WO2017174499A1 - Stockage optimise de définitions de service dans un espace de règles commun de commande de facturation et de politique - Google Patents

Stockage optimise de définitions de service dans un espace de règles commun de commande de facturation et de politique Download PDF

Info

Publication number
WO2017174499A1
WO2017174499A1 PCT/EP2017/057841 EP2017057841W WO2017174499A1 WO 2017174499 A1 WO2017174499 A1 WO 2017174499A1 EP 2017057841 W EP2017057841 W EP 2017057841W WO 2017174499 A1 WO2017174499 A1 WO 2017174499A1
Authority
WO
WIPO (PCT)
Prior art keywords
service definition
service
packet inspection
stored
inspection node
Prior art date
Application number
PCT/EP2017/057841
Other languages
English (en)
Inventor
Ulf Mattsson
Ibon Gochi Garcia
Hans Mattsson
Miguel Angel MUÑOS DE LA TORRE ALONSO
Maria Belen PANCORBO MARCOS
Linus ANDERSSON
Original Assignee
Telefonaktiebolaget Lm Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget Lm Ericsson (Publ) filed Critical Telefonaktiebolaget Lm Ericsson (Publ)
Publication of WO2017174499A1 publication Critical patent/WO2017174499A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/66Policy and charging system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • H04L12/1403Architecture for metering, charging or billing
    • H04L12/1407Policy-and-charging control [PCC] architecture
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/568Storing data temporarily at an intermediate stage, e.g. caching
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Definitions

