WO2013071817A1 - Procédé d'acquisition d'adresses de serveurs de règles - Google Patents

Procédé d'acquisition d'adresses de serveurs de règles Download PDF

Info

Publication number
WO2013071817A1
WO2013071817A1 PCT/CN2012/083725 CN2012083725W WO2013071817A1 WO 2013071817 A1 WO2013071817 A1 WO 2013071817A1 CN 2012083725 W CN2012083725 W CN 2012083725W WO 2013071817 A1 WO2013071817 A1 WO 2013071817A1
Authority
WO
WIPO (PCT)
Prior art keywords
policy
server
mobile node
request
address
Prior art date
Application number
PCT/CN2012/083725
Other languages
English (en)
Chinese (zh)
Inventor
严为
黄翔
魏元
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2013071817A1 publication Critical patent/WO2013071817A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/04Network layer protocols, e.g. mobile IP [Internet Protocol]
    • H04W80/045Network layer protocols, e.g. mobile IP [Internet Protocol] involving different protocol versions, e.g. MIPv4 and MIPv6

Definitions

  • the present invention relates to the field of mobile communications, and in particular, to a method for obtaining an address of a policy server. Background technique
  • IP address in TCP/IP Transmission Control Protocol/Internet Protocol
  • TCP/IP Transmission Control Protocol/Internet Protocol
  • IP address of the host changes, not only the route changes, but also the identity of the communication terminal host changes. This will cause the routing load to become heavier and heavy, and the change of the host ID will also cause the application and connection to be interrupted.
  • the purpose of identification and location separation is to solve the problem of semantic overload and severe routing load of IP addresses, and to separate the dual functions of IP addresses to achieve dynamic redistribution of mobility, multiple townships, IP addresses, and mitigation of routes. Support for issues such as load and mutual visits between different network areas in the next generation Internet.
  • FIG. 1 shows a communication network architecture with identity and location separation.
  • an AID Access Identifier
  • a terminal MN Mobile Node
  • a CN Correspondent Node, pair The identity of the end node.
  • the RID Router Identifier
  • the Access Service Router ASR
  • All terminals are registered, authenticated, and access the network through the ASR.
  • the ASR needs to report to the ILR (Identifier & Location Register).
  • the ILR saves and maintains the mapping relationship between the terminal identity AID and the location RID (AID, RID) and provides a response to the query mapping relationship.
  • the text is forwarded in the identity and location network as shown in Figure 2.
  • the ASR1 queries whether the current RID of the CN exists on the local mapping record of the ASR1 according to the destination address of the packet (that is, the AID of the CN). If yes, ASR1 encapsulates and forwards the packet according to the RID of the queried CN.
  • ASR1 queries the ILR for the current RID of the CN.
  • ASR1 obtains the RID of the CN from the ILR, and then encapsulates the packet with the RID of the ASR1 and the CN, and then forwards the encapsulated packet to the ASR2 corresponding to the RID of the CN.
  • ASR2 decapsulates the received packet and forwards it to the CN.
  • the encapsulation format of the packet is divided into two types: the original packet and the RID encapsulated packet.
  • the original packet is forwarded:
  • the access layer of the network is separated from the identity and location, that is, the AID is used between the Host and the ASR.
  • the packet is forwarded as the source address and the destination address.
  • the format of the packet is shown in Figure 3.
  • RID-encapsulated packet forwarding The core layer of the identity and location separation network, that is, the packet forwarding between the ASR and the ASR after RID encapsulation, the packet is shown in Figure 4.
  • the MN accesses the identification network through two different interfaces, ifl ( interface 1 ) and if2 ( interface2 ), where ifl is connected to ASR1 and if2 is connected to ASR2.
  • the MN also accesses the identification network through two different interfaces, ifl and if2, but ifl and if2 access the same ASR, so they are assigned the same RID, that is, RID1 of ASR1.
  • mapping relationship (AID, RID) maintained by the ILR can perform routing tasks well.
  • multiple interfaces on the MN will use the same AID.
  • the mapping relationship (AID, RID) maintained by the ILR cannot distinguish different interfaces from the same MN. Therefore, in the multi-access technology scenario, the ILR not only needs to maintain (AID, RID), but also includes each interface of the MN. Enter the technology type to distinguish different interfaces belonging to the same MN.
  • the mapping relationship on the extended ILR is (AID, RID, IF), and the ASR completes the registration of different interface access types on the MN in the ILR.
  • the extended ILR mapping relationship (AID, RID, IF) distinguishes different interfaces belonging to the same MN, but routing through (AID, RID, IF) has the following problems:
  • Figure 5 shows the multi-interface MN Different interfaces access different ASRs.
  • the MN has two mapping relationships on the ILR: (AID 1 , RID 1 , IF 1 ) ⁇ (AID 1 , RID2, IF2).
