WO2013071817A1 - Policy server address acquisition method - Google Patents

Policy server address acquisition method Download PDF

Info

Publication number
WO2013071817A1
WO2013071817A1 PCT/CN2012/083725 CN2012083725W WO2013071817A1 WO 2013071817 A1 WO2013071817 A1 WO 2013071817A1 CN 2012083725 W CN2012083725 W CN 2012083725W WO 2013071817 A1 WO2013071817 A1 WO 2013071817A1
Authority
WO
WIPO (PCT)
Prior art keywords
policy
server
mobile node
request
address
Prior art date
Application number
PCT/CN2012/083725
Other languages
French (fr)
Chinese (zh)
Inventor
严为
黄翔
魏元
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2013071817A1 publication Critical patent/WO2013071817A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/04Network layer protocols, e.g. mobile IP [Internet Protocol]
    • H04W80/045Network layer protocols, e.g. mobile IP [Internet Protocol] involving different protocol versions, e.g. MIPv4 and MIPv6

Definitions

  • the present invention relates to the field of mobile communications, and in particular, to a method for obtaining an address of a policy server. Background technique
  • IP address in TCP/IP Transmission Control Protocol/Internet Protocol
  • TCP/IP Transmission Control Protocol/Internet Protocol
  • IP address of the host changes, not only the route changes, but also the identity of the communication terminal host changes. This will cause the routing load to become heavier and heavy, and the change of the host ID will also cause the application and connection to be interrupted.
  • the purpose of identification and location separation is to solve the problem of semantic overload and severe routing load of IP addresses, and to separate the dual functions of IP addresses to achieve dynamic redistribution of mobility, multiple townships, IP addresses, and mitigation of routes. Support for issues such as load and mutual visits between different network areas in the next generation Internet.
  • FIG. 1 shows a communication network architecture with identity and location separation.
  • an AID Access Identifier
  • a terminal MN Mobile Node
  • a CN Correspondent Node, pair The identity of the end node.
  • the RID Router Identifier
  • the Access Service Router ASR
  • All terminals are registered, authenticated, and access the network through the ASR.
  • the ASR needs to report to the ILR (Identifier & Location Register).
  • the ILR saves and maintains the mapping relationship between the terminal identity AID and the location RID (AID, RID) and provides a response to the query mapping relationship.
  • the text is forwarded in the identity and location network as shown in Figure 2.
  • the ASR1 queries whether the current RID of the CN exists on the local mapping record of the ASR1 according to the destination address of the packet (that is, the AID of the CN). If yes, ASR1 encapsulates and forwards the packet according to the RID of the queried CN.
  • ASR1 queries the ILR for the current RID of the CN.
  • ASR1 obtains the RID of the CN from the ILR, and then encapsulates the packet with the RID of the ASR1 and the CN, and then forwards the encapsulated packet to the ASR2 corresponding to the RID of the CN.
  • ASR2 decapsulates the received packet and forwards it to the CN.
  • the encapsulation format of the packet is divided into two types: the original packet and the RID encapsulated packet.
  • the original packet is forwarded:
  • the access layer of the network is separated from the identity and location, that is, the AID is used between the Host and the ASR.
  • the packet is forwarded as the source address and the destination address.
  • the format of the packet is shown in Figure 3.
  • RID-encapsulated packet forwarding The core layer of the identity and location separation network, that is, the packet forwarding between the ASR and the ASR after RID encapsulation, the packet is shown in Figure 4.
  • the MN accesses the identification network through two different interfaces, ifl ( interface 1 ) and if2 ( interface2 ), where ifl is connected to ASR1 and if2 is connected to ASR2.
  • the MN also accesses the identification network through two different interfaces, ifl and if2, but ifl and if2 access the same ASR, so they are assigned the same RID, that is, RID1 of ASR1.
  • mapping relationship (AID, RID) maintained by the ILR can perform routing tasks well.
  • multiple interfaces on the MN will use the same AID.
  • the mapping relationship (AID, RID) maintained by the ILR cannot distinguish different interfaces from the same MN. Therefore, in the multi-access technology scenario, the ILR not only needs to maintain (AID, RID), but also includes each interface of the MN. Enter the technology type to distinguish different interfaces belonging to the same MN.
  • the mapping relationship on the extended ILR is (AID, RID, IF), and the ASR completes the registration of different interface access types on the MN in the ILR.
  • the extended ILR mapping relationship (AID, RID, IF) distinguishes different interfaces belonging to the same MN, but routing through (AID, RID, IF) has the following problems:
  • Figure 5 shows the multi-interface MN Different interfaces access different ASRs.
  • the MN has two mapping relationships on the ILR: (AID 1 , RID 1 , IF 1 ) ⁇ (AID 1 , RID2, IF2).
  • ASR3 choose the correct mapping relationship to route the message to which interface.
  • Figure 6 shows that different interfaces of the multi-interface MN access the same ASR, and the MN has two mapping relationships on the ILR (AID 1, RID 1, IF 1 ⁇ o (AID 1 , RID 1 , IF2).
  • the ASR1 receives the packet from the CN, and the ASR1 selects the interface of the MN to forward the packet.
  • the peer node sends data to the multi-interface terminal, the peer ASR or the terminal ASR or
  • the ILR needs to select an appropriate terminal location identifier and interface for the service initiated by the peer node according to the flow routing policy of the multi-interface terminal, so as to perform normal packet forwarding routing to reduce data transmission anomalies and provide data transmission. Effective protection. Before ASR or ILR selects the appropriate terminal location identifier and interface for the service initiated by the peer node according to the flow routing policy information of the multi-interface terminal, the ASR or ILR must know the address of the policy server where the terminal is located, and download from the policy server. Corresponds to the flow routing policy of this terminal.
  • the technical problem to be solved by the present invention is to provide a method for obtaining an address of a policy server.
  • the flow routing policy can be obtained according to the address of the policy server.
  • a method for obtaining an address of a policy server according to the present invention includes:
  • the access service router obtains, from the authentication, authorization, and accounting (AAA) server, an address attribute of a policy server that provides a flow routing policy for the mobile node in the process of authenticating the mobile node.
  • AAA authentication, authorization, and accounting
  • a method for obtaining an address of a policy server including:
  • the access service router After the mobile node passes the authentication, the access service router sends a registration request to the identity and location registration register, and the registration request carries a policy server address request option, requesting the address attribute of the policy server that provides the flow routing policy for the mobile node;
  • the identity and location registration register After receiving the registration request, the identity and location registration register obtains an address attribute of the policy server from an authentication, authorization, and accounting (AAA) server according to the policy server address request option, and the obtained policy server is obtained.
  • AAA authentication, authorization, and accounting
  • a method for obtaining a flow routing policy includes: The policy server sends a flow routing policy of the mobile node to the network element when the network element requests the flow routing policy of the mobile node, and adds the identifier of the network element to the policy request object list, where the policy is The request object list is used to record correspondence information between the identifier of the network element requesting the flow routing policy of the mobile node and the identifier of the mobile node;
  • the policy server pushes the updated flow routing policy to the network element according to the identifier of the network element of the flow routing policy of the requesting mobile node recorded in the policy request object list.
  • An access service router includes: an authentication unit, where:
  • the authentication unit is configured to: obtain, in an authentication process for the mobile node, an address attribute of a policy server that provides a flow routing policy for the mobile node from an authentication, authorization, and accounting (AAA) server.
  • AAA authentication, authorization, and accounting
  • An identity and location registration register includes: a message receiving unit and a policy request unit, wherein:
  • the message receiving unit is configured to: receive a registration request
  • the policy requesting unit is configured to: after receiving the registration request, request a flow routing policy of the mobile node from the policy server according to the address attribute of the policy server carried in the registration request.
  • a policy server includes: a policy sending unit and a policy request object list maintaining unit, where:
  • the policy sending unit is configured to: send a flow routing policy of the mobile node to the network element that requests the flow routing policy;
  • the policy request object list maintenance unit is configured to: add an identifier of the network element of the request flow routing policy to the policy request object list, where the policy request object list is used to record a flow routing policy of the requesting mobile node The correspondence relationship between the identifier of the network element and the identifier of the mobile node.
  • An authentication, authorization, and accounting (AAA) server includes: a message receiving unit, an address finding unit, and an information sending unit, where:
  • the message receiving unit is configured to: receive an AAA request message
  • the address searching unit is configured to: carry the request policy service in the AAA request message When the attribute-value pair (AVP) of the address of the server is used, the address attribute of the corresponding policy server is searched according to the identifier of the mobile node; or, after receiving the AAA request message, the corresponding policy is directly searched according to the identifier of the mobile node.
  • AVP attribute-value pair
  • the information sending unit is configured to: return an address attribute of the policy server found by the address searching unit to the access service router.
  • An access service router includes: a registration unit, where:
  • the registration unit is configured to: after the mobile node passes the authentication, send a registration request to the identity and location registration register, where the registration request carries a policy server address request option, requesting the address of the policy server that provides the flow routing policy for the mobile node Attributes.
  • An identity and location registration register includes: a message receiving unit and an address obtaining unit, wherein:
  • the message receiving unit is configured to: receive a registration request
  • the address obtaining unit is configured to: obtain an address attribute of the policy server from an authentication, authorization, and accounting (AAA) server according to a policy server address request option carried in the registration request, and obtain the obtained policy server The address attribute is sent to the access service router.
  • AAA authentication, authorization, and accounting
  • An authentication, authorization, and accounting (AAA) server includes: a message receiving unit, an address finding unit, and an information sending unit, where:
  • the message receiving unit is configured to: receive an AAA request message
  • the address searching unit is configured to: when the AAA request message carries an option for requesting a policy server address, search for an address attribute of the corresponding policy server according to the identifier of the mobile node; and the information sending unit is set to: The address attribute of the policy server is returned to the identity and location registration registers.
  • a policy server includes: a policy sending unit, a policy request object list maintaining unit, and a flow routing policy pushing unit, where:
  • the policy sending unit is configured to: when the network element requests the flow routing policy of the mobile node, send the flow routing policy of the mobile node to the network element;
  • the slightly requested object list maintenance unit is set to: add a place in the policy request object list An identifier of the network element, where the policy request object list is used to record correspondence information between the identifier of the network element requesting the flow routing policy of the mobile node and the identifier of the mobile node;
  • the flow routing policy pushing unit is configured to: when the flow routing policy of the mobile node changes, according to the identifier of the network element of the flow routing policy of the requesting mobile node recorded in the policy request object list, the updated flow route is The policy is pushed to the network element.
  • the embodiment of the present invention obtains the address of the policy server of the mobile node from the AAA server during the authentication or registration process, so that the ASR or the ILR initiates the flow routing policy of the mobile node according to the multi-interface as the opposite node.
  • the service can obtain a flow routing policy of the mobile node from the policy server according to the address of the policy server of the mobile node.
  • FIG. 1 is a schematic diagram of a communication network architecture in which identity and location are separated;
  • FIG. 2 is a schematic diagram of a forwarding process of a message in an identity and location separation network
  • Figure 3 is a schematic diagram of the original AID message
  • Figure 4 is a schematic diagram of a RID encapsulated message
  • FIG. 5 is a schematic diagram of connecting different interfaces of a multi-interface MN to different ASRs
  • FIG. 6 is a schematic diagram of a multi-interface MN connecting different interfaces to the same ASR;
  • FIG. 7 is a schematic diagram of a communication network connection in an embodiment of the present invention.
  • FIG. 8 is a flowchart of Embodiment 1 of an ASR/ILR acquisition policy server address in the present invention
  • FIG. 9 is a flowchart of Embodiment 2 of an ASR/ILR acquisition policy server address in the present invention
  • FIG. 10 is a strategy in the present invention.
  • FIG. 11 is a flowchart of a policy server binding deregistration embodiment 4 in the present invention
  • FIG. 11 is a flowchart of a policy server binding deregistration embodiment 4 in the present invention.
  • FIG. 12 is a structural diagram of an access service router in an embodiment of the present invention.
  • Figure 13 is a block diagram of an identity and location registration register in an embodiment of the present invention.
  • FIG. 14 is a structural diagram of a policy server in an embodiment of the present invention.
  • FIG. 15 is a block diagram of an AAA server in accordance with an embodiment of the present invention. Preferred embodiment of the invention
  • the present embodiment proposes a method for the ASR and the ILR to discover the policy server address corresponding to the terminal in the identity identification and location separation network. Based on this address, the ASR and the ILR obtain a flow routing policy from the policy server, and select the most suitable route for the traffic flow sent to the multi-interface terminal.
  • CN is the communication peer node of the MN, and there may be multiple CNs.
  • MNJF1 refers to interface 1 of the current MN.
  • MNJF2 refers to interface 2 of the current MN.
  • Flow X refers to the data stream X initiated by the CN to the MN.
  • the meaning of multiple access means that the MN is a terminal having multiple communication systems (such as 3G, LTE, WLAN, etc.), and the MN can simultaneously attach to the interface through different communication systems.
  • the internet such as 3G, LTE, WLAN, etc.
  • the flow routing policy may be classified into a static flow routing policy and a dynamic flow routing policy.
  • the static flow routing policy includes a selection policy according to flow attributes (such as address, port number, and quintuple), a selection policy according to APN (Access Point Name), a selection policy according to busy hours, and a carrier according to the carrier.
  • the dynamic flow routing policy includes a dynamic routing policy based on the terminal side and a dynamic routing policy based on the network side.
  • the dynamic routing policy based on the terminal side includes the connection status of the terminal multi-interface and the willingness of the terminal user to select; the dynamic routing policy based on the network side includes the link and load status of the network.
  • the flow routing policies are stored on the policy server, and the policy server is deployed in the identity network.
  • AAA Authentication, Authorization, and Accounting
  • the ASR obtains the address of the MN's policy server from the AAA server during the access authentication process of the MN.
  • the ILR obtains the address of the MN's Policy Server during the ASR registration process for the MN.
  • the ILR obtains the address of the MN's policy server from the AAA server.
  • ASR is for MN
  • the address of the MN's Policy Server is obtained from the ILR during the registration process.
