WO2013091410A1 - Network access method, system and device - Google Patents

Network access method, system and device Download PDF

Info

Publication number
WO2013091410A1
WO2013091410A1 PCT/CN2012/081568 CN2012081568W WO2013091410A1 WO 2013091410 A1 WO2013091410 A1 WO 2013091410A1 CN 2012081568 W CN2012081568 W CN 2012081568W WO 2013091410 A1 WO2013091410 A1 WO 2013091410A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
pcef
network access
policy
session establishment
Prior art date
Application number
PCT/CN2012/081568
Other languages
French (fr)
Chinese (zh)
Inventor
杨文宏
Original Assignee
华为数字技术(成都)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为数字技术(成都)有限公司 filed Critical 华为数字技术(成都)有限公司
Publication of WO2013091410A1 publication Critical patent/WO2013091410A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • H04L12/1403Architecture for metering, charging or billing
    • H04L12/1407Policy-and-charging control [PCC] architecture
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/5003Managing SLA; Interaction between SLA and QoS
    • H04L41/5019Ensuring fulfilment of SLA
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/66Policy and charging system

Definitions

  • the present invention relates to the field of computer and communication technologies, and in particular, to a network access method, a network access system, and a device. Background technique
  • 3GPP Third Generation Partnership Project
  • 3GPP Third Generation Partnership Project
  • the gateway (GW, gateway) in Figure 1 serves as an access point for the user to access the network, and the Policy and Charging Enforcement Function (PCEF) is a functional module in the GW.
  • the PCEF interacts with the Policy and Charging Rule Function (PCRF) through the Gx interface.
  • PCRF Policy and Charging Rule Function
  • the PCRF sends the policy corresponding to the user to the PCEF, including the traffic control policy, the charging policy, and the like, according to the subscription information of the user.
  • the PCEF performs the policy that is sent by the PCRF, that is, controls the behavior of the user to use the network according to the policy delivered by the PCRF, for example, controls the traffic of the user according to the traffic control policy.
  • the PCEF interacts with the Online Charging System (OCS) through the Gy interface.
  • OCS Online Charging System
  • the OCS is used for credit check and the user's corresponding quota is issued to the PCEF.
  • the PCEF accumulates the user's usage of the network according to the quota issued by the OCS, and controls the network access behavior of the user according to the quota corresponding to the user and the usage of the network by the user for each user.
  • PCEF PCEF independent of the GW device
  • the GW is connected to the authentication authorization and accounting server (AAA Sever, Authentication, Authorization, and Accounting Sever).
  • AAA Sever Authentication, Authorization, and Accounting Sever
  • the GW authenticates the user. If the authentication succeeds, the user is allowed to access the network.
  • the PCEF monitors the network traffic flowing through the GW, and obtains user information, such as a user identifier, through a Radius message copied by the GW or the AAA Sever.
  • the inventor has found that at least the following problems exist in the prior art:
  • the PCEF obtains user information and relies on the deployment environment of the live network. In some scenarios, such as when the user does not need to be authenticated, the network is not configured.
  • AAA Sever the PCEF cannot obtain the copied Radius because the PCEF cannot obtain the user information in a reliable and timely manner, and thus cannot control and manage the network traffic of each user by using the corresponding policy of the user. Summary of the invention
  • the embodiment of the invention provides a network access method for solving the problem that the PCEF cannot obtain reliable and timely user information in the prior art, thereby effectively controlling and managing user network traffic.
  • an embodiment of the present invention further provides a network access system, a PEEF device, and a network access device.
  • a network access method includes:
  • the policy and charging execution function entity PCEF receives a session establishment request message sent by the network access device by using a Gx interface with the network access device, where the session establishment request message is that the network access device receives the user initiated network. After the access request message is sent;
  • the PCEF obtains the user information and saves the user information by parsing the session establishment request message, and requests the policy corresponding to the user from the policy and charging rule entity PCRF according to the user information, and saves the policy;
  • the PCEF manages and controls the traffic of the user according to the user information and policies.
  • a network access system including a network access device, a PCEF, and a PCRF, where: a network access device, configured to send a session establishment request message to a PCEF through a Gx interface after receiving a network access request message initiated by a user;
  • a PCEF configured to: retrieve the user information and save the user information by parsing the session establishment request message; forward the session establishment request message to the PCRF, receive a policy corresponding to the user returned by the PCRF, and save the policy, The management and control of the user's traffic according to the user information and policies.
  • a PCEF device including:
  • the receiving unit is configured to receive, by using a Gx interface with the network access device, a session establishment request message sent by the network access device, where the session establishment request message is that the network access device receives the network access request initiated by the user. Sent after the news;
  • a first acquiring unit configured to receive the session establishment request message by the parsing receiving unit, acquire user information, and save the user information
  • a second acquiring unit configured to request, according to the user information acquired by the first acquiring unit, a policy corresponding to the user to the PCRF, and save the policy, where the user is used according to the user information and policy Traffic is managed and controlled.
  • a network access device includes:
  • a first receiving unit configured to receive a network access request message initiated by a user
  • the first sending unit is configured to send, after the first receiving unit receives the network access request message, a session establishment request message to the PCEF through the Gx interface, where the session establishment request message carries user information.
  • the PCEF device When the user requests to access the network, the PCEF device obtains the user information from the session access request sent by the network access device, and then obtains the corresponding policy of the user, The user information and policies manage and control the traffic of the user.
  • the PCEF ensures that the user information can be obtained in time by participating in the message exchange process of the user's network access process. Compared with the prior art PCEF relies on obtaining the user information from the Radius packet copied by the AAA Server, the reliability of obtaining the user information is improved. And timeliness. DRAWINGS
  • FIG. 1 is a schematic diagram of a network management system in a 3GPP specification in the prior art
  • FIG. 2 is a schematic diagram of a network management system in an actual networking in the prior art
  • FIG. 3 is a schematic diagram of a network management system including a charging network element in the prior art
  • FIG. 4 is a schematic diagram of a networking solution according to an embodiment of the present invention.
  • FIG. 5 is a schematic flowchart of a network access solution according to an embodiment of the present invention.
  • FIG. 6 is a detailed flowchart of a network access method according to an embodiment of the present invention.
  • FIG. 7 is a flowchart of a flow control management method according to an embodiment of the present invention.
  • FIG. 8 is a schematic structural diagram of a PCEF device according to an embodiment of the present disclosure.
  • FIG. 9 is a schematic structural diagram of a network access device according to an embodiment of the present invention. detailed description
  • the GW may allow the user to access the network.
  • the PCEF manages and controls the network traffic of the user, which causes the user status on the GW to be the access network, and the user status in the PCEF is blocked, that is, the user status on the GW and the PCEF is inconsistent. For example, if the user traffic does not meet the user's corresponding policy, such as insufficient user quota, the PCEF blocks the user's traffic. Inconsistent In the case of the user, the user will start to charge, but cannot access the network resources, so the user perception is poor.
  • FIG. 4 is a schematic diagram of a networking solution according to an embodiment of the present invention, in which a PCEF and a network access device transmit a service layer data packet in addition to a service layer data packet through a Gi interface, and are used to transmit a control layer data packet. .
  • Step 10 The PCEF receives a session establishment request message sent by the network access device by using a Gx interface with the network access device, where the session establishment request message is that the network access device receives the network access request message initiated by the user. Later sent.
  • the network access device is collectively referred to as a mesh GW, specifically: in a scenario where the mobile terminal user accesses the WCDMA standard wireless network, the network access device is a gateway GPRS support node (GGSN, Gateway). GPRS Support Node ); In the scenario where the mobile terminal user accesses the CDMA2000 standard wireless network, the network access device is a Packet Data Serving Node (PDSN); the fixed terminal user passes the asymmetric digital subscriber loop (ADSL) Asymmetric Digital Subscriber Line In the scenario of accessing a fixed network, the network access device is a Broadband Remote Access Server (BRAS).
  • GGSN Gateway GPRS support node
  • PDSN Packet Data Serving Node
  • ADSL asymmetric digital subscriber loop
  • BRAS Broadband Remote Access Server
  • Step 20 The PCEF obtains the user information and saves the user information by parsing the session establishment request message.
  • the PCEF manages and controls the user traffic according to the saved user information.
  • Step 30 The PCEF requests a policy corresponding to the user from the PCRF according to the user information, and saves the policy.
  • the manner in which the PCEF requests the policy corresponding to the user includes but is not limited to:
  • the PCEF forwards the session establishment request message to the PCRF through the Gx interface, receives a policy corresponding to the user returned by the PCRF, and saves the policy, where the policy is used according to the policy.
  • User traffic is managed and controlled.
  • the PCEF can also send a new policy request message to the PCRF according to the user information.
  • the PCRF sends the user policy to the PCEF after receiving the policy request message, that is, the PCEF can request the PCEF to request the PCRF.
  • the purpose of the user's corresponding strategy can be.
  • the PCEF manages and controls the user traffic according to the user information and the corresponding policy of the user. It is a prior art in the field and can be performed according to the settings of the operator, and will not be described in detail herein.
  • the PCEF determines whether to allow the user traffic to pass the PCEF according to the policy and the user information, and carries the determination result in the session establishment response message, and returns to the network access device through the Gx interface.
  • the value of the flag bit may be used in the session establishment response message to indicate whether the user traffic is allowed to pass through the PCEF. For example, when the value of the flag bit of the lbit is 1, the user traffic is allowed to pass through the PCEF. When the value of the flag bit is 0, the user traffic is not allowed to pass through the PCEF.
  • the network access device determines, according to the session establishment response message, whether to allow the user to access the network, and returns a network access response message to the user.
  • the network access device obtains, from the session establishment response message, whether the user traffic is allowed to pass the determination result of the PCEF, and allows the user to connect when the user is allowed to pass the PCEF. Entering the network, the user is not allowed to access the network when the result of the determination is that the user traffic is not allowed to pass through the PCEF.
  • the state of the user in the network access device is consistent with the state of the user in the PCEF.
  • the PCEF can ensure that the PCEF can obtain user information in time to manage and control user traffic by participating in message interaction in the network access process of the user.
  • the PCEF obtains user information for managing and controlling user traffic, the reliability and timeliness of obtaining user information is improved by relying on the Radius message copied by the AAA Server.
  • FIG. 6 is a detailed flowchart of a network access method according to an embodiment of the present invention.
  • the network access device is a GGSN.
  • Step 601 When the user needs to access the network, the network access request message is initiated to the GGSN by using a browser or other client software in the host.
  • the network access request message is a PDP context (Packet Data Protocol context) activation request message or an IP-CAN Bear activation request message.
  • the network access request message carries the user information of the user, such as a user identifier, such as a mobile subscriber integrated service data network number (MSISDN, Mobile Subscriber International ISDN/PSTN number), and an international mobile subscriber identifier (IMSI, International Mobile Subscriberdentification Number ), optionally, the user information also includes: the access point name ( ⁇ , Access Point Name) that the user needs to access, the IP address of the GPRS service support node (SGSN, Serving GPRS SUPPORT NODE), the requested service Quality parameters (QoS Profile) and more.
  • MSISDN mobile subscriber integrated service data network number
  • IMSI International Mobile Subscriberdentification Number
  • the user information also includes: the access point name ( ⁇ , Access Point Name) that the user needs to access, the IP address of the GPRS service support node (SGSN, Serving GPRS SUPPORT NODE),
  • Step 602 The GGSN sends a session establishment request message to the PCEF through a Gx interface with the PCEF.
  • Step 603 The PCEF parses the session establishment request message, obtains user information from the user information, and saves the user information.
  • Step 604 The PCEF forwards the session establishment request message to the PCRF to request the PCRF to correspond to the policy corresponding to the user.
  • the PCEF can also send a new policy request message to the PCRF according to the user information.
  • the PCRF sends the user policy to the PCEF after receiving the policy request message, that is, the PCEF can request the PCRF to request the PCRF.
  • the purpose of the user's corresponding strategy can be.
  • Step 605 The PCRF acquires a policy corresponding to the user according to the user information in the session establishment request.
  • step 606 if the PCRF can find the policy corresponding to the user from the local policy database according to the user information, go to step 606 to directly return the found policy directly to the policy. If the policy corresponding to the user cannot be found, step 605a to step 605c are executed to generate a policy corresponding to the user.
  • Step 605a The PCRF sends a subscription information request message to the user profile storage (SPR), where the request message carries the user identifier of the user.
  • SPR user profile storage
