local policy, whether to allow access to the EPC or whether to allow access to the EPC capability indication as the decision whether to allow access to the EPC .
  • whether the subscription is allowed to access the EPC, or whether the access to the EPC capability indication is allowed, or whether the decision is allowed to access the EPC is: allowing service offloading, denying service offloading, and accessing the EPC, And refuse to divert traffic but allow access to any of the three EPCs.
  • the performing network element includes: an AAA server, a UE, and an AC or a BNG;
  • the performing the operation of performing the service access by the network element includes:
  • the AAA server replies to the EAP-Success message that the EAP authentication succeeds to the UE, and performs a registration process of the UE to the HSS;
  • the AC or the BNG After the EAP authentication succeeds, when the AC or the BNG receives the message that the UE requests to allocate an IP address, the AC or the BNG allocates a local IP address to the UE, and performs a split service split.
  • the execution network element includes: an AAA server and a UE;
  • the performing the operation of performing the service access by the network element includes:
  • the AAA server After performing the AKA and AKA'-Notification process, the AAA server replies to the UE with an EAP-Failure message that the EAP authentication failed.
  • the executing network element includes: an AAA server, a UE, and an AC or a BNG;
  • the performing the operation of performing the service access by the network element includes:
  • the AAA server replies to the EAP-Success message that the EAP authentication succeeds to the UE, and performs a registration process of the UE to the HSS;
  • the AC/BNG triggers the UE to access the EPC.
  • the present invention also provides an implementation system for a slotted service offload control, comprising: a decision network element and an execution network element, wherein:
  • Determining whether to allow access to the EPC according to whether the contracted access to the EPC, and/or whether to allow access to the EPC capability indication, and/or the local policy;
  • the execution network element is configured to perform an operation of the service access according to whether the determined access to the EPC is allowed.
  • the determining network element includes: an AC or a BNG, configured to obtain whether the subscription is allowed to access the EPC, and is further configured to acquire an SSID accessed by the UE, and determine, according to the SSID and/or the local policy, Whether to allow access to the EPC capability indication.
  • the determining network element includes: an AAA server, configured to obtain the indication of whether the EPC capability is allowed to be accessed, and whether the subscription is allowed to access the EPC.
  • the determining network element is further configured to: when the subscription is allowed to access the EPC and the permission to access the EPC capability indication is different, according to the local policy, whether the subscription is allowed to access the EPC or Whether to allow access to the EPC capability indication as the decision whether to allow access to the EPCo
  • the executing network element when determining whether to allow access to the EPC to allow traffic to be offloaded, includes: an AAA server, a UE, and an AC or a BNG;
  • An AAA server configured to reply to the UE with an EAP-Success message that the EAP authentication succeeds, and perform a registration process of the UE to the HSS;
  • the AC or the BNG is configured to allocate a local IP address to the UE and perform a split service split when receiving a message requesting the UE to allocate an IP address.
  • the determining whether the access to the EPC is allowed to be used for the traffic distribution and the access to the EPC includes: an AAA server and a UE;
  • the AAA server replies to the UE with an EAP-Failure message that the EAP authentication fails.
  • the execution network element includes: an AAA server, a UE, and an AC or a BNG;
  • An AAA server configured to reply to the UE with an EAP-Success message that the EAP authentication succeeds, and perform a registration process of the UE to the HSS;
  • the AC or BNG is triggered to access the EPC.
  • the present invention also provides an apparatus for implementing a service split control, including: an obtaining module, configured to obtain whether a subscription is allowed to access an evolved packet core network (EPC), and/or whether an EPC capability indication is allowed to be accessed. , and / or local strategy;
  • EPC evolved packet core network