  • ASR3 choose the correct mapping relationship to route the message to which interface.
  • Figure 6 shows that different interfaces of the multi-interface MN access the same ASR, and the MN has two mapping relationships on the ILR (AID 1, RID 1, IF 1 ⁇ o (AID 1 , RID 1 , IF2).
  • the ASR1 receives the packet from the CN, and the ASR1 selects the interface of the MN to forward the packet.
  • the peer node sends data to the multi-interface terminal, the peer ASR or the terminal ASR or
  • the ILR needs to select an appropriate terminal location identifier and interface for the service initiated by the peer node according to the flow routing policy of the multi-interface terminal, so as to perform normal packet forwarding routing to reduce data transmission anomalies and provide data transmission. Effective protection. Before ASR or ILR selects the appropriate terminal location identifier and interface for the service initiated by the peer node according to the flow routing policy information of the multi-interface terminal, the ASR or ILR must know the address of the policy server where the terminal is located, and download from the policy server. Corresponds to the flow routing policy of this terminal.
  • the technical problem to be solved by the present invention is to provide a method for obtaining an address of a policy server.
  • the flow routing policy can be obtained according to the address of the policy server.
  • a method for obtaining an address of a policy server according to the present invention includes:
  • the access service router obtains, from the authentication, authorization, and accounting (AAA) server, an address attribute of a policy server that provides a flow routing policy for the mobile node in the process of authenticating the mobile node.
  • AAA authentication, authorization, and accounting
  • a method for obtaining an address of a policy server including:
  • the access service router After the mobile node passes the authentication, the access service router sends a registration request to the identity and location registration register, and the registration request carries a policy server address request option, requesting the address attribute of the policy server that provides the flow routing policy for the mobile node;
  • the identity and location registration register After receiving the registration request, the identity and location registration register obtains an address attribute of the policy server from an authentication, authorization, and accounting (AAA) server according to the policy server address request option, and the obtained policy server is obtained.
  • AAA authentication, authorization, and accounting
  • a method for obtaining a flow routing policy includes: The policy server sends a flow routing policy of the mobile node to the network element when the network element requests the flow routing policy of the mobile node, and adds the identifier of the network element to the policy request object list, where the policy is The request object list is used to record correspondence information between the identifier of the network element requesting the flow routing policy of the mobile node and the identifier of the mobile node;
  • the policy server pushes the updated flow routing policy to the network element according to the identifier of the network element of the flow routing policy of the requesting mobile node recorded in the policy request object list.
  • An access service router includes: an authentication unit, where:
  • the authentication unit is configured to: obtain, in an authentication process for the mobile node, an address attribute of a policy server that provides a flow routing policy for the mobile node from an authentication, authorization, and accounting (AAA) server.
  • AAA authentication, authorization, and accounting
  • An identity and location registration register includes: a message receiving unit and a policy request unit, wherein:
  • the message receiving unit is configured to: receive a registration request
  • the policy requesting unit is configured to: after receiving the registration request, request a flow routing policy of the mobile node from the policy server according to the address attribute of the policy server carried in the registration request.
  • a policy server includes: a policy sending unit and a policy request object list maintaining unit, where:
  • the policy sending unit is configured to: send a flow routing policy of the mobile node to the network element that requests the flow routing policy;
  • the policy request object list maintenance unit is configured to: add an identifier of the network element of the request flow routing policy to the policy request object list, where the policy request object list is used to record a flow routing policy of the requesting mobile node The correspondence relationship between the identifier of the network element and the identifier of the mobile node.
  • An authentication, authorization, and accounting (AAA) server includes: a message receiving unit, an address finding unit, and an information sending unit, where:
  • the message receiving unit is configured to: receive an AAA request message