  • the PCRF interacts with the SPR through the Sp interface to send the subscription information request message.
  • Step 605b The PCRF receives the subscription information response message returned by the SPR, and obtains the user subscription information of the user.
  • Step 605c The PCRF generates a policy corresponding to the user according to the user subscription information and the session establishment request message.
  • the user subscription information includes a discount package or a user's rating when the user opens the account, and the preferential package includes the tariff information when the user is in the local state and the tariff information when the user is in the roaming state;
  • the user level includes the user A.
  • the user information in the session establishment request message includes a user identifier, a current location of the user, and information that the user is currently in a local state or a roaming state.
  • the PCRF selects the current status of the user from the policy library according to the user subscription information including the preferential package or the user's rating when the user opens the account, the user identifier in the session establishment request message, the current local state or the roaming status of the user. Strategy.
  • the user's subscription information includes that the user subscribes to the student discount package, and the PCRF learns from the user's IMSI number and status information in the session establishment request message that the user Zhang is currently roaming;
  • the policy corresponding to the roaming status in the student discount package is found in the strategy corresponding to the user Zhang San.
  • the user's subscription information includes the user as a primary user.
  • the PCRF knows that the user's IMI number and status information in the session establishment request message is that the user is currently in the local state, and then the A-level user is found in the policy library.
  • the policy corresponding to the status is used as the policy corresponding to the user Li.
  • Step 606 The PCRF sends the policy corresponding to the user to the PCEF.
  • Step 607 The PCEF saves the received policy corresponding to the user, and when the traffic of the user passes through the PCEF, the user traffic is managed and controlled according to the policy.
  • Step 608 The PCEF determines whether the policy corresponding to the user includes a charging policy. If the charging policy is included, the process proceeds to step 609. Otherwise, the process proceeds to step 612.
  • the policy content delivered by the PCRF to the PCEF is included in a Charging-rule-Install attribute value pair (AVP, Attribute Value Pair), where each AVP includes a type, a length, and a property value.
  • AVP Charging-rule-Install attribute value pair
  • Each AVP can contain multiple sub-AVPs.
  • the rule is a charging rule. If the PCEF finds an online AVP with the value of Enable from the policy content delivered by the PCRF, it confirms that the accounting policy is included.
  • step 609 the PCEF requests the OCS to allocate the quota corresponding to the user, and the quota size issued by the OCS may be preset.
  • Step 610 If the PCEF receives the quota returned by the OCS, the process proceeds to step 612.
  • the quota issued by the OCS according to the request of the PCEF is corresponding to the service type.
  • the PCEF requests the OCS for the user's quota, and the OCS checks whether the account of the user Zhang San has a balance. If there is no balance, the PCEF is notified that the user has insufficient credit, and the PCEF notifies the GGSN that the activation of the user has failed.
  • the user needs to transfer 2 yuan/M for the HyperText Transfer Protocol (HTTP) service, and the OCS will pre-set the pre-set.
  • HTTP HyperText Transfer Protocol
  • the 10 M quota corresponding to the HTTP service is given to the PCEF.
  • the usage is reported to the OCS and the new quota is applied.
  • the OCS deducts the 10M money, the user account balance is detected again. If it is still 10M, A new quota will be issued, otherwise the PCEF balance will be insufficient.
  • Step 611 If the PCEF receives the insufficient balance information returned by the OCS, the user traffic is not allowed to pass the PCEF, and the process proceeds to step 613.
  • Step 612 The PCEF determines, according to the user information, whether other policies other than the charging policy corresponding to the user are met, and when the user information meets other policies, the user traffic is allowed to pass. Passing the PCEF; otherwise, determining that the user traffic is not allowed to pass through the PCEF. Go to step 613.
  • the policy corresponding to the user Zhang 3 includes the traffic control policy R, which is a monthly total traffic of no more than 30 Mbps.
  • the PCEF can obtain the current used traffic of Zhang San in this month is 31 Mbps, so that the current traffic of Zhang San does not meet R, so the traffic of the third traffic is not allowed to pass through the PCEF.
  • Step 613 The PCEF carries the determination result in the session establishment response message, and returns the information to the network access device through the Gx interface.
  • Step 614 The GGSN determines, according to the determination result carried in the session establishment response message, whether the user is allowed to access the network, and returns a network access response message to the user according to the method.
  • the determining result carried by the GGSN in the session establishment response message is that the user is allowed to access the network when the user traffic is allowed to pass the PCEF, and the Gx interface between the network access device and the PCEF is established for the user.
  • the determination result carried by the GGSN in the session establishment response message is that the user is not allowed When the traffic passes through the PCEF, the user is not allowed to access the network.
  • the GGSN is connected to other authentication devices such as the AAA server, the GGSN needs to comprehensively determine whether to allow the user to access the network according to the determination result of the PCEF and the authentication result of the AAA server.
  • the network access response message is a PDP context activation response message; and when the network access request message is an IP-CAN Bear activation request message, The network access response message is an IP-CAN Bear activation response message.
  • the charging policy is taken as an example, and the process of determining, by the PCEF, whether to allow the user traffic to pass the PCEF according to the policy and the user information, is specifically described.
  • the PCEF in the implementation may be based on a plurality of policies to comprehensively determine whether user traffic is allowed to pass through the PCEF. For example, user traffic is not allowed to pass through the PCEF as long as it does not comply with any of the policies.
  • the network access setting The device needs to interact with the PCEF to allow the user's network traffic to pass through the PCEF before allowing the user to access the network.
  • the PCEF can ensure that the PCEF obtains the user information to manage and control the user traffic by participating in the message interaction in the network access process of the user, so as to avoid relying on the Radius packet copied by the AAA Server to obtain the user information. Low reliability issues.
  • the network access device determines whether the user is allowed to access the network according to the state of the user in the PCEF, and ensures the consistency of the state of the user in the network access device and the PCEF, thereby avoiding state inconsistency. The resulting billing error problem.
  • the PCEF can be regarded as a proxy in the network access device and the PCRF, that is, the network access device interacts with the PCRF through the Gx interface during the user access process.
  • the embodiment of the invention provides a method for the PCEF to control and manage user traffic after the user accesses the network.
  • the flowchart is shown in FIG. 7.
  • the PCEF and the network access device also connect the data packets of the control plane through the Gx interface.
  • the network access device is described by taking the GGSN as an example.
  • Step 701 The GGSN allows the user to access the network, establish a session connection of the Gx interface between the PCEF and the GGSN, and establish a session connection between the PCEF and the PCRF.
  • Step 702 The PCEF calculates the quota usage amount corresponding to the user according to the user traffic passing through the PCEF.
  • Step 703 The PCEF requests the OCS to issue a new quota after monitoring the quota corresponding to the user that is sent by the OCS according to the quota usage of the user.
  • Step 704 If the PCEF receives the new quota issued by the OCS, the remaining quota value is updated according to the new quota value, and the process returns to step 702 to continue to monitor whether the quota corresponding to the user is exhausted according to the user traffic.
  • Step 705 If the information sent by the OCS for indicating that the balance of the user is insufficient is received, the notification is received.
  • the GGSN disconnects the user's network connection.
  • Step 706 After receiving the notification, the GGSN disconnects the network connection of the user.
  • Step 707 Terminate the session connection of the Gx interface between the PCEF and the network access device of the user; terminate the session connection of the Gx interface between the PCEF and the PCRF corresponding to the user; terminate the PCEF and the OCS corresponding to the user Session connection between the Gy interfaces.
  • the network access scheme provided by the embodiment of the present invention after the user accesses the network, the PCEF manages and monitors the user traffic.
  • the PCEF When the user traffic does not meet the policy corresponding to the user, for example, when the quota is insufficient, the PCEF notifies the network access device that the network access device is disconnected. The user's network connection is opened, thereby ensuring the consistency of the user status in the network access device and the PCEF, and avoiding the problem of charging errors.
  • the embodiment of the present invention further provides a network access system.
  • the system includes a network access device, a PCEF, and a PCRF, as follows:
  • a network access device configured to send a session establishment request message to the PCEF through the Gx interface after receiving the network access request message initiated by the user;
  • a PCEF configured to: retrieve the user information and save the user information by parsing the session establishment request message; forward the session establishment request message to the PCRF, receive a policy corresponding to the user returned by the PCRF, and save the policy, The management and control of the user's traffic according to the user information and policies.
  • the PCEF is further configured to determine, according to the policy and the user information, whether to allow the user traffic to pass the PCEF, and carry the determination result in a session establishment response message, and return the network to the network through the Gx interface.
  • Access device
  • the network access device is further configured to determine, according to the session establishment response message, whether the user is allowed to access the network, and return a network access response message to the user.
  • the determining, according to the session establishment response message, whether the user is allowed to access the network, and returning the network access response message to the user includes:
  • the determining result carried by the network access device in the session establishment response message is to allow the user to access the network when the user traffic is allowed to pass through the PCEF;
  • the determination result carried by the network access device in the session establishment response message is that the When user traffic passes through the PCEF, the user is not allowed to access the network.
  • the embodiment of the present invention further provides a PCEF device, which is shown in FIG. 8 and includes:
  • the receiving unit 801 is configured to receive, by using a Gx interface with the network access device, a session establishment request message sent by the network access device, where the session establishment request message is that the network access device receives the network connection initiated by the user. After the request message is sent;
  • the first obtaining unit 802 is configured to receive the session establishment request message by the parsing receiving unit 801, obtain user information, and save user information.
  • the second obtaining unit 803 is configured to request, according to the user information acquired by the first acquiring unit 802, a policy corresponding to the user, and save the policy, according to the user information and the policy The user's traffic is managed and controlled.
  • the second obtaining unit 803 includes a sending subunit and a receiving subunit, where: a sending subunit, configured to forward the session establishment request message to the PCRF;
  • a receiving sub-unit configured to receive a policy corresponding to the user returned by the PCRF, where the policy is that the PCRF requests the user subscription information according to the user information in the session establishment request message, and the user subscription information returned according to the SPR, And the user information generated.
  • the PCEF further includes:
  • a determining unit 804 configured to determine, according to the policy acquired by the first obtaining unit 802 and the second obtaining unit 803, and the user information, whether to allow the user traffic to pass the PCEF;
  • the sending unit 805 is configured to carry the determination result of the determining unit 804 in the session establishment response message, and return to the network access device through the Gx interface.
  • the embodiment of the present invention further provides a network access device, which includes:
  • the first receiving unit 901 is configured to receive a network access request message initiated by the user.
  • the first sending unit 902 is configured to send a session establishment request message to the PCEF through the Gx interface after the first receiving unit 901 receives the network access request message, where the session establishment request message carries user information.
  • the network access device further includes:
  • the second receiving unit 903 is configured to receive, by using the Gx interface, a session establishment response message returned by the PCEF, where the session establishment response message carries a determination result of whether the user traffic is allowed to pass the PCEF.
  • the determining unit 904 is configured to determine, according to the determining result, whether the user is allowed to access the network.
  • the second sending unit 905 is configured to return a network access response message to the user according to the determining result of the determining unit 904.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A network access method, system and device are used for solving the problem that a policy and charging enforcement function (PCEF) in the prior art is incapable of reliably obtaining user information in time, therefore failing to effectively control and manage network flow of a user. The method comprises: a PCEF receiving, through a Gx interface between the PCEF and a network access device, a session setup request message sent by the network access device, the session setup request message being sent after the network access device receives a network access request message sent by a user; the PCEF acquiring user information by parsing the session setup request message, and storing the user information; requesting from a policy and charging rule function (PCRF) a policy corresponding to the user according to the user information, and saving the policy; and the PCEF managing and controlling the flow of the user according to the user information and the policy. The solution improves the reliability and timeliness of the user information obtained by the PCEF.

