[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2013044759A1 - Seaming service shunt control implementation method, system and device - Google Patents

Seaming service shunt control implementation method, system and device Download PDF

Info

Publication number
WO2013044759A1
WO2013044759A1 PCT/CN2012/081755 CN2012081755W WO2013044759A1 WO 2013044759 A1 WO2013044759 A1 WO 2013044759A1 CN 2012081755 W CN2012081755 W CN 2012081755W WO 2013044759 A1 WO2013044759 A1 WO 2013044759A1
Authority
WO
WIPO (PCT)
Prior art keywords
epc
access
allowed
service
bng
Prior art date
Application number
PCT/CN2012/081755
Other languages
French (fr)
Chinese (zh)
Inventor
刘国燕
朱春晖
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2013044759A1 publication Critical patent/WO2013044759A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/08Access restriction or access information delivery, e.g. discovery data delivery

Definitions

  • the invention relates to the field of mobile communications, and in particular to a method, system and device for implementing a service split control with seams. Background technique
  • the Evolved Packet System (EPS) of the 3rd Generation Partnership Project (3GPP) is evolved by Evolved Universal Terrestrial Radio Access Network (E-UTRAN), mobile The Mobility Management Entity (MME), the Serving Gateway (S-GW), the Packet Data Network Gateway (P-GW), and the Home Subscriber Server (HSS) are formed.
  • E-UTRAN Evolved Universal Terrestrial Radio Access Network
  • MME mobile The Mobility Management Entity
  • S-GW Serving Gateway
  • P-GW Packet Data Network Gateway
  • HSS Home Subscriber Server
  • the EPS supports interworking with non-3GPP systems, as shown in Figure 1, where interworking with non-3GPP systems is implemented through the S2a/b/c interface, and the P-GW acts as an anchor between 3GPP and non-3GPP systems.
  • non-3GPP system access is divided into untrusted non-3GPP access and trusted non-3GPP access; wherein, untrusted non-3GPP access requires evolved packet data gateway (Evolved Packet Data Gateway) , ePDG) is connected to the P-GW, the interface between the ePDG and the P-GW is S2b; the trusted non-3GPP access can be directly connected to the P-GW through the S2a interface, and the S2a interface uses the PMIP protocol for information exchange; in addition, the S2c interface Provides user plane-related control and mobility support between User Equipment (UE) and P-GW.
  • the supported mobility management protocol is dual-stack mobile IPv6 (Moblie IPv6 Support for Dual Stack Hosts and Route
  • Wireless Local Area Network can be trusted Or the untrusted non-3GPP system accesses the EPS, which involves the interworking problem of non-3GPP systems and mobile convergence that many operators pay attention to.
  • BE Best Effort
  • the above two types of services obtain the same bandwidth. The bandwidth is sufficient for the BE service, but may not meet the requirements of services such as voice, resulting in poor transmission quality or even business failure of voice-type services. Therefore, when the mobile terminal accesses the EPS through the WLAN, it is necessary to effectively split the service, as shown in FIG. 2 .
  • the factors that determine whether the UE performs the split traffic is multi-faceted, including the willingness of the UE, the trusted non-3 GPP IP access network (TNAN) network. It is more appropriate for the operator's willingness and the willingness of the mobile network operator, and on which network element the UE is sewn.
  • the main object of the present invention is to provide a method, system and device for implementing a service split control according to a UE, and according to the will of the UE, the will of the TNAN network, and the willingness of the mobile network to comprehensively determine whether the UE performs a slotted service. Diversion.
  • the present invention provides a method for implementing a slotted service offload control, comprising: determining, by a decision network element, whether to allow access to an evolved packet core network (EPC), and/or whether to allow access to an EPC capability indication, and/or Or a local policy to determine whether to allow access to the EPC;
  • EPC evolved packet core network
  • the performing network element performs the operation of the service access according to whether the decision is allowed to access the EPC.
  • the determining network element is an access control device (AC) or a broadband network gateway (BNG) supporting the AC function
  • the method further includes: obtaining, by the AC or the BNG, whether the subscription is allowed to access the EPC. , for:
  • EAP Extensible Authentication Protocol
  • AAA authentication, authorization, and accounting
  • ⁇ ' authentication and key agreement protocol
  • HSS home subscriber server
  • the AAA server sends the subscribed EPC to the AC/BNG through an EAP Request/AKA' Challenge (EAP-REQ/AKA'-Challenge) message in the EAP authentication process.