  • Embodiments presented herein relate to a method and node for handling service definitions in a communication system network.
  • OTT OTT
  • the traditional intermediary distribution channels e.g., cable television providers
  • the content/applications being provided essentially directly to the end user via an operator's communications network.
  • PCC Policy and Charging Control
  • the service In order to be able to differentiate between the various services running in an operator's network, the service has to be identified. The identification is done by means of packet inspection performed by a Deep Packet Inspection (DPI) module or similar (further called Packet Inspection Classification Engine - "PICE") within the operator domain.
  • DPI Deep Packet Inspection
  • PICE Packet Inspection Classification Engine
  • IP Internet Protocol
  • URLs Universal Resource Locators
  • the service definition may e.g. correspond to a Packet Flow Description (PFD), which is a set of information enabling the detection of application traffic provided by a 3rd party service provider, see 3GPPP TS 23.203.
  • PFD Packet Flow Description
  • a PFD is further defined in 3GPP TS 23.682 as a set of information including PFD (Packet Flow Description) is a set of information enabling the detection of application traffic including: PFD id; and a 3-tuple including protocol, server side IP address and port number; or the significant parts of the URL to be matched, e.g. host name; or a Domain name matching criteria.
  • the PFD can be designed to convey proprietary extension for proprietary application traffic detection mechanisms.
  • An alternative approach presently under consideration is to have service definitions pulled from servers, either in the content provider domain or in the operator domain. Doing a pull of service definitions instead of provisioning them demands a carefully planned architecture in the packet inspection service classification engine, in order to avoid having too high a load in it. For example, one potential problem is that, if service definitions are pulled from a server, they might be stored in a user space, taking up too much memory if many users have their own copy.
  • FIG. 1 depicts aspects relating to the storage of PCC rules.
  • FIG. 2 is a signaling/flow diagram of an exemplary pull sequence, carried out in aspects of some but not necessarily all embodiments.
  • FIG. 3 is a block diagram of elements for carrying out various aspects of the invention as described above, such as in connection with FIGS. 1 and 2.
  • circuitry configured to perform one or more described actions is used herein to refer to any such embodiment (i.e., one or more specialized circuits alone or in combination with one or more programmed processors).
  • the invention can additionally be considered to be embodied entirely within any form of nontransitory computer readable carrier, such as solid-state memory, magnetic disk, or optical disk containing an appropriate set of computer instructions that would cause a processor to carry out the techniques described herein.
  • nontransitory computer readable carrier such as solid-state memory, magnetic disk, or optical disk containing an appropriate set of computer instructions that would cause a processor to carry out the techniques described herein.
  • the various aspects of the invention may be embodied in many different forms, and all such forms are contemplated to be within the scope of the invention.
  • any such form of embodiments as described above may be referred to herein as "logic configured to" perform a described action, or alternatively as “logic that" performs a described action.
  • reference letters may be provided in some instances (e.g., in the claims and summary) to facilitate identification of various steps and/or elements. However, the use of reference letters is not intended to impute or suggest that the so-referenced steps and/or elements are to be performed or operated in any particular order.
  • service definitions for a service are pulled from a server.
  • aspects of exemplary embodiments introduce a way to optimize the handling of dynamically updated Service Definitions (SDs) storage in common space in Packet Inspection Classification Engines by a version handling mechanism.
  • SDs Service Definitions
  • a Packet Inspection Classification Engine (PICE) 101 node includes a common area 103 and a user space 105 in its storage.
  • the common area 103 includes storage for service definitions for content/applications that may use the operator's network.
  • the service definitions are partitioned into a number, N, of sub-libraries 107-1, 107-2, ..., 107-N.
  • Each sub- library includes service definitions for a particular application (or version of an application), and preferably additionally includes the corresponding Application Module ID and/or a version indicator (when applicable).
  • the user space 105 stores information related to users of the network (in this example, M users), with each user having its own stored information 109-1, 109-2, ..., 109-M.
  • Each user's information 109-x includes a list of Application Module IDs (optionally with corresponding version indicators) of the applications that that particular user is using. The list also includes, for each active
  • a link 111-x (e.g., one of the illustrated links 111-1, 111- 2, ..., 111-M) that is used to access one of the sub-libraries 107-1, 107-2, ..., 107- N.
  • a link 111-x e.g., one of the illustrated links 111-1, 111- 2, ..., 111-M
  • each of the sub-libraries 107-1, 107-2, 107-N has a corresponding link 111-1, 111-2, 111-M.
  • this arrangement provides for efficient storage of Service Definitions because, if several users are running the same version of the same application, they can each have links that point to the same single copy of the sub- library 107-x stored in the common area 103. Thus, it is not necessary (although not precluded) to store an individual copy of the same Service Definitions for each user that requires the Service Definition in question. If the users should have had their own copy of the Service Definition that would occupy much more memory in the PICE 101 , particularly in case many users have their own copy of the same Service Definition.
  • FIG. 1 shows an instance in which two users (User 2 and User M) are both running version "y" of
  • each link 111 -x can be implemented as an HTTP URL or some other pointer or label or similar structure indicating a sub- library and/or set of one or more service definitions for one or more