Description

网络接入方法、 系统及设备 本申请要求于 2011 年 12 月 19 日提交中国专利局、 申请号为 201110425918.7、 发明名称为 "网络接入方法、 系统及设备" 的中国专利申请 的优先权, 其全部内容通过引用结合在本申请中。 技术领域  The present invention claims the priority of a Chinese patent application filed on December 19, 2011 by the Chinese Patent Office, Application No. 201110425918.7, entitled "Network Access Method, System and Equipment", The entire contents are incorporated herein by reference. Technical field
本发明涉及计算机及通信技术领域, 尤其涉及一种网络接入方法、 一种 网络接入系统及设备。 背景技术  The present invention relates to the field of computer and communication technologies, and in particular, to a network access method, a network access system, and a device. Background technique
第三代合作伙伴计划 (3GPP, Third Generation Partnership Project) 规范 随着无线网络的发展日益完善,越来越多的运营商釆用 3GPP规范对网络进行 管理。 3GPP规范中与运营商网络管理相关的网元设备如附图 1所示。  Third Generation Partnership Project (3GPP, Third Generation Partnership Project) As the development of wireless networks is becoming more and more perfect, more and more operators use the 3GPP specifications to manage the network. The network element equipment related to carrier network management in the 3GPP specifications is as shown in FIG.
附图 1 中的网关 (GW, gateway )作为用户接入网络的接入点, 其中策 略和计费执行功能实体( PCEF, Policy and Charging Enforcement Function )是 GW 中的一个功能模块。 PCEF 与策略和计费规则实体(PCRF, Policy and Charging Rule Function )之间通过 Gx接口交互。 PCRF依据用户的签约信息, 在用户接入网络时向 PCEF下发该用户对应的策略, 其中包括流量控制策略、 计费策略等等。 PCEF执行 PCRF下发的策略, 即根据 PCRF下发的策略对用 户使用网络的行为进行控制, 例如根据流量控制策略对用户的流量进行控制。 PCEF与在线计费系统( OCS , Online Charging System )通过 Gy接口交互。 OCS用于进行信用检查,以及向 PCEF下发用户对应的配额。 PCEF依据 OCS 下发的配额, 累计用户对网络的使用量, 并针对每个用户, 根据该用户对应 的配额、 以及该用户对网络的使用量, 控制该用户的网络访问行为。  The gateway (GW, gateway) in Figure 1 serves as an access point for the user to access the network, and the Policy and Charging Enforcement Function (PCEF) is a functional module in the GW. The PCEF interacts with the Policy and Charging Rule Function (PCRF) through the Gx interface. The PCRF sends the policy corresponding to the user to the PCEF, including the traffic control policy, the charging policy, and the like, according to the subscription information of the user. The PCEF performs the policy that is sent by the PCRF, that is, controls the behavior of the user to use the network according to the policy delivered by the PCRF, for example, controls the traffic of the user according to the traffic control policy. The PCEF interacts with the Online Charging System (OCS) through the Gy interface. The OCS is used for credit check and the user's corresponding quota is issued to the PCEF. The PCEF accumulates the user's usage of the network according to the quota issued by the OCS, and controls the network access behavior of the user according to the quota corresponding to the user and the usage of the network by the user for each user.
由于 GW本身接入业务处理功能的负荷较为繁重, 如果将 PCEF的功能 也集成在同一个设备中, 将严重影响 GW设备的性能。 除此之外由于网络环 境的复杂性, 例如运营商可能同时运营着 WCDMA、 CDMA2000等多种制式 的网络, 需要同时在多个设备上实现 PCEF的功能。 考虑到上述需求, 独立于 GW设备的外置 PCEF设备(以下简称 PCEF )也应运而生并获得了普及。 经 过上述调整后的网络架构图如附图 2所示, PCEF通过 Gi接口与 GW连接, 通过 Gy接口与 OCS连接。 Because the load of the GW itself accessing the service processing function is heavy, if the functions of the PCEF are also integrated into the same device, the performance of the GW device will be seriously affected. In addition to the network ring The complexity of the environment, for example, operators may operate multiple networks of WCDMA, CDMA2000, etc., and need to implement PCEF functions on multiple devices at the same time. In view of the above requirements, an external PCEF device (hereinafter referred to as PCEF) independent of the GW device has also emerged and gained popularity. After the above-mentioned adjusted network architecture diagram is as shown in FIG. 2, the PCEF is connected to the GW through the Gi interface, and is connected to the OCS through the Gy interface.
在与其他计费设备进行连接组网时, 具体组网方式参照附图 3所示。 GW 与验证授权和计费服务器 ( AAA Sever , Authentication、 Authorization、 Accounting Sever )连接, GW在用户请求接入网络时, 对用户进行鉴权, 若 鉴权成功则允许用户接入网络。 PCEF监控流经 GW的网络流量, 并通过 GW 或 AAA Sever抄送的 Radius消息获取用户信息, 如用户标识等。  When networking with other accounting devices, the specific networking mode is shown in Figure 3. The GW is connected to the authentication authorization and accounting server (AAA Sever, Authentication, Authorization, and Accounting Sever). When the user requests to access the network, the GW authenticates the user. If the authentication succeeds, the user is allowed to access the network. The PCEF monitors the network traffic flowing through the GW, and obtains user information, such as a user identifier, through a Radius message copied by the GW or the AAA Sever.
发明人在实施本发明的过程中发现, 现有技术至少存在如下问题: PCEF 获得用户信息依赖现网部署环境, 在一些场景下, 如在用户无需被验证的情 况下,由于网络中并不配置 AAA Sever,那么 PCEF由于无法获得抄送的 Radius 因此 PCEF无法可靠、及时地获得用户信息,进而无法利用用户对应的策略对 各用户网络流量进行控制和管理。 发明内容  The inventor has found that at least the following problems exist in the prior art: The PCEF obtains user information and relies on the deployment environment of the live network. In some scenarios, such as when the user does not need to be authenticated, the network is not configured. AAA Sever, the PCEF cannot obtain the copied Radius because the PCEF cannot obtain the user information in a reliable and timely manner, and thus cannot control and manage the network traffic of each user by using the corresponding policy of the user. Summary of the invention
本发明实施例提供一种网络接入方法,用以解决现有技术中 PCEF无法可 靠、 及时地获得用户信息从而对用户网络流量进行有效控制管理的问题。  The embodiment of the invention provides a network access method for solving the problem that the PCEF cannot obtain reliable and timely user information in the prior art, thereby effectively controlling and managing user network traffic.
对应地, 本发明实施例还提供了一种网络接入系统、 PEEF设备和网络接 入设备。  Correspondingly, an embodiment of the present invention further provides a network access system, a PEEF device, and a network access device.
本发明实施例提供的技术方案如下:  The technical solution provided by the embodiment of the present invention is as follows:
一种网络接入方法, 包括:  A network access method includes:
策略和计费执行功能实体 PCEF通过与网络接入设备之间的 Gx接口,接 收网络接入设备发来的会话建立请求消息, 所述会话建立请求消息是网络接 入设备接收到用户发起的网络接入请求消息后发来的; PCEF通过解析所述会话建立请求消息, 获取用户信息并保存用户信息; 根据所述用户信息向策略和计费规则实体 PCRF请求所述用户对应的策略, 并保存所述策略; The policy and charging execution function entity PCEF receives a session establishment request message sent by the network access device by using a Gx interface with the network access device, where the session establishment request message is that the network access device receives the user initiated network. After the access request message is sent; The PCEF obtains the user information and saves the user information by parsing the session establishment request message, and requests the policy corresponding to the user from the policy and charging rule entity PCRF according to the user information, and saves the policy;
PCEF根据所述用户信息和策略对所述用户的流量进行管理和控制。  The PCEF manages and controls the traffic of the user according to the user information and policies.
一种网络接入系统, 包括网络接入设备、 PCEF和 PCRF, 其中: 网络接入设备, 用于接收到用户发起的网络接入请求消息后, 通过 Gx接 口向 PCEF发送会话建立请求消息;  A network access system, including a network access device, a PCEF, and a PCRF, where: a network access device, configured to send a session establishment request message to a PCEF through a Gx interface after receiving a network access request message initiated by a user;
PCEF, 用于通过解析所述会话建立请求消息, 获取用户信息并保存用户 信息; 将所述会话建立请求消息转发给 PCRF, 接收 PCRF返回的所述用户对 应的策略, 并保存所述策略, 用以根据所述用户信息和策略对所述用户的流 量进行管理和控制。  a PCEF, configured to: retrieve the user information and save the user information by parsing the session establishment request message; forward the session establishment request message to the PCRF, receive a policy corresponding to the user returned by the PCRF, and save the policy, The management and control of the user's traffic according to the user information and policies.
一种 PCEF设备, 包括:  A PCEF device, including:
接收单元, 用于通过与网络接入设备之间的 Gx接口,接收网络接入设备 发来的会话建立请求消息, 所述会话建立请求消息是网络接入设备接收到用 户发起的网络接入请求消息后发来的;  The receiving unit is configured to receive, by using a Gx interface with the network access device, a session establishment request message sent by the network access device, where the session establishment request message is that the network access device receives the network access request initiated by the user. Sent after the news;
第一获取单元, 用于通过解析接收单元接收到得所述会话建立请求消息, 获取用户信息并保存用户信息;  a first acquiring unit, configured to receive the session establishment request message by the parsing receiving unit, acquire user information, and save the user information;
第二获取单元, 用于根据第一获取单元获取的所述所述用户信息, 向 PCRF请求所述用户对应的策略, 并保存所述策略, 用以根据所述用户信息和 策略对所述用户的流量进行管理和控制。  a second acquiring unit, configured to request, according to the user information acquired by the first acquiring unit, a policy corresponding to the user to the PCRF, and save the policy, where the user is used according to the user information and policy Traffic is managed and controlled.
一种网络接入设备, 包括:  A network access device includes:
第一接收单元, 用于接收用户发起的网络接入请求消息;  a first receiving unit, configured to receive a network access request message initiated by a user;
第一发送单元, 用于在第一接收单元接收到所述网络接入请求消息后, 通过 Gx接口, 向 PCEF发送会话建立请求消息, 所述会话建立请求消息携带 用户信息。  The first sending unit is configured to send, after the first receiving unit receives the network access request message, a session establishment request message to the PCEF through the Gx interface, where the session establishment request message carries user information.
本发明实施例通过 PCEF设备在用户请求接入网络时,从网络接入设备发 送的会话接入请求中获得用户信息, 继而获得用户对应的策略, 用以根据所 述用户信息和策略对所述用户的流量进行管理和控制。 PCEF通过参与用户的 网络接入过程中的消息交互, 确保能够及时获得用户信息, 与现有技术 PCEF 依赖从 AAA Server抄送的 Radius报文中获取用户信息相比,提高了获得用户 信息可靠性和及时性。 附图说明 When the user requests to access the network, the PCEF device obtains the user information from the session access request sent by the network access device, and then obtains the corresponding policy of the user, The user information and policies manage and control the traffic of the user. The PCEF ensures that the user information can be obtained in time by participating in the message exchange process of the user's network access process. Compared with the prior art PCEF relies on obtaining the user information from the Radius packet copied by the AAA Server, the reliability of obtaining the user information is improved. And timeliness. DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案, 下面将对实 施例或现有技术描述中所需要使用的附图作一简单地介绍, 显而易见地, 下 面描述中的附图是本发明的一些实施例, 对于本领域普通技术人员来讲, 在 不付出创造性劳动的前提下, 还可以根据这些附图获得其他的附图。  In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, a brief description of the drawings used in the embodiments or the prior art description will be briefly described below. Obviously, the drawings in the following description It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any creative work.
图 1为现有技术中 3GPP规范中的网络管理系统示意图;  1 is a schematic diagram of a network management system in a 3GPP specification in the prior art;
图 2为现有技术中实际组网中的网络管理系统示意图;  2 is a schematic diagram of a network management system in an actual networking in the prior art;
图 3为现有技术中包含计费网元的网络管理系统示意图;  3 is a schematic diagram of a network management system including a charging network element in the prior art;
图 4为本发明实施例提供的组网方案的示意图;  4 is a schematic diagram of a networking solution according to an embodiment of the present invention;
图 5为本发明实施例提供的网络接入方案的原理流程图;  FIG. 5 is a schematic flowchart of a network access solution according to an embodiment of the present invention;
图 6为本发明实施例提供的网络接入方法的详细流程图;  FIG. 6 is a detailed flowchart of a network access method according to an embodiment of the present invention;
图 7为本发明实施例提供的流量控制管理方法的流程图;  FIG. 7 is a flowchart of a flow control management method according to an embodiment of the present invention;