  • EAP Request/AKA' Challenge EAP-REQ/AKA'-Challenge
  • the method before the EAP authentication, the method further includes: obtaining, by the AC or the BNG, a service set identifier (SSID) accessed by the UE, that is, an access point device (AP) or a home gateway supporting the AP function (RG) determining the SSID accessed by the UE according to the medium access control layer (MAC) address of the accessed UE and the local MAC mapping relationship, and notifying the AC or BNG.
  • SSID service set identifier
  • AP access point device
  • RG home gateway supporting the AP function
  • the method further includes: determining, by the AC or the BNG, whether to allow access to the EPC capability indication according to the SSID and/or the local policy.
  • the method further includes: obtaining, by the AAA server, whether the EPC capability indication is allowed to be accessed, where:
  • the AC or the BNG determines whether the EPC capability indication is allowed to be accessed according to the SSID and/or the local policy, and sends the EAP-RES/Identity message in the EAP authentication process to the AAA server; or
  • the AC or BNG sends the SSID through the EAP-RES/Identity message in the EAP authentication process. And sending to the AAA server, the AAA server determining, according to the SSID and/or the local policy, whether to allow access to the EPC capability indication.
  • the method further includes: acquiring the SSID by the AC or the BNG, as follows:
  • the AP or the RG determines the SSID accessed by the UE according to the MAC address of the accessed UE and the local MAC mapping relationship, and notifies the AC or the BNG.
  • the method further includes: after obtaining the AKA' vector in the EAP authentication process, the AAA server obtains, from the HSS, whether the subscription is allowed to access the EPC.
  • the decision network element determines whether to allow access to the EPC according to whether the subscription is allowed to access the EPC, and/or whether to allow access to the EPC capability indication, and/or the local policy: when the subscription is allowed to access
  • the determining network element according to the local policy, whether to allow access to the EPC or whether to allow access to the EPC capability indication as the decision whether to allow access to the EPC .
  • whether the subscription is allowed to access the EPC, or whether the access to the EPC capability indication is allowed, or whether the decision is allowed to access the EPC is: allowing service offloading, denying service offloading, and accessing the EPC, And refuse to divert traffic but allow access to any of the three EPCs.
  • the performing network element includes: an AAA server, a UE, and an AC or a BNG;
  • the performing the operation of performing the service access by the network element includes:
  • the AAA server replies to the EAP-Success message that the EAP authentication succeeds to the UE, and performs a registration process of the UE to the HSS;
  • the AC or the BNG After the EAP authentication succeeds, when the AC or the BNG receives the message that the UE requests to allocate an IP address, the AC or the BNG allocates a local IP address to the UE, and performs a split service split.
  • the execution network element includes: an AAA server and a UE;
  • the performing the operation of performing the service access by the network element includes:
  • the AAA server After performing the AKA and AKA'-Notification process, the AAA server replies to the UE with an EAP-Failure message that the EAP authentication failed.
  • the executing network element includes: an AAA server, a UE, and an AC or a BNG;
  • the performing the operation of performing the service access by the network element includes:
  • the AAA server replies to the EAP-Success message that the EAP authentication succeeds to the UE, and performs a registration process of the UE to the HSS;
  • the AC/BNG triggers the UE to access the EPC.
  • the present invention also provides an implementation system for a slotted service offload control, comprising: a decision network element and an execution network element, wherein:
  • Determining whether to allow access to the EPC according to whether the contracted access to the EPC, and/or whether to allow access to the EPC capability indication, and/or the local policy;
  • the execution network element is configured to perform an operation of the service access according to whether the determined access to the EPC is allowed.
  • the determining network element includes: an AC or a BNG, configured to obtain whether the subscription is allowed to access the EPC, and is further configured to acquire an SSID accessed by the UE, and determine, according to the SSID and/or the local policy, Whether to allow access to the EPC capability indication.