  • a decision module configured to determine whether to allow access to the EPCo according to whether the subscription is allowed to access an evolved packet core network (EPC), and/or whether to allow access to an EPC capability indication, and/or a local policy
  • the acquiring module includes: an AC or a BNG sub-module, configured to obtain whether the subscription is allowed to access the EPC, and is further configured to acquire an SSID accessed by the UE, and determine according to the SSID and/or the local policy. Whether to allow access to the EPC capability indication.
  • the obtaining module includes: an AAA server submodule, configured to acquire Whether to allow access to the EPC capability indication; also for obtaining whether the subscription is allowed to access the EPC.
  • the decision module is further configured to: when the subscription is allowed to access the EPC and the permission to access the EPC capability indication is different, according to the local policy, whether the subscription is allowed to access the EPC or whether Allow access to the EPC capability indication as the decision whether to allow access to the EPCo
  • the determining module is further configured to determine whether to allow the access EPC to be any one of the following three types: allowing traffic offloading, denying traffic offloading and accessing the EPC, and denying traffic offloading but allowing access to the EPC.
  • the decision network element determines whether to allow access according to whether the subscription is allowed to access the EPC, and/or whether to allow access to the EPC capability indication, and/or the local policy EPC; where: whether the contracted access to the EPC is the willingness of the mobile network, whether the access to the EPC capability indication is allowed, is the willingness of the UE and the TNAN network, and the local policy is the willingness of the TNAN network or the mobile network, thus achieving According to the will of the UE, the willingness of the TNAN network, and the willingness of the mobile network, comprehensively decide whether the UE performs the slotted service offload (ie, whether to allow access to the EPC), or decides whether the UE performs according to the will of the TNAN network or the will of the mobile network. Sewing business diversion. DRAWINGS
  • FIG. 1 is a network structure diagram of interworking between a 3GPP network and a non-3GPP network in the prior art
  • FIG. 2 is a schematic diagram of a structure in which a UE accesses an EPC and performs slotted service offload through a WLAN S2a interface;
  • FIG. 3 is a flowchart of a method for implementing a service split control of a slot according to an embodiment of the present invention
  • FIG. 4 is a flowchart of a method for implementing a service split control with slotted according to a second embodiment of the present invention
  • FIG. 6 is a schematic structural diagram of an implementation system of a service split control according to the present invention.
  • the basic idea of the method for implementing the slotted service offload control provided by the present invention is: whether the decision network element allows access to the EPC according to the subscription, and/or whether to allow access to the EPC capability indication, and/or the local policy, Determining whether to allow access to the EPC; performing the operation of the service access according to whether the network element is allowed to access the EPC according to the decision.
  • Whether the above-mentioned contracting is allowed to access the EPC may also be referred to as a contracted slotted service offloading permission; whether to allow access to the EPC capability indication may also be referred to as a slotted service offloading capability indication; determining whether to allow access to the EPC may also be called In order to determine whether there is a segregated business diversion.
  • the decision network element is an Access Controller (AC) or a Broadband Network Gateway (BNG) that supports AC functions:
  • AC Access Controller
  • BNG Broadband Network Gateway
  • the AAA server obtains the authentication and key agreement protocol ( ⁇ ') vector, and obtains whether the contract is allowed to access the EPC to the HSS;
  • the AAA server through the EAP request /AKA in the EAP authentication process, challenges ( EAP-REQ/AKA'-Challenge ) message whether the signed access is allowed to be sent to the AC/BNG.
  • the AC or BNG Before EAP authentication, the AC or BNG needs to obtain the Service Set Identifier (SSID) of the UE access, which is: an access point device (AP) or an AP gateway-enabled home gateway (Residential Gateway, RG) determining the SSID accessed by the UE according to the medium access control layer (MAC) address of the accessed UE and the local MAC mapping relationship, and notifying the AC or the BNG;