  • the address searching unit is configured to: carry the request policy service in the AAA request message When the attribute-value pair (AVP) of the address of the server is used, the address attribute of the corresponding policy server is searched according to the identifier of the mobile node; or, after receiving the AAA request message, the corresponding policy is directly searched according to the identifier of the mobile node.
  • AVP attribute-value pair
  • the information sending unit is configured to: return an address attribute of the policy server found by the address searching unit to the access service router.
  • An access service router includes: a registration unit, where:
  • the registration unit is configured to: after the mobile node passes the authentication, send a registration request to the identity and location registration register, where the registration request carries a policy server address request option, requesting the address of the policy server that provides the flow routing policy for the mobile node Attributes.
  • An identity and location registration register includes: a message receiving unit and an address obtaining unit, wherein:
  • the message receiving unit is configured to: receive a registration request
  • the address obtaining unit is configured to: obtain an address attribute of the policy server from an authentication, authorization, and accounting (AAA) server according to a policy server address request option carried in the registration request, and obtain the obtained policy server The address attribute is sent to the access service router.
  • AAA authentication, authorization, and accounting
  • An authentication, authorization, and accounting (AAA) server includes: a message receiving unit, an address finding unit, and an information sending unit, where:
  • the message receiving unit is configured to: receive an AAA request message
  • the address searching unit is configured to: when the AAA request message carries an option for requesting a policy server address, search for an address attribute of the corresponding policy server according to the identifier of the mobile node; and the information sending unit is set to: The address attribute of the policy server is returned to the identity and location registration registers.
  • a policy server includes: a policy sending unit, a policy request object list maintaining unit, and a flow routing policy pushing unit, where:
  • the policy sending unit is configured to: when the network element requests the flow routing policy of the mobile node, send the flow routing policy of the mobile node to the network element;
  • the slightly requested object list maintenance unit is set to: add a place in the policy request object list An identifier of the network element, where the policy request object list is used to record correspondence information between the identifier of the network element requesting the flow routing policy of the mobile node and the identifier of the mobile node;
  • the flow routing policy pushing unit is configured to: when the flow routing policy of the mobile node changes, according to the identifier of the network element of the flow routing policy of the requesting mobile node recorded in the policy request object list, the updated flow route is The policy is pushed to the network element.
  • the embodiment of the present invention obtains the address of the policy server of the mobile node from the AAA server during the authentication or registration process, so that the ASR or the ILR initiates the flow routing policy of the mobile node according to the multi-interface as the opposite node.
  • the service can obtain a flow routing policy of the mobile node from the policy server according to the address of the policy server of the mobile node.
  • FIG. 1 is a schematic diagram of a communication network architecture in which identity and location are separated;
  • FIG. 2 is a schematic diagram of a forwarding process of a message in an identity and location separation network
  • Figure 3 is a schematic diagram of the original AID message
  • Figure 4 is a schematic diagram of a RID encapsulated message
  • FIG. 5 is a schematic diagram of connecting different interfaces of a multi-interface MN to different ASRs
  • FIG. 6 is a schematic diagram of a multi-interface MN connecting different interfaces to the same ASR;
  • FIG. 7 is a schematic diagram of a communication network connection in an embodiment of the present invention.
  • FIG. 8 is a flowchart of Embodiment 1 of an ASR/ILR acquisition policy server address in the present invention
  • FIG. 9 is a flowchart of Embodiment 2 of an ASR/ILR acquisition policy server address in the present invention
  • FIG. 10 is a strategy in the present invention.
  • FIG. 11 is a flowchart of a policy server binding deregistration embodiment 4 in the present invention
  • FIG. 11 is a flowchart of a policy server binding deregistration embodiment 4 in the present invention.
  • FIG. 12 is a structural diagram of an access service router in an embodiment of the present invention.
  • Figure 13 is a block diagram of an identity and location registration register in an embodiment of the present invention.
  • FIG. 14 is a structural diagram of a policy server in an embodiment of the present invention.