  • the determining network element includes: an AAA server, configured to obtain the indication of whether the EPC capability is allowed to be accessed, and whether the subscription is allowed to access the EPC.
  • the determining network element is further configured to: when the subscription is allowed to access the EPC and the permission to access the EPC capability indication is different, according to the local policy, whether the subscription is allowed to access the EPC or Whether to allow access to the EPC capability indication as the decision whether to allow access to the EPCo
  • the executing network element when determining whether to allow access to the EPC to allow traffic to be offloaded, includes: an AAA server, a UE, and an AC or a BNG;
  • An AAA server configured to reply to the UE with an EAP-Success message that the EAP authentication succeeds, and perform a registration process of the UE to the HSS;
  • the AC or the BNG is configured to allocate a local IP address to the UE and perform a split service split when receiving a message requesting the UE to allocate an IP address.
  • the determining whether the access to the EPC is allowed to be used for the traffic distribution and the access to the EPC includes: an AAA server and a UE;
  • the AAA server replies to the UE with an EAP-Failure message that the EAP authentication fails.
  • the execution network element includes: an AAA server, a UE, and an AC or a BNG;
  • An AAA server configured to reply to the UE with an EAP-Success message that the EAP authentication succeeds, and perform a registration process of the UE to the HSS;
  • the AC or BNG is triggered to access the EPC.
  • the present invention also provides an apparatus for implementing a service split control, including: an obtaining module, configured to obtain whether a subscription is allowed to access an evolved packet core network (EPC), and/or whether an EPC capability indication is allowed to be accessed. , and / or local strategy;
  • EPC evolved packet core network
  • a decision module configured to determine whether to allow access to the EPCo according to whether the subscription is allowed to access an evolved packet core network (EPC), and/or whether to allow access to an EPC capability indication, and/or a local policy
  • the acquiring module includes: an AC or a BNG sub-module, configured to obtain whether the subscription is allowed to access the EPC, and is further configured to acquire an SSID accessed by the UE, and determine according to the SSID and/or the local policy. Whether to allow access to the EPC capability indication.
  • the obtaining module includes: an AAA server submodule, configured to acquire Whether to allow access to the EPC capability indication; also for obtaining whether the subscription is allowed to access the EPC.
  • the decision module is further configured to: when the subscription is allowed to access the EPC and the permission to access the EPC capability indication is different, according to the local policy, whether the subscription is allowed to access the EPC or whether Allow access to the EPC capability indication as the decision whether to allow access to the EPCo
  • the determining module is further configured to determine whether to allow the access EPC to be any one of the following three types: allowing traffic offloading, denying traffic offloading and accessing the EPC, and denying traffic offloading but allowing access to the EPC.
  • the decision network element determines whether to allow access according to whether the subscription is allowed to access the EPC, and/or whether to allow access to the EPC capability indication, and/or the local policy EPC; where: whether the contracted access to the EPC is the willingness of the mobile network, whether the access to the EPC capability indication is allowed, is the willingness of the UE and the TNAN network, and the local policy is the willingness of the TNAN network or the mobile network, thus achieving According to the will of the UE, the willingness of the TNAN network, and the willingness of the mobile network, comprehensively decide whether the UE performs the slotted service offload (ie, whether to allow access to the EPC), or decides whether the UE performs according to the will of the TNAN network or the will of the mobile network. Sewing business diversion. DRAWINGS
  • FIG. 1 is a network structure diagram of interworking between a 3GPP network and a non-3GPP network in the prior art
  • FIG. 2 is a schematic diagram of a structure in which a UE accesses an EPC and performs slotted service offload through a WLAN S2a interface;
  • FIG. 3 is a flowchart of a method for implementing a service split control of a slot according to an embodiment of the present invention
  • FIG. 4 is a flowchart of a method for implementing a service split control with slotted according to a second embodiment of the present invention
  • FIG. 6 is a schematic structural diagram of an implementation system of a service split control according to the present invention.
  • the basic idea of the method for implementing the slotted service offload control provided by the present invention is: whether the decision network element allows access to the EPC according to the subscription, and/or whether to allow access to the EPC capability indication, and/or the local policy, Determining whether to allow access to the EPC; performing the operation of the service access according to whether the network element is allowed to access the EPC according to the decision.