  • An advantage of this arrangement is that, if an error occurs while storing the data (e.g., service definitions), only that particular sub-library 107-x will be corrupted, not the complete common area 103. Also, only the users that have the links activated will be exposed to possible overlapping rules.
  • data e.g., service definitions
  • a parameter is provided that indicates the version of the data provided in a request and/or a response to a service definition pull from the server.
  • This parameters supports the handling of common rules for all users or a group of users.
  • the version parameter is stored together with the service definitions in the sub-libraries 107-x within the common area 103. If the version received in a request/response is the same as the version of service definitions already available in the packet inspection classification engine 101, it only updates the links in user space 105 to point to the existing sub-library 107-x.
  • the new version is stored in the common area 103 (e.g., a new sub-library 107-x is created) and the link 111-x pointing to this is updated in user space 105-x for those applications that need to access the service definitions.
  • a Time-To-Live parameter (TTL s d) is present, which describes the time -period during which a service definition is considered valid in the common space.
  • TTL s d When TTL s d has timed out, a new pull of service definition is needed.
  • the value of TTL s d might be set by the content provider or by the operator.
  • the TTL s d parameter for each sub-library 107-x can be stored in the common area 103, but this is not an essential aspect of embodiments consistent with the invention.
  • the links reside in user space 105, they can be activated and terminated independently and dynamically for each user.
  • TTL US er can be set by the content provider or by the operator.
  • FIG. 2 is a signaling/flow diagram of an exemplary pull sequence, carried out in other aspects of some but not necessarily all embodiments.
  • the illustrated steps and signaling are performed by hardware/nodes associated with respective ones of application(s), operator space (e.g., PICE), and server(s).
  • an application 201 (e.g., run in a User Equipment - UE) sends a trigger request to the PICE 203 node in operator space.
  • the trigger request includes a parameter, Application-module-ID, that uniquely indicates and/or describes the application and/or application properties (e.g., some but not necessarily all properties) and in some embodiments even what part within an application a user is using at the moment.
  • the trigger request may also include an optional user time to live parameter, TTL US er, that specifies for how long this user's link to the service definitions should remain valid.
  • step 1 depicts an Application 201 itself triggering the request and, via a predefined protocol, sending the request to the PICE 203
  • this example is not intended to be limiting. Rather, the various aspects illustrated by the example are applicable in other cases as well, such as when the illustrated request (e.g., shown in step 1) is triggered by some sort of packet inspection (e.g., Deep Packet Inspection - DPI) without the Application 201 (e.g., in the UE) explicitly being aware of it.
  • some sort of packet inspection e.g., Deep Packet Inspection - DPI
  • step 2 in response to receiving the trigger request, the PICE 203 in some embodiments simply forwards the request to the intended server 205
  • an optimization is included, herein referred to as "fast path.”
  • the fast path optimization is intended to circumvent the round trip time to the server 205 and back, and operates by having the PICE 203 read the Application-module-ID presented in the trigger request and then use it to detect if the service definitions related to the indicated version are already present in the common area 103 of the PICE 203.
  • the detection may, for example, be based on a version parameter (e.g., a Service Definition - SD - version or other) included in or with the Application-module-ID.
  • step 4 the server 205 responds to receipt of the Application trigger request received in step 3 by obtaining the applicable service definitions (e.g., locating them based on the Application-module-ID and retrieving them from storage) and producing a response that contains the applicable service definitions.
  • the response also includes the SD version parameter(s) (when applicable).
  • the response also includes one or more of the above-mentioned time to live parameters, TTL s d and a TTL US er.
  • step 5 the Application trigger response is sent by the server 205 to the PICE 203.
  • a single server 205 is depicted, and this is shown being outside of operator space 203. However, this is not the case in all instances.
  • the server 205 can, for example, reside within the operator space.
  • the server 205 may actually itself comprise a plurality of servers (not shown), one or more of which are within the operator space and one or more others of which are outside of operator space.
  • step 6 the PICE 203 examines the Application-module-ID and the SD version parameter that it received in the Application trigger response sent in step 5, and checks to see if the service definitions related to the version already exist in the common area 103. If it exists, a link 111-x to the service definitions 107-x is added in user space 105 or updated if already available. If the service definitions are not already stored in the common area 103, then the service definitions are fetched and stored in the common area 103 as described earlier. Then, links 111-x to the service definitions 107-x are created in user space 105.
  • the PICE 203 may send an Application trigger response (step 7) into back to the application 201 (or other entity) that sent the initial Application trigger request.
  • the Application trigger response includes, for example, the Application-module-ID, information indicating the outcome of the trigger.
  • the PICE 203 might also create or use incoming TTL s d and TTL US er parameters.
  • the TTL US er parameter can optionally be included in the Application trigger response that is sent to the application 201.
  • the parameters TTL s d and TTL US er indicate respectively how long a set of service definitions and how long a user's access to a set of service definitions will remain valid. This can be implemented by means of a timer that is set for the amount of time indicated in the parameter (step 8).
  • TTL s d has timed out, the service definitions and the SD version parameter are removed from the common area 103. All links 111-x to the removed sub- library 107-x are removed as well.
  • the link 111-x to the related sub-library 107-x of service definitions is erased, but only for that particular user.