  • FIG. 15 is a block diagram of an AAA server in accordance with an embodiment of the present invention. Preferred embodiment of the invention
  • the present embodiment proposes a method for the ASR and the ILR to discover the policy server address corresponding to the terminal in the identity identification and location separation network. Based on this address, the ASR and the ILR obtain a flow routing policy from the policy server, and select the most suitable route for the traffic flow sent to the multi-interface terminal.
  • CN is the communication peer node of the MN, and there may be multiple CNs.
  • MNJF1 refers to interface 1 of the current MN.
  • MNJF2 refers to interface 2 of the current MN.
  • Flow X refers to the data stream X initiated by the CN to the MN.
  • the meaning of multiple access means that the MN is a terminal having multiple communication systems (such as 3G, LTE, WLAN, etc.), and the MN can simultaneously attach to the interface through different communication systems.
  • the internet such as 3G, LTE, WLAN, etc.
  • the flow routing policy may be classified into a static flow routing policy and a dynamic flow routing policy.
  • the static flow routing policy includes a selection policy according to flow attributes (such as address, port number, and quintuple), a selection policy according to APN (Access Point Name), a selection policy according to busy hours, and a carrier according to the carrier.
  • the dynamic flow routing policy includes a dynamic routing policy based on the terminal side and a dynamic routing policy based on the network side.
  • the dynamic routing policy based on the terminal side includes the connection status of the terminal multi-interface and the willingness of the terminal user to select; the dynamic routing policy based on the network side includes the link and load status of the network.
  • the flow routing policies are stored on the policy server, and the policy server is deployed in the identity network.
  • AAA Authentication, Authorization, and Accounting
  • the ASR obtains the address of the MN's policy server from the AAA server during the access authentication process of the MN.
  • the ILR obtains the address of the MN's Policy Server during the ASR registration process for the MN.
  • the ILR obtains the address of the MN's policy server from the AAA server.
  • ASR is for MN
  • the address of the MN's Policy Server is obtained from the ILR during the registration process.
  • the policy server actively pushes the updated flow routing policy when the flow routing policy of the MN changes.
  • the ASR/ILR logs out the ASR/ILR record in the policy request object list bound to the MN on the policy server to the policy server.
  • Step 801 A multi-interface MN includes two interfaces IF1 and IF2, when the MN connects to the network through one of the interfaces, such as the interface IF1 through ASR1. During the connection process of IF1, ASR1 obtains the address of the policy server serving the MN through the AAA server during the authentication process;
  • Method 1 When ASR1 initiates a request to the AAA server, if ASR1 does not store the information of the address of the MN's policy server, it carries the AVP (Attribute-Value-Pairs, attribute of the address of the requesting policy server) in the AAA request message. -value pair). After receiving the AAA request, the AAA server searches for the MN ID (identity). The AAA response message carries the address attribute of the MN's policy server. (This attribute can be an address or a domain name. If the domain name is used, ASR1 needs to pass the DNS. (Domain name system) query process, get the address of the policy server) to ASR1.
  • AVP Attribute-Value-Pairs, attribute of the address of the requesting policy server
  • the ASR1 sends an AAA request to the AAA server.
  • the AAA server actively carries the address attribute (described in the above) of the MN's policy server to the ASR1, and informs the MN of the MN. Policy server address.
  • the AVP requesting the policy server address described in the above method can be implemented by extending the new attributes of the AAA protocol (such as radius, diameter).
  • Step 802 after the MN passes the authentication, the ASR1 initiates a registration request to the ILR, and registers the MN.
  • Step 804 The ILR requests a flow routing policy of the MN from the policy server according to the obtained address of the policy server.
  • the policy server After receiving the request, the policy server sends the MN's flow routing policy to the ILR, and creates and maintains the MN's policy request object list, for example: (MN_ID, ILR_ID, ASR1 ID). Step 804 and step 805 have no order.
  • Step 805 The ASR1 requests the MN's flow routing policy from the policy server according to the obtained policy server address.
  • the policy server After receiving the request, the policy server sends the MN's flow routing policy to ASR1, and creates and maintains a list of MN's policy request objects, such as: (MN_ID, ILR_ID, ASR1 ID). Step 805 and step 804 have no order.
  • Figure 9 is a second embodiment of the ASR/ILR acquisition policy server address. Specifically, the method includes the following steps: Step 901: MN_IF1 is connected to the network through ASR1.