  • Whether the above-mentioned contracting is allowed to access the EPC may also be referred to as a contracted slotted service offloading permission; whether to allow access to the EPC capability indication may also be referred to as a slotted service offloading capability indication; determining whether to allow access to the EPC may also be called In order to determine whether there is a segregated business diversion.
  • the decision network element is an Access Controller (AC) or a Broadband Network Gateway (BNG) that supports AC functions:
  • AC Access Controller
  • BNG Broadband Network Gateway
  • the AAA server obtains the authentication and key agreement protocol ( ⁇ ') vector, and obtains whether the contract is allowed to access the EPC to the HSS;
  • the AAA server through the EAP request /AKA in the EAP authentication process, challenges ( EAP-REQ/AKA'-Challenge ) message whether the signed access is allowed to be sent to the AC/BNG.
  • the AC or BNG Before EAP authentication, the AC or BNG needs to obtain the Service Set Identifier (SSID) of the UE access, which is: an access point device (AP) or an AP gateway-enabled home gateway (Residential Gateway, RG) determining the SSID accessed by the UE according to the medium access control layer (MAC) address of the accessed UE and the local MAC mapping relationship, and notifying the AC or the BNG;
  • SSID Service Set Identifier
  • AP access point device
  • RG AP gateway-enabled home gateway
  • the AC or BNG determines whether to allow access to the EPC capability indication based on the SSID and/or the local policy.
  • the AC or BNG can be allowed to access the EPC according to the contract, and/or The access EPC capability indication, and/or local policy determines whether access to the EPC is allowed.
  • AAA server There are two ways for the AAA server to obtain access to EPC capability indications:
  • the AP or the RG determines the SSID accessed by the UE according to the MAC address of the accessed UE and the local MAC mapping relationship, and notifies the AC or the BNG; the AC or the BNG determines whether to allow access to the EPC according to the SSID and/or the local policy. Instruct, and send the EAP-RES/Identity message in the EAP authentication process to the AAA server;
  • the AP or the RG determines the SSID that the UE accesses according to the MAC address of the accessed UE and the local MAC mapping relationship, and informs the AC or BNG; the AC or BNG passes the EAP-RES/Identity message in the EAP authentication process to the SSID. Sended to the AAA server, the AAA server determines whether to allow access to the EPC capability indication based on the SSID and/or the local policy.
  • the AAA server obtains whether the subscription is allowed to access the EPC.
  • the AAA server obtains the AKA' vector, the AAA server obtains the contract from the HSS to allow access to the EPC.
  • the AAA server can then decide whether to allow access to the EPC based on whether the subscription is allowed to access the EPC, and/or whether access to the EPC capability indication, and/or local policy is allowed.
  • the decision network element determines whether the access to the EPC is allowed to be: when the subscription is allowed to access the EPC and the access EPC capability indication is not the same, the decision network element is based on the local The policy determines whether to allow access to the EPC or whether to allow access to the EPC capability indication as a decision whether to allow access to the EPC.
  • the decision network element may also decide whether to allow access to the EPC according to whether the subscription is allowed to access the EPC or whether to allow access to the EPC capability indication, that is, whether the decision network element directly permits the access to the EPC. Or whether to allow access to the EPC capability indication as a decision whether to allow access to the EPCo
  • Whether the contract is allowed to access the EPC, or whether to allow access to the EPC capability indication, or whether to allow access to the EPC, is: Allow traffic to be diverted, refuse traffic diversion, and access EPC and Reject traffic splitting but allow access to any of the three EPCs.
  • the performing network element includes: an AAA server, a UE, and an AC or a BNG; and the performing the operation of the network element to perform the service access includes: the AAA server returns an EAP-Success message that the EAP authentication succeeds to the UE, and performs the UE to the HSS.
  • the AC or the BNG receives the message that the UE requests to allocate an IP address, the UE allocates a local IP address and performs a split service split.
  • the operation network element includes: an AAA server and a UE; and the performing the operation of the network element to perform the service access includes: After performing the AKA, -Notification process, the AAA server returns the EAP of the EAP authentication failure to the UE. Failure message.
  • the operation network element includes: an AAA server, a UE, and an AC or a BNG.