  • the link to that sub-library 107-x of service definitions may remain valid for other users.
  • the Application 201 If the Application 201 intends to keep the link 111-x to the Service Definitions for a longer time period than specified by the TTL US er parameter, then it issues a new Application trigger request (step 9) before the TTL US er time period expires. The Application 201 will have been informed of the actual effective lifespan of its link to the Service Definitions by the inclusion of the TTL US er parameter in the Application trigger response (step 7).
  • FIG. 3 is a block diagram of elements for carrying out various aspects of the invention as described above, such as in connection with FIGS. 1 and 2.
  • any of the nodes described above e.g., PICE, Server
  • a controller 301 that includes circuitry configured to carry out any one or any combination of the various functions described above with respect to those elements.
  • Such circuitry could, for example, be entirely hard- wired circuitry (e.g., one or more Application Specific Integrated Circuits - "ASICs"). Depicted in the exemplary embodiment of FIG.
  • programmable circuitry comprising a processor 303 coupled to one or more memory devices 305 (e.g., Random Access Memory, Magnetic Disc Drives, Optical Disk Drives, Read Only Memory, etc.) and to an interface 307 to other elements within the same or a different space.
  • the interface 307 enables bidirectional communication with those other elements.
  • the memory device(s) 305 store program means 309 (e.g., a set of processor instructions) configured to cause the processor 303 to control other node elements so as to carry out any of the aspects described above, such as but not limited to those described with reference to FIGS. 1 and 2.
  • the memory device(s) 305 may also store data (not shown) representing various constant and variable parameters as may be needed by the processor 303 and/or as may be generated when carrying out its functions such as those specified by the program means 309.
  • the memory device(s) 305 may store, for example, the common area database illustrated in FIG. 1.
  • a packet inspection node 101, 203 that includes a common area 103 for storing service definitions wherein the stored service definitions are partitioned into separately accessible sub-libraries 107-1 to 107-N and a user space (105) for storing a link 111-1, 111-2, 111-M to a sub-library 107-1, 107-2, 107-N respectively comprising a relevant service definition.
  • the packet inspection node according to any one of item 1-3, wherein the packet inspection node is configured to operatively receive (1) a request from an application (201) indicating a requested service definition. 5. The packet inspection node according to item 4, wherein the packet inspection node is configured to operatively compare the requested service definition with service definitions stored in the common area 103 to determine whether the requested service definition is present in the common area.
  • the packet inspection node according to item 8 comprising a timer associated with each of the one or more of the stored service definitions that is associated with the service definition time to live parameter, wherein the timer is programmed to timeout upon expiration of the service definition time to live time duration,
  • the packet inspection node in response to the timeout of the timer, is configured to send (3) a request for a service definition to replace the expired service definition.
  • the packet inspection node according to any one of item 1-9, wherein at least one of the stored service definitions is associated with a user time to live parameter, TTL US er, that specifies how long the service definition is to be valid for a particular user.
  • the packet inspection node according to item 10 comprising a timer associated with each of the stored service definitions that is associated with the user time to live parameter, wherein the timer is programmed to timeout upon expiration of the user time to live time duration,
  • the packet inspection node in response to the timeout of the timer, is configured to remove, from the user space, a link to the service definition associated with the user time to live timeout.
  • the method comprises:
  • the packet inspection node in response to the timeout of the timer, sends (3) a request for a service definition to replace the expired service definition.
  • TTLuser that specifies how long the service definition is to be valid for a particular user.
  • the packet inspectioOn node comprises a timer associated with each of the stored service definitions that is associated with the user time to live parameter, wherein the timer is programmed to timeout upon expiration of the user time to live time duration,
  • the packet inspection node removes, from the user space, a link to the service definition associated with the user time to live timeout.
  • embodiments consistent with the invention provide a structured protocol to utilize the architecture in an efficient way.
  • embodiments consistent with the invention provide an easy and dynamically controlled way to activate and terminate rules utilizing the service definitions individually per user.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Un procédé mis en œuvre dans un nœud d'inspection de paquet (101, 203) et un nœud d'inspection de paquet comprenant une zone commune (103) pour stocker des définitions de service, dans laquelle les définitions de service stockées sont divisées en sous-bibliothèques accessibles séparément (107-1-107-N) et un espace d'utilisateur (105) pour stocker un lien (111-1, 111-2, 111-M) vers une sous-bibliothèque (107-1, 107-2, 107-N ) comprenant la définition de service. Le procédé consiste à : recevoir (1) une requête d'une application (201) indiquant une définition de service demandée ; détecter (2) si la définition de service demandée est stockée dans la zone commune (103) ; transférer (3) la requête comprenant la définition de service après détermination que la définition de service n'est pas stockée dans la zone commune (103), ou mettre à jour le lien dans l'espace utilisateur vers la sous-bibliothèque dans la zone commune (301) associée à la définition de service si la définition de service demandée est stockée dans la zone commune (301).
PCT/EP2017/057841 2016-04-04 2017-04-03 Stockage optimise de définitions de service dans un espace de règles commun de commande de facturation et de politique WO2017174499A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201662318175P 2016-04-04 2016-04-04
US62/318175 2016-04-04