  • SSID Service Set Identifier
  • AP access point device
  • RG AP gateway-enabled home gateway
  • the AC or BNG determines whether to allow access to the EPC capability indication based on the SSID and/or the local policy.
  • the AC or BNG can be allowed to access the EPC according to the contract, and/or The access EPC capability indication, and/or local policy determines whether access to the EPC is allowed.
  • AAA server There are two ways for the AAA server to obtain access to EPC capability indications:
  • the AP or the RG determines the SSID accessed by the UE according to the MAC address of the accessed UE and the local MAC mapping relationship, and notifies the AC or the BNG; the AC or the BNG determines whether to allow access to the EPC according to the SSID and/or the local policy. Instruct, and send the EAP-RES/Identity message in the EAP authentication process to the AAA server;
  • the AP or the RG determines the SSID that the UE accesses according to the MAC address of the accessed UE and the local MAC mapping relationship, and informs the AC or BNG; the AC or BNG passes the EAP-RES/Identity message in the EAP authentication process to the SSID. Sended to the AAA server, the AAA server determines whether to allow access to the EPC capability indication based on the SSID and/or the local policy.
  • the AAA server obtains whether the subscription is allowed to access the EPC.
  • the AAA server obtains the AKA' vector, the AAA server obtains the contract from the HSS to allow access to the EPC.
  • the AAA server can then decide whether to allow access to the EPC based on whether the subscription is allowed to access the EPC, and/or whether access to the EPC capability indication, and/or local policy is allowed.
  • the decision network element determines whether the access to the EPC is allowed to be: when the subscription is allowed to access the EPC and the access EPC capability indication is not the same, the decision network element is based on the local The policy determines whether to allow access to the EPC or whether to allow access to the EPC capability indication as a decision whether to allow access to the EPC.
  • the decision network element may also decide whether to allow access to the EPC according to whether the subscription is allowed to access the EPC or whether to allow access to the EPC capability indication, that is, whether the decision network element directly permits the access to the EPC. Or whether to allow access to the EPC capability indication as a decision whether to allow access to the EPCo
  • Whether the contract is allowed to access the EPC, or whether to allow access to the EPC capability indication, or whether to allow access to the EPC, is: Allow traffic to be diverted, refuse traffic diversion, and access EPC and Reject traffic splitting but allow access to any of the three EPCs.
  • the performing network element includes: an AAA server, a UE, and an AC or a BNG; and the performing the operation of the network element to perform the service access includes: the AAA server returns an EAP-Success message that the EAP authentication succeeds to the UE, and performs the UE to the HSS.
  • the AC or the BNG receives the message that the UE requests to allocate an IP address, the UE allocates a local IP address and performs a split service split.
  • the operation network element includes: an AAA server and a UE; and the performing the operation of the network element to perform the service access includes: After performing the AKA, -Notification process, the AAA server returns the EAP of the EAP authentication failure to the UE. Failure message.
  • the operation network element includes: an AAA server, a UE, and an AC or a BNG.
  • the operation of performing the network element to perform the service access includes: the AAA server replies to the EAP-Success that the EAP authentication succeeds to the UE.
  • the message, and the registration process of the UE is performed to the HSS; after the EAP authentication succeeds, the AC/BNG triggers the UE to access the EPC.
  • Embodiment 1 This embodiment is a specific description of the above case 1.
  • the control flow of the seamed business distribution includes:
  • Step 301 The UE selects an SSID access according to the wireless mechanism of the WLAN, and accesses the corresponding AP/RG (the AP or the RG supporting the AP function, and if it is an AP, the corresponding AC, if it is the RG, the corresponding BNG).
  • the corresponding AP/RG the AP or the RG supporting the AP function, and if it is an AP, the corresponding AC, if it is the RG, the corresponding BNG.