  • Step 902 After the MN passes the authentication, the ASR1 initiates a registration request to the ILR, registers the identity and location identifier of the MN, and carries the policy server address request option in the registration request.
  • Step 903 When the ILR finds that the ASR1 registration request carries the policy server address request option, the ILR will interact with the AAA server (the interaction process is used to authorize the MN's mobility service or the ability to authenticate the ILR, etc.) to the AAA server. Send an AAA request with the option to request a policy server address.
  • the AAA server the interaction process is used to authorize the MN's mobility service or the ability to authenticate the ILR, etc.
  • Step 904 After receiving the AAA request from the ILR, the AAA server carries the address attribute of the policy server in the response message according to the option of requesting the policy server address (the attribute may be an address or a domain name.
  • the ILR needs to obtain the address of the policy server through the DNS query) to the ILR.
  • Step 905 Upon receiving the AAA of the address attribute of the carrying policy service from the AAA server After responding to the message, the ILR obtains the address attribute of the policy server from the response message and generates and maintains the mapping relationship (AID, RID1, IF1) for the MN. The ILR sends a registration confirmation message to ASR1, and the confirmation message carries the policy server address attribute.
  • Step 906 The ASR1 obtains the address attribute of the MN's policy server from the received registration confirmation message (the attribute may be an address or a domain name. If the domain name is used, the ASR1 needs to obtain the address of the policy server through the DNS query).
  • Step 907 The ILR requests a flow routing policy of the MN from the policy server according to the obtained address attribute of the policy server.
  • the policy server After receiving the request, the policy server sends the MN's flow routing policy to the ILR, and creates and maintains a list of MN's policy request objects, such as: (MN_ID, ILR_ID, ASR1-ID). Step 907 and step 905, step 906, and step 908 have no order.
  • Step 908 The ASR1 requests the MN's flow routing policy from the policy server according to the obtained address attribute of the policy server.
  • the policy server After receiving the request, the policy server sends the MN's flow routing policy to ASR1, and creates and maintains a list of MN's policy request objects, such as: (MN_ID, ILR_ID, ASR1-ID). Step 908 and step 907 have no order.
  • Figure 10 is an embodiment of a flow routing policy update. Specifically, the following steps are included:
  • Step 1001 When the flow routing policy of the MN on the policy server changes due to the change of the terminal, the network element entity, the user, or the operator policy, the policy server will request the object list according to the policy of the MN maintained by the policy server, and The element actively pushes the changed flow routing policy.
  • the policy server has a list of policy request objects (MN_ID, ILR_ID, ASR1-ID, ASR2 ID) bound to the ID of the MN, where the ILR_ID, ASR1-ID can be the address information of the ILR and the ASR1, ASR2—The ID can be the address information of the CN-ASR.
  • the policy server will actively push the updated MN flow routing policy to ILR, ASR1, and ASR2.
  • Step 1002 The policy server actively pushes the updated MN flow routing policy to the ASR1. Step 1002 and step 1004, step 1006 have no precedence.
  • Step 1003 After receiving the MN flow routing policy pushed by the policy server, the ASR1 is connected to the ASR1. The existing MN flow routing policy is updated, and a flow route push confirmation message is sent to the policy server. In step 1004, the policy server actively pushes the flow routing policy of the updated MN to the ILR. Step 1004 and step 1002, step 1006 have no order.
  • Step 1005 After receiving the MN flow routing policy pushed by the policy server, the ILR updates the existing MN flow routing policy of the ILR, and sends a flow route push confirmation message to the policy server.
  • Step 1006 The policy server pushes the updated MN flow routing policy to the ASR3. Step 1006 and step 1002, step 1004 have no order.
  • Step 1007 After receiving the CN flow routing policy pushed by the policy server, the ASR2 updates the existing CN flow routing policy of the ASR2, and sends a flow route push confirmation message to the policy server.
  • Figure 11 is a deregistration embodiment of a list of policy request objects for a MN on a policy server. Specifically, it includes the following steps:
  • Step 1101 After ASR1 learns that the MN leaves, ASR1 initiates a request to cancel the mapping relationship to the ILR.
  • Step 1102 The ILR deletes the mapping relationship for requesting cancellation, and sends a logout confirmation message to ASR1.
  • Step 1103 ASR1 initiates a request to the policy server to cancel the ASR1-ID in the MN's policy request object list.
  • the policy server has a list of policy request objects (MN IDs) bound to the MN's ID.
  • MN IDs policy request objects
  • ILR ID ILR ID
  • ASR1 ID which records the identification information of the network element related to the flow routing policy of the requesting MN