  • the policy server actively pushes the updated flow routing policy when the flow routing policy of the MN changes.
  • the ASR/ILR logs out the ASR/ILR record in the policy request object list bound to the MN on the policy server to the policy server.
  • Step 801 A multi-interface MN includes two interfaces IF1 and IF2, when the MN connects to the network through one of the interfaces, such as the interface IF1 through ASR1. During the connection process of IF1, ASR1 obtains the address of the policy server serving the MN through the AAA server during the authentication process;
  • Method 1 When ASR1 initiates a request to the AAA server, if ASR1 does not store the information of the address of the MN's policy server, it carries the AVP (Attribute-Value-Pairs, attribute of the address of the requesting policy server) in the AAA request message. -value pair). After receiving the AAA request, the AAA server searches for the MN ID (identity). The AAA response message carries the address attribute of the MN's policy server. (This attribute can be an address or a domain name. If the domain name is used, ASR1 needs to pass the DNS. (Domain name system) query process, get the address of the policy server) to ASR1.
  • AVP Attribute-Value-Pairs, attribute of the address of the requesting policy server
  • the ASR1 sends an AAA request to the AAA server.
  • the AAA server actively carries the address attribute (described in the above) of the MN's policy server to the ASR1, and informs the MN of the MN. Policy server address.
  • the AVP requesting the policy server address described in the above method can be implemented by extending the new attributes of the AAA protocol (such as radius, diameter).
  • Step 802 after the MN passes the authentication, the ASR1 initiates a registration request to the ILR, and registers the MN.
  • Step 804 The ILR requests a flow routing policy of the MN from the policy server according to the obtained address of the policy server.
  • the policy server After receiving the request, the policy server sends the MN's flow routing policy to the ILR, and creates and maintains the MN's policy request object list, for example: (MN_ID, ILR_ID, ASR1 ID). Step 804 and step 805 have no order.
  • Step 805 The ASR1 requests the MN's flow routing policy from the policy server according to the obtained policy server address.
  • the policy server After receiving the request, the policy server sends the MN's flow routing policy to ASR1, and creates and maintains a list of MN's policy request objects, such as: (MN_ID, ILR_ID, ASR1 ID). Step 805 and step 804 have no order.
  • Figure 9 is a second embodiment of the ASR/ILR acquisition policy server address. Specifically, the method includes the following steps: Step 901: MN_IF1 is connected to the network through ASR1.
  • Step 902 After the MN passes the authentication, the ASR1 initiates a registration request to the ILR, registers the identity and location identifier of the MN, and carries the policy server address request option in the registration request.
  • Step 903 When the ILR finds that the ASR1 registration request carries the policy server address request option, the ILR will interact with the AAA server (the interaction process is used to authorize the MN's mobility service or the ability to authenticate the ILR, etc.) to the AAA server. Send an AAA request with the option to request a policy server address.
  • the AAA server the interaction process is used to authorize the MN's mobility service or the ability to authenticate the ILR, etc.
  • Step 904 After receiving the AAA request from the ILR, the AAA server carries the address attribute of the policy server in the response message according to the option of requesting the policy server address (the attribute may be an address or a domain name.
  • the ILR needs to obtain the address of the policy server through the DNS query) to the ILR.
  • Step 905 Upon receiving the AAA of the address attribute of the carrying policy service from the AAA server After responding to the message, the ILR obtains the address attribute of the policy server from the response message and generates and maintains the mapping relationship (AID, RID1, IF1) for the MN. The ILR sends a registration confirmation message to ASR1, and the confirmation message carries the policy server address attribute.
  • Step 906 The ASR1 obtains the address attribute of the MN's policy server from the received registration confirmation message (the attribute may be an address or a domain name. If the domain name is used, the ASR1 needs to obtain the address of the policy server through the DNS query).
  • Step 907 The ILR requests a flow routing policy of the MN from the policy server according to the obtained address attribute of the policy server.
  • the policy server After receiving the request, the policy server sends the MN's flow routing policy to the ILR, and creates and maintains a list of MN's policy request objects, such as: (MN_ID, ILR_ID, ASR1-ID). Step 907 and step 905, step 906, and step 908 have no order.
  • Step 908 The ASR1 requests the MN's flow routing policy from the policy server according to the obtained address attribute of the policy server.
  • the policy server After receiving the request, the policy server sends the MN's flow routing policy to ASR1, and creates and maintains a list of MN's policy request objects, such as: (MN_ID, ILR_ID, ASR1-ID). Step 908 and step 907 have no order.
  • Figure 10 is an embodiment of a flow routing policy update. Specifically, the following steps are included:
  • Step 1001 When the flow routing policy of the MN on the policy server changes due to the change of the terminal, the network element entity, the user, or the operator policy, the policy server will request the object list according to the policy of the MN maintained by the policy server, and The element actively pushes the changed flow routing policy.
  • the policy server has a list of policy request objects (MN_ID, ILR_ID, ASR1-ID, ASR2 ID) bound to the ID of the MN, where the ILR_ID, ASR1-ID can be the address information of the ILR and the ASR1, ASR2—The ID can be the address information of the CN-ASR.
  • the policy server will actively push the updated MN flow routing policy to ILR, ASR1, and ASR2.
  • Step 1002 The policy server actively pushes the updated MN flow routing policy to the ASR1. Step 1002 and step 1004, step 1006 have no precedence.
  • Step 1003 After receiving the MN flow routing policy pushed by the policy server, the ASR1 is connected to the ASR1. The existing MN flow routing policy is updated, and a flow route push confirmation message is sent to the policy server. In step 1004, the policy server actively pushes the flow routing policy of the updated MN to the ILR. Step 1004 and step 1002, step 1006 have no order.
  • Step 1005 After receiving the MN flow routing policy pushed by the policy server, the ILR updates the existing MN flow routing policy of the ILR, and sends a flow route push confirmation message to the policy server.
  • Step 1006 The policy server pushes the updated MN flow routing policy to the ASR3. Step 1006 and step 1002, step 1004 have no order.
  • Step 1007 After receiving the CN flow routing policy pushed by the policy server, the ASR2 updates the existing CN flow routing policy of the ASR2, and sends a flow route push confirmation message to the policy server.
  • Figure 11 is a deregistration embodiment of a list of policy request objects for a MN on a policy server. Specifically, it includes the following steps:
  • Step 1101 After ASR1 learns that the MN leaves, ASR1 initiates a request to cancel the mapping relationship to the ILR.
  • Step 1102 The ILR deletes the mapping relationship for requesting cancellation, and sends a logout confirmation message to ASR1.
  • Step 1103 ASR1 initiates a request to the policy server to cancel the ASR1-ID in the MN's policy request object list.
  • the policy server has a list of policy request objects (MN IDs) bound to the MN's ID.
  • MN IDs policy request objects
  • ILR ID ILR ID
  • ASR1 ID which records the identification information of the network element related to the flow routing policy of the requesting MN
  • ASR1 requests to delete the information related to itself in the list.
  • Step 1104 After receiving the logout request, the policy server cancels the record related to ASR1 in the list of policy request objects of the MN.
  • the policy request object list contains ASR1 address information, ASR2 address information, etc.
  • the policy server receives the ASR1 logout request, it will log out the address information of ASR1.
  • Step 1105 After the logout of the policy request object list related to ASR1 is cancelled, the policy server sends a logout confirmation message to ASR1.
  • Step 1106 After the ILR learns that the MN leaves the ILR, the ILR initiates a request to the policy server to cancel the ILR_ID in the MN's policy request object list.
  • the original ASRs have been logged out to the original ILR.
  • the mapping relationship between the MN and the original ILR does not receive the registration request of the MN sent by the new ASR within a certain lifetime, the ILR can consider that the MN has left the ILR at this time.
  • the ILR then initiates an ILR_ID request to the policy server to unregister the list of policy request objects bound to the MN's ID.
  • Step 1107 After the policy server receives the ILR-ID request in the policy request object list bounded by the MN ID, the policy server logs off the ILR-related record in the MN policy request object list.
  • the policy request object list contains ILR1 address information, ILR2 address information, etc. After the policy server receives the ILR1 request to log out the ILR1 record, the policy server logs out the address information of ILR1. Step 1107, there is no order between steps 1106 and 1102.
  • Step 1108 after canceling the ILR related policy request object list record, the policy server
  • the ILR sends a logout confirmation message.
  • an embodiment of the present invention provides an access service router, including: an authentication unit, a registration unit, a policy request unit, and an identifier deregistration unit, where:
  • An authentication unit configured to obtain, from an authentication, authorization, and accounting (AAA) server, an address attribute of a policy server that provides a flow routing policy for the mobile node in the process of authenticating the mobile node.
  • AAA authentication, authorization, and accounting
  • the authentication unit is configured to carry an attribute-value pair (AVP) of the address of the request policy server in the AAA request message sent to the AAA server; or directly send an AAA request message that does not carry the AVP, and request the policy server from the AAA server. Address attribute.
  • AVP attribute-value pair
  • the registration unit is configured to send a registration request to the identity and location registration register after the mobile node passes the authentication, and carry the address attribute of the policy server in the registration request.
  • the policy requesting unit is configured to request, from the policy server, a flow routing policy of the mobile node according to the address attribute of the policy server after obtaining the address attribute of the policy server.
  • Identifying the logout unit for requesting to logout to the policy server when the mobile node is notified to leave The identity of the access service router in the policy request object list.
  • the embodiment provides an identity and location registration register, including: a message receiving unit, a policy requesting unit, and an identifier deregistration unit, where:
  • a message receiving unit configured to receive a registration request
  • the policy requesting unit is configured to request, after receiving the registration request, the flow routing policy of the mobile node from the policy server according to the address attribute of the policy server carried in the registration request.
  • an identifier deregistration unit configured to request, from the policy server, to log off the identity of the identity and location registration register in the policy request object list when the mobile node is informed to leave the identity and location registration register.
  • the embodiment provides a policy server, including: a policy sending unit and a policy request object list maintaining unit, where:
  • a policy sending unit configured to send a flow routing policy of the mobile node to the network element that requests the flow routing policy
  • the policy request object list maintenance unit is configured to add, in the policy request object list, an identifier of the network element that requests the flow routing policy, where the policy request object list is used to record the identifier of the network element requesting the mobile node's flow routing policy and the mobile node Correspondence information of the identity.
  • the policy request object list maintenance unit is further configured to: after receiving the logout request of the network element, cancel the identifier of the network element in the policy request object list.
  • the embodiment provides an AAA server, including: a message receiving unit, an address searching unit, and an information sending unit, where:
  • a message receiving unit configured to receive an AAA request message
  • An address search unit configured to: when the AAA request message carries an attribute-value pair (AVP) of the address of the request policy server, search for an address attribute of the corresponding policy server according to the identifier of the mobile node; or, after receiving the AAA request message, Finding the address attribute of the corresponding policy server directly according to the identifier of the mobile node;
  • AVP attribute-value pair
  • the information sending unit is configured to return an address attribute of the policy server found by the address searching unit to the access service router.
  • Another access service router provided by the embodiment of the present invention includes: a registration unit, where: a registration unit is configured to send a registration request to the identity and location registration register after the mobile node passes the authentication, and carry the policy in the registration request. Server address request option, requesting the address attribute of the policy server that provides the flow routing policy for the mobile node.
  • Another identity and location registration register includes: a message receiving unit and an address obtaining unit, where:
  • a message receiving unit configured to receive a registration request
  • the address obtaining unit is configured to obtain an address attribute of the policy server from an authentication, authorization, and accounting (AAA) server according to the policy server address request option carried in the registration request, and send the obtained address attribute of the policy server to the address Into the service router.
  • AAA authentication, authorization, and accounting
  • the address obtaining unit is specifically configured to send an AAA request message to the AAA server, where the AAA request message carries an option to request a policy server address.
  • Another AAA server provided in this embodiment includes: a message receiving unit, an address searching unit, and an information sending unit, where:
  • a message receiving unit configured to receive an AAA request message
  • An address searching unit configured to: when the AAA request message carries an option of requesting a policy server address, search for an address attribute of the corresponding policy server according to the identifier of the mobile node;
  • the information sending unit is configured to return the address attribute of the found policy server to the identity and location registration register.
  • Another policy server includes: a policy sending unit, a policy request object list maintaining unit, and a flow routing policy pushing unit, where:
  • a policy sending unit configured to send a flow routing policy of the mobile node to the network element when the network element requests the flow routing policy of the mobile node
  • the request object list maintenance unit is configured to add an identifier of the network element in the policy request object list, where the policy request object list is used to record the correspondence between the identifier of the network element requesting the flow routing policy of the mobile node and the identifier of the mobile node Information
  • a flow routing policy pushing unit configured to change when a flow routing policy of the mobile node changes The identifier of the network element of the flow routing policy of the requesting mobile node recorded in the policy request object list, and the updated flow routing policy is pushed to the network element.
  • the embodiment of the present invention obtains the address of the policy server of the mobile node from the AAA server during the authentication or registration process, so that the ASR or the ILR selects the service initiated by the peer node according to the flow routing policy of the mobile node according to the multi-interface. Before the appropriate flow routing, the flow routing policy of the mobile node can be obtained from the policy server according to the address of the mobile node's policy server.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A policy server address acquisition method, comprising: during the mobile node authentication process, an access service router acquires from an authentication, authorization and accounting (AAA) server the address attribute of a policy server providing the stream routing policy for the mobile node. By acquiring the policy server address of the mobile node from the AAA server during the authentication or registration process, an embodiment of the present invention enables an ASR or an ILR to acquire the stream routing policy of the mobile node from the policy server according to the policy server address of the mobile node before selecting a proper stream router for the service initiated by a correspondent node according to the stream routing policy of a multi-interface mobile node.