图 8为本发明实施例提供的 PCEF设备的结构示意图;  FIG. 8 is a schematic structural diagram of a PCEF device according to an embodiment of the present disclosure;
图 9为本发明实施例提供的网络接入设备的结构示意图。 具体实施方式  FIG. 9 is a schematic structural diagram of a network access device according to an embodiment of the present invention. detailed description
在现有的组网方案中,除了存在 PCEF因为无法可靠、及时地获得用户信 息, 而无法对各用户网络流量进行控制和管理的问题之外, 还可能由于 GW 在允许用户接入网络后, PCEF才对用户的网络流量进行管理和控制, 导致出 现 GW上用户状态为已接入网络、 而在 PCEF中用户状态为被阻断, 即 GW 和 PCEF上用户状态不一致的情况。 例如在用户流量不符合用户对应的策略, 如用户配额不足的等情况下, PCEF会对用户的流量进行阻断。 在所述不一致 的情况下, 从用户角度会表现为已开始计费, 却无法访问网络资源, 因此用 户感知效果较差。 In the existing networking solution, in addition to the problem that the PCEF cannot control and manage the network traffic of each user because the user information cannot be obtained in a reliable and timely manner, the GW may allow the user to access the network. The PCEF manages and controls the network traffic of the user, which causes the user status on the GW to be the access network, and the user status in the PCEF is blocked, that is, the user status on the GW and the PCEF is inconsistent. For example, if the user traffic does not meet the user's corresponding policy, such as insufficient user quota, the PCEF blocks the user's traffic. Inconsistent In the case of the user, the user will start to charge, but cannot access the network resources, so the user perception is poor.
下面结合各个附图对本发明实施例技术方案的主要实现原理、 具体实施 方式及其对应能够达到的有益效果进行详细的阐述。  The main implementation principles, specific implementation manners, and the corresponding beneficial effects that can be achieved by the technical solutions of the embodiments of the present invention are described in detail below with reference to the accompanying drawings.
附图 4为本发明实施例提供的组网方案的示意图,其中 PCEF与网络接入 设备除了通过 Gi接口传输业务层面的数据包之外, 还通过 Gx接口连接, 用 以传输控制层面的数据包。  4 is a schematic diagram of a networking solution according to an embodiment of the present invention, in which a PCEF and a network access device transmit a service layer data packet in addition to a service layer data packet through a Gi interface, and are used to transmit a control layer data packet. .
如图 5所示, 本发明实施例的主要实现原理流程如下:  As shown in FIG. 5, the main implementation principle process of the embodiment of the present invention is as follows:
步骤 10, PCEF通过与网络接入设备之间的 Gx接口, 接收网络接入设备 发来的会话建立请求消息, 所述会话建立请求消息是网络接入设备接收到用 户发起的网络接入请求消息后发来的。  Step 10: The PCEF receives a session establishment request message sent by the network access device by using a Gx interface with the network access device, where the session establishment request message is that the network access device receives the network access request message initiated by the user. Later sent.
可选地, 在许多场景下, 网络接入设备被统称为网格 GW, 具体地: 在移 动终端用户接入 WCDMA制式无线网络的场景下,网络接入设备是网关 GPRS 支持节点 (GGSN, Gateway GPRS Support Node ); 在移动终端用户接入 CDMA2000 制式无线网络的场景下, 网络接入设备是分组数据服务节点 ( PDSN, Packet Data Serving Node ); 在固定终端用户通过非对称数字用户环 路( ADSL , Asymmetric Digital Subscriber Line )接入固网的场景下, 网络接 入设备是宽带远程接入服务器 ( BRAS , Broadband Remote Access Server )。  Optionally, in many scenarios, the network access device is collectively referred to as a mesh GW, specifically: in a scenario where the mobile terminal user accesses the WCDMA standard wireless network, the network access device is a gateway GPRS support node (GGSN, Gateway). GPRS Support Node ); In the scenario where the mobile terminal user accesses the CDMA2000 standard wireless network, the network access device is a Packet Data Serving Node (PDSN); the fixed terminal user passes the asymmetric digital subscriber loop (ADSL) Asymmetric Digital Subscriber Line In the scenario of accessing a fixed network, the network access device is a Broadband Remote Access Server (BRAS).
步骤 20, PCEF通过解析所述会话建立请求消息,获取用户信息并保存用 户信息。  Step 20: The PCEF obtains the user information and saves the user information by parsing the session establishment request message.
可选地, 后续当网络接入设备允许所述用户接入网络后, PCEF根据保存 的用户信息对所述用户流量进行管理和控制。  Optionally, after the network access device allows the user to access the network, the PCEF manages and controls the user traffic according to the saved user information.
步骤 30 , PCEF根据所述用户信息, 向 PCRF请求所述用户对应的策略, 并保存所述策略。  Step 30: The PCEF requests a policy corresponding to the user from the PCRF according to the user information, and saves the policy.
可选地, PCEF请求所述用户对应的策略的方式包括但不限于:  Optionally, the manner in which the PCEF requests the policy corresponding to the user includes but is not limited to:
PCEF将所述会话建立请求消息通过 Gx接口转发给 PCRF, 接收 PCRF 返回的所述用户对应的策略, 并保存所述策略, 用以依据所述策略对所述用 户流量进行管理和控制。 当然 PCEF也可以根据所述用户信息,构造新的策略 请求消息发送给 PCRF , 只要 PCEF和 PCRF预先约定, PCRF接收到该策略 请求消息后向 PCEF发送用户策略,即可以实现 PCEF向 PCRF请求所述用户 对应的策略的目的即可。 PCEF如何根据用户信息和用户对应的策略对用户流 量进行管理和控制, 为本领域现有技术, 可根据运营商的设置进行, 在这里 不再详细介绍。 The PCEF forwards the session establishment request message to the PCRF through the Gx interface, receives a policy corresponding to the user returned by the PCRF, and saves the policy, where the policy is used according to the policy. User traffic is managed and controlled. Of course, the PCEF can also send a new policy request message to the PCRF according to the user information. As long as the PCEF and the PCRF pre-agreed, the PCRF sends the user policy to the PCEF after receiving the policy request message, that is, the PCEF can request the PCEF to request the PCRF. The purpose of the user's corresponding strategy can be. The PCEF manages and controls the user traffic according to the user information and the corresponding policy of the user. It is a prior art in the field and can be performed according to the settings of the operator, and will not be described in detail herein.
进一步地, PCEF根据所述策略和所述用户信息, 确定是否允许所述用户 流量通过所述 PCEF, 并将确定结果携带在会话建立应答消息中, 通过 Gx接 口返回给网络接入设备。  Further, the PCEF determines whether to allow the user traffic to pass the PCEF according to the policy and the user information, and carries the determination result in the session establishment response message, and returns to the network access device through the Gx interface.
可选地, 会话建立应答消息中可以用标志位的值来表明是否允许所述用 户流量通过所述 PCEF, 例如 lbit的标志位的值为 1时, 表示允许所述用户流 量通过所述 PCEF, 标志位的值为 0时, 不允许所述用户流量通过所述 PCEF。  Optionally, the value of the flag bit may be used in the session establishment response message to indicate whether the user traffic is allowed to pass through the PCEF. For example, when the value of the flag bit of the lbit is 1, the user traffic is allowed to pass through the PCEF. When the value of the flag bit is 0, the user traffic is not allowed to pass through the PCEF.
更进一步地, 网络接入设备接收到所述会话建立应答消息后, 根据所述 会话建立应答消息, 确定是否允许所述用户接入网络, 并向所述用户返回网 络接入应答消息。  Further, after receiving the session establishment response message, the network access device determines, according to the session establishment response message, whether to allow the user to access the network, and returns a network access response message to the user.
具体地, 网络接入设备从所述会话建立应答消息中获取其携带的是否允 许所述用户流量通过所述 PCEF的确定结果,当确定结果为允许所述用户流量 通过所述 PCEF时允许用户接入网络,当确定结果为不允许所述用户流量通过 所述 PCEF时不允许用户接入网络。通过该方案使得网络接入设备中的用户状 态与 PCEF中的用户状态一致。  Specifically, the network access device obtains, from the session establishment response message, whether the user traffic is allowed to pass the determination result of the PCEF, and allows the user to connect when the user is allowed to pass the PCEF. Entering the network, the user is not allowed to access the network when the result of the determination is that the user traffic is not allowed to pass through the PCEF. Through this scheme, the state of the user in the network access device is consistent with the state of the user in the PCEF.
本发明实施例提供的技术方案中, PCEF 通过参与用户的网络接入过程 中的消息交互, 能够确保 PCEF能够及时获得用户信息,用以对用户流量进行 管理和控制。 该方案与现有技术中, PCEF在获得用于对用户流量进行管理和 控制的用户信息时,依赖 AAA Server抄送的 Radius报文相比, 提高了获得用 户信息可靠性和及时性。  In the technical solution provided by the embodiment of the present invention, the PCEF can ensure that the PCEF can obtain user information in time to manage and control user traffic by participating in message interaction in the network access process of the user. In the solution and the prior art, when the PCEF obtains user information for managing and controlling user traffic, the reliability and timeliness of obtaining user information is improved by relying on the Radius message copied by the AAA Server.
下面将依据本发明上述发明原理, 详细介绍几个实施例来对本发明方法 的主要实现原理进行详细的阐述和说明。 实施例一 In the following, in accordance with the above inventive principles of the present invention, several embodiments will be described in detail to explain and explain the main implementation principles of the method of the present invention in detail. Embodiment 1
附图 6为本发明实施例提供的网络接入方法的详细流程图。 在本实施例 中, 网络接入设备为 GGSN。  FIG. 6 is a detailed flowchart of a network access method according to an embodiment of the present invention. In this embodiment, the network access device is a GGSN.
步骤 601 , 用户需要接入网络时, 通过主机中的浏览器或其他客户端软件 向 GGSN发起网络接入请求消息。  Step 601: When the user needs to access the network, the network access request message is initiated to the GGSN by using a browser or other client software in the host.
可选地, 所述网络接入请求消息为 PDP上下文( Packet Data Protocol context )激活请求消息、 或 IP-CAN Bear激活请求消息。 该网络接入请求消 息中携带有所述用户的用户信息, 如用户标识, 如移动用户综合业务数据网 号码( MSISDN, Mobile Subscriber International ISDN/PSTN number )、 国际移 动用户识另 ll码 ( IMSI, International Mobile Subscriberldentification Number ), 可选地, 用户信息还包括: 用户需要访问的接入点名称 ( ΑΡΝ , Access Point Name ), GPRS服务支持节点( SGSN, Serving GPRS SUPPORT NODE )的 IP 地址, 请求的服务质量参数 ( QoS Profile )等等。  Optionally, the network access request message is a PDP context (Packet Data Protocol context) activation request message or an IP-CAN Bear activation request message. The network access request message carries the user information of the user, such as a user identifier, such as a mobile subscriber integrated service data network number (MSISDN, Mobile Subscriber International ISDN/PSTN number), and an international mobile subscriber identifier (IMSI, International Mobile Subscriberdentification Number ), optionally, the user information also includes: the access point name (ΑΡΝ, Access Point Name) that the user needs to access, the IP address of the GPRS service support node (SGSN, Serving GPRS SUPPORT NODE), the requested service Quality parameters (QoS Profile) and more.
步骤 602, GGSN通过与 PCEF之间的 Gx接口, 向 PCEF发送会话建立 请求消息。  Step 602: The GGSN sends a session establishment request message to the PCEF through a Gx interface with the PCEF.
步骤 603 , PCEF对所述会话建立请求消息进行解析,从中获取用户信息, 并保存用户信息。  Step 603: The PCEF parses the session establishment request message, obtains user information from the user information, and saves the user information.
步骤 604, PCEF将所述会话建立请求消息转发给 PCRF, 用以向 PCRF 请求所述用户对应的策略。  Step 604: The PCEF forwards the session establishment request message to the PCRF to request the PCRF to correspond to the policy corresponding to the user.
当然 PCEF 也可以根据所述用户信息, 构造新的策略请求消息发送给 PCRF ,只要 PCEF和 PCRF预先约定, PCRF接收到该策略请求消息后向 PCEF 发送用户策略,即可以实现 PCEF向 PCRF请求所述用户对应的策略的目的即 可。  Of course, the PCEF can also send a new policy request message to the PCRF according to the user information. As long as the PCEF and the PCRF pre-agreed, the PCRF sends the user policy to the PCEF after receiving the policy request message, that is, the PCEF can request the PCRF to request the PCRF. The purpose of the user's corresponding strategy can be.
步骤 605, PCRF根据从所述会话建立请求中的用户信息, 获取该用户对 应的策略。  Step 605: The PCRF acquires a policy corresponding to the user according to the user information in the session establishment request.