  • ASR1 requests to delete the information related to itself in the list.
  • Step 1104 After receiving the logout request, the policy server cancels the record related to ASR1 in the list of policy request objects of the MN.
  • the policy request object list contains ASR1 address information, ASR2 address information, etc.
  • the policy server receives the ASR1 logout request, it will log out the address information of ASR1.
  • Step 1105 After the logout of the policy request object list related to ASR1 is cancelled, the policy server sends a logout confirmation message to ASR1.
  • Step 1106 After the ILR learns that the MN leaves the ILR, the ILR initiates a request to the policy server to cancel the ILR_ID in the MN's policy request object list.
  • the original ASRs have been logged out to the original ILR.
  • the mapping relationship between the MN and the original ILR does not receive the registration request of the MN sent by the new ASR within a certain lifetime, the ILR can consider that the MN has left the ILR at this time.
  • the ILR then initiates an ILR_ID request to the policy server to unregister the list of policy request objects bound to the MN's ID.
  • Step 1107 After the policy server receives the ILR-ID request in the policy request object list bounded by the MN ID, the policy server logs off the ILR-related record in the MN policy request object list.
  • the policy request object list contains ILR1 address information, ILR2 address information, etc. After the policy server receives the ILR1 request to log out the ILR1 record, the policy server logs out the address information of ILR1. Step 1107, there is no order between steps 1106 and 1102.
  • Step 1108 after canceling the ILR related policy request object list record, the policy server
  • the ILR sends a logout confirmation message.
  • an embodiment of the present invention provides an access service router, including: an authentication unit, a registration unit, a policy request unit, and an identifier deregistration unit, where:
  • An authentication unit configured to obtain, from an authentication, authorization, and accounting (AAA) server, an address attribute of a policy server that provides a flow routing policy for the mobile node in the process of authenticating the mobile node.
  • AAA authentication, authorization, and accounting
  • the authentication unit is configured to carry an attribute-value pair (AVP) of the address of the request policy server in the AAA request message sent to the AAA server; or directly send an AAA request message that does not carry the AVP, and request the policy server from the AAA server. Address attribute.
  • AVP attribute-value pair
  • the registration unit is configured to send a registration request to the identity and location registration register after the mobile node passes the authentication, and carry the address attribute of the policy server in the registration request.
  • the policy requesting unit is configured to request, from the policy server, a flow routing policy of the mobile node according to the address attribute of the policy server after obtaining the address attribute of the policy server.
  • Identifying the logout unit for requesting to logout to the policy server when the mobile node is notified to leave The identity of the access service router in the policy request object list.
  • the embodiment provides an identity and location registration register, including: a message receiving unit, a policy requesting unit, and an identifier deregistration unit, where:
  • a message receiving unit configured to receive a registration request
  • the policy requesting unit is configured to request, after receiving the registration request, the flow routing policy of the mobile node from the policy server according to the address attribute of the policy server carried in the registration request.
  • an identifier deregistration unit configured to request, from the policy server, to log off the identity of the identity and location registration register in the policy request object list when the mobile node is informed to leave the identity and location registration register.
  • the embodiment provides a policy server, including: a policy sending unit and a policy request object list maintaining unit, where:
  • a policy sending unit configured to send a flow routing policy of the mobile node to the network element that requests the flow routing policy
  • the policy request object list maintenance unit is configured to add, in the policy request object list, an identifier of the network element that requests the flow routing policy, where the policy request object list is used to record the identifier of the network element requesting the mobile node's flow routing policy and the mobile node Correspondence information of the identity.
  • the policy request object list maintenance unit is further configured to: after receiving the logout request of the network element, cancel the identifier of the network element in the policy request object list.
  • the embodiment provides an AAA server, including: a message receiving unit, an address searching unit, and an information sending unit, where:
  • a message receiving unit configured to receive an AAA request message