Description

一种获取策略服务器的地址的方法  Method for obtaining address of policy server
技术领域 Technical field
本发明涉及移动通信领域,尤其涉及一种获取策略服务器的地址的方法。 背景技术  The present invention relates to the field of mobile communications, and in particular, to a method for obtaining an address of a policy server. Background technique
现有因特网广泛使用的 TCP/IP ( Transmission Control Protocol/Internet Protocol, 传输控制协议 /互联网络协议) 中 IP地址具有双重功能, 既作为网 络层的通信终端主机网络接口在网络拓朴中的位置标识, 又作为传输层主机 网络接口的身份标识。 但是, 当主机移动越来越普遍时, 这种 IP地址的语义 过载缺陷日益明显。 当主机的 IP地址发生变化时, 不仅路由发生变化, 通信 终端主机的身份标识也发生变化, 这样将会导致路由负载越来越重, 而且主 机标识的变化还将导致应用和连接的中断。 身份标识和位置分离问题提出的 目的是为了解决 IP地址的语义过载和路由负载严重等问题, 将 IP地址的双 重功能进行分离, 实现对移动性、 多家乡性、 IP地址动态重分配、 减轻路由 负载及下一代互联网中不同网络区域之间的互访等问题的支持。  The IP address in TCP/IP (Transmission Control Protocol/Internet Protocol) widely used in the Internet has a dual function, which is used as the location identifier of the communication terminal host network interface of the network layer in the network topology. And as the identity of the transport layer host network interface. However, when host mobility is becoming more common, the semantic overload defects of such IP addresses are becoming increasingly apparent. When the IP address of the host changes, not only the route changes, but also the identity of the communication terminal host changes. This will cause the routing load to become heavier and heavy, and the change of the host ID will also cause the application and connection to be interrupted. The purpose of identification and location separation is to solve the problem of semantic overload and severe routing load of IP addresses, and to separate the dual functions of IP addresses to achieve dynamic redistribution of mobility, multiple townships, IP addresses, and mitigation of routes. Support for issues such as load and mutual visits between different network areas in the next generation Internet.
图 1示出了一种身份和位置分离的通信网络架构,在此通信网络架构中, 配置 AID ( Access Identifier, 接入标识)作为终端 MN ( Mobile Node , 移动 节点)和 CN ( Correspondent Node, 对端节点) 的身份标识。 RID ( Router Identifier, 路由标识)作为位置标识, ASR ( Access Service Router, 接入服 务路由器)作为接入路由器, 配置 RID ( Router Identifier, 路由标识)作为 位置标识。所有终端通过 ASR进行注册、认证并接入网络都通过 ASR进行。 当终端接入或离开 ASR时, ASR都需向 ILR ( Identifier & Location Register, 身份和位置登记寄存器 )报告。 ILR根据 ASR的报告, 保存并维护终端身份 标识 AID和所在位置 RID的映射关系 ( AID , RID ) , 并同时提供对查询映 射关系的响应。  Figure 1 shows a communication network architecture with identity and location separation. In this communication network architecture, an AID (Access Identifier) is configured as a terminal MN (Mobile Node) and a CN (Correspondent Node, pair The identity of the end node. The RID (Router Identifier) is used as the location identifier. The Access Service Router (ASR) is used as the access router and the RID (Router Identifier) is used as the location identifier. All terminals are registered, authenticated, and access the network through the ASR. When the terminal accesses or leaves the ASR, the ASR needs to report to the ILR (Identifier & Location Register). According to the ASR report, the ILR saves and maintains the mapping relationship between the terminal identity AID and the location RID (AID, RID) and provides a response to the query mapping relationship.
文在身份和位置网络中转发如图 2所示。 当 MN与 CN进行通信时, MN发送至 CN的报文到达 ASR1后, ASR1根据报文的目的地址(即 CN的 AID ) , 查询 ASR1的本地映射记录上是否存在 CN的当前 RID。 若存在, 则 ASR1根据查询到的 CN的 RID对报文进行封装转发。 The text is forwarded in the identity and location network as shown in Figure 2. When the MN communicates with the CN, after the MN sends a message to the CN to reach the ASR1, the ASR1 queries whether the current RID of the CN exists on the local mapping record of the ASR1 according to the destination address of the packet (that is, the AID of the CN). If yes, ASR1 encapsulates and forwards the packet according to the RID of the queried CN.
若不存在, ASR1则向 ILR查询 CN当前的 RID; ASR1从 ILR获得 CN 的 RID , 然后使用 ASR1和 CN的 RID对报文进行封装, 再将封装报文转发 至 CN的 RID对应的 ASR2 ; 最后 ASR2对接收的报文进行解封装, 并转发 到 CN。  If it does not exist, ASR1 queries the ILR for the current RID of the CN. ASR1 obtains the RID of the CN from the ILR, and then encapsulates the packet with the RID of the ASR1 and the CN, and then forwards the encapsulated packet to the ASR2 corresponding to the RID of the CN. ASR2 decapsulates the received packet and forwards it to the CN.
在报文转发流程中 ,报文的封装格式分为原始报文和 RID封装报文两种: 原始报文转发: 在身份与位置分离网络的接入层, 即 Host与 ASR之间 釆用 AID作为源地址和目的地址进行报文转发, 报文格式如图 3所示。  In the packet forwarding process, the encapsulation format of the packet is divided into two types: the original packet and the RID encapsulated packet. The original packet is forwarded: The access layer of the network is separated from the identity and location, that is, the AID is used between the Host and the ASR. The packet is forwarded as the source address and the destination address. The format of the packet is shown in Figure 3.
RID封装报文转发: 在身份与位置分离网络的核心层, 即 ASR与 ASR 之间釆用 RID封装后的报文转发, 报文如图 4所示。  RID-encapsulated packet forwarding: The core layer of the identity and location separation network, that is, the packet forwarding between the ASR and the ASR after RID encapsulation, the packet is shown in Figure 4.
目前, 由于终端可以同时具有多个连接,使得终端 AID与 RID的映射关 系变得复杂。 例如, 在图 5中, MN通过两个不同的接口 ifl ( interface 1 )和 if2 ( interface2 )接入标识网, 其中 ifl接入 ASR1 , if2接入 ASR2。 这样 ifl 和 if2将会使用不同的位置标识, ifl被分配 ASR1的 RID1 ,而 if2被分配 ASR2 的 RID2。而在图 6中, MN也是通过两个不同的接口 ifl和 if2接入标识网, 但是 ifl和 if2接入相同的 ASR,因此被分配相同的 RID ,即 ASR1的 RID1。  At present, since the terminal can have multiple connections at the same time, the mapping relationship between the terminal AID and the RID becomes complicated. For example, in Figure 5, the MN accesses the identification network through two different interfaces, ifl ( interface 1 ) and if2 ( interface2 ), where ifl is connected to ASR1 and if2 is connected to ASR2. Thus ifl and if2 will use different location identifiers, ifl is assigned RID1 of ASR1, and if2 is assigned RID2 of ASR2. In Figure 6, the MN also accesses the identification network through two different interfaces, ifl and if2, but ifl and if2 access the same ASR, so they are assigned the same RID, that is, RID1 of ASR1.
在单接入技术场景下, ILR维护的映射关系 (AID , RID )能够较好地完 成路由任务, 但多接入技术场景下, 如上所述, MN上的多个接口都将使用 相同的 AID , 此时由 ILR维护的映射关系 (AID , RID )将无法区分来自同 一 MN的不同接口,因此,多接入技术场景下, ILR不仅要维护(AID , RID ) , 包含 MN每个接口的接入技术类型, 以区分属于同一 MN的不同接口。 扩展 ILR上的映射关系为 (AID , RID , IF ) , 由 ASR完成 MN上不同接口接入 类型在 ILR的注册。  In a single access technology scenario, the mapping relationship (AID, RID) maintained by the ILR can perform routing tasks well. However, in the multiple access technology scenario, as described above, multiple interfaces on the MN will use the same AID. At this time, the mapping relationship (AID, RID) maintained by the ILR cannot distinguish different interfaces from the same MN. Therefore, in the multi-access technology scenario, the ILR not only needs to maintain (AID, RID), but also includes each interface of the MN. Enter the technology type to distinguish different interfaces belonging to the same MN. The mapping relationship on the extended ILR is (AID, RID, IF), and the ASR completes the registration of different interface access types on the MN in the ILR.
多接入技术场景下, 扩展的 ILR映射关系 (AID , RID , IF )区分了属于 同一 MN的不同接口, 但是通过(AID , RID , IF )进行路由存在以下问题: 图 5示出多接口 MN的不同接口接入不同的 ASR, MN在 ILR上存在两 条映射关系: (AID 1 , RID 1 , IF 1 )^(AID 1 , RID2, IF2)。 当 CN发起至 MN的通 信时, ASR3如何选择正确的映射关系来路由报文至 ΜΝ的哪个接口。 图 6示出多接口 MN的不同接口接入相同的 ASR, MN在 ILR上存在 两条映射关系 , (AID 1 , RID 1 , IF 1 ^o(AID 1 , RID 1 , IF2)。 当 CN发送才艮文至 MN时, ASRl收到来自于 CN的报文, ASR1如何选择 MN的接口进行报文 转发。 In the multi-access technology scenario, the extended ILR mapping relationship (AID, RID, IF) distinguishes different interfaces belonging to the same MN, but routing through (AID, RID, IF) has the following problems: Figure 5 shows the multi-interface MN Different interfaces access different ASRs. The MN has two mapping relationships on the ILR: (AID 1 , RID 1 , IF 1 )^(AID 1 , RID2, IF2). When the CN initiates communication to the MN, how does ASR3 choose the correct mapping relationship to route the message to which interface. Figure 6 shows that different interfaces of the multi-interface MN access the same ASR, and the MN has two mapping relationships on the ILR (AID 1, RID 1, IF 1 ^o (AID 1 , RID 1 , IF2). When the message is sent to the MN, the ASR1 receives the packet from the CN, and the ASR1 selects the interface of the MN to forward the packet.
因此, 在对端节点向多接口终端发送数据时, 对端 ASR或终端 ASR或 Therefore, when the peer node sends data to the multi-interface terminal, the peer ASR or the terminal ASR or
ILR需要根据多接口终端的流路由策略等信息, 为对端节点发起的业务选择 合适的终端位置标识和接口, 从而进行正常的报文转发路由, 以减少数据传 输的异常现象、 提供数据传输的有效保障。 而在 ASR或 ILR根据多接口终端的流路由策略信息, 为对端节点发起 的业务选择合适的终端位置标识和接口前, ASR或 ILR必须知道终端所在的 策略服务器的地址, 从策略服务器上下载对应此终端的流路由策略。 The ILR needs to select an appropriate terminal location identifier and interface for the service initiated by the peer node according to the flow routing policy of the multi-interface terminal, so as to perform normal packet forwarding routing to reduce data transmission anomalies and provide data transmission. Effective protection. Before ASR or ILR selects the appropriate terminal location identifier and interface for the service initiated by the peer node according to the flow routing policy information of the multi-interface terminal, the ASR or ILR must know the address of the policy server where the terminal is located, and download from the policy server. Corresponds to the flow routing policy of this terminal.
发明内容 Summary of the invention
本发明要解决的技术问题是提供一种获取策略服务器的地址的方法, 在 需要使用移动节点的流路由策略时, 能够根据策略服务器的地址获取到流路 由策略。  The technical problem to be solved by the present invention is to provide a method for obtaining an address of a policy server. When a flow routing policy of a mobile node is required, the flow routing policy can be obtained according to the address of the policy server.
为解决上述技术问题, 本发明的一种获取策略服务器的地址的方法, 包 括:  To solve the above technical problem, a method for obtaining an address of a policy server according to the present invention includes:
接入服务路由器在对移动节点进行认证的过程中, 从认证、 授权、 计费 (AAA)服务器获取为所述移动节点提供流路由策略的策略服务器的地址属性。  The access service router obtains, from the authentication, authorization, and accounting (AAA) server, an address attribute of a policy server that provides a flow routing policy for the mobile node in the process of authenticating the mobile node.
一种获取策略服务器的地址的方法, 包括:  A method for obtaining an address of a policy server, including:
接入服务路由器在移动节点通过认证后, 向身份和位置登记寄存器发送 注册请求, 在该注册请求中携带策略服务器地址请求选项, 请求为移动节点 提供流路由策略的策略服务器的地址属性;  After the mobile node passes the authentication, the access service router sends a registration request to the identity and location registration register, and the registration request carries a policy server address request option, requesting the address attribute of the policy server that provides the flow routing policy for the mobile node;
所述身份和位置登记寄存器接收到所述注册请求后, 根据所述策略服务 器地址请求选项, 从认证、 授权、 计费 (AAA)服务器获取所述策略服务器的 地址属性, 将获取到的策略服务器的地址属性发送给所述接入服务路由器。  After receiving the registration request, the identity and location registration register obtains an address attribute of the policy server from an authentication, authorization, and accounting (AAA) server according to the policy server address request option, and the obtained policy server is obtained. The address attribute is sent to the access service router.
一种获取流路由策略的方法, 包括: 策略服务器在网元请求移动节点的流路由策略时, 将所述移动节点的流 路由策略发送给所述网元, 并在策略请求对象列表中添加所述网元的标识, 其中, 所述策略请求对象列表用于记录请求移动节点的流路由策略的网元的 标识与移动节点的标识的对应关系信息; A method for obtaining a flow routing policy includes: The policy server sends a flow routing policy of the mobile node to the network element when the network element requests the flow routing policy of the mobile node, and adds the identifier of the network element to the policy request object list, where the policy is The request object list is used to record correspondence information between the identifier of the network element requesting the flow routing policy of the mobile node and the identifier of the mobile node;
所述策略服务器在移动节点的流路由策略发生变化时, 根据所述策略请 求对象列表中记录的请求移动节点的流路由策略的网元的标识, 将更新的流 路由策略推送给网元。  When the flow routing policy of the mobile node changes, the policy server pushes the updated flow routing policy to the network element according to the identifier of the network element of the flow routing policy of the requesting mobile node recorded in the policy request object list.
一种接入服务路由器, 包括: 认证单元, 其中:  An access service router includes: an authentication unit, where:
所述认证单元, 设置为: 在对移动节点进行认证的过程中, 从认证、 授 权、 计费 (AAA)服务器获取为所述移动节点提供流路由策略的策略服务器的 地址属性。  The authentication unit is configured to: obtain, in an authentication process for the mobile node, an address attribute of a policy server that provides a flow routing policy for the mobile node from an authentication, authorization, and accounting (AAA) server.
一种身份和位置登记寄存器, 包括: 消息接收单元和策略请求单元, 其 中:  An identity and location registration register includes: a message receiving unit and a policy request unit, wherein:
所述消息接收单元, 设置为: 接收注册请求;  The message receiving unit is configured to: receive a registration request;
所述策略请求单元, 设置为: 在接收到所述注册请求后, 根据所述注册 请求中携带的策略服务器的地址属性, 向策略服务器请求移动节点的流路由 策略。  The policy requesting unit is configured to: after receiving the registration request, request a flow routing policy of the mobile node from the policy server according to the address attribute of the policy server carried in the registration request.
一种策略服务器, 包括: 策略发送单元和策略请求对象列表维护单元, 其中:  A policy server includes: a policy sending unit and a policy request object list maintaining unit, where:
所述策略发送单元, 设置为: 将移动节点的流路由策略发送给请求流路 由策略的网元;  The policy sending unit is configured to: send a flow routing policy of the mobile node to the network element that requests the flow routing policy;
所述策略请求对象列表维护单元, 设置为: 在策略请求对象列表中添加 所述请求流路由策略的网元的标识, 其中, 所述策略请求对象列表用于记录 请求移动节点的流路由策略的网元的标识与移动节点的标识的对应关系信息。  The policy request object list maintenance unit is configured to: add an identifier of the network element of the request flow routing policy to the policy request object list, where the policy request object list is used to record a flow routing policy of the requesting mobile node The correspondence relationship between the identifier of the network element and the identifier of the mobile node.
一种认证、 授权、 计费 (AAA)服务器, 包括: 消息接收单元、 地址查找 单元和信息发送单元, 其中:  An authentication, authorization, and accounting (AAA) server includes: a message receiving unit, an address finding unit, and an information sending unit, where:
所述消息接收单元, 设置为: 接收 AAA请求消息;  The message receiving unit is configured to: receive an AAA request message;
所述地址查找单元, 设置为: 在所述 AAA请求消息中携带请求策略服 务器的地址的属性 -值对 (AVP)时, 根据移动节点的标识查找对应的策略服务 器的地址属性; 或者, 在接收到所述 AAA请求消息后, 直接根据移动节点 的标识查找对应的策略服务器的地址属性; The address searching unit is configured to: carry the request policy service in the AAA request message When the attribute-value pair (AVP) of the address of the server is used, the address attribute of the corresponding policy server is searched according to the identifier of the mobile node; or, after receiving the AAA request message, the corresponding policy is directly searched according to the identifier of the mobile node. The address attribute of the server;
所述信息发送单元, 设置为: 将所述地址查找单元查找到的策略服务器 的地址属性返回给接入服务路由器。  The information sending unit is configured to: return an address attribute of the policy server found by the address searching unit to the access service router.
一种接入服务路由器, 包括: 注册单元, 其中:  An access service router includes: a registration unit, where:
所述注册单元, 设置为: 在移动节点通过认证后, 向身份和位置登记寄 存器发送注册请求, 在该注册请求中携带策略服务器地址请求选项, 请求为 移动节点提供流路由策略的策略服务器的地址属性。  The registration unit is configured to: after the mobile node passes the authentication, send a registration request to the identity and location registration register, where the registration request carries a policy server address request option, requesting the address of the policy server that provides the flow routing policy for the mobile node Attributes.
一种身份和位置登记寄存器, 包括: 消息接收单元和地址获取单元, 其 中:  An identity and location registration register includes: a message receiving unit and an address obtaining unit, wherein:
所述消息接收单元, 设置为: 接收注册请求;  The message receiving unit is configured to: receive a registration request;
所述地址获取单元, 设置为: 根据所述注册请求中携带的策略服务器地 址请求选项, 从认证、 授权、 计费 (AAA)服务器获取所述策略服务器的地址 属性, 将获取到的策略服务器的地址属性发送给接入服务路由器。  The address obtaining unit is configured to: obtain an address attribute of the policy server from an authentication, authorization, and accounting (AAA) server according to a policy server address request option carried in the registration request, and obtain the obtained policy server The address attribute is sent to the access service router.
一种认证、 授权、 计费 (AAA)服务器, 包括: 消息接收单元、 地址查找 单元和信息发送单元, 其中:  An authentication, authorization, and accounting (AAA) server includes: a message receiving unit, an address finding unit, and an information sending unit, where:
所述消息接收单元, 设置为: 接收 AAA请求消息;  The message receiving unit is configured to: receive an AAA request message;
所述地址查找单元, 设置为: 在所述 AAA请求消息中携带请求策略服 务器地址的选项时,根据移动节点的标识查找对应的策略服务器的地址属性; 所述信息发送单元, 设置为: 将查找到的策略服务器的地址属性返回给 身份和位置登记寄存器。  The address searching unit is configured to: when the AAA request message carries an option for requesting a policy server address, search for an address attribute of the corresponding policy server according to the identifier of the mobile node; and the information sending unit is set to: The address attribute of the policy server is returned to the identity and location registration registers.
一种策略服务器, 包括: 策略发送单元、 策略请求对象列表维护单元和 流路由策略推送单元, 其中:  A policy server includes: a policy sending unit, a policy request object list maintaining unit, and a flow routing policy pushing unit, where:
所述策略发送单元, 设置为: 在网元请求移动节点的流路由策略时, 将 所述移动节点的流路由策略发送给所述网元;  The policy sending unit is configured to: when the network element requests the flow routing policy of the mobile node, send the flow routing policy of the mobile node to the network element;
所述略请求对象列表维护单元, 设置为: 在策略请求对象列表中添加所 述网元的标识, 其中, 所述策略请求对象列表用于记录请求移动节点的流路 由策略的网元的标识与移动节点的标识的对应关系信息; The slightly requested object list maintenance unit is set to: add a place in the policy request object list An identifier of the network element, where the policy request object list is used to record correspondence information between the identifier of the network element requesting the flow routing policy of the mobile node and the identifier of the mobile node;
所述流路由策略推送单元, 设置为: 在移动节点的流路由策略发生变化 时, 根据所述策略请求对象列表中记录的请求移动节点的流路由策略的网元 的标识, 将更新的流路由策略推送给网元。  The flow routing policy pushing unit is configured to: when the flow routing policy of the mobile node changes, according to the identifier of the network element of the flow routing policy of the requesting mobile node recorded in the policy request object list, the updated flow route is The policy is pushed to the network element.
综上所述, 本发明实施例通过认证或注册过程中从 AAA服务器获取到 移动节点的策略服务器的地址, 使得 ASR或 ILR在需要根据多接口的移动 节点的流路由策略为对端节点发起的业务选择合适的流路由前, 能够根据移 动节点的策略服务器的地址 , 从策略服务器获取移动节点的流路由策略。 附图概述  In summary, the embodiment of the present invention obtains the address of the policy server of the mobile node from the AAA server during the authentication or registration process, so that the ASR or the ILR initiates the flow routing policy of the mobile node according to the multi-interface as the opposite node. Before selecting a suitable flow route, the service can obtain a flow routing policy of the mobile node from the policy server according to the address of the policy server of the mobile node. BRIEF abstract
图 1是身份和位置分离的通信网络架构示意图;  1 is a schematic diagram of a communication network architecture in which identity and location are separated;
图 2是报文在身份和位置分离网络中的转发过程示意图;  2 is a schematic diagram of a forwarding process of a message in an identity and location separation network;
图 3是原始 AID报文示意图;  Figure 3 is a schematic diagram of the original AID message;
图 4是 RID封装报文示意图;  Figure 4 is a schematic diagram of a RID encapsulated message;
图 5是多接口 MN不同接口连接至不同 ASR的示意图;  FIG. 5 is a schematic diagram of connecting different interfaces of a multi-interface MN to different ASRs;
图 6是多接口 MN不同接口连接至相同 ASR的示意图;  6 is a schematic diagram of a multi-interface MN connecting different interfaces to the same ASR;
图 7是本发明实施例中的通信网络连接示意图;  7 is a schematic diagram of a communication network connection in an embodiment of the present invention;
图 8是本发明中的 ASR/ILR获取策略服务器地址实施例 1的流程图; 图 9是本发明中的 ASR/ILR获取策略服务器地址实施例 2的流程图; 图 10是本发明中的策略服务器推送流路由策略更新实施例 3的流程图; 图 11是本发明中的策略服务器绑定注销实施例 4的流程图;  8 is a flowchart of Embodiment 1 of an ASR/ILR acquisition policy server address in the present invention; FIG. 9 is a flowchart of Embodiment 2 of an ASR/ILR acquisition policy server address in the present invention; FIG. 10 is a strategy in the present invention. FIG. 11 is a flowchart of a policy server binding deregistration embodiment 4 in the present invention; FIG. 11 is a flowchart of a policy server binding deregistration embodiment 4 in the present invention;
图 12是本发明实施例中的接入服务路由器的架构图;  12 is a structural diagram of an access service router in an embodiment of the present invention;
图 13是本发明实施例中的身份和位置登记寄存器的架构图;  Figure 13 is a block diagram of an identity and location registration register in an embodiment of the present invention;
图 14是本发明实施例中的策略服务器的架构图;  14 is a structural diagram of a policy server in an embodiment of the present invention;
图 15是本发明中实施例的 AAA服务器的架构图。 本发明的较佳实施方式 Figure 15 is a block diagram of an AAA server in accordance with an embodiment of the present invention. Preferred embodiment of the invention
本实施方式提出了一种在身份标识和位置分离网络中, ASR和 ILR发现 终端所对应策略服务器地址的方法。 ASR和 ILR根据此地址从策略服务器获 得流路由策略, 为发送至多接口终端的业务流, 选择最合适的路由。  The present embodiment proposes a method for the ASR and the ILR to discover the policy server address corresponding to the terminal in the identity identification and location separation network. Based on this address, the ASR and the ILR obtain a flow routing policy from the policy server, and select the most suitable route for the traffic flow sent to the multi-interface terminal.
为了更清楚地描述本实施方式的内容, 进行如下说明:  In order to more clearly describe the contents of the present embodiment, the following description is made:
( 1 ) CN为 MN的通信对端节点, CN可以有多个。  (1) CN is the communication peer node of the MN, and there may be multiple CNs.
( 2 ) MNJF1是指当前 MN的接口 1。  (2) MNJF1 refers to interface 1 of the current MN.
( 3 ) MNJF2是指当前 MN的接口 2。  (3) MNJF2 refers to interface 2 of the current MN.
( 4 ) flow X是指由 CN发起, 至 MN的数据流 X。  (4) Flow X refers to the data stream X initiated by the CN to the MN.
( 5 )在本实施方式中, 多接入的含义是指, 首先 MN是拥有多种通信 制式(如 3G、 LTE和 WLAN等 )的终端, 其次 MN能同时通过不同的通信 制式的接口附着至网络。  (5) In the present embodiment, the meaning of multiple access means that the MN is a terminal having multiple communication systems (such as 3G, LTE, WLAN, etc.), and the MN can simultaneously attach to the interface through different communication systems. The internet.
( 6 )在本实施方式中,流路由策略可以分为静态流路由策略和动态流路 由策略。 静态流路由策略包含根据流属性(如地址、 端口号和五元组等) 的 选择策略、 根据 APN ( Access Point Name , 接入点) 的选择策略、 根据忙闲 时段的选择策略和根据运营商策略的选择策略等; 动态流路由策略包含基于 终端侧的动态路由策略和基于网络侧的动态路由策略。 基于终端侧的动态路 由策略包含终端多接口的连接状态和终端用户的选择意愿等; 基于网络侧的 动态路由策略包含网络的链路及负载状况等。 流路由策略都存放在策略服务 器上, 策略服务器部署在标识网络中。  (6) In this embodiment, the flow routing policy may be classified into a static flow routing policy and a dynamic flow routing policy. The static flow routing policy includes a selection policy according to flow attributes (such as address, port number, and quintuple), a selection policy according to APN (Access Point Name), a selection policy according to busy hours, and a carrier according to the carrier. The policy selection strategy and the like; the dynamic flow routing policy includes a dynamic routing policy based on the terminal side and a dynamic routing policy based on the network side. The dynamic routing policy based on the terminal side includes the connection status of the terminal multi-interface and the willingness of the terminal user to select; the dynamic routing policy based on the network side includes the link and load status of the network. The flow routing policies are stored on the policy server, and the policy server is deployed in the identity network.
本实施方式的获取策略服务器的地址的方法, 包括:  The method for obtaining an address of a policy server in this embodiment includes:
在认证或注册过程中从认证、 授权、 计费 (AAA )服务器获取移动节点 的策略服务器的地址, 包括以下两种实现方式:  Obtain the address of the mobile node's policy server from the Authentication, Authorization, and Accounting (AAA) server during the authentication or registration process, including the following two implementations:
( 1 ) ASR在 MN的接入认证过程中 , 从 AAA server获得 MN的策略服 务器的地址。 ILR在 ASR为 MN的注册过程中获得 MN的策略服务器的地 址。  (1) The ASR obtains the address of the MN's policy server from the AAA server during the access authentication process of the MN. The ILR obtains the address of the MN's Policy Server during the ASR registration process for the MN.
( 2 ) ILR从 AAA server获得 MN的策略服务器的地址。 ASR在为 MN 的注册过程中从 ILR获得 MN的策略服务器的地址。 (2) The ILR obtains the address of the MN's policy server from the AAA server. ASR is for MN The address of the MN's Policy Server is obtained from the ILR during the registration process.