  • the AP/RG can know the SSID accessed by the UE according to the Medium Access Control Layer (MAC) address of the UE and the local MAC mapping relationship, and notify the AC of the SSID accessed by the UE by using a message.
  • BNG Medium Access Control Layer
  • CAPWAP Control and Provisioning of Wireless Access Points
  • the AC/BNG as an Extensible Authentication Protocol (EAP) Authenticator, triggers an EAP authentication process to the UE, and first sends an EAP Request/Identity (EAP-REQ/Identity) message to the UE.
  • EAP Extensible Authentication Protocol
  • Step 304 The UE returns an EAP Response/Identity (EAP-RES/Identity) message to the AC/BNG.
  • EAP-RES/Identity EAP Response/Identity
  • Step 305 The AC/BNG sends an EAP-RES/Identity message to the AAA server through an Authentication, Authorization, and Accounting (AAA) proxy.
  • AAA Authentication, Authorization, and Accounting
  • Step 306 the AAA server sends an EAP request/ ⁇ ' identity (EAP-REQ/AKA'-Identity) message to the AC/BNG through the AAA proxy, and the AC/BNG forwards the message to the UE;
  • EAP-REQ/AKA'-Identity EAP-REQ/AKA'-Identity
  • the UE returns an EAP Response / AKA, Identity (EAP-RES/AKA'-Identity) message to the AC/BNG, and the AC/BNG sends the message to the AAA server through the AAA proxy.
  • EAP-RES/AKA'-Identity EAP-RES/AKA'-Identity
  • Step 307 After receiving the EAP-RES/AKA'-Identity message, the AAA server requests an authentication and Key Agreement (AKA') vector from the HSS.
  • AKA' authentication and Key Agreement
  • the HSS first determines the AAA server registered by the UE. Whether the AAA server requesting the vector is the same, if yes, the HSS returns a vector to the AAA server; if not, the HSS returns a vector to the AAA server registered by the UE.
  • Step 308 After obtaining the AKA' vector, the AAA server obtains the information about the UE subscription from the HSS, which mainly includes: whether the subscription is allowed to access the EPC, and the HSS carries the information to the AAA server through the return profile message.
  • Step 309 The AAA server sends an EAP Request/ ⁇ ' Challenge (EAP-REQ/AKA, -Challenge) message to the AC/BNG through the AAA proxy, where the bearer is allowed to access the EPC; the AC/BNG will EAP-REQ/AKA The -Challenge message is sent to the UE.
  • the EAP-REQ/AKA'-Challenge message can carry the subscription to allow access to the EPC (in this case, the UE does not allow access to the EPC for processing the subscription), or not carry.
  • AC/BNG receives the EAP-REQ/AKA'-Challenge message, it is based on the contract. Whether to allow access to the EPC, and/or the SSID and/or local policy accessed by the UE, whether to allow access to the EPCo
  • access to the EPC includes the following three cases: Allowing traffic to be offloaded; Denying traffic offloading and accessing the EPC; Denying traffic offloading but allowing access to the EPC.
  • the above three cases can be represented by corresponding values, for example: 1 means that the service is allowed to be offloaded; 2 means that the service is offloaded and accesses the EPC; and 3 means that the service is offloaded but allowed to access the EPC.
  • 1 means that the service is allowed to be offloaded
  • 2 means that the service is offloaded and accesses the EPC
  • 3 means that the service is offloaded but allowed to access the EPC.
  • it can also be represented by defining other forms of values.
  • the AC/BNG decides whether to allow access to the EPC according to whether the contracted access to the EPC, and/or the SSID and/or local policy of the UE access is allowed:
  • the AC/BNG can decide whether to allow access to the EPC according to whether the subscription is allowed or not, and whether the subscription is allowed to access the EPC as the final decision whether to allow access to the EPC;
  • the AC/BNG can also be determined according to the SSID of the UE access.
  • the AC/BNG is configured with the SSID corresponding to the three conditions of the EPC.
  • the AC/BNG can know the SSID according to the SSID accessed by the UE. Whether the access to the EPC is allowed, may be referred to as whether to allow access to the EPC capability indication; whether the AC/BNG directly allows access to the EPC capability indication as the final decision whether to allow access to the EPC;
  • the AC/BNG can also be determined according to whether the subscription is allowed to access the EPC, whether the access to the EPC capability indication and the local policy are allowed, for example: when the subscription is allowed to access the EPC and whether the access to the EPC capability indication conflict is allowed (ie, no).