可选地, 若 PCRF根据所述用户信息, 能够从本地策略库中查找到所述 用户对应的策略, 则可以进入步骤 606 , 直接将查找到的策略直接返回给 PCEF; 若不能查找到所述用户对应的策略, 则执行步骤 605a〜步骤 605c以生 成用户对应的策略。 Optionally, if the PCRF can find the policy corresponding to the user from the local policy database according to the user information, go to step 606 to directly return the found policy directly to the policy. If the policy corresponding to the user cannot be found, step 605a to step 605c are executed to generate a policy corresponding to the user.
步骤 605a, PCRF向用户属性存储器( SPR, Subscription Profile Repository ) 发送签约信息请求消息, 该请求消息中携带有所述用户的用户标识。  Step 605a: The PCRF sends a subscription information request message to the user profile storage (SPR), where the request message carries the user identifier of the user.
参照附图 1 , PCRF通过 Sp接口与 SPR交互, 发送所述签约信息请求消 息。  Referring to Figure 1, the PCRF interacts with the SPR through the Sp interface to send the subscription information request message.
步骤 605b, PCRF接收 SPR返回的签约信息响应消息, 从中获得所述用 户的用户签约信息。  Step 605b: The PCRF receives the subscription information response message returned by the SPR, and obtains the user subscription information of the user.
步骤 605c, PCRF根据所述用户签约信息、和所述会话建立请求消息生成 所述用户对应的策略。  Step 605c: The PCRF generates a policy corresponding to the user according to the user subscription information and the session establishment request message.
例如, 用户签约信息中包含用户开户时订购的优惠套餐或者用户的等级, 所述优惠套餐包括用户处于本地状态时的资费信息和用户处于漫游状态时的 资费信息; 所述用户等级包括用户为 A级用户、 B级用户或 C级用户的信息。  For example, the user subscription information includes a discount package or a user's rating when the user opens the account, and the preferential package includes the tariff information when the user is in the local state and the tariff information when the user is in the roaming state; the user level includes the user A. Information for a level user, a level B user, or a level C user.
所述会话建立请求消息中的用户信息包括用户标识、 用户当前位置以及 用户当前处于本地状态或漫游状态的信息。  The user information in the session establishment request message includes a user identifier, a current location of the user, and information that the user is currently in a local state or a roaming state.
PCRF根据用户签约信息中包含用户开户时订购的优惠套餐或者用户的 等级、 以及会话建立请求消息中的用户标识、 用户当前处于本地状态或漫游 状态的信息, 从策略库中选择出符合用户当前状态的策略。  The PCRF selects the current status of the user from the policy library according to the user subscription information including the preferential package or the user's rating when the user opens the account, the user identifier in the session establishment request message, the current local state or the roaming status of the user. Strategy.
以两个实例进行说明: 用户张三的签约信息中包含该用户订购了学生优 惠套餐, PCRF从会话建立请求消息中用户的 IMSI号、 状态信息获知用户张 三当前处于漫游状态; 则从策略库中查找到学生优惠套餐中漫游状态对应的 策略, 作为用户张三对应的策略。 用户李四的签约信息中包含该用户为一级 用户, PCRF从会话建立请求消息中用户的 IMSI号、 状态信息获知用户李四 当前处于本地状态,则从策略库中查找到 A级用户处于本地状态对应的策略, 作为用户李四对应的策略。  The two examples are used to illustrate: the user's subscription information includes that the user subscribes to the student discount package, and the PCRF learns from the user's IMSI number and status information in the session establishment request message that the user Zhang is currently roaming; The policy corresponding to the roaming status in the student discount package is found in the strategy corresponding to the user Zhang San. The user's subscription information includes the user as a primary user. The PCRF knows that the user's IMI number and status information in the session establishment request message is that the user is currently in the local state, and then the A-level user is found in the policy library. The policy corresponding to the status is used as the policy corresponding to the user Li.
本领域技术人员可以理解, 用户策略的具体生成方式可以由运营商灵活 设置, 这里不再——列举。 步骤 606 , PCRF将所述用户对应的策略发送给 PCEF。 Those skilled in the art can understand that the specific generation manner of the user policy can be flexibly set by the operator, and is no longer listed here. Step 606: The PCRF sends the policy corresponding to the user to the PCEF.
步骤 607 , PCEF保存接收到的所述用户对应的策略, 用于所述用户的流 量通过 PCEF时, 依据所述策略对所述用户流量进行管理和控制。  Step 607: The PCEF saves the received policy corresponding to the user, and when the traffic of the user passes through the PCEF, the user traffic is managed and controlled according to the policy.
步骤 608, PCEF判断所述用户对应的策略中是否包含计费策略, 若包含 计费策略, 进入步骤 609, 否则进入步骤 612。  Step 608: The PCEF determines whether the policy corresponding to the user includes a charging policy. If the charging policy is included, the process proceeds to step 609. Otherwise, the process proceeds to step 612.
可选地, PCRF给 PCEF下发的策略内容包含在 Charging-rule-Install属性 值对( AVP, Attribute Value Pair ) 中, 其中每个 AVP都包含类型、 长度和属 性值。每个 AVP中又可以包含多个子 AVP,当其中的 online AVP 的值为 Enable 时,表示该条规则是计费规则。若 PCEF从 PCRF下发的策略内容中查找到值 为 Enable的 online AVP时 , 确认包含计费策略。  Optionally, the policy content delivered by the PCRF to the PCEF is included in a Charging-rule-Install attribute value pair (AVP, Attribute Value Pair), where each AVP includes a type, a length, and a property value. Each AVP can contain multiple sub-AVPs. When the value of the online AVP is Enable, the rule is a charging rule. If the PCEF finds an online AVP with the value of Enable from the policy content delivered by the PCRF, it confirms that the accounting policy is included.
步骤 609, PCEF向 OCS请求所述用户对应的配额, OCS每次下发的配 额大小可以是预先设定的。  In step 609, the PCEF requests the OCS to allocate the quota corresponding to the user, and the quota size issued by the OCS may be preset.
步骤 610, 若 PCEF接收到 OCS返回的配额, 则进入步骤 612。  Step 610: If the PCEF receives the quota returned by the OCS, the process proceeds to step 612.
可选地, OCS根据 PCEF的请求每次下发的配额是与业务类型对应的。 例如, PCEF向 OCS请求用户张三的配额, OCS检查用户张三的帐号是 否还有余额, 如果没有余额了则通知 PCEF 该用户信用不足, PCEF会通知 GGSN该用户激活失败。  Optionally, the quota issued by the OCS according to the request of the PCEF is corresponding to the service type. For example, the PCEF requests the OCS for the user's quota, and the OCS checks whether the account of the user Zhang San has a balance. If there is no balance, the PCEF is notified that the user has insufficient credit, and the PCEF notifies the GGSN that the activation of the user has failed.
如果 OCS 的检查结果为用户帐号中还有余额, 比如用户帐号中还有 50 元钱, 用户访问超文本传输(HTTP, HyperText Transfer Protocol )业务需要 2 元/ M, OCS会先下发预先设定的 HTTP业务对应的 10 M的配额给 PCEF, PCEF 用完这 10M后, 把使用量上报给 OCS同时申请新配额, OCS将 10M的钱扣 除后, 再次检测用户帐号余额, 如果还够 10M, 就下发新的配额, 否则通知 PCEF余额不足。  If the result of the OCS check is that there is a balance in the user account, for example, there is still 50 yuan in the user account, the user needs to transfer 2 yuan/M for the HyperText Transfer Protocol (HTTP) service, and the OCS will pre-set the pre-set. The 10 M quota corresponding to the HTTP service is given to the PCEF. After the PCEF runs out of the 10M, the usage is reported to the OCS and the new quota is applied. After the OCS deducts the 10M money, the user account balance is detected again. If it is still 10M, A new quota will be issued, otherwise the PCEF balance will be insufficient.
步骤 611 , 若 PCEF接收到 OCS返回的余额不足的信息, 则不允许所述 用户流量通过所述 PCEF, 进入步骤 613。  Step 611: If the PCEF receives the insufficient balance information returned by the OCS, the user traffic is not allowed to pass the PCEF, and the process proceeds to step 613.
步骤 612, PCEF根据所述用户信息, 判断是否符合所述用户对应的除计 费策略之外的其他策略, 在用户信息符合其他策略时, 允许所述用户流量通 过所述 PCEF;否则 ,确定不允许所述用户流量通过所述 PCEF。进入步骤 613。 例如,用户张三对应的策略中除了计费策略之外,还包括流量控制策略 R 为每月总流量不超过 30Mbps。 Step 612: The PCEF determines, according to the user information, whether other policies other than the charging policy corresponding to the user are met, and when the user information meets other policies, the user traffic is allowed to pass. Passing the PCEF; otherwise, determining that the user traffic is not allowed to pass through the PCEF. Go to step 613. For example, in addition to the charging policy, the policy corresponding to the user Zhang 3 includes the traffic control policy R, which is a monthly total traffic of no more than 30 Mbps.
PCEF通过对流经 PCEF的全部流量的分析记录, 可以得到张三本月当前 已使用流量为 31Mbps, 从而判断出张三目前的流量不符合 R, 因此对不允许 张三流量通过 PCEF。  By analyzing and recording the total traffic flowing through the PCEF, the PCEF can obtain the current used traffic of Zhang San in this month is 31 Mbps, so that the current traffic of Zhang San does not meet R, so the traffic of the third traffic is not allowed to pass through the PCEF.
步骤 613 , PCEF将确定结果携带在会话建立应答消息中, 通过 Gx接口 返回给网络接入设备。  Step 613: The PCEF carries the determination result in the session establishment response message, and returns the information to the network access device through the Gx interface.
步骤 614, GGSN根据会话建立应答消息中携带的所述确定结果, 确定是 否允许所述用户接入网络, 并据此向所述用户返回网络接入应答消息。  Step 614: The GGSN determines, according to the determination result carried in the session establishment response message, whether the user is allowed to access the network, and returns a network access response message to the user according to the method.
其中, GGSN在所述会话建立应答消息中携带的确定结果为允许所述用 户流量通过所述 PCEF时,允许所述用户接入网络,为所述用户建立网络接入 设备与 PCEF之间 Gx接口的会话连接, 为所述用户建立 PCEF与 PCRF之间 Gx接口的会话连接, PCEF与 OCS之间 Gy接口的会话连接; GGSN在所述 会话建立应答消息中携带的确定结果为不允许所述用户流量通过所述 PCEF 时, 不允许所述用户接入网络。 当然, 若 GGSN同时与 AAA服务器等其他 认证设备连接, 则 GGSN需要根据 PCEF的确定结果、 AAA服务器的认证结 果等综合判断是否允许用户接入网络。  The determining result carried by the GGSN in the session establishment response message is that the user is allowed to access the network when the user traffic is allowed to pass the PCEF, and the Gx interface between the network access device and the PCEF is established for the user. The session connection, the session connection of the Gx interface between the PCEF and the PCRF, and the session connection of the Gy interface between the PCEF and the OCS for the user; the determination result carried by the GGSN in the session establishment response message is that the user is not allowed When the traffic passes through the PCEF, the user is not allowed to access the network. Of course, if the GGSN is connected to other authentication devices such as the AAA server, the GGSN needs to comprehensively determine whether to allow the user to access the network according to the determination result of the PCEF and the authentication result of the AAA server.
可选地, 所述网络接入请求消息为 PDP上下文请求消息时, 所述网络接 入应答消息为 PDP上下文激活响应消息; 所述网络接入请求消息为 IP-CAN Bear激活请求消息时, 所述网络接入应答消息为 IP-CAN Bear激活响应消息。  Optionally, when the network access request message is a PDP context request message, the network access response message is a PDP context activation response message; and when the network access request message is an IP-CAN Bear activation request message, The network access response message is an IP-CAN Bear activation response message.
需要说明的是, 步骤 608〜步骤 612是以计费策略为实例, 对 PCEF "根 据所述策略和所述用户信息, 确定是否允许所述用户流量通过所述 PCEF" 的 过程进行说明的,具体实施中 PCEF可能是根据多种策略来综合判断是否允许 用户流量通过 PCEF的,例如,只要不符合其中的任意一条策略就不允许用户 流量通过 PCEF。  It should be noted that, in step 608 to step 612, the charging policy is taken as an example, and the process of determining, by the PCEF, whether to allow the user traffic to pass the PCEF according to the policy and the user information, is specifically described. The PCEF in the implementation may be based on a plurality of policies to comprehensively determine whether user traffic is allowed to pass through the PCEF. For example, user traffic is not allowed to pass through the PCEF as long as it does not comply with any of the policies.