另外, 策略服务器在 MN的流路由策略发生变化时, 主动推送更新的流 路由策略。  In addition, the policy server actively pushes the updated flow routing policy when the flow routing policy of the MN changes.
当 MN离开 ASR/ILR时, ASR/ILR向策略服务器注销策略服务器上与 MN绑定的策略请求对象列表中的 ASR/ILR的记录。  When the MN leaves the ASR/ILR, the ASR/ILR logs out the ASR/ILR record in the policy request object list bound to the MN on the policy server to the policy server.
下面结合附图和具体实施例对本发明所述技术方案作进一步的详细描述, 以使本领域的技术人员可以更好的理解本发明并能予以实施, 但所举实施例 不作为对本发明的限定。 下面以图 7所示的通信网络为基础, 结合图以下实施例对本实施方式的 方法进行说明。  The technical solutions of the present invention are further described in detail below with reference to the accompanying drawings and specific embodiments to enable those skilled in the art to understand the invention. . The method of the present embodiment will be described below based on the communication network shown in FIG. 7 in conjunction with the following embodiments.
实施例 1 :  Example 1
图 8是 ASR/ILR获取策略服务器地址的实施例 1的流程, 包括: 步骤 801 : 多接口 MN包含两个接口 IF1和 IF2, 当 MN通过其中某一接 口, 如接口 IF1通过 ASR1附着至网络时, 在 IF1的连接过程中, ASR1在认 证过程中通过 AAA server获得服务 MN的策略服务器的地址;  8 is a flow of Embodiment 1 of an ASR/ILR acquisition policy server address, including: Step 801: A multi-interface MN includes two interfaces IF1 and IF2, when the MN connects to the network through one of the interfaces, such as the interface IF1 through ASR1. During the connection process of IF1, ASR1 obtains the address of the policy server serving the MN through the AAA server during the authentication process;
方法一, ASR1在发起至 AAA server的请求时, 若 ASR1 上没有保存 MN的策略服务器的地址的信息, 则其在 AAA请求消息中携带请求策略服 务器的地址的 AVP ( Attribute- Value-Pairs, 属性-值对) 。 AAA server收到 AAA请求后, 根据 MN ID ( Identity ) 查找, 在 AAA响应消息中携带 MN 的策略服务器的地址属性(此属性可以是地址, 也可以是域名, 若为域名, 则 ASR1需要通过 DNS (域名系统)查询过程, 获得策略服务器的地址)至 ASR1。  Method 1: When ASR1 initiates a request to the AAA server, if ASR1 does not store the information of the address of the MN's policy server, it carries the AVP (Attribute-Value-Pairs, attribute of the address of the requesting policy server) in the AAA request message. -value pair). After receiving the AAA request, the AAA server searches for the MN ID (identity). The AAA response message carries the address attribute of the MN's policy server. (This attribute can be an address or a domain name. If the domain name is used, ASR1 needs to pass the DNS. (Domain name system) query process, get the address of the policy server) to ASR1.
方法二, ASR1发送 AAA请求至 AAA server, AAA server在收到 AAA 请求后, 在返回至 ASR1的 AAA应答消息中, 主动携带 MN的策略服务器 的地址属性(说明同上)至 ASR1 , 告知其 MN的策略服务器地址。  In the second method, the ASR1 sends an AAA request to the AAA server. After receiving the AAA request, the AAA server actively carries the address attribute (described in the above) of the MN's policy server to the ASR1, and informs the MN of the MN. Policy server address.
上述方法中描述的请求策略服务器地址的 AVP可以通过扩展 AAA协议 (如 radius、 diameter )新的属性来实现。  The AVP requesting the policy server address described in the above method can be implemented by extending the new attributes of the AAA protocol (such as radius, diameter).
步骤 802, 在 MN通过认证后, ASR1向 ILR发起注册请求, 注册 MN 的身份标识和位置标识, 并在注册请求中携带策略服务器的地址的选项。 步骤 803 , ILR收到来自于 ASR1 的注册请求, 根据注册请求中的策略 服务器的地址的选项, 获得 MN的策略服务器的地址或域名, 若为域名, 则 ILR需要通过 DNS查询过程, 获得策略服务器地址。 Step 802, after the MN passes the authentication, the ASR1 initiates a registration request to the ILR, and registers the MN. The identity and location identifier, and the option to carry the address of the policy server in the registration request. Step 803: The ILR receives the registration request from the ASR1, and obtains the address or domain name of the MN's policy server according to the option of the address of the policy server in the registration request. If the domain name is used, the ILR needs to obtain the policy server through the DNS query process. address.
步骤 804, ILR根据获得的策略服务器的地址, 向策略服务器请求 MN 的流路由策略。  Step 804: The ILR requests a flow routing policy of the MN from the policy server according to the obtained address of the policy server.
策略服务器收到请求后, 发送 MN的流路由策略至 ILR, 同时创建并维 护 MN的策略请求对象列表, 例如: (MN— ID, ILR— ID, ASR1 ID )。 步骤 804与步骤 805无先后次序。  After receiving the request, the policy server sends the MN's flow routing policy to the ILR, and creates and maintains the MN's policy request object list, for example: (MN_ID, ILR_ID, ASR1 ID). Step 804 and step 805 have no order.
步骤 805 , ASR1 根据获得的策略服务器地址, 向策略服务器请求 MN 的流路由策略。  Step 805: The ASR1 requests the MN's flow routing policy from the policy server according to the obtained policy server address.
策略服务器收到请求后, 发送 MN的流路由策略至 ASR1 , 并且创建并 维护 MN的策略请求对象列表, 例如: (MN— ID, ILR— ID, ASR1 ID )。 步 骤 805与步骤 804无先后次序。  After receiving the request, the policy server sends the MN's flow routing policy to ASR1, and creates and maintains a list of MN's policy request objects, such as: (MN_ID, ILR_ID, ASR1 ID). Step 805 and step 804 have no order.
实施例 2:  Example 2:
图 9是 ASR/ILR获取策略服务器地址的实施例二。 具体包括以下步骤: 步骤 901 , MN— IF1通过 ASR1连接至网络。  Figure 9 is a second embodiment of the ASR/ILR acquisition policy server address. Specifically, the method includes the following steps: Step 901: MN_IF1 is connected to the network through ASR1.
步骤 902, 在 MN通过认证后, ASR1向 ILR发起注册请求, 注册 MN 的身份标识和位置标识, 并在注册请求中携带策略服务器地址请求选项。  Step 902: After the MN passes the authentication, the ASR1 initiates a registration request to the ILR, registers the identity and location identifier of the MN, and carries the policy server address request option in the registration request.
步骤 903 , 当 ILR发现 ASR1注册请求中携带了策略服务器地址请求选 项, ILR将在与 AAA server交互过程中(该交互过程用于授权 MN的移动性 服务或认证 ILR的能力等) , 向 AAA server发送 AAA请求, 其中携带请求 策略服务器地址的选项。  Step 903: When the ILR finds that the ASR1 registration request carries the policy server address request option, the ILR will interact with the AAA server (the interaction process is used to authorize the MN's mobility service or the ability to authenticate the ILR, etc.) to the AAA server. Send an AAA request with the option to request a policy server address.
步骤 904 , AAA server收到来自于 ILR的 AAA请求后, 根据其中的请 求策略服务器地址的选项, 在应答消息中携带策略服务器的地址属性(此属 性中可以是地址或域名。 若为域名, 则 ILR需要通过 DNS查询获得来获得 策略服务器的地址)至 ILR。  Step 904: After receiving the AAA request from the ILR, the AAA server carries the address attribute of the policy server in the response message according to the option of requesting the policy server address (the attribute may be an address or a domain name. The ILR needs to obtain the address of the policy server through the DNS query) to the ILR.
步骤 905 ,在收到来自于 AAA server的携带策略服务的地址属性的 AAA 应答消息后, ILR从应答消息中获取策略服务器的地址属性, 并为 MN生成 并维护映射关系 (AID, RID1 , IF1 ) 。 ILR向 ASRl发送注册确认消息, 确 认消息中携带策略服务器地址属性。 Step 905: Upon receiving the AAA of the address attribute of the carrying policy service from the AAA server After responding to the message, the ILR obtains the address attribute of the policy server from the response message and generates and maintains the mapping relationship (AID, RID1, IF1) for the MN. The ILR sends a registration confirmation message to ASR1, and the confirmation message carries the policy server address attribute.
步骤 906, ASR1从收到的注册确认消息中获取 MN的策略服务器的地 址属性(此属性中可以是地址或域名。 若为域名, 则 ASR1 需要通过 DNS 查询获得来获得策略服务器的地址) 。  Step 906: The ASR1 obtains the address attribute of the MN's policy server from the received registration confirmation message (the attribute may be an address or a domain name. If the domain name is used, the ASR1 needs to obtain the address of the policy server through the DNS query).
步骤 907 , ILR根据获得的策略服务器的地址属性, 向策略服务器请求 MN的流路由策略。  Step 907: The ILR requests a flow routing policy of the MN from the policy server according to the obtained address attribute of the policy server.
策略服务器收到请求后, 发送 MN的流路由策略至 ILR, 并且创建并维 护 MN的策略请求对象列表, 例如: (MN— ID, ILR— ID, ASRl— ID )。 步骤 907与步骤 905、 步骤 906、 步骤 908无先后次序。  After receiving the request, the policy server sends the MN's flow routing policy to the ILR, and creates and maintains a list of MN's policy request objects, such as: (MN_ID, ILR_ID, ASR1-ID). Step 907 and step 905, step 906, and step 908 have no order.
步骤 908, ASR1根据获得的策略服务器的地址属性, 向策略服务器请求 MN的流路由策略。  Step 908: The ASR1 requests the MN's flow routing policy from the policy server according to the obtained address attribute of the policy server.
策略服务器收到请求后, 发送 MN的流路由策略至 ASR1 , 并且创建并 维护 MN的策略请求对象列表, 例如: (MN— ID, ILR— ID, ASRl— ID )。 步 骤 908与步骤 907无先后次序。  After receiving the request, the policy server sends the MN's flow routing policy to ASR1, and creates and maintains a list of MN's policy request objects, such as: (MN_ID, ILR_ID, ASR1-ID). Step 908 and step 907 have no order.
实施例 3:  Example 3:
图 10是流路由策略更新实施例。 具体包括以下步骤:  Figure 10 is an embodiment of a flow routing policy update. Specifically, the following steps are included:
步骤 1001 , 因为终端、 网元实体、 用户或运营商策略的变化, 导致策略 服务器上 MN的流路由策略发生变化时, 策略服务器将根据其所维护的 MN 的策略请求对象列表, 向这些对象网元主动推送变化的流路由策略。  Step 1001: When the flow routing policy of the MN on the policy server changes due to the change of the terminal, the network element entity, the user, or the operator policy, the policy server will request the object list according to the policy of the MN maintained by the policy server, and The element actively pushes the changed flow routing policy.
例如:策略服务器上存有与 MN的 ID绑定的策略请求对象列表( MN_ID, ILR— ID, ASRl— ID, ASR2 ID ),其中 ILR— ID、 ASRl— ID可以是 ILR和 ASRl 的地址信息, ASR2— ID可以是 CN— ASR的地址信息,则策略服务器将向 ILR、 ASRl , ASR2主动推送更新后的 MN流路由策略。  For example, the policy server has a list of policy request objects (MN_ID, ILR_ID, ASR1-ID, ASR2 ID) bound to the ID of the MN, where the ILR_ID, ASR1-ID can be the address information of the ILR and the ASR1, ASR2—The ID can be the address information of the CN-ASR. The policy server will actively push the updated MN flow routing policy to ILR, ASR1, and ASR2.
步骤 1002, 策略服务器向 ASR1主动推送更新后的 MN的流路由策略。 步骤 1002与步骤 1004、 步骤 1006无先后次序。  Step 1002: The policy server actively pushes the updated MN flow routing policy to the ASR1. Step 1002 and step 1004, step 1006 have no precedence.
步骤 1003 , ASR1在收到策略服务器推送的 MN流路由策略后,对 ASR1 现存的 MN流路由策略进行更新,并向策略服务器发送流路由推送确认消息。 步骤 1004,策略服务器向 ILR主动推送更新后的 MN的流路由策略。步 骤 1004与步骤 1002、 步骤 1006无先后次序。 Step 1003: After receiving the MN flow routing policy pushed by the policy server, the ASR1 is connected to the ASR1. The existing MN flow routing policy is updated, and a flow route push confirmation message is sent to the policy server. In step 1004, the policy server actively pushes the flow routing policy of the updated MN to the ILR. Step 1004 and step 1002, step 1006 have no order.
步骤 1005 , ILR在收到策略服务器推送的 MN流路由策略后,对 ILR现 存的 MN流路由策略进行更新, 并向策略服务器发送流路由推送确认消息。  Step 1005: After receiving the MN flow routing policy pushed by the policy server, the ILR updates the existing MN flow routing policy of the ILR, and sends a flow route push confirmation message to the policy server.
步骤 1006, 策略服务器向 ASR3推送更新后的 MN的流路由策略。 步骤 1006与步骤 1002、 步骤 1004无先后次序。  Step 1006: The policy server pushes the updated MN flow routing policy to the ASR3. Step 1006 and step 1002, step 1004 have no order.
步骤 1007, ASR2在收到策略服务器推送的 CN流路由策略后,对 ASR2 现存的 CN流路由策略进行更新,并向策略服务器发送流路由推送确认消息。  Step 1007: After receiving the CN flow routing policy pushed by the policy server, the ASR2 updates the existing CN flow routing policy of the ASR2, and sends a flow route push confirmation message to the policy server.
实施例 4:  Example 4:
图 11是策略服务器上 MN的策略请求对象列表的注销实施例。 具体包 括以下步骤:  Figure 11 is a deregistration embodiment of a list of policy request objects for a MN on a policy server. Specifically, it includes the following steps:
步骤 1101 , 当 ASR1获知 MN离开后, ASR1向 ILR发起注销映射关系 的请求。  Step 1101: After ASR1 learns that the MN leaves, ASR1 initiates a request to cancel the mapping relationship to the ILR.
例如: ILR维护的映射关系 (AID、 RID1、 IF1 ) 的注销。  For example: Logout of the mapping relationship (AID, RID1, IF1) maintained by the ILR.
步骤 1102, ILR删除请求注销的映射关系, 并向 ASR1发送注销确认消 息。  Step 1102: The ILR deletes the mapping relationship for requesting cancellation, and sends a logout confirmation message to ASR1.
步骤 1103 , ASR1 向策略服务器发起注销 MN 的策略请求对象列表中 ASRl— ID的请求。  Step 1103: ASR1 initiates a request to the policy server to cancel the ASR1-ID in the MN's policy request object list.
例如:策略服务器上存有与 MN的 ID绑定的策略请求对象列表( MN ID, For example, the policy server has a list of policy request objects (MN IDs) bound to the MN's ID.