  • the operation of performing the network element to perform the service access includes: the AAA server replies to the EAP-Success that the EAP authentication succeeds to the UE.
  • the message, and the registration process of the UE is performed to the HSS; after the EAP authentication succeeds, the AC/BNG triggers the UE to access the EPC.
  • Embodiment 1 This embodiment is a specific description of the above case 1.
  • the control flow of the seamed business distribution includes:
  • Step 301 The UE selects an SSID access according to the wireless mechanism of the WLAN, and accesses the corresponding AP/RG (the AP or the RG supporting the AP function, and if it is an AP, the corresponding AC, if it is the RG, the corresponding BNG).
  • the corresponding AP/RG the AP or the RG supporting the AP function, and if it is an AP, the corresponding AC, if it is the RG, the corresponding BNG.
  • the AP/RG can know the SSID accessed by the UE according to the Medium Access Control Layer (MAC) address of the UE and the local MAC mapping relationship, and notify the AC of the SSID accessed by the UE by using a message.
  • BNG Medium Access Control Layer
  • CAPWAP Control and Provisioning of Wireless Access Points
  • the AC/BNG as an Extensible Authentication Protocol (EAP) Authenticator, triggers an EAP authentication process to the UE, and first sends an EAP Request/Identity (EAP-REQ/Identity) message to the UE.
  • EAP Extensible Authentication Protocol
  • Step 304 The UE returns an EAP Response/Identity (EAP-RES/Identity) message to the AC/BNG.
  • EAP-RES/Identity EAP Response/Identity
  • Step 305 The AC/BNG sends an EAP-RES/Identity message to the AAA server through an Authentication, Authorization, and Accounting (AAA) proxy.
  • AAA Authentication, Authorization, and Accounting
  • Step 306 the AAA server sends an EAP request/ ⁇ ' identity (EAP-REQ/AKA'-Identity) message to the AC/BNG through the AAA proxy, and the AC/BNG forwards the message to the UE;
  • EAP-REQ/AKA'-Identity EAP-REQ/AKA'-Identity
  • the UE returns an EAP Response / AKA, Identity (EAP-RES/AKA'-Identity) message to the AC/BNG, and the AC/BNG sends the message to the AAA server through the AAA proxy.
  • EAP-RES/AKA'-Identity EAP-RES/AKA'-Identity
  • Step 307 After receiving the EAP-RES/AKA'-Identity message, the AAA server requests an authentication and Key Agreement (AKA') vector from the HSS.
  • AKA' authentication and Key Agreement
  • the HSS first determines the AAA server registered by the UE. Whether the AAA server requesting the vector is the same, if yes, the HSS returns a vector to the AAA server; if not, the HSS returns a vector to the AAA server registered by the UE.
  • Step 308 After obtaining the AKA' vector, the AAA server obtains the information about the UE subscription from the HSS, which mainly includes: whether the subscription is allowed to access the EPC, and the HSS carries the information to the AAA server through the return profile message.
  • Step 309 The AAA server sends an EAP Request/ ⁇ ' Challenge (EAP-REQ/AKA, -Challenge) message to the AC/BNG through the AAA proxy, where the bearer is allowed to access the EPC; the AC/BNG will EAP-REQ/AKA The -Challenge message is sent to the UE.
  • the EAP-REQ/AKA'-Challenge message can carry the subscription to allow access to the EPC (in this case, the UE does not allow access to the EPC for processing the subscription), or not carry.
  • AC/BNG receives the EAP-REQ/AKA'-Challenge message, it is based on the contract. Whether to allow access to the EPC, and/or the SSID and/or local policy accessed by the UE, whether to allow access to the EPCo
  • access to the EPC includes the following three cases: Allowing traffic to be offloaded; Denying traffic offloading and accessing the EPC; Denying traffic offloading but allowing access to the EPC.
  • the above three cases can be represented by corresponding values, for example: 1 means that the service is allowed to be offloaded; 2 means that the service is offloaded and accesses the EPC; and 3 means that the service is offloaded but allowed to access the EPC.
  • 1 means that the service is allowed to be offloaded
  • 2 means that the service is offloaded and accesses the EPC
  • 3 means that the service is offloaded but allowed to access the EPC.