  • the same can be performed according to the configuration of the AC/BNG local policy, whether the contracted access to the EPC is allowed as the decision result, or whether the access to the EPC capability indication is allowed as the decision result.
  • AC/BNG can also decide whether to allow access to EPC based on local policies.
  • Step 310 The UE returns an EAP Response/ ⁇ A Challenge (EAP-RES/AKA'-Challenge) message to the AC/BNG, and the AC/BNG carries the determined EPC-RES/AKA'-Challenge message to allow access to the EPC. Send to AAA service through AAA proxy Device.
  • EAP-RES/AKA'-Challenge EAP Response/ ⁇ A Challenge
  • the AAA server performs the corresponding service access operation processing according to whether it is allowed to access the EPC, and can be divided into the following three situations:
  • step 311-312 if the decision is made to allow access to the EPC to allow traffic to be offloaded, the AAA server replies with an EAP-Success message (EAP success message) to the UE, indicating that the EAP authentication is successful. Moreover, the AAA server performs a registration process of the UE to the HSS, and the AAA server saves the access session information related to the UE.
  • EAP success message EAP-Success message
  • Step 313 After the EAP authentication succeeds, when the AC/BNG receives the message that the UE requests to allocate an IP address, the AC/BNG allocates an IP address to the UE according to the decision whether to allow access to the EPC (allowing traffic splitting), and performs an IP address locally. Sewing business diversion.
  • Step 311 If the deciding whether to allow the access EPC to deny the traffic offloading and accessing the EPC, the AKA, the notification (AKA, -Notification) process is performed between the AAA server and the UE, and the AAA server may notify the UE through the process. The result of the failure.
  • Step 312 After performing the AKA, -Notification process, the AAA server replies to the UE with an EAP-Failure message (EAP failure message).
  • EAP failure message EAP failure message
  • the UE is terminated because the EAP authentication fails.
  • This scenario may occur when a malicious UE requests an SSID that only allows traffic to be offloaded or accesses the EPC.
  • the contracted traffic offload indication is exactly the opposite of what is requested, and therefore, the EAP authentication fails.
  • the AAA server replies with an EAP-Success message to the UE, indicating that the EAP authentication is successful, if the EPC is allowed to access the EPC to allow the traffic to be diverted. Moreover, the AAA server performs the registration process of the UE to the HSS, and the AAA server guarantees The access session information related to the UE is stored.
  • Step 313 After the EAP authentication succeeds, the AC/BNG triggers the UE to access the EPC.
  • Embodiment 2 This embodiment is a specific description of the above case 2.
  • the implementation process of the seamed traffic distribution control includes:
  • Step 401 The UE selects an SSID access according to the wireless mechanism of the WLAN, and accesses the corresponding AP/RG.
  • Step 402 The AP/RG can know the SSID accessed by the UE according to the MAC address of the UE and the local MAC mapping relationship, and notify the AC/BNG of the SSID accessed by the UE by using a message.
  • the AC/BNG determines whether to allow access to the EPC capability indication based on the SSID accessed by the UE. Steps 403 to 404 are the same as steps 303 to 304, and are not described herein again.
  • Step 405 After receiving the EAP-RES/Identity message sent by the UE, the AC/BNG carries the EPC capability indication in the message, and sends the EPC capability indication to the AAA server through the AAA proxy.
  • Steps 406 to 407 are the same as steps 306 to 307, and are not described herein again.
  • Step 408 After obtaining the AKA' vector, the AAA server obtains the information about the UE subscription from the HSS, including: whether the subscription is allowed to access the EPC, and the HSS carries the information to the AAA server through the return profile message.
  • the AAA server decides whether to allow access to the EPC according to whether the subscription allows access to the EPC, and/or whether access to the EPC capability indication and/or local policy decision is allowed.
  • the AAA server can decide whether to allow access to the EPC according to whether the subscription is allowed, and whether the subscription is allowed to access the EPC as the final decision whether to allow access to the EPC;
  • the AAA server may also decide whether to allow access to the EPC capability indication according to whether to allow access to the EPC capability indication, and whether to allow access to the EPC capability indication as a final decision whether to allow access to the EPC;