ILR ID, ASR1 ID ) , 其中记录了与请求 MN的流路由策略有关的网元的标 识信息, ASR1请求删除列表中与自己有关的信息。 步骤 803、 步骤 804与 802间无先后次序。 ILR ID, ASR1 ID), which records the identification information of the network element related to the flow routing policy of the requesting MN, and ASR1 requests to delete the information related to itself in the list. Step 803, there is no order between steps 804 and 802.
步骤 1104, 策略服务器收到注销请求后, 注销 MN的策略请求对象列表 中与 ASR1相关的记录。  Step 1104: After receiving the logout request, the policy server cancels the record related to ASR1 in the list of policy request objects of the MN.
例如: 策略请求对象列表中包含 ASR1地址信息、 ASR2地址信息等, 当策略服务器收到 ASR1注销请求后, 将注销 ASR1的地址信息。 步骤 1105, 注销与 ASR1相关的策略请求对象列表记录后, 策略服务器 向 ASR1发送注销确认消息。 For example, the policy request object list contains ASR1 address information, ASR2 address information, etc. When the policy server receives the ASR1 logout request, it will log out the address information of ASR1. Step 1105: After the logout of the policy request object list related to ASR1 is cancelled, the policy server sends a logout confirmation message to ASR1.
步骤 1106, 当 ILR获知 MN离开 ILR后, ILR向策略服务器发起注销 MN的策略请求对象列表中 ILR— ID的请求;  Step 1106: After the ILR learns that the MN leaves the ILR, the ILR initiates a request to the policy server to cancel the ILR_ID in the MN's policy request object list.
例如: MN关机或移动注册至另一 ILR后, 原 ASRs已向原 ILR注销了 For example: After the MN is shut down or the mobile is registered to another ILR, the original ASRs have been logged out to the original ILR.
MN的映射关系, 而原 ILR又在一定 lifetime内未收到新 ASR发来的 MN的 注册请求 , 则 ILR可认为此时 MN已离开 ILR。 于是 ILR向策略服务器发起 注销与 MN的 ID绑定的策略请求对象列表中 ILR— ID请求。 The mapping relationship between the MN and the original ILR does not receive the registration request of the MN sent by the new ASR within a certain lifetime, the ILR can consider that the MN has left the ILR at this time. The ILR then initiates an ILR_ID request to the policy server to unregister the list of policy request objects bound to the MN's ID.
步骤 1107, 策略服务器收到 ILR的注销与 MN的 ID绑定的策略请求对 象列表中 ILR— ID请求后,策略服务器注销 MN的策略请求对象列表中与 ILR 相关记录。  Step 1107: After the policy server receives the ILR-ID request in the policy request object list bounded by the MN ID, the policy server logs off the ILR-related record in the MN policy request object list.
例如: 策略请求对象列表中包含 ILR1地址信息、 ILR2地址信息等, 当 策略服务器收到 ILR1注销 ILR1记录的请求后, 策略服务器注销 ILR1的地 址信息。 步骤 1107、 步骤 1106与 1102间无先后次序。  For example: The policy request object list contains ILR1 address information, ILR2 address information, etc. After the policy server receives the ILR1 request to log out the ILR1 record, the policy server logs out the address information of ILR1. Step 1107, there is no order between steps 1106 and 1102.
步骤 1108, 注销与 ILR相关的策略请求对象列表记录后, 策略服务器向 Step 1108, after canceling the ILR related policy request object list record, the policy server
ILR发送注销确认消息。 The ILR sends a logout confirmation message.
如图 12所示, 本发明实施例提供了一种接入服务路由器, 包括: 认证单 元、 注册单元、 策略请求单元和标识注销单元, 其中:  As shown in FIG. 12, an embodiment of the present invention provides an access service router, including: an authentication unit, a registration unit, a policy request unit, and an identifier deregistration unit, where:
认证单元, 用于在对移动节点进行认证的过程中, 从认证、 授权、 计费 (AAA)服务器获取为移动节点提供流路由策略的策略服务器的地址属性。  An authentication unit, configured to obtain, from an authentication, authorization, and accounting (AAA) server, an address attribute of a policy server that provides a flow routing policy for the mobile node in the process of authenticating the mobile node.
认证单元,具体用于在向 AAA服务器发送的 AAA请求消息中携带请求 策略服务器的地址的属性 -值对 (AVP); 或者, 直接发送未携带 AVP的 AAA 请求消息, 向 AAA服务器请求策略服务器的地址属性。  The authentication unit is configured to carry an attribute-value pair (AVP) of the address of the request policy server in the AAA request message sent to the AAA server; or directly send an AAA request message that does not carry the AVP, and request the policy server from the AAA server. Address attribute.
注册单元, 用于在移动节点通过认证后, 向身份和位置登记寄存器发送 注册请求, 在注册请求中携带策略服务器的地址属性。  The registration unit is configured to send a registration request to the identity and location registration register after the mobile node passes the authentication, and carry the address attribute of the policy server in the registration request.
策略请求单元, 用于在获取到策略服务器的地址属性后, 根据策略服务 器的地址属性, 向策略服务器请求移动节点的流路由策略。  The policy requesting unit is configured to request, from the policy server, a flow routing policy of the mobile node according to the address attribute of the policy server after obtaining the address attribute of the policy server.
标识注销单元, 用于在获知移动节点离开时, 向策略服务器请求注销在 策略请求对象列表中的该接入服务路由器的标识。 Identifying the logout unit, for requesting to logout to the policy server when the mobile node is notified to leave The identity of the access service router in the policy request object list.
如图 13所示, 本实施方式提供了一种身份和位置登记寄存器, 包括: 消 息接收单元、 策略请求单元和标识注销单元, 其中:  As shown in FIG. 13, the embodiment provides an identity and location registration register, including: a message receiving unit, a policy requesting unit, and an identifier deregistration unit, where:
消息接收单元, 用于接收注册请求;  a message receiving unit, configured to receive a registration request;
策略请求单元, 用于在接收到注册请求后, 根据注册请求中携带的策略 服务器的地址属性, 向策略服务器请求移动节点的流路由策略。  The policy requesting unit is configured to request, after receiving the registration request, the flow routing policy of the mobile node from the policy server according to the address attribute of the policy server carried in the registration request.
标识注销单元, 用于在获知移动节点离开该身份和位置登记寄存器时, 向策略服务器请求注销在策略请求对象列表中的该身份和位置登记寄存器的 标识。  And an identifier deregistration unit, configured to request, from the policy server, to log off the identity of the identity and location registration register in the policy request object list when the mobile node is informed to leave the identity and location registration register.
如图 14所示, 本实施方式提供了一种策略服务器, 包括: 策略发送单元 和策略请求对象列表维护单元, 其中:  As shown in FIG. 14, the embodiment provides a policy server, including: a policy sending unit and a policy request object list maintaining unit, where:
策略发送单元, 用于将移动节点的流路由策略发送给请求流路由策略的 网元;  a policy sending unit, configured to send a flow routing policy of the mobile node to the network element that requests the flow routing policy;
策略请求对象列表维护单元, 用于在策略请求对象列表中添加请求流路 由策略的网元的标识, 其中, 策略请求对象列表用于记录请求移动节点的流 路由策略的网元的标识与移动节点的标识的对应关系信息。  The policy request object list maintenance unit is configured to add, in the policy request object list, an identifier of the network element that requests the flow routing policy, where the policy request object list is used to record the identifier of the network element requesting the mobile node's flow routing policy and the mobile node Correspondence information of the identity.
策略请求对象列表维护单元, 还用于在接收到网元的注销请求后, 在策 略请求对象列表中注销网元的标识。  The policy request object list maintenance unit is further configured to: after receiving the logout request of the network element, cancel the identifier of the network element in the policy request object list.
如图 15所示, 本实施方式提供了一种 AAA服务器, 包括: 消息接收单 元、 地址查找单元和信息发送单元, 其中:  As shown in FIG. 15, the embodiment provides an AAA server, including: a message receiving unit, an address searching unit, and an information sending unit, where:
消息接收单元, 用于接收 AAA请求消息;  a message receiving unit, configured to receive an AAA request message;
地址查找单元, 用于在 AAA请求消息中携带请求策略服务器的地址的 属性 -值对 (AVP)时,根据移动节点的标识查找对应的策略服务器的地址属性; 或者, 在接收到 AAA请求消息后, 直接根据移动节点的标识查找对应的策 略 Λ良务器的地址属性;  An address search unit, configured to: when the AAA request message carries an attribute-value pair (AVP) of the address of the request policy server, search for an address attribute of the corresponding policy server according to the identifier of the mobile node; or, after receiving the AAA request message, Finding the address attribute of the corresponding policy server directly according to the identifier of the mobile node;
信息发送单元, 用于将地址查找单元查找到的策略服务器的地址属性返 回给接入服务路由器。 本发明实施例提供的另一种接入服务路由器, 包括: 注册单元, 其中: 注册单元, 用于在移动节点通过认证后, 向身份和位置登记寄存器发送 注册请求, 在该注册请求中携带策略服务器地址请求选项, 请求为移动节点 提供流路由策略的策略服务器的地址属性。 The information sending unit is configured to return an address attribute of the policy server found by the address searching unit to the access service router. Another access service router provided by the embodiment of the present invention includes: a registration unit, where: a registration unit is configured to send a registration request to the identity and location registration register after the mobile node passes the authentication, and carry the policy in the registration request. Server address request option, requesting the address attribute of the policy server that provides the flow routing policy for the mobile node.
本实施方式提供的另一种身份和位置登记寄存器, 包括: 消息接收单元 和地址获取单元, 其中:  Another identity and location registration register provided by this embodiment includes: a message receiving unit and an address obtaining unit, where:
消息接收单元, 用于接收注册请求;  a message receiving unit, configured to receive a registration request;
所述地址获取单元, 用于根据注册请求中携带的策略服务器地址请求选 项, 从认证、 授权、 计费 (AAA)服务器获取策略服务器的地址属性, 将获取 到的策略服务器的地址属性发送给接入服务路由器。  The address obtaining unit is configured to obtain an address attribute of the policy server from an authentication, authorization, and accounting (AAA) server according to the policy server address request option carried in the registration request, and send the obtained address attribute of the policy server to the address Into the service router.
地址获取单元,具体用于向 AAA服务器发送 AAA请求消息,在该 AAA 请求消息中携带请求策略服务器地址的选项。  The address obtaining unit is specifically configured to send an AAA request message to the AAA server, where the AAA request message carries an option to request a policy server address.
本实施方式提供的另一种 AAA服务器, 包括: 消息接收单元、 地址查 找单元和信息发送单元, 其中:  Another AAA server provided in this embodiment includes: a message receiving unit, an address searching unit, and an information sending unit, where:
消息接收单元, 用于接收 AAA请求消息;  a message receiving unit, configured to receive an AAA request message;
地址查找单元, 用于在 AAA请求消息中携带请求策略服务器地址的选 项时, 根据移动节点的标识查找对应的策略服务器的地址属性;  An address searching unit, configured to: when the AAA request message carries an option of requesting a policy server address, search for an address attribute of the corresponding policy server according to the identifier of the mobile node;
信息发送单元, 用于将查找到的策略服务器的地址属性返回给身份和位 置登记寄存器。  The information sending unit is configured to return the address attribute of the found policy server to the identity and location registration register.
本实施方式提供的另一种策略服务器, 包括: 策略发送单元、 策略请求 对象列表维护单元和流路由策略推送单元, 其中:  Another policy server provided by this embodiment includes: a policy sending unit, a policy request object list maintaining unit, and a flow routing policy pushing unit, where:
策略发送单元, 用于在网元请求移动节点的流路由策略时, 将移动节点 的流路由策略发送给网元;  a policy sending unit, configured to send a flow routing policy of the mobile node to the network element when the network element requests the flow routing policy of the mobile node;
略请求对象列表维护单元,用于在策略请求对象列表中添加网元的标识, 其中, 策略请求对象列表用于记录请求移动节点的流路由策略的网元的标识 与移动节点的标识的对应关系信息;  The request object list maintenance unit is configured to add an identifier of the network element in the policy request object list, where the policy request object list is used to record the correspondence between the identifier of the network element requesting the flow routing policy of the mobile node and the identifier of the mobile node Information
流路由策略推送单元, 用于在移动节点的流路由策略发生变化时, 根据 策略请求对象列表中记录的请求移动节点的流路由策略的网元的标识, 将更 新的流路由策略推送给网元。 a flow routing policy pushing unit, configured to change when a flow routing policy of the mobile node changes The identifier of the network element of the flow routing policy of the requesting mobile node recorded in the policy request object list, and the updated flow routing policy is pushed to the network element.
以上所述仅为本发明的优选实施例而已, 并不用于限制本发明, 对于本 领域的技术人员来说, 本发明可以有各种更改和变化。 凡在本发明的精神和 原则之内, 所作的任何修改、 等同替换、 改进等, 均应包含在本发明的保护 范围之内。 The above description is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.
工业实用性 本发明实施例通过认证或注册过程中从 AAA服务器获取到移动节点的 策略服务器的地址, 使得 ASR或 ILR在需要根据多接口的移动节点的流路 由策略为对端节点发起的业务选择合适的流路由前, 能够根据移动节点的策 略服务器的地址, 从策略服务器获取移动节点的流路由策略。 Industrial Applicability The embodiment of the present invention obtains the address of the policy server of the mobile node from the AAA server during the authentication or registration process, so that the ASR or the ILR selects the service initiated by the peer node according to the flow routing policy of the mobile node according to the multi-interface. Before the appropriate flow routing, the flow routing policy of the mobile node can be obtained from the policy server according to the address of the mobile node's policy server.