  • it can also be represented by defining other forms of values.
  • the AC/BNG decides whether to allow access to the EPC according to whether the contracted access to the EPC, and/or the SSID and/or local policy of the UE access is allowed:
  • the AC/BNG can decide whether to allow access to the EPC according to whether the subscription is allowed or not, and whether the subscription is allowed to access the EPC as the final decision whether to allow access to the EPC;
  • the AC/BNG can also be determined according to the SSID of the UE access.
  • the AC/BNG is configured with the SSID corresponding to the three conditions of the EPC.
  • the AC/BNG can know the SSID according to the SSID accessed by the UE. Whether the access to the EPC is allowed, may be referred to as whether to allow access to the EPC capability indication; whether the AC/BNG directly allows access to the EPC capability indication as the final decision whether to allow access to the EPC;
  • the AC/BNG can also be determined according to whether the subscription is allowed to access the EPC, whether the access to the EPC capability indication and the local policy are allowed, for example: when the subscription is allowed to access the EPC and whether the access to the EPC capability indication conflict is allowed (ie, no).
  • the same can be performed according to the configuration of the AC/BNG local policy, whether the contracted access to the EPC is allowed as the decision result, or whether the access to the EPC capability indication is allowed as the decision result.
  • AC/BNG can also decide whether to allow access to EPC based on local policies.
  • Step 310 The UE returns an EAP Response/ ⁇ A Challenge (EAP-RES/AKA'-Challenge) message to the AC/BNG, and the AC/BNG carries the determined EPC-RES/AKA'-Challenge message to allow access to the EPC. Send to AAA service through AAA proxy Device.
  • EAP-RES/AKA'-Challenge EAP Response/ ⁇ A Challenge
  • the AAA server performs the corresponding service access operation processing according to whether it is allowed to access the EPC, and can be divided into the following three situations:
  • step 311-312 if the decision is made to allow access to the EPC to allow traffic to be offloaded, the AAA server replies with an EAP-Success message (EAP success message) to the UE, indicating that the EAP authentication is successful. Moreover, the AAA server performs a registration process of the UE to the HSS, and the AAA server saves the access session information related to the UE.
  • EAP success message EAP-Success message
  • Step 313 After the EAP authentication succeeds, when the AC/BNG receives the message that the UE requests to allocate an IP address, the AC/BNG allocates an IP address to the UE according to the decision whether to allow access to the EPC (allowing traffic splitting), and performs an IP address locally. Sewing business diversion.
  • Step 311 If the deciding whether to allow the access EPC to deny the traffic offloading and accessing the EPC, the AKA, the notification (AKA, -Notification) process is performed between the AAA server and the UE, and the AAA server may notify the UE through the process. The result of the failure.
  • Step 312 After performing the AKA, -Notification process, the AAA server replies to the UE with an EAP-Failure message (EAP failure message).
  • EAP failure message EAP failure message
  • the UE is terminated because the EAP authentication fails.
  • This scenario may occur when a malicious UE requests an SSID that only allows traffic to be offloaded or accesses the EPC.
  • the contracted traffic offload indication is exactly the opposite of what is requested, and therefore, the EAP authentication fails.
  • the AAA server replies with an EAP-Success message to the UE, indicating that the EAP authentication is successful, if the EPC is allowed to access the EPC to allow the traffic to be diverted. Moreover, the AAA server performs the registration process of the UE to the HSS, and the AAA server guarantees The access session information related to the UE is stored.
  • Step 313 After the EAP authentication succeeds, the AC/BNG triggers the UE to access the EPC.
  • Embodiment 2 This embodiment is a specific description of the above case 2.
  • the implementation process of the seamed traffic distribution control includes:
  • Step 401 The UE selects an SSID access according to the wireless mechanism of the WLAN, and accesses the corresponding AP/RG.
  • Step 402 The AP/RG can know the SSID accessed by the UE according to the MAC address of the UE and the local MAC mapping relationship, and notify the AC/BNG of the SSID accessed by the UE by using a message.
  • the AC/BNG determines whether to allow access to the EPC capability indication based on the SSID accessed by the UE. Steps 403 to 404 are the same as steps 303 to 304, and are not described herein again.