本发明实施例提供的技术方案中, 在用户请求接入网络时, 网络接入设 备需要与 PCEF交互, 以确认允许该用户的网络流量经过 PCEF时, 才允许用 户接入网络。 一方面, PCEF通过参与用户的网络接入过程中的消息交互, 能 够确保 PCEF获得用户信息用以对用户流量进行管理和控制,以避免完全依赖 AAA Server抄送的 Radius报文获得用户信息存在的可靠性低的问题。 另一方 面,在用户网络接入过程中, 网络接入设备根据用户在 PCEF中的状态确定是 否允许用户接入网络,保证了网络接入设备和 PCEF中用户的状态一致性,从 而避免状态不一致导致的计费错误问题。 In the technical solution provided by the embodiment of the present invention, when a user requests to access a network, the network access setting The device needs to interact with the PCEF to allow the user's network traffic to pass through the PCEF before allowing the user to access the network. On the one hand, the PCEF can ensure that the PCEF obtains the user information to manage and control the user traffic by participating in the message interaction in the network access process of the user, so as to avoid relying on the Radius packet copied by the AAA Server to obtain the user information. Low reliability issues. On the other hand, in the process of the user network access, the network access device determines whether the user is allowed to access the network according to the state of the user in the PCEF, and ensures the consistency of the state of the user in the network access device and the PCEF, thereby avoiding state inconsistency. The resulting billing error problem.
此外, 在本发明提供的技术方案中, PCEF 可以看做是网络接入设备与 PCRF中的一个代理,即网络接入设备在用户接入过程中通过 Gx接口与 PCRF 进行交互。  In addition, in the technical solution provided by the present invention, the PCEF can be regarded as a proxy in the network access device and the PCRF, that is, the network access device interacts with the PCRF through the Gx interface during the user access process.
实施例二  Embodiment 2
本发明实施例提供了一种用户接入网络后, PCEF对用户流量进行控制和 管理的方法, 流程图如附图 7所示。 其中 PCEF与网络接入设备除了通过 Gi 接口传输业务层面的数据包之外, 还通过 Gx接口连接传输控制层面的数据 包。 在本实施例中, 网络接入设备以 GGSN为例进行说明。  The embodiment of the invention provides a method for the PCEF to control and manage user traffic after the user accesses the network. The flowchart is shown in FIG. 7. In addition to transmitting the service layer data packets through the Gi interface, the PCEF and the network access device also connect the data packets of the control plane through the Gx interface. In this embodiment, the network access device is described by taking the GGSN as an example.
步骤 701 , GGSN允许用户接入网络时, 建立所述用户对应的 PCEF与 GGSN之间 Gx接口的会话连接, 建立所述用户对应的 PCEF与 PCRF之间 Gx接口的会话连接, 建立所述用户对应的 PCEF与 OCS之间 Gy接口的会话 连接。  Step 701: The GGSN allows the user to access the network, establish a session connection of the Gx interface between the PCEF and the GGSN, and establish a session connection between the PCEF and the PCRF. The session connection between the PCEF and the OCS on the Gy interface.
步骤 702 , PCEF才艮据通过 PCEF的用户流量, 计算所述用户对应的配额 使用量。  Step 702: The PCEF calculates the quota usage amount corresponding to the user according to the user traffic passing through the PCEF.
步骤 703 , PCEF 在根据所述用户对应的配额使用量, 监控到此前 OCS 下发的该用户对应的配额用尽后, 请求 OCS下发新的配额;  Step 703: The PCEF requests the OCS to issue a new quota after monitoring the quota corresponding to the user that is sent by the OCS according to the quota usage of the user.
步骤 704, 若 PCEF接收到 OCS下发的新配额, 则根据新配额值更新配 额剩余值,返回步骤 702, 继续根据用户流量监控所述用户对应的配额是否耗 尽。  Step 704: If the PCEF receives the new quota issued by the OCS, the remaining quota value is updated according to the new quota value, and the process returns to step 702 to continue to monitor whether the quota corresponding to the user is exhausted according to the user traffic.
步骤 705, 若接收到 OCS下发的用于指示用户余额不足的信息, 则通知 GGSN断开所述用户的网络连接。 Step 705: If the information sent by the OCS for indicating that the balance of the user is insufficient is received, the notification is received. The GGSN disconnects the user's network connection.
步骤 706, GGSN接收到通知后, 断开所述用户的网络连接。  Step 706: After receiving the notification, the GGSN disconnects the network connection of the user.
步骤 707 , 终止所述用户对应的 PCEF与网络接入设备之间 Gx接口的会 话连接; 终止所述用户对应的 PCEF与 PCRF之间 Gx接口的会话连接; 终止 所述用户对应的 PCEF与 OCS之间 Gy接口的会话连接。  Step 707: Terminate the session connection of the Gx interface between the PCEF and the network access device of the user; terminate the session connection of the Gx interface between the PCEF and the PCRF corresponding to the user; terminate the PCEF and the OCS corresponding to the user Session connection between the Gy interfaces.
本发明实施例提供的网络接入方案, 在用户接入网络后, PCEF对用户流 量进行管理和监控, 当用户流量不符合用户对应的策略时, 例如配额不足时, PCEF 通知网络接入设备断开用户的网络连接, 从而保证了网络接入设备和 PCEF中用户状态的一致性, 避免出现计费错误问题。  The network access scheme provided by the embodiment of the present invention, after the user accesses the network, the PCEF manages and monitors the user traffic. When the user traffic does not meet the policy corresponding to the user, for example, when the quota is insufficient, the PCEF notifies the network access device that the network access device is disconnected. The user's network connection is opened, thereby ensuring the consistency of the user status in the network access device and the PCEF, and avoiding the problem of charging errors.
相应地, 本发明实施例还提供了一种网络接入系统, 如图 4所示, 该系 统包括网络接入设备、 PCEF和 PCRF, 具体如下:  Correspondingly, the embodiment of the present invention further provides a network access system. As shown in FIG. 4, the system includes a network access device, a PCEF, and a PCRF, as follows:
网络接入设备, 用于接收到用户发起的网络接入请求消息后, 通过 Gx接 口向 PCEF发送会话建立请求消息;  a network access device, configured to send a session establishment request message to the PCEF through the Gx interface after receiving the network access request message initiated by the user;
PCEF, 用于通过解析所述会话建立请求消息, 获取用户信息并保存用户 信息; 将所述会话建立请求消息转发给 PCRF, 接收 PCRF返回的所述用户对 应的策略, 并保存所述策略, 用以根据所述用户信息和策略对所述用户的流 量进行管理和控制。  a PCEF, configured to: retrieve the user information and save the user information by parsing the session establishment request message; forward the session establishment request message to the PCRF, receive a policy corresponding to the user returned by the PCRF, and save the policy, The management and control of the user's traffic according to the user information and policies.
可选地,所述 PCEF还用于根据所述策略和所述用户信息,确定是否允许 所述用户流量通过所述 PCEF, 并将确定结果携带在会话建立应答消息中, 通 过 Gx接口返回给网络接入设备;  Optionally, the PCEF is further configured to determine, according to the policy and the user information, whether to allow the user traffic to pass the PCEF, and carry the determination result in a session establishment response message, and return the network to the network through the Gx interface. Access device
所述网络接入设备, 还用于根据所述会话建立应答消息, 确定是否允许 所述用户接入网络, 并向所述用户返回网络接入应答消息。  The network access device is further configured to determine, according to the session establishment response message, whether the user is allowed to access the network, and return a network access response message to the user.
可选地, 所述根据所述会话建立应答消息, 确定是否允许所述用户接入 网络, 并向所述用户返回网络接入应答消息, 包括:  Optionally, the determining, according to the session establishment response message, whether the user is allowed to access the network, and returning the network access response message to the user, includes:
网络接入设备在所述会话建立应答消息中携带的确定结果为允许所述用 户流量通过所述 PCEF时, 允许所述用户接入网络;  The determining result carried by the network access device in the session establishment response message is to allow the user to access the network when the user traffic is allowed to pass through the PCEF;
网络接入设备在所述会话建立应答消息中携带的确定结果为不允许所述 用户流量通过所述 PCEF时, 不允许所述用户接入网络。 The determination result carried by the network access device in the session establishment response message is that the When user traffic passes through the PCEF, the user is not allowed to access the network.
相应地, 本发明实施例还提供了一种 PCEF设备, 其结构示意图如附图 8 所示, 包括:  Correspondingly, the embodiment of the present invention further provides a PCEF device, which is shown in FIG. 8 and includes:
接收单元 801 , 用于通过与网络接入设备之间的 Gx接口, 接收网络接入 设备发来的会话建立请求消息, 所述会话建立请求消息是网络接入设备接收 到用户发起的网络接入请求消息后发来的;  The receiving unit 801 is configured to receive, by using a Gx interface with the network access device, a session establishment request message sent by the network access device, where the session establishment request message is that the network access device receives the network connection initiated by the user. After the request message is sent;
第一获取单元 802,用于通过解析接收单元 801接收到得所述会话建立请 求消息, 获取用户信息并保存用户信息;  The first obtaining unit 802 is configured to receive the session establishment request message by the parsing receiving unit 801, obtain user information, and save user information.
第二获取单元 803 ,用于根据第一获取单元 802获取的所述所述用户信息 , 向 PCRF请求所述用户对应的策略, 并保存所述策略, 用以根据所述用户信 息和策略对所述用户的流量进行管理和控制。  The second obtaining unit 803 is configured to request, according to the user information acquired by the first acquiring unit 802, a policy corresponding to the user, and save the policy, according to the user information and the policy The user's traffic is managed and controlled.
可选地, 所述第二获取单元 803包括发送子单元和接收子单元, 其中: 发送子单元, 用于将所述会话建立请求消息转发给 PCRF;  Optionally, the second obtaining unit 803 includes a sending subunit and a receiving subunit, where: a sending subunit, configured to forward the session establishment request message to the PCRF;
接收子单元, 用于接收 PCRF返回的所述用户对应的策略, 所述策略是 PCRF根据所述会话建立请求消息中的用户信息, 向 SPR请求用户签约信息, 并根据 SPR返回的用户签约信息、 以及所述用户信息生成的。  a receiving sub-unit, configured to receive a policy corresponding to the user returned by the PCRF, where the policy is that the PCRF requests the user subscription information according to the user information in the session establishment request message, and the user subscription information returned according to the SPR, And the user information generated.
请参照附图 8 , 可选地, 所述 PCEF还包括:  Referring to FIG. 8 , optionally, the PCEF further includes:
确定单元 804 ,用于根据第一获取单元 802和第二获取单元 803获取的所 述策略和所述用户信息, 确定是否允许所述用户流量通过所述 PCEF;  a determining unit 804, configured to determine, according to the policy acquired by the first obtaining unit 802 and the second obtaining unit 803, and the user information, whether to allow the user traffic to pass the PCEF;
发送单元 805 ,用于将确定单元 804的确定结果携带在会话建立应答消息 中, 通过 Gx接口返回给网络接入设备。  The sending unit 805 is configured to carry the determination result of the determining unit 804 in the session establishment response message, and return to the network access device through the Gx interface.
相应地, 请参照附图 9 , 本发明实施例还提供了一种网络接入设备, 其中 包括:  Correspondingly, referring to FIG. 9, the embodiment of the present invention further provides a network access device, which includes:
第一接收单元 901 , 用于接收用户发起的网络接入请求消息;  The first receiving unit 901 is configured to receive a network access request message initiated by the user.
第一发送单元 902,用于在第一接收单元 901接收到所述网络接入请求消 息后, 通过 Gx接口, 向 PCEF发送会话建立请求消息, 所述会话建立请求消 息携带用户信息。 可选地, 所述网络接入设备还包括: The first sending unit 902 is configured to send a session establishment request message to the PCEF through the Gx interface after the first receiving unit 901 receives the network access request message, where the session establishment request message carries user information. Optionally, the network access device further includes:
第二接收单元 903 , 用于通过 Gx接口接收 PCEF返回的会话建立应答消 息,所述会话建立应答消息中携带是否允许所述用户流量通过所述 PCEF的确 定结果;  The second receiving unit 903 is configured to receive, by using the Gx interface, a session establishment response message returned by the PCEF, where the session establishment response message carries a determination result of whether the user traffic is allowed to pass the PCEF.
确定单元 904,用于根据所述确定结果,确定是否允许所述用户接入网络; 第二发送单元 905, 用于根据确定单元 904的确定结果, 向所述用户返回 网络接入应答消息。  The determining unit 904 is configured to determine, according to the determining result, whether the user is allowed to access the network. The second sending unit 905 is configured to return a network access response message to the user according to the determining result of the determining unit 904.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分步骤 是可以通过程序来指令相关的硬件来完成, 该程序可以存储于一计算机可读 取存储介质中, 如: ROM/RAM、 磁碟、 光盘等。 发明的精神和范围。 这样, 倘若本发明的这些修改和变型属于本发明权利要 求及其等同技术的范围之内, 则本发明也意图包含这些改动和变型在内。  A person skilled in the art can understand that all or part of the steps of implementing the above embodiments can be completed by a program to instruct related hardware, and the program can be stored in a computer readable storage medium, such as: ROM/RAM, Disk, CD, etc. The spirit and scope of the invention. Thus, it is intended that the present invention cover the modifications and variations of the inventions