  • the AAA server can also decide whether to allow access to the EPC, whether to allow access to the EPC capability indication, and the local policy. Specifically: when the subscription is allowed to access the EPC and whether access to the EPC capability indication conflict is allowed (ie, no The same), according to the AAA server The related configuration of the local policy is performed, whether the contracted access to the EPC is allowed as the decision result, or whether the access to the EPC capability indication is allowed as the decision result.
  • the AAA server can also decide whether to allow access to the EPC based on the local policy.
  • Step 409 the AKA, -Challenge process is completed between the AAA server and the UE. specific:
  • the AAA server sends an EAP-REQ/AKA'-Challenge message to the AC/BNG through the AAA proxy, which carries the decision to allow access to the EPC.
  • AC/BNG will
  • the EAP-REQ/AKA'-Challenge message is sent to the UE.
  • the EAP-REQ/AKA'-Challenge message can carry the decision whether to allow access to the EPC.
  • the UE does not allow access to the EPC. It can be processed or not.
  • the UE returns an EAP-RES/AKA'-Challenge message to the AC/BNG, AC/BNG will
  • the EAP-RES/AKA'-Challenge message is sent to the AAA server through the AAA proxy.
  • the process is basically the same as the process in FIG. 4, and the difference is: in step 505, after receiving the EAP-RES/Identity message sent by the UE, the AC/BNG carries the UE access message in the message. SSID, instead of whether to allow access to EPC capability indications.
  • step 508 after the AAA server obtains whether the subscription is allowed to access the EPC, the AAA server decides whether to allow access to the EPC according to whether the subscription is allowed to access the EPC, and/or the SSID and/or the local policy accessed by the UE, specifically of:
  • the AAA server can decide whether to allow access to the EPC according to whether the subscription is allowed, and whether the subscription is allowed to access the EPC as the final decision whether to allow access to the EPC;
  • the AAA server can also be determined according to the SSID of the UE access. For example, the AAA server locally configures the SSID corresponding to the three conditions for accessing the EPC. The AAA server can know whether the SSID is allowed according to the SSID accessed by the UE.
  • the case of accessing the EPC may be referred to as whether to allow access to the EPC capability indication; the AAA server directly determines whether to allow access to the EPC capability indication as the final decision whether to allow access to the EPC;
  • the AAA server can also make decisions according to whether the subscription is allowed to access the EPC, whether to allow access to the EPC capability indication, and the local policy, for example: when the subscription is allowed to access the EPC and whether the access to the EPC capability indication conflict is allowed (ie, not the same) According to the configuration of the local policy of the AAA server, whether the contracted access to the EPC is allowed as the decision result, or whether the access to the EPC capability indication is allowed as the decision result.
  • the AAA server can also decide whether to allow access to the EPC based on the local policy.
  • the AP/RG replaces the AC/BNG to perform the corresponding operations, including: EAP certifiers, as well as decision-making operations that allow for the segregation of business.
  • the present invention further provides a system for implementing a service split control with a seam, as shown in FIG. 6, comprising: a decision network element and an execution network element, where:
  • a decision network element configured to determine whether to allow access to the EPC according to whether the contract is allowed to access the EPC, and/or whether to allow access to the EPC capability indication, and/or the local policy;
  • the operation network element is configured to perform an operation of accessing the service according to whether the access is allowed to access the EPC.
  • the decision network element includes: AC or BNG, which is used to obtain whether the subscription is allowed to access the EPC; and is used to obtain the SSID accessed by the UE, and determine whether to allow access to the EPC capability indication according to the SSID and/or the local policy.
  • the decision network element includes: an AAA server, configured to obtain whether to allow access to the EPC capability indication; and also used to obtain whether the subscription is allowed to access the EPC.