  • Step 405 After receiving the EAP-RES/Identity message sent by the UE, the AC/BNG carries the EPC capability indication in the message, and sends the EPC capability indication to the AAA server through the AAA proxy.
  • Steps 406 to 407 are the same as steps 306 to 307, and are not described herein again.
  • Step 408 After obtaining the AKA' vector, the AAA server obtains the information about the UE subscription from the HSS, including: whether the subscription is allowed to access the EPC, and the HSS carries the information to the AAA server through the return profile message.
  • the AAA server decides whether to allow access to the EPC according to whether the subscription allows access to the EPC, and/or whether access to the EPC capability indication and/or local policy decision is allowed.
  • the AAA server can decide whether to allow access to the EPC according to whether the subscription is allowed, and whether the subscription is allowed to access the EPC as the final decision whether to allow access to the EPC;
  • the AAA server may also decide whether to allow access to the EPC capability indication according to whether to allow access to the EPC capability indication, and whether to allow access to the EPC capability indication as a final decision whether to allow access to the EPC;
  • the AAA server can also decide whether to allow access to the EPC, whether to allow access to the EPC capability indication, and the local policy. Specifically: when the subscription is allowed to access the EPC and whether access to the EPC capability indication conflict is allowed (ie, no The same), according to the AAA server The related configuration of the local policy is performed, whether the contracted access to the EPC is allowed as the decision result, or whether the access to the EPC capability indication is allowed as the decision result.
  • the AAA server can also decide whether to allow access to the EPC based on the local policy.
  • Step 409 the AKA, -Challenge process is completed between the AAA server and the UE. specific:
  • the AAA server sends an EAP-REQ/AKA'-Challenge message to the AC/BNG through the AAA proxy, which carries the decision to allow access to the EPC.
  • AC/BNG will
  • the EAP-REQ/AKA'-Challenge message is sent to the UE.
  • the EAP-REQ/AKA'-Challenge message can carry the decision whether to allow access to the EPC.
  • the UE does not allow access to the EPC. It can be processed or not.
  • the UE returns an EAP-RES/AKA'-Challenge message to the AC/BNG, AC/BNG will
  • the EAP-RES/AKA'-Challenge message is sent to the AAA server through the AAA proxy.
  • the process is basically the same as the process in FIG. 4, and the difference is: in step 505, after receiving the EAP-RES/Identity message sent by the UE, the AC/BNG carries the UE access message in the message. SSID, instead of whether to allow access to EPC capability indications.
  • step 508 after the AAA server obtains whether the subscription is allowed to access the EPC, the AAA server decides whether to allow access to the EPC according to whether the subscription is allowed to access the EPC, and/or the SSID and/or the local policy accessed by the UE, specifically of:
  • the AAA server can decide whether to allow access to the EPC according to whether the subscription is allowed, and whether the subscription is allowed to access the EPC as the final decision whether to allow access to the EPC;
  • the AAA server can also be determined according to the SSID of the UE access. For example, the AAA server locally configures the SSID corresponding to the three conditions for accessing the EPC. The AAA server can know whether the SSID is allowed according to the SSID accessed by the UE.
  • the case of accessing the EPC may be referred to as whether to allow access to the EPC capability indication; the AAA server directly determines whether to allow access to the EPC capability indication as the final decision whether to allow access to the EPC;
  • the AAA server can also make decisions according to whether the subscription is allowed to access the EPC, whether to allow access to the EPC capability indication, and the local policy, for example: when the subscription is allowed to access the EPC and whether the access to the EPC capability indication conflict is allowed (ie, not the same) According to the configuration of the local policy of the AAA server, whether the contracted access to the EPC is allowed as the decision result, or whether the access to the EPC capability indication is allowed as the decision result.
  • the AAA server can also decide whether to allow access to the EPC based on the local policy.
  • the AP/RG replaces the AC/BNG to perform the corresponding operations, including: EAP certifiers, as well as decision-making operations that allow for the segregation of business.