  • An address search unit configured to: when the AAA request message carries an attribute-value pair (AVP) of the address of the request policy server, search for an address attribute of the corresponding policy server according to the identifier of the mobile node; or, after receiving the AAA request message, Finding the address attribute of the corresponding policy server directly according to the identifier of the mobile node;
  • AVP attribute-value pair
  • the information sending unit is configured to return an address attribute of the policy server found by the address searching unit to the access service router.
  • Another access service router provided by the embodiment of the present invention includes: a registration unit, where: a registration unit is configured to send a registration request to the identity and location registration register after the mobile node passes the authentication, and carry the policy in the registration request. Server address request option, requesting the address attribute of the policy server that provides the flow routing policy for the mobile node.
  • Another identity and location registration register includes: a message receiving unit and an address obtaining unit, where:
  • a message receiving unit configured to receive a registration request
  • the address obtaining unit is configured to obtain an address attribute of the policy server from an authentication, authorization, and accounting (AAA) server according to the policy server address request option carried in the registration request, and send the obtained address attribute of the policy server to the address Into the service router.
  • AAA authentication, authorization, and accounting
  • the address obtaining unit is specifically configured to send an AAA request message to the AAA server, where the AAA request message carries an option to request a policy server address.
  • Another AAA server provided in this embodiment includes: a message receiving unit, an address searching unit, and an information sending unit, where:
  • a message receiving unit configured to receive an AAA request message
  • An address searching unit configured to: when the AAA request message carries an option of requesting a policy server address, search for an address attribute of the corresponding policy server according to the identifier of the mobile node;
  • the information sending unit is configured to return the address attribute of the found policy server to the identity and location registration register.
  • Another policy server includes: a policy sending unit, a policy request object list maintaining unit, and a flow routing policy pushing unit, where:
  • a policy sending unit configured to send a flow routing policy of the mobile node to the network element when the network element requests the flow routing policy of the mobile node
  • the request object list maintenance unit is configured to add an identifier of the network element in the policy request object list, where the policy request object list is used to record the correspondence between the identifier of the network element requesting the flow routing policy of the mobile node and the identifier of the mobile node Information
  • a flow routing policy pushing unit configured to change when a flow routing policy of the mobile node changes The identifier of the network element of the flow routing policy of the requesting mobile node recorded in the policy request object list, and the updated flow routing policy is pushed to the network element.
  • the embodiment of the present invention obtains the address of the policy server of the mobile node from the AAA server during the authentication or registration process, so that the ASR or the ILR selects the service initiated by the peer node according to the flow routing policy of the mobile node according to the multi-interface. Before the appropriate flow routing, the flow routing policy of the mobile node can be obtained from the policy server according to the address of the mobile node's policy server.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un procédé d'acquisition d'adresses de serveurs de règles comprenant les étapes suivantes : pendant le processus d'authentification de nœud mobile, un routeur de services d'accès acquiert auprès d'un serveur d'authentification, d'autorisation et de comptabilisation (AAA) l'attribut d'adresse d'un serveur de règles produisant les règles de routage de flux pour le nœud mobile. Par l'acquisition de l'adresse de serveur de règles du nœud mobile à partir du serveur AAA pendant le processus d'authentification ou d'enregistrement, un mode de réalisation de l'invention permet à un ASR ou un ILR d'acquérir les règles de routage de flux du nœud mobile à partir du serveur de règles selon l'adresse de serveur de règles du nœud mobile avant la sélection d'un routeur de flux propre pour le service déclenché par un nœud correspondant selon les règles de routage de flux d'un nœud mobile multi-interface.
PCT/CN2012/083725 2011-11-17 2012-10-30 Procédé d'acquisition d'adresses de serveurs de règles WO2013071817A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110364904.9 2011-11-17
CN201110364904.9A CN103117927B (zh) 2011-11-17 2011-11-17 一种获取策略服务器的地址的方法