  • the decision network element is further configured to: when the subscription is allowed to access the EPC and whether the access to the EPC capability indication is different, according to the local policy, whether the subscription is allowed to access the EPC or whether the access to the EPC capability indication is allowed is determined. Whether to allow access to the EPC.
  • the executing network element When determining whether to allow access to the EPC to allow traffic to be offloaded, the executing network element includes: an AAA server, a UE, and an AC or BNG;
  • An AAA server configured to reply to the EAP-Success message that the EAP authentication succeeds to the UE, and Performing a registration process of the UE to the HSS;
  • the AC or the BNG is configured to allocate a local IP address to the UE and perform a split service split when receiving a message requesting the UE to allocate an IP address.
  • the execution network element includes: an AAA server and a UE;
  • the AAA server replies to the UE with an EAP-Failure message that the EAP authentication fails.
  • the execution network element includes: an AAA server, a UE, and an AC or BNG;
  • An AAA server configured to reply to the UE with an EAP-Success message that the EAP authentication succeeds, and perform a registration process of the UE to the HSS;
  • the AC or BNG is triggered to access the EPC.
  • the present invention also provides an apparatus for implementing a service split control of a slot.
  • the apparatus is applicable to the decision network element described above, and the apparatus includes:
  • An obtaining module configured to obtain whether the subscription is allowed to access an evolved packet core network (EPC), and/or whether to allow access to an EPC capability indication, and/or a local policy;
  • EPC evolved packet core network
  • the decision module is configured to determine whether to allow access to the EPC according to whether the contracted access to the evolved packet core network (EPC), and/or whether to allow access to the EPC capability indication, and/or the local policy.
  • EPC evolved packet core network
  • the obtaining module includes: an AC or BNG sub-module, configured to obtain whether the subscription is allowed to access the EPC; and is further configured to acquire an SSID accessed by the UE, and determine whether to allow access to the EPC capability indication according to the SSID and/or the local policy. .
  • the obtaining module includes: an AAA server sub-module, configured to obtain whether to allow access to the EPC capability indication, and also used to obtain whether the subscription is allowed to access the EPC.
  • the decision module is further configured to: when the subscription is allowed to access the EPC and whether the access EPC capability indication is different, according to the local policy, whether the subscription is allowed to access the EPC or whether the access to the EPC capability indication is allowed as the decision is Allow access to the EPC.
  • the decision module is also used to determine whether to allow access to the EPC in any of the following three types: Allow traffic offload, Deny traffic offload and access EPC, and Deny traffic offload but allow access to EPC.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention se rapporte à un procédé pour la mise en œuvre d'un contrôle de dérivation de service transparente. Le procédé selon l'invention comprend les étapes suivantes : un élément de réseau de décision décide s'il faut autoriser ou non un accès à un cœur de réseau paquet évolué (EPC), ladite décision étant basée sur le fait qu'il faut autoriser ou non un accès à l'EPC, et/ou sur le fait qu'il faut autoriser ou non un accès à une indication de la capacité de l'EPC, et/ou sur le fait qu'il a été souscrit ou non à une politique locale; et un élément de réseau d'exécution exécute l'opération d'accès au service sur la base du fait que le résultat de la décision indique qu'il faut autoriser un accès à l'EPC. La présente invention se rapporte d'autre part à un système et à un dispositif pour la mise en œuvre d'un contrôle de dérivation de service transparente. La solution technique décrite dans la présente invention permet de prendre une décision quant au fait de savoir si un UE doit exécuter une dérivation de service transparente selon son souhait (UE), selon le souhait d'un réseau d'accès digne de confiance autre que le réseau 3GPP (TNAN) et selon le souhait du réseau mobile.
PCT/CN2012/081755 2011-09-26 2012-09-21 Procédé, système et dispositif pour la mise en œuvre d'un contrôle de dérivation de service transparente WO2013044759A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2011102878089A CN103024738A (zh) 2011-09-26 2011-09-26 一种有缝的业务分流控制的实现方法和系统
CN201110287808.9 2011-09-26