Claims

权 利 要 求 Rights request
1、 一种网络接入方法, 其特征在于, 包括: A network access method, comprising:
策略和计费执行功能实体 PCEF通过与网络接入设备之间的 Gx接口,接 收网络接入设备发来的会话建立请求消息, 所述会话建立请求消息是网络接 入设备接收到用户发起的网络接入请求消息后发来的;  The policy and charging execution function entity PCEF receives a session establishment request message sent by the network access device by using a Gx interface with the network access device, where the session establishment request message is that the network access device receives the user initiated network. After the access request message is sent;
PCEF通过解析所述会话建立请求消息, 获取用户信息并保存用户信息; 根据所述用户信息向策略和计费规则实体 PCRF请求所述用户对应的策略, 并保存所述策略;  The PCEF obtains the user information and saves the user information by parsing the session establishment request message, and requests the policy corresponding to the user from the policy and charging rule entity PCRF according to the user information, and saves the policy;
PCEF根据所述用户信息和策略对所述用户的流量进行管理和控制。  The PCEF manages and controls the traffic of the user according to the user information and policies.
2、如权利要求 1所述的方法,其特征在于,所述根据所述用户信息向 PCRF 请求所述用户对应的策略, 包括:  The method according to claim 1, wherein the requesting, by the user information, the policy corresponding to the user according to the user information comprises:
PCEF将所述会话建立请求消息转发给 PCRF;  The PCEF forwards the session establishment request message to the PCRF;
PCRF根据所述会话建立请求消息中的用户信息,向用户属性存储器 SPR 请求用户签约信息, 并根据 SPR返回的用户签约信息、 以及所述用户信息生 成所述用户对应的策略, 并将所述策略发送给 PCEF。  The PCRF requests the user subscription information from the user attribute storage SPR according to the user information in the session establishment request message, and generates a policy corresponding to the user according to the user subscription information returned by the SPR and the user information, and generates the policy. Send to PCEF.
3、 如权利要求 1或 2所述的方法, 其特征在于, 所述根据所述用户信息 向 PCRF请求所述用户对应的策略, 并保存所述策略后, 还包括:  The method according to claim 1 or 2, wherein the requesting, by the user information, the policy corresponding to the user according to the user information, and saving the policy, further comprising:
PCEF根据所述策略和所述用户信息,确定是否允许所述用户流量通过所 述 PCEF, 并将确定结果携带在会话建立应答消息中, 通过 Gx接口返回给网 络接入设备。  The PCEF determines whether the user traffic is allowed to pass through the PCEF according to the policy and the user information, and carries the determination result in the session establishment response message, and returns to the network access device through the Gx interface.
4、 如权利要求 3所述的方法, 其特征在于, 所述根据所述策略和所述用 户信息, 确定是否允许所述用户流量通过所述 PCEF, 包括:  The method according to claim 3, wherein the determining, according to the policy and the user information, whether the user traffic is allowed to pass the PCEF, includes:
若所述策略中包含计费策略,则 PCEF根据所述用户信息,向在线计费系 统 OCS请求所述用户对应的配额;  If the policy includes a charging policy, the PCEF requests the online charging system OCS to request the quota corresponding to the user according to the user information;
PCEF在接收 OCS返回的用户对应的配额时, 根据所述用户信息, 确认 所述用户符合除计费策略外的其他策略时, 允许所述用户流量通过所述 PCEF; The PCEF, when receiving the quota corresponding to the user returned by the OCS, confirms that the user meets other policies except the charging policy according to the user information, and allows the user traffic to pass the PCEF;
PCEF在接收 OCS返回的用户配额不足的信息时, 不允许所述用户流量 通过所述 PCEF。  The PCEF does not allow the user traffic to pass the PCEF when receiving the information that the OCS returns insufficient user quota.
5、 如权利要求 3所述的方法, 其特征在于, 所述将确定结果携带在会话 建立应答消息中, 通过 Gx接口返回给网络接入设备后, 还包括:  The method according to claim 3, wherein the step of carrying the determination result in the session establishment response message and returning to the network access device by using the Gx interface further includes:
若所述会话建立应答消息中携带的确定结果为允许所述用户流量通过所 述 PCEF,所述网络接入设备根据所述会话建立应答消息允许所述用户接入网 络后, PCEF根据通过所述 PCEF的用户流量, 计算所述用户对应的配额使用 量;  If the result of the determination in the session setup response message is that the user traffic is allowed to pass through the PCEF, the network access device allows the user to access the network according to the session establishment response message, and the PCEF according to the User traffic of the PCEF, and calculating a quota usage amount corresponding to the user;
PCEF根据所述配额使用量和此前 OCS下发的配额, 监控所述用户对应 的配额是否耗尽;  The PCEF monitors whether the quota corresponding to the user is exhausted according to the quota usage amount and the quota issued by the previous OCS.
当监控结果为所述用户对应的配额耗尽时, 请求 OCS下发新配额; 若接收到 OCS下发的新配额, 则继续所述用户对应的配额是否耗尽; 若接收到 OCS下发的用于指示用户配额不足的信息, 则通知用户接入设 备断开所述用户的网络连接。  If the monitoring result is that the quota corresponding to the user is exhausted, the OCS is requested to issue a new quota; if the new quota issued by the OCS is received, the quota corresponding to the user is exhausted; if the OCS is received, The information indicating that the user quota is insufficient is notified to the user that the access device disconnects the network connection of the user.
6、一种网络接入系统,其特征在于, 包括网络接入设备、 PCEF和 PCRF , 其中:  A network access system, comprising: a network access device, a PCEF, and a PCRF, wherein:
网络接入设备, 用于接收到用户发起的网络接入请求消息后, 通过 Gx接 口向 PCEF发送会话建立请求消息;  a network access device, configured to send a session establishment request message to the PCEF through the Gx interface after receiving the network access request message initiated by the user;
PCEF, 用于通过解析所述会话建立请求消息, 获取用户信息并保存用户 信息; 将所述会话建立请求消息转发给 PCRF, 接收 PCRF返回的所述用户对 应的策略, 并保存所述策略, 用以根据所述用户信息和策略对所述用户的流 量进行管理和控制。  a PCEF, configured to: retrieve the user information and save the user information by parsing the session establishment request message; forward the session establishment request message to the PCRF, receive a policy corresponding to the user returned by the PCRF, and save the policy, The management and control of the user's traffic according to the user information and policies.
7、 如权利要求 6所述的系统, 其特征在于,  7. The system of claim 6 wherein:
所述 PCEF, 还用于根据所述策略和所述用户信息, 确定是否允许所述用 户流量通过所述 PCEF, 并将确定结果携带在会话建立应答消息中, 通过 Gx 接口返回给网络接入设备; 所述网络接入设备, 还用于根据所述会话建立应答消息, 确定是否允许 所述用户接入网络, 并向所述用户返回网络接入应答消息。 The PCEF is further configured to determine, according to the policy and the user information, whether to allow the user traffic to pass the PCEF, and carry the determination result in a session establishment response message, and return the network access device through the Gx interface. ; The network access device is further configured to determine, according to the session establishment response message, whether the user is allowed to access the network, and return a network access response message to the user.
8、 如权利要求 7所述的系统, 其特征在于, 所述根据所述会话建立应答 消息, 确定是否允许所述用户接入网络, 包括:  The system according to claim 7, wherein the determining, according to the session establishment response message, whether the user is allowed to access the network, includes:
网络接入设备在所述会话建立应答消息中携带的确定结果为允许所述用 户流量通过所述 PCEF时, 允许所述用户接入网络;  The determining result carried by the network access device in the session establishment response message is to allow the user to access the network when the user traffic is allowed to pass through the PCEF;
网络接入设备在所述会话建立应答消息中携带的确定结果为不允许所述 用户流量通过所述 PCEF时, 不允许所述用户接入网络。  When the network access device carries the determination result in the session establishment response message that the user traffic is not allowed to pass through the PCEF, the user is not allowed to access the network.
9、 一种 PCEF设备, 其特征在于, 包括:  9. A PCEF device, comprising:
接收单元, 用于通过与网络接入设备之间的 Gx接口,接收网络接入设备 发来的会话建立请求消息, 所述会话建立请求消息是网络接入设备接收到用 户发起的网络接入请求消息后发来的;  The receiving unit is configured to receive, by using a Gx interface with the network access device, a session establishment request message sent by the network access device, where the session establishment request message is that the network access device receives the network access request initiated by the user. Sent after the news;
第一获取单元, 用于通过解析接收单元接收到得所述会话建立请求消息, 获取用户信息并保存用户信息;  a first acquiring unit, configured to receive the session establishment request message by the parsing receiving unit, acquire user information, and save the user information;
第二获取单元, 用于根据第一获取单元获取的所述所述用户信息, 向 PCRF请求所述用户对应的策略, 并保存所述策略, 用以根据所述用户信息和 策略对所述用户的流量进行管理和控制。  a second acquiring unit, configured to request, according to the user information acquired by the first acquiring unit, a policy corresponding to the user to the PCRF, and save the policy, where the user is used according to the user information and policy Traffic is managed and controlled.
10、 如权利要求 9所述的设备, 其特征在于, 所述第二获取单元包括: 发送子单元, 用于将所述会话建立请求消息转发给 PCRF;  The device according to claim 9, wherein the second obtaining unit comprises: a sending subunit, configured to forward the session establishment request message to the PCRF;