Publications (1)

Publication Number Publication Date
WO2013071817A1 true WO2013071817A1 (fr) 2013-05-23

Family

ID=48416205

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/083725 WO2013071817A1 (fr) 2011-11-17 2012-10-30 Procédé d'acquisition d'adresses de serveurs de règles

Country Status (2)

Country Link
CN (1) CN103117927B (fr)
WO (1) WO2013071817A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106302461B (zh) * 2016-08-16 2020-10-27 新华三技术有限公司 一种检查流量策略合法性的方法及装置

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101247239A (zh) * 2008-03-10 2008-08-20 中兴通讯股份有限公司 一种认证授权计费系统及其实现方法
CN102045692A (zh) * 2009-10-26 2011-05-04 中兴通讯股份有限公司 一种基于控制面与媒体面分离的网络架构实现的通信网络

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101494890A (zh) * 2006-12-08 2009-07-29 华为技术有限公司 一种路由会话的方法、网络及设备
CN101272627B (zh) * 2008-04-30 2010-12-22 杭州华三通信技术有限公司 实现漫游的网络接入控制方法及设备
US8311014B2 (en) * 2009-11-06 2012-11-13 Telefonaktiebolaget L M Ericsson (Publ) Virtual care-of address for mobile IP (internet protocol)

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101247239A (zh) * 2008-03-10 2008-08-20 中兴通讯股份有限公司 一种认证授权计费系统及其实现方法
CN102045692A (zh) * 2009-10-26 2011-05-04 中兴通讯股份有限公司 一种基于控制面与媒体面分离的网络架构实现的通信网络

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"HUAWEI, Selected IP Traffic Offload for UMTS at Iu-PS", 3GPPTSG SA WG2 MEETING#75, 4 September 2009 (2009-09-04), Retrieved from the Internet <URL:http://www.3gpp.org/ftp/tsg_sa/WG2Arch/TSGS275Kyoto/Docs/S2-095961> *

Also Published As

Publication number Publication date
CN103117927A (zh) 2013-05-22
CN103117927B (zh) 2018-08-03

Similar Documents

Publication Publication Date Title
EP3821622B1 (fr) Systèmes et procédés pour permettre une communication privée au sein d&#39;un groupe d&#39;équipements d&#39;utilisateurs
JP5497901B2 (ja) 匿名通信の方法、登録方法、メッセージ受発信方法及びシステム
JP5427952B2 (ja) ネットワーク間ローミングの実現方法、システム
JP5672238B2 (ja) ゲートウェイ装置、移動通信システム、移動端末、パケット転送制御方法、移動端末の制御方法、及びプログラム
US20100177699A1 (en) Method, apparatus and system for mobility management and efficient information retrieval in a communications network
WO2006067951A1 (fr) Dispositif de contrôle d’accès et procédé de contrôle d’accès
JP2010510713A (ja) ゲートウェイ選択機構
WO2008151557A1 (fr) Procédé, équipement et système ip mobile de serveur mandataire pour déclencher une optimisation de route
WO2011035615A1 (fr) Procédé, système et appareil de transmission de données
WO2013060225A1 (fr) Système et procédé d&#39;acquisition de la position d&#39;un utilisateur par l&#39;intermédiaire d&#39;un identifiant de support d&#39;utilisateur
WO2015058339A1 (fr) Procédé de routage entre stations de base, passerelle de desserte, et station de base
US20240155736A1 (en) Communication system, communication apparatus, communication method, and non-transitory medium
WO2011032417A1 (fr) Procédé et système de déclenchement d&#39;acheminement de message de communication, d&#39;informations et de données et de configuration de routage
EP2479932A1 (fr) Procédé et système d&#39;affectation d&#39;identificateur de position et d&#39;envoi de message
WO2011044807A1 (fr) Procédé de communication et d&#39;enregistrement de communication anonyme et système émetteur-récepteur de message de données
WO2012089032A1 (fr) Procédé de transmission de données utilisant de multiples procédés d&#39;accès et dispositif d&#39;accès
WO2009155863A1 (fr) Procédé et système destinés à prendre en charge une sécurité de mobilité dans un réseau de prochaine génération
WO2013071817A1 (fr) Procédé d&#39;acquisition d&#39;adresses de serveurs de règles
WO2013023465A1 (fr) Procédé d&#39;interconnexion et d&#39;intercommunication entre un réseau à séparation d&#39;adresse url et d&#39;identifiant et un réseau classique, et ilr et asr associés
WO2012089030A1 (fr) Procédé, dispositif d&#39;accès et dispositif d&#39;authentification pour accès au réseau par de multiples procédés d&#39;accès
WO2012088828A1 (fr) Procédé, système et routeur de passerelle d&#39;accès pour maintenance de table
JP5626900B2 (ja) 無線通信システムおよびアクセスポイント
JP2016034116A (ja) 経路設定装置、経路設定方法、経路設定プログラムおよび通信システム
US20230291607A1 (en) System and method for ursp-based tunneling through fixed wireless access
WO2012089027A1 (fr) Procédé et dispositif d&#39;interfonctionnement avec des réseaux externes pour terminaux utilisateur à multiples procédés d&#39;accès

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12849983

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12849983

Country of ref document: EP

Kind code of ref document: A1