Publications (1)

Publication Number Publication Date
WO2013044759A1 true WO2013044759A1 (fr) 2013-04-04

Family

ID=47972774

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/081755 WO2013044759A1 (fr) 2011-09-26 2012-09-21 Procédé, système et dispositif pour la mise en œuvre d'un contrôle de dérivation de service transparente

Country Status (2)

Country Link
CN (1) CN103024738A (fr)
WO (1) WO2013044759A1 (fr)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103391565B (zh) * 2013-07-12 2016-05-11 深圳市共进电子股份有限公司 一种无线接入一体化系统
WO2019223557A1 (fr) * 2018-05-22 2019-11-28 华为技术有限公司 Procédé d'accès à un réseau, dispositif associé, et système
CN110519826B (zh) 2018-05-22 2021-02-23 华为技术有限公司 网络接入方法、相关装置及系统
CN115811728A (zh) * 2021-09-14 2023-03-17 华为技术有限公司 一种网元的选择方法、通信装置及通信系统

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1997206A (zh) * 2006-01-04 2007-07-11 华为技术有限公司 一种正确为用户终端选择服务网络的方法
CN101166133A (zh) * 2007-09-26 2008-04-23 中兴通讯股份有限公司 家庭基站的位置限制方法及系统
CN101472263A (zh) * 2008-05-04 2009-07-01 中兴通讯股份有限公司 一种网络连接方式的决定方法
WO2010124740A1 (fr) * 2009-04-30 2010-11-04 Telefonaktiebolaget Lm Ericsson (Publ) Sélection de noeud de coeur de réseau dans un réseau de communication mobile
CN102056168A (zh) * 2009-10-28 2011-05-11 中兴通讯股份有限公司 接入方法及装置

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1997206A (zh) * 2006-01-04 2007-07-11 华为技术有限公司 一种正确为用户终端选择服务网络的方法
CN101166133A (zh) * 2007-09-26 2008-04-23 中兴通讯股份有限公司 家庭基站的位置限制方法及系统
CN101472263A (zh) * 2008-05-04 2009-07-01 中兴通讯股份有限公司 一种网络连接方式的决定方法
WO2010124740A1 (fr) * 2009-04-30 2010-11-04 Telefonaktiebolaget Lm Ericsson (Publ) Sélection de noeud de coeur de réseau dans un réseau de communication mobile
CN102056168A (zh) * 2009-10-28 2011-05-11 中兴通讯股份有限公司 接入方法及装置

Also Published As

Publication number Publication date
CN103024738A (zh) 2013-04-03

Similar Documents

Publication Publication Date Title
US9717019B2 (en) Data flow control method, and related device and communications system
US20100048161A1 (en) Method, system and apparatuses thereof for realizing emergency communication service
EP1693995B1 (fr) Procédé d'application d'une authentification d'accès d'un utilisateur wlan
US10432632B2 (en) Method for establishing network connection, gateway, and terminal
US20060182061A1 (en) Interworking between wireless WAN and other networks
US9167430B2 (en) Access method and system, and mobile intelligent access point
US20120069763A1 (en) Method and Apparatus for Negotiation Control of Quality of Service Parameters
US20110078442A1 (en) Method, device, system and server for network authentication
WO2009135385A1 (fr) Procédé, système et dispositif pour obtenir un type de confiance d'un système d'accès non-3gpp
WO2012152185A1 (fr) Procédé et dispositif de sélection de passerelle
CA2523915A1 (fr) Methode pour resoudre et acceder a un service selectionne dans un reseaulocal sans fils
WO2011015001A1 (fr) Procédé et système pour accéder, via un réseau local sans fil, à un réseau d’accès
WO2014101793A1 (fr) Procédé de service de communication, serveur de souscription dynamique et élément de réseau de gestion mobile
WO2014000520A1 (fr) Procédé, appareil et système pour contrôle de politique
WO2009046598A1 (fr) Procédé pour établir une porteuse dédiée pour un terminal utilisateur
US20190223013A1 (en) Method for establishing public data network connection and related device
WO2010069202A1 (fr) Procédé de négociation d'authentification et système associé, passerelle de sécurité, noeud local b
WO2014101755A1 (fr) Procédé et système de dérivation de données de service
WO2014063530A1 (fr) Procédé et système pour qu'un utilisateur mobile accède à un réseau fixe
WO2018058365A1 (fr) Procédé d'autorisation d'accès au réseau, et dispositif et système associés
WO2013044759A1 (fr) Procédé, système et dispositif pour la mise en œuvre d'un contrôle de dérivation de service transparente
US8929327B2 (en) Reducing handoff latency for a mobile station
WO2017129101A1 (fr) Procédé, appareil et système de commande de routage
WO2010091589A1 (fr) Procédé d'authentification de sécurité
WO2013037273A1 (fr) Procédé et système de traitement de capacité d'équipements d'utilisateurs

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12835994

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12835994

Country of ref document: EP

Kind code of ref document: A1