Claims

权 利 要 求 书 Claim
1、 一种获取策略服务器的地址的方法, 包括: 1. A method for obtaining an address of a policy server, comprising:
接入服务路由器在对移动节点进行认证的过程中, 从认证、 授权、 计费 The access service router authenticates, authorizes, and charges during the process of authenticating the mobile node.
(AAA)服务器获取为所述移动节点提供流路由策略的策略服务器的地址属性。 The (AAA) server obtains an address attribute of a policy server that provides a flow routing policy for the mobile node.
2、 如权利要求 1所述的方法, 其中, 所述从 AAA服务器获取为所述移 动节点提供流路由策略的策略服务器的地址属性, 包括: 2. The method according to claim 1, wherein the obtaining, by the AAA server, an address attribute of a policy server that provides a flow routing policy for the mobile node, includes:
所述接入服务路由器在向所述 AAA服务器发送的 AAA请求消息中携带 请求所述策略服务器的地址的属性 -值对 (AVP);  The access service router carries an attribute-value pair (AVP) requesting an address of the policy server in an AAA request message sent to the AAA server;
所述 AAA服务器接收到所述 AAA请求消息后, 在所述 AAA请求消息 中携带所述 AVP时,根据移动节点的标识查找对应的策略服务器的地址属性 , 将查找到的策略服务器的地址属性返回给所述接入服务路由器。  After receiving the AAA request message, when the AAA request message carries the AVP, the AAA server searches for the address attribute of the corresponding policy server according to the identifier of the mobile node, and returns the address attribute of the found policy server. Give the access service router.
3、 如权利要求 1所述的方法, 其中, 所述从 AAA服务器获取为所述移 动节点提供流路由策略的策略服务器的地址属性的步骤, 包括: 3. The method according to claim 1, wherein the step of obtaining, from the AAA server, an address attribute of a policy server that provides a flow routing policy for the mobile node, includes:
所述接入服务路由器向所述 AAA服务器发送 AAA请求消息;  The access service router sends an AAA request message to the AAA server;
所述 AAA服务器在接收到所述 AAA请求消息后,根据移动节点的标识 查找对应的策略服务器的地址属性, 将查找到的策略服务器的地址属性返回 给所述接入服务路由器。  After receiving the AAA request message, the AAA server searches for the address attribute of the corresponding policy server according to the identifier of the mobile node, and returns the address attribute of the found policy server to the access service router.
4、 如权利要求 1所述的方法, 其中, 还包括: 4. The method of claim 1, further comprising:
所述接入服务路由器在所述移动节点通过认证后, 向身份和位置登记寄 存器发送注册请求, 在所述注册请求中携带策略服务器的地址属性;  After the mobile node passes the authentication, the access service router sends a registration request to the identity and location registration register, where the registration request carries the address attribute of the policy server;
所述身份和位置登记寄存器在接收到所述注册请求后, 根据所述策略服 务器的地址属性, 向策略服务器请求所述移动节点的流路由策略;  After receiving the registration request, the identity and location registration register requests a flow routing policy of the mobile node from a policy server according to an address attribute of the policy server;
所述策略服务器将所述移动节点的流路由策略发送给所述身份和位置登 记寄存器,并在策略请求对象列表中添加所述身份和位置登记寄存器的标识, 其中, 所述策略请求对象列表用于记录请求移动节点的流路由策略的网元的 标识与移动节点的标识的对应关系信息。 Transmitting, by the policy server, the flow routing policy of the mobile node to the identity and location registration register, and adding an identifier of the identity and location registration register to the policy request object list, where the policy request object list is used by Corresponding relationship information between the identifier of the network element requesting the flow routing policy of the mobile node and the identifier of the mobile node is recorded.
5、 如权利要求 4所述的方法, 其中, 还包括: 5. The method of claim 4, further comprising:
所述身份和位置登记寄存器在获知所述移动节点离开该身份和位置登记 寄存器时, 向所述策略服务器请求注销在策略请求对象列表中的该身份和位 置登记寄存器的标识;  The identity and location registration register, upon learning that the mobile node leaves the identity and location registration register, requests the policy server to deregister the identity of the identity and location registration register in the policy request object list;
所述策略服务器按照所述身份和位置登记寄存器的请求, 在所述策略请 求对象列表中注销所述身份和位置登记寄存器的标识。  The policy server deregisters the identity of the identity and location registration register in the policy request object list in accordance with the request of the identity and location registration register.
6、 如权利要求 1所述的方法, 其中, 还包括: 6. The method of claim 1, further comprising:
所述接入服务路由器在获取到所述策略服务器的地址属性后, 根据所述 策略服务器的地址属性, 向策略服务器请求所述移动节点的流路由策略; 所述策略服务器将所述移动节点的流路由策略发送给所述接入服务路由 器, 并在策略请求对象列表中添加所述接入服务路由器的标识, 其中, 所述 策略请求对象列表用于记录请求移动节点的流路由策略的网元的标识与移动 节点的标识的对应关系信息。  After obtaining the address attribute of the policy server, the access service router requests a flow routing policy of the mobile node from the policy server according to the address attribute of the policy server; the policy server uses the mobile node's The flow routing policy is sent to the access service router, and the identifier of the access service router is added to the policy request object list, where the policy request object list is used to record the network element of the flow routing policy requesting the mobile node. Correspondence information of the identity of the mobile node and the identity of the mobile node.
7、 如权利要求 6所述的方法, 其中, 还包括: 7. The method according to claim 6, further comprising:
所述接入服务路由器在获知所述移动节点离开时, 向所述策略服务器请 求注销在策略请求对象列表中的该接入服务路由器的标识;  When the access service router learns that the mobile node is away, requests the policy server to log off the identifier of the access service router in the policy request object list;
所述策略服务器按照所述接入服务路由器的请求, 在所述策略请求对象 列表中注销所述接入服务路由器的标识。  And the policy server deregisters the identifier of the access service router in the policy request object list according to the request of the access service router.
8、 一种获取策略服务器的地址的方法, 其中, 包括: 8. A method for obtaining an address of a policy server, wherein:
接入服务路由器在移动节点通过认证后, 向身份和位置登记寄存器发送 注册请求, 在该注册请求中携带策略服务器地址请求选项, 请求为移动节点 提供流路由策略的策略服务器的地址属性;  After the mobile node passes the authentication, the access service router sends a registration request to the identity and location registration register, and the registration request carries a policy server address request option, requesting the address attribute of the policy server that provides the flow routing policy for the mobile node;
所述身份和位置登记寄存器接收到所述注册请求后, 根据所述策略服务 器地址请求选项, 从认证、 授权、 计费 (AAA)服务器获取所述策略服务器的 地址属性, 将获取到的策略服务器的地址属性发送给所述接入服务路由器。  After receiving the registration request, the identity and location registration register obtains an address attribute of the policy server from an authentication, authorization, and accounting (AAA) server according to the policy server address request option, and the obtained policy server is obtained. The address attribute is sent to the access service router.
9、 如权利要求 8所述的方法, 其中, 所述从 AAA服务器获取所述策略 服务器的地址属性, 包括: 9. The method of claim 8, wherein the obtaining the policy from an AAA server The address attribute of the server, including:
所述身份和位置登记寄存器向所述 AAA服务器发送 AAA请求消息,在 该 AAA请求消息中携带请求策略服务器地址的选项;  The identity and location registration register sends an AAA request message to the AAA server, where the AAA request message carries an option to request a policy server address;
所述 AAA服务器接收到所述 AAA请求消息后, 在所述 AAA请求消息 中携带所述请求策略服务器地址的选项时, 根据移动节点的标识查找对应的 策略服务器的地址属性, 将查找到的策略服务器的地址属性返回给所述身份 和位置登记寄存器。  After receiving the AAA request message, when the AAA request message carries the option of requesting a policy server address, the AAA server searches for an address attribute of the corresponding policy server according to the identifier of the mobile node, and the searched policy is found. The address attribute of the server is returned to the identity and location registration register.
10、 如权利要求 8所述的方法, 其中, 还包括: 10. The method of claim 8, further comprising:
所述接入服务路由器在从所述身份和位置登记寄存器接收到所述策略服 务器的地址属性后, 根据所述策略服务器的地址属性, 向策略服务器请求所 述移动节点的流路由策略;  After receiving the address attribute of the policy server from the identity and location registration register, the access service router requests a flow routing policy of the mobile node from the policy server according to the address attribute of the policy server;
所述策略服务器将所述移动节点的流路由策略发送给所述接入服务路由 器, 并在策略请求对象列表中添加所述接入服务路由器的标识, 其中, 所述 策略请求对象列表用于记录请求移动节点的流路由策略的网元的标识与移动 节点的标识的对应关系信息。  The policy server sends a flow routing policy of the mobile node to the access service router, and adds an identifier of the access service router to the policy request object list, where the policy request object list is used for recording Corresponding relationship information between the identifier of the network element of the flow routing policy of the mobile node and the identifier of the mobile node.
11、 如权利要求 10所述的方法, 其中, 还包括: 11. The method of claim 10, further comprising:
所述接入服务路由器在获知所述移动节点离开时, 向所述策略服务器请 求注销在策略请求对象列表中的该接入服务路由器的标识;  When the access service router learns that the mobile node is away, requests the policy server to log off the identifier of the access service router in the policy request object list;
所述策略服务器按照所述接入服务路由器的请求, 在所述策略请求对象 列表中注销所述接入服务路由器的标识。  And the policy server deregisters the identifier of the access service router in the policy request object list according to the request of the access service router.
12、 如权利要求 8所述的方法, 其中, 还包括: 12. The method of claim 8, further comprising:
所述身份和位置登记寄存器在获取到所述策略服务器的地址属性后, 根 据所述策略服务器的地址属性, 向策略服务器请求所述移动节点的流路由策 略;  After obtaining the address attribute of the policy server, the identity and location registration register requests a flow routing policy of the mobile node from the policy server according to the address attribute of the policy server;
所述策略服务器将所述移动节点的流路由策略发送给所述身份和位置登 记寄存器,并在策略请求对象列表中添加所述身份和位置登记寄存器的标识, 其中, 所述策略请求对象列表用于记录请求移动节点的流路由策略的网元的 标识与移动节点的标识的对应关系信息。 Transmitting, by the policy server, the flow routing policy of the mobile node to the identity and location registration register, and adding an identifier of the identity and location registration register to the policy request object list, where the policy request object list is used by For recording the network element of the flow routing policy requesting the mobile node Correspondence information identifying the identity of the mobile node.
13、 如权利要求 12所述的方法, 其中, 还包括: 13. The method of claim 12, further comprising:
所述身份和位置登记寄存器在获知所述移动节点离开该身份和位置登记 寄存器时, 向所述策略服务器请求注销在策略请求对象列表中的该身份和位 置登记寄存器的标识;  The identity and location registration register, upon learning that the mobile node leaves the identity and location registration register, requests the policy server to deregister the identity of the identity and location registration register in the policy request object list;
所述策略服务器按照所述身份和位置登记寄存器的请求, 在所述策略请 求对象列表中注销所述身份和位置登记寄存器的标识。  The policy server deregisters the identity of the identity and location registration register in the policy request object list in accordance with the request of the identity and location registration register.
14、 一种获取流路由策略的方法, 包括: 14. A method for obtaining a flow routing policy, comprising:
策略服务器在网元请求移动节点的流路由策略时, 将所述移动节点的流 路由策略发送给所述网元, 并在策略请求对象列表中添加所述网元的标识, 其中, 所述策略请求对象列表用于记录请求移动节点的流路由策略的网元的 标识与移动节点的标识的对应关系信息;  The policy server sends a flow routing policy of the mobile node to the network element when the network element requests the flow routing policy of the mobile node, and adds the identifier of the network element to the policy request object list, where the policy is The request object list is used to record correspondence information between the identifier of the network element requesting the flow routing policy of the mobile node and the identifier of the mobile node;
所述策略服务器在移动节点的流路由策略发生变化时, 根据所述策略请 求对象列表中记录的请求移动节点的流路由策略的网元的标识, 将更新的流 路由策略推送给网元。  When the flow routing policy of the mobile node changes, the policy server pushes the updated flow routing policy to the network element according to the identifier of the network element of the flow routing policy of the requesting mobile node recorded in the policy request object list.
15、 一种接入服务路由器, 包括: 认证单元, 其中: 15. An access service router, comprising: an authentication unit, wherein:
所述认证单元, 设置为: 在对移动节点进行认证的过程中, 从认证、 授 权、 计费 (AAA)服务器获取为所述移动节点提供流路由策略的策略服务器的 地址属性。  The authentication unit is configured to: obtain, in an authentication process for the mobile node, an address attribute of a policy server that provides a flow routing policy for the mobile node from an authentication, authorization, and accounting (AAA) server.
16、 如权利要求 15所述接入服务路由器, 其中: 16. The access service router of claim 15, wherein:
所述认证单元, 是设置为: 在向所述 AAA服务器发送的 AAA请求消息 中携带请求所述策略服务器的地址的属性 -值对 (AVP); 或者, 直接发送未携 带所述 AVP的 AAA请求消息, 向所述 AAA服务器请求所述策略服务器的 地址属性。  The authentication unit is configured to: carry an attribute-value pair (AVP) requesting an address of the policy server in an AAA request message sent to the AAA server; or directly send an AAA request that does not carry the AVP The message requests the address attribute of the policy server from the AAA server.
17、 如权利要求 15 所述接入服务路由器, 其中, 还包括注册单元, 其 中: 所述注册单元, 设置为: 在所述移动节点通过认证后, 向身份和位置登 记寄存器发送注册请求, 在所述注册请求中携带策略服务器的地址属性。 17. The access service router of claim 15, further comprising a registration unit, wherein: The registration unit is configured to: after the mobile node passes the authentication, send a registration request to the identity and location registration register, where the registration request carries an address attribute of the policy server.
18、 如权利要求 15所述接入服务路由器,其中,还包括策略请求单元, 其中: 18. The access service router of claim 15, further comprising a policy request unit, wherein:
所述策略请求单元, 设置为: 在获取到所述策略服务器的地址属性后, 根据所述策略服务器的地址属性, 向策略服务器请求所述移动节点的流路由 策略。  The policy requesting unit is configured to: after obtaining the address attribute of the policy server, request a flow routing policy of the mobile node from the policy server according to the address attribute of the policy server.
19、 如权利要求 15所述接入服务路由器,其中,还包括标识注销单元, 其中: 19. The access service router of claim 15, further comprising an identification logout unit, wherein:
所述标识注销单元, 设置为: 在获知移动节点离开时, 向所述策略服务 器请求注销在策略请求对象列表中的该接入服务路由器的标识。  The identifier deregistration unit is configured to: upon learning that the mobile node is away, request the policy server to log off the identity of the access service router in the policy request object list.
20、 一种身份和位置登记寄存器, 包括: 消息接收单元和策略请求单元, 其中: 20. An identity and location registration register, comprising: a message receiving unit and a policy requesting unit, wherein:
所述消息接收单元, 设置为: 接收注册请求;  The message receiving unit is configured to: receive a registration request;
所述策略请求单元, 设置为: 在接收到所述注册请求后, 根据所述注册 请求中携带的策略服务器的地址属性, 向策略服务器请求移动节点的流路由 策略。  The policy requesting unit is configured to: after receiving the registration request, request a flow routing policy of the mobile node from the policy server according to the address attribute of the policy server carried in the registration request.
21、 如权利要求 20 所述的身份和位置登记寄存器, 其中, 还包括标识 注销单元, 其中: 21. The identity and location registration register of claim 20, further comprising an identification logout unit, wherein:
所述标识注销单元, 设置为: 在获知移动节点离开该身份和位置登记寄 存器时, 向策略服务器请求注销在策略请求对象列表中的该身份和位置登记 寄存器的标识。  The identification logout unit is configured to: upon learning that the mobile node leaves the identity and location registration register, request the policy server to log out of the identity of the identity and location registration register in the policy request object list.
22、 一种策略服务器, 包括: 策略发送单元和策略请求对象列表维护单 元, 其中: 22. A policy server, comprising: a policy sending unit and a policy request object list maintenance unit, wherein:
所述策略发送单元, 设置为: 将移动节点的流路由策略发送给请求流路 由策略的网元; 所述策略请求对象列表维护单元, 设置为: 在策略请求对象列表中添加 所述请求流路由策略的网元的标识, 其中, 所述策略请求对象列表用于记录 请求移动节点的流路由策略的网元的标识与移动节点的标识的对应关系信息。 The policy sending unit is configured to: send a flow routing policy of the mobile node to the network element that requests the flow routing policy; The policy request object list maintenance unit is configured to: add an identifier of the network element of the request flow routing policy to the policy request object list, where the policy request object list is used to record a flow routing policy of the requesting mobile node The correspondence relationship between the identifier of the network element and the identifier of the mobile node.
23、 如权利要求 22所述的策略服务器, 其中: 23. The policy server of claim 22, wherein:
所述策略请求对象列表维护单元, 还用于在接收到网元的注销请求后, 在所述策略请求对象列表中注销网元的标识。  The policy request object list maintenance unit is further configured to: after receiving the logout request of the network element, cancel the identifier of the network element in the policy request object list.
24、 一种认证、 授权、 计费 (AAA)服务器, 包括: 消息接收单元、 地址 查找单元和信息发送单元, 其中: 所述消息接收单元, 设置为: 接收 AAA请求消息; An authentication, authorization, and accounting (AAA) server, comprising: a message receiving unit, an address searching unit, and an information sending unit, wherein: the message receiving unit is configured to: receive an AAA request message;
所述地址查找单元, 设置为: 在所述 AAA请求消息中携带请求策略服 务器的地址的属性 -值对 (AVP)时, 根据移动节点的标识查找对应的策略服务 器的地址属性; 或者, 在接收到所述 AAA请求消息后, 直接根据移动节点 的标识查找对应的策略服务器的地址属性;  The address search unit is configured to: when the AAA request message carries an attribute-value pair (AVP) of the address of the request policy server, search for an address attribute of the corresponding policy server according to the identifier of the mobile node; or, receive After the AAA request message is sent, the address attribute of the corresponding policy server is directly searched according to the identifier of the mobile node;
所述信息发送单元, 设置为: 将所述地址查找单元查找到的策略服务器 的地址属性返回给接入服务路由器。  The information sending unit is configured to: return an address attribute of the policy server found by the address searching unit to the access service router.
25、 一种接入服务路由器, 包括: 注册单元, 其中: 25. An access service router, comprising: a registration unit, wherein:
所述注册单元, 设置为: 在移动节点通过认证后, 向身份和位置登记寄 存器发送注册请求, 在该注册请求中携带策略服务器地址请求选项, 请求为 移动节点提供流路由策略的策略服务器的地址属性。  The registration unit is configured to: after the mobile node passes the authentication, send a registration request to the identity and location registration register, where the registration request carries a policy server address request option, requesting the address of the policy server that provides the flow routing policy for the mobile node Attributes.
26、 一种身份和位置登记寄存器, 包括: 消息接收单元和地址获取单元, 其中: 26. An identity and location registration register, comprising: a message receiving unit and an address obtaining unit, wherein:
所述消息接收单元, 设置为: 接收注册请求;  The message receiving unit is configured to: receive a registration request;
所述地址获取单元, 设置为: 根据所述注册请求中携带的策略服务器地 址请求选项, 从认证、 授权、 计费 (AAA)服务器获取所述策略服务器的地址 属性, 将获取到的策略服务器的地址属性发送给接入服务路由器。  The address obtaining unit is configured to: obtain an address attribute of the policy server from an authentication, authorization, and accounting (AAA) server according to a policy server address request option carried in the registration request, and obtain the obtained policy server The address attribute is sent to the access service router.
27、 如权利要求 26所述的身份和位置登记寄存器, 其中: 所述地址获取单元,是设置为:向所述 AAA服务器发送 AAA请求消息, 在该 AAA请求消息中携带请求策略服务器地址的选项。 27. The identity and location registration register of claim 26, wherein: The address obtaining unit is configured to: send an AAA request message to the AAA server, where the AAA request message carries an option to request a policy server address.
28、 一种认证、 授权、 计费 (AAA)服务器, 包括: 消息接收单元、 地址 查找单元和信息发送单元, 其中: 所述消息接收单元, 设置为: 接收 AAA请求消息; An authentication, authorization, and accounting (AAA) server, comprising: a message receiving unit, an address searching unit, and an information sending unit, wherein: the message receiving unit is configured to: receive an AAA request message;
所述地址查找单元, 设置为: 在所述 AAA请求消息中携带请求策略服 务器地址的选项时,根据移动节点的标识查找对应的策略服务器的地址属性; 所述信息发送单元, 设置为: 将查找到的策略服务器的地址属性返回给 身份和位置登记寄存器。  The address searching unit is configured to: when the AAA request message carries an option for requesting a policy server address, search for an address attribute of the corresponding policy server according to the identifier of the mobile node; and the information sending unit is set to: The address attribute of the policy server is returned to the identity and location registration registers.
29、 一种策略服务器, 包括: 策略发送单元、 策略请求对象列表维护单 元和流路由策略推送单元, 其中: 29. A policy server, comprising: a policy sending unit, a policy request object list maintenance unit, and a flow routing policy pushing unit, where:
所述策略发送单元, 设置为: 在网元请求移动节点的流路由策略时, 将 所述移动节点的流路由策略发送给所述网元;  The policy sending unit is configured to: when the network element requests the flow routing policy of the mobile node, send the flow routing policy of the mobile node to the network element;
所述略请求对象列表维护单元, 设置为: 在策略请求对象列表中添加所 述网元的标识, 其中, 所述策略请求对象列表用于记录请求移动节点的流路 由策略的网元的标识与移动节点的标识的对应关系信息;  The slightly requesting object list maintenance unit is configured to: add an identifier of the network element to the policy request object list, where the policy request object list is used to record the identifier of the network element requesting the flow routing policy of the mobile node Correspondence relationship information of the identity of the mobile node;
所述流路由策略推送单元, 设置为: 在移动节点的流路由策略发生变化 时, 根据所述策略请求对象列表中记录的请求移动节点的流路由策略的网元 的标识, 将更新的流路由策略推送给网元。  The flow routing policy pushing unit is configured to: when the flow routing policy of the mobile node changes, according to the identifier of the network element of the flow routing policy of the requesting mobile node recorded in the policy request object list, the updated flow route is The policy is pushed to the network element.
PCT/CN2012/083725 2011-11-17 2012-10-30 Policy server address acquisition method WO2013071817A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110364904.9A CN103117927B (en) 2011-11-17 2011-11-17 A kind of method of the address of acquisition strategy server
CN201110364904.9 2011-11-17