Publications (1)

Publication Number Publication Date
WO2017174499A1 true WO2017174499A1 (fr) 2017-10-12

Family

ID=58488992

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2017/057841 WO2017174499A1 (fr) 2016-04-04 2017-04-03 Stockage optimise de définitions de service dans un espace de règles commun de commande de facturation et de politique

Country Status (1)

Country Link
WO (1) WO2017174499A1 (fr)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7792845B1 (en) * 2006-03-07 2010-09-07 Juniper Networks, Inc. Network acceleration device having logically separate views of a cache space
US8560692B1 (en) * 2007-09-05 2013-10-15 Trend Micro Incorporated User-specific cache for URL filtering

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7792845B1 (en) * 2006-03-07 2010-09-07 Juniper Networks, Inc. Network acceleration device having logically separate views of a cache space
US8560692B1 (en) * 2007-09-05 2013-10-15 Trend Micro Incorporated User-specific cache for URL filtering

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Study on Sponsored Data Connectivity Improvements; (Release 14)", 3GPP STANDARD; 3GPP TR 23.721, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG2, no. V0.2.2, 9 March 2016 (2016-03-09), pages 1 - 33, XP051087911 *

Similar Documents

Publication Publication Date Title
EP3726811A1 (fr) Routage proxy basé sur en-têtes de trajet
US8826381B2 (en) Node device and method to prevent overflow of pending interest table in name based network system
US10455005B2 (en) Detecting virtual private network usage
US11991544B2 (en) Technique for correlating network data analytics information
EP2924941A1 (fr) Procédé et dispositif de prévention d'un accès illégal à un service
CN108259425A (zh) 攻击请求的确定方法、装置及服务器
US8996670B2 (en) Methods, systems, and computer readable media for network metadata based policy control
CN102137111A (zh) 一种防御cc攻击的方法、装置和内容分发网络服务器
KR20110125481A (ko) 컨텐츠 중심 네트워크(ccn)에서 단말 및 허브의 통신 방법 및 컨텐츠 중심 네트워크를 위한 단말
US20160269362A1 (en) Network security system to intercept inline domain name system requests
US10397369B2 (en) Methods and network nodes for monitoring services in a content delivery network
WO2018214853A1 (fr) Procédé, appareil, support et dispositif de réduction de longueur de message dns
US10178033B2 (en) System and method for efficient traffic shaping and quota enforcement in a cluster environment
CN110677684B (zh) 视频处理、视频访问方法及分布式存储、视频访问系统
TW201251384A (en) System and method for two way push notifications
EP3338409B1 (fr) Procédé de gestion dynamique d'un service réseau dans un réseau de communication
CN103595808B (zh) 一种文件更新信息推送方法及装置
CN109982034A (zh) 视频监控系统中的访问请求处理方法及装置
US7924838B1 (en) Advanced service architecture for next generation network services and intelligent data network router
US9729404B2 (en) Quality of service monitoring device and method of monitoring quality of service
CN106358140B (zh) 联系人分组方法及装置
WO2017174499A1 (fr) Stockage optimise de définitions de service dans un espace de règles commun de commande de facturation et de politique
CN105144836B (zh) 一种信息传送方法及装置
EP3367736A1 (fr) Procédé et appareil de transmission de données
US10812601B2 (en) Method and system for signaling and radio connection optimization over a cellular network

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17715450

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 17715450

Country of ref document: EP

Kind code of ref document: A1