接收子单元, 用于接收 PCRF返回的所述用户对应的策略, 所述策略是 PCRF根据所述会话建立请求消息中的用户信息, 向 SPR请求用户签约信息, 并根据 SPR返回的用户签约信息、 以及所述用户信息生成的。  a receiving sub-unit, configured to receive a policy corresponding to the user returned by the PCRF, where the policy is that the PCRF requests the user subscription information according to the user information in the session establishment request message, and the user subscription information returned according to the SPR, And the user information generated.
11、 如权利要求 9或 10所述的设备, 其特征在于, 还包括:  The device according to claim 9 or 10, further comprising:
确定单元, 用于根据第一获取单元和第二获取单元获取的所述策略和所 述用户信息, 确定是否允许所述用户流量通过所述 PCEF;  a determining unit, configured to determine, according to the policy and the user information acquired by the first obtaining unit and the second acquiring unit, whether to allow the user traffic to pass the PCEF;
发送单元, 用于将确定单元的确定结果携带在会话建立应答消息中, 通 过 Gx接口返回给网络接入设备。 And a sending unit, configured to carry the determination result of the determining unit in the session establishment response message, and return to the network access device by using the Gx interface.
12、 一种网络接入设备, 其特征在于, 包括: 12. A network access device, comprising:
第一接收单元, 用于接收用户发起的网络接入请求消息;  a first receiving unit, configured to receive a network access request message initiated by a user;
第一发送单元, 用于在第一接收单元接收到所述网络接入请求消息后, 通过 Gx接口, 向 PCEF发送会话建立请求消息, 所述会话建立请求消息携带 用户信息。  The first sending unit is configured to send, after the first receiving unit receives the network access request message, a session establishment request message to the PCEF through the Gx interface, where the session establishment request message carries user information.
13、 如权利要求 12所述的设备, 其特征在于, 还包括:  13. The device according to claim 12, further comprising:
第二接收单元, 用于通过 Gx接口接收 PCEF返回的会话建立应答消息, 所述会话建立应答消息中携带是否允许所述用户流量通过所述 PCEF的确定 结果;  a second receiving unit, configured to receive, by using a Gx interface, a session establishment response message returned by the PCEF, where the session establishment response message carries a determination result of whether the user traffic is allowed to pass the PCEF;
确定单元, 用于根据所述确定结果, 确定是否允许所述用户接入网络; 第二发送单元, 用于根据确定单元的确定结果, 向所述用户返回网络接 入应答消息。  And a determining unit, configured to determine, according to the determining result, whether the user is allowed to access the network; and the second sending unit is configured to return a network access response message to the user according to the determining result of the determining unit.
PCT/CN2012/081568 2011-12-19 2012-09-19 Network access method, system and device WO2013091410A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110425918.7 2011-12-19
CN201110425918.7A CN102497379B (en) 2011-12-19 2011-12-19 Network access method, system and equipment

Publications (1)

Publication Number Publication Date
WO2013091410A1 true WO2013091410A1 (en) 2013-06-27

Family

ID=46189164

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/081568 WO2013091410A1 (en) 2011-12-19 2012-09-19 Network access method, system and device

Country Status (2)

Country Link
CN (1) CN102497379B (en)
WO (1) WO2013091410A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015010627A1 (en) * 2013-07-24 2015-01-29 Tencent Technology (Shenzhen) Company Limited A management method, system, and computer-readable storage medium for internet connection of applications

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102497379B (en) * 2011-12-19 2015-01-21 华为数字技术(成都)有限公司 Network access method, system and equipment
CN103596158B (en) * 2012-08-17 2016-12-21 电信科学技术研究院 A kind of method and device obtaining CAMEL-Subscription-Information
CN103166767B (en) * 2013-03-21 2016-12-07 华为技术有限公司 Charging and band width control method, entity and system
CN104469726A (en) * 2013-09-22 2015-03-25 阿尔卡特朗讯 Method and equipment for use monitoring of user group
CN104869552B (en) * 2014-02-25 2019-02-01 华为技术有限公司 The method and apparatus for reporting flow
CN105792200B (en) * 2014-12-26 2019-05-10 中国移动通信集团公司 A kind of method for authenticating, system and relevant apparatus
CN106301808B (en) * 2016-08-15 2019-06-21 中国联合网络通信集团有限公司 Policy control method and its system
CN112702180B (en) * 2016-10-31 2022-05-17 华为技术有限公司 Policy control method, device and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101272274A (en) * 2007-07-24 2008-09-24 华为技术有限公司 Method, device and system for implementing policy and charging control
CN101296092A (en) * 2007-04-26 2008-10-29 华为技术有限公司 User service data charging method, system and equipment
CN101369917A (en) * 2007-08-17 2009-02-18 华为技术有限公司 Method, system and apparatus for expanding policy and charging control rules
CN101453722A (en) * 2007-07-24 2009-06-10 华为技术有限公司 Method, apparatus and system for implementing policy and charging control
CN102497379A (en) * 2011-12-19 2012-06-13 成都市华为赛门铁克科技有限公司 Network access method, system and equipment

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7983361B2 (en) * 2007-04-26 2011-07-19 Mediatek Inc. Clock data recovery circuit
WO2010112080A1 (en) * 2009-04-02 2010-10-07 Telefonaktiebolaget Lm Ericsson (Publ) Control of a communication session
CN102196533B (en) * 2011-04-15 2014-01-22 华为数字技术(成都)有限公司 Network access control method and related device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101296092A (en) * 2007-04-26 2008-10-29 华为技术有限公司 User service data charging method, system and equipment
CN101272274A (en) * 2007-07-24 2008-09-24 华为技术有限公司 Method, device and system for implementing policy and charging control
CN101453722A (en) * 2007-07-24 2009-06-10 华为技术有限公司 Method, apparatus and system for implementing policy and charging control
CN101369917A (en) * 2007-08-17 2009-02-18 华为技术有限公司 Method, system and apparatus for expanding policy and charging control rules
CN102497379A (en) * 2011-12-19 2012-06-13 成都市华为赛门铁克科技有限公司 Network access method, system and equipment

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015010627A1 (en) * 2013-07-24 2015-01-29 Tencent Technology (Shenzhen) Company Limited A management method, system, and computer-readable storage medium for internet connection of applications

Also Published As

Publication number Publication date
CN102497379B (en) 2015-01-21
CN102497379A (en) 2012-06-13

Similar Documents

Publication Publication Date Title
WO2013091410A1 (en) Network access method, system and device
JP6054421B2 (en) Handling authorization requests for packet-based services in cellular networks
KR101940815B1 (en) Quality of service for device assisted services
US9191960B2 (en) Methods and apparatus for mitigating service interruption
RU2513711C2 (en) Service event trigger
WO2008128470A1 (en) Method,system and entity of realizing event detection
WO2009046678A1 (en) Method and device for obtaining the capability of policy and charging enforcement function
WO2006047965A1 (en) A method for processing the online charging
WO2005109758A1 (en) A processing method for perfect charging on line based on the service data stream
WO2007051404A1 (en) Charging method, system, charging client and charging processing unit
WO2009024050A1 (en) Method, system and device for policy control
WO2015131331A1 (en) Method and device for managing charging session
WO2010091635A1 (en) Method, apparatus for controlling policy
WO2014172858A1 (en) Method for charging for application, and charging device and system
WO2006015548A1 (en) A processing method based on charging trigger event and re-authorisation event of packet data flow
WO2011079773A1 (en) Method, device and system for controlling user session policy
WO2012088919A1 (en) Method and device for monitoring service traffic
WO2005099184A1 (en) A method for improving charging rules in packet data services and the operation thereof
WO2011063688A1 (en) Method and system for selecting policy and charging rules function entity
WO2006012798A1 (en) A method for processing the re-authorisation based on the charging of the packet data flow
WO2011085614A1 (en) Method for controlling resources in full service converged network and system therefor
WO2011085621A1 (en) Method and system for service processing
WO2009024056A1 (en) Method, system and device of expanding policy and charging control rule
WO2011120377A1 (en) Flow charging method, apparatus and system
WO2013159617A1 (en) Method, system and control network element for network congestion

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12860035

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12860035

Country of ref document: EP

Kind code of ref document: A1