Publications (1)

Publication Number Publication Date
WO2013071817A1 true WO2013071817A1 (en) 2013-05-23

Family

ID=48416205

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/083725 WO2013071817A1 (en) 2011-11-17 2012-10-30 Policy server address acquisition method

Country Status (2)

Country Link
CN (1) CN103117927B (en)
WO (1) WO2013071817A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106302461B (en) * 2016-08-16 2020-10-27 新华三技术有限公司 Method and device for checking validity of flow strategy

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101247239A (en) * 2008-03-10 2008-08-20 中兴通讯股份有限公司 Authenticated authorization accounting system and implementing method thereof
CN102045692A (en) * 2009-10-26 2011-05-04 中兴通讯股份有限公司 Communication network realized by network architecture based on separation of control surfaces and media surface

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101494890A (en) * 2006-12-08 2009-07-29 华为技术有限公司 Method, network and equipment for route conversation
CN101272627B (en) * 2008-04-30 2010-12-22 杭州华三通信技术有限公司 Network access control method and apparatus for implementing roaming
US8311014B2 (en) * 2009-11-06 2012-11-13 Telefonaktiebolaget L M Ericsson (Publ) Virtual care-of address for mobile IP (internet protocol)

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101247239A (en) * 2008-03-10 2008-08-20 中兴通讯股份有限公司 Authenticated authorization accounting system and implementing method thereof
CN102045692A (en) * 2009-10-26 2011-05-04 中兴通讯股份有限公司 Communication network realized by network architecture based on separation of control surfaces and media surface

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"HUAWEI, Selected IP Traffic Offload for UMTS at Iu-PS", 3GPPTSG SA WG2 MEETING#75, 4 September 2009 (2009-09-04), Retrieved from the Internet <URL:http://www.3gpp.org/ftp/tsg_sa/WG2Arch/TSGS275Kyoto/Docs/S2-095961> *

Also Published As

Publication number Publication date
CN103117927B (en) 2018-08-03
CN103117927A (en) 2013-05-22

Similar Documents

Publication Publication Date Title
EP3821622B1 (en) Systems and methods for enabling private communication within a user equipment group
JP5497901B2 (en) Anonymous communication method, registration method, message sending / receiving method and system
JP5032582B2 (en) Gateway selection mechanism
JP5672238B2 (en) Gateway device, mobile communication system, mobile terminal, packet transfer control method, mobile terminal control method, and program
JP5427952B2 (en) Method and system for realizing roaming between networks
US20100177699A1 (en) Method, apparatus and system for mobility management and efficient information retrieval in a communications network
JP6371592B2 (en) Node communication method in content-centric network and the node
WO2006067951A1 (en) Access control device, and access control method
WO2008151557A1 (en) Method, equipment and proxy mobile ip system for triggering route optimization
WO2011035615A1 (en) Method, system and apparatus for transmitting data
WO2013060225A1 (en) System and method for acquiring user location through user bearer identifier
WO2015058339A1 (en) Routing method between base stations, serving gateway and base station
WO2011032417A1 (en) Method and system for initiating forwarding of communicaiton, information and data message and for routing configuration
WO2011044807A1 (en) Method for registration and communication of anonymous communication and transceiver system for data message
WO2011032498A1 (en) Method and system for allocating position identifier and transmitting message
WO2012089032A1 (en) Data transmission method using multiple access methods, and access device
WO2009155863A1 (en) Method and system for supporting mobility security in the next generation network
WO2013071817A1 (en) Policy server address acquisition method
WO2013023465A1 (en) Interconnection and intercommunication method for identity location separated network and traditional network, ilr and asr
US11910492B2 (en) Communication system, communication apparatus, communication method, and non-transitory medium
WO2012089030A1 (en) Method, access device and authentication device for network access by multiple access methods
WO2012088828A1 (en) Method, system and access gateway router for table maintenance
JP5626900B2 (en) Wireless communication system and access point
JP2016034116A (en) Path setting device, path setting method, path setting program, and communication system
US20230291607A1 (en) System and method for ursp-based tunneling through fixed wireless access

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12849983

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12849983

Country of ref document: EP

Kind code of ref document: A1