  • the present invention further provides a system for implementing a service split control with a seam, as shown in FIG. 6, comprising: a decision network element and an execution network element, where:
  • a decision network element configured to determine whether to allow access to the EPC according to whether the contract is allowed to access the EPC, and/or whether to allow access to the EPC capability indication, and/or the local policy;
  • the operation network element is configured to perform an operation of accessing the service according to whether the access is allowed to access the EPC.
  • the decision network element includes: AC or BNG, which is used to obtain whether the subscription is allowed to access the EPC; and is used to obtain the SSID accessed by the UE, and determine whether to allow access to the EPC capability indication according to the SSID and/or the local policy.
  • the decision network element includes: an AAA server, configured to obtain whether to allow access to the EPC capability indication; and also used to obtain whether the subscription is allowed to access the EPC.
  • the decision network element is further configured to: when the subscription is allowed to access the EPC and whether the access to the EPC capability indication is different, according to the local policy, whether the subscription is allowed to access the EPC or whether the access to the EPC capability indication is allowed is determined. Whether to allow access to the EPC.
  • the executing network element When determining whether to allow access to the EPC to allow traffic to be offloaded, the executing network element includes: an AAA server, a UE, and an AC or BNG;
  • An AAA server configured to reply to the EAP-Success message that the EAP authentication succeeds to the UE, and Performing a registration process of the UE to the HSS;
  • the AC or the BNG is configured to allocate a local IP address to the UE and perform a split service split when receiving a message requesting the UE to allocate an IP address.
  • the execution network element includes: an AAA server and a UE;
  • the AAA server replies to the UE with an EAP-Failure message that the EAP authentication fails.
  • the execution network element includes: an AAA server, a UE, and an AC or BNG;
  • An AAA server configured to reply to the UE with an EAP-Success message that the EAP authentication succeeds, and perform a registration process of the UE to the HSS;
  • the AC or BNG is triggered to access the EPC.
  • the present invention also provides an apparatus for implementing a service split control of a slot.
  • the apparatus is applicable to the decision network element described above, and the apparatus includes:
  • An obtaining module configured to obtain whether the subscription is allowed to access an evolved packet core network (EPC), and/or whether to allow access to an EPC capability indication, and/or a local policy;
  • EPC evolved packet core network
  • the decision module is configured to determine whether to allow access to the EPC according to whether the contracted access to the evolved packet core network (EPC), and/or whether to allow access to the EPC capability indication, and/or the local policy.
  • EPC evolved packet core network
  • the obtaining module includes: an AC or BNG sub-module, configured to obtain whether the subscription is allowed to access the EPC; and is further configured to acquire an SSID accessed by the UE, and determine whether to allow access to the EPC capability indication according to the SSID and/or the local policy. .
  • the obtaining module includes: an AAA server sub-module, configured to obtain whether to allow access to the EPC capability indication, and also used to obtain whether the subscription is allowed to access the EPC.
  • the decision module is further configured to: when the subscription is allowed to access the EPC and whether the access EPC capability indication is different, according to the local policy, whether the subscription is allowed to access the EPC or whether the access to the EPC capability indication is allowed as the decision is Allow access to the EPC.
  • the decision module is also used to determine whether to allow access to the EPC in any of the following three types: Allow traffic offload, Deny traffic offload and access EPC, and Deny traffic offload but allow access to EPC.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Disclosed is a seaming service shunt control implementation method, including: a decision network element deciding whether to permit access to an evolved packet core (EPC) according to whether to permit access to the EPC, and/or whether to permit access to EPC capability indication, and/or a local policy as subscribed; and an execution network element executing the operation of service access according to the decision whether to permit access to the EPC. Also disclosed are a seaming service shunt control implementation system and device. The present invention enables a decision to be made on whether UE performs seaming service shunt according to the wish of the UE, the wish of a trustworthy non-3GPP access network (TNAN) and the wish of the mobile network.

Description

一种有缝的业务分流控制的实现方法、 系统和装置 技术领域  Method, system and device for realizing seamed business shunt control
本发明涉及移动通信领域, 特别是指一种有缝的业务分流控制的实现 方法、 系统和装置。 背景技术  The invention relates to the field of mobile communications, and in particular to a method, system and device for implementing a service split control with seams. Background technique
第三代合作伙伴计划 ( 3rd Generation Partnership Project, 3 GPP ) 的演 进的分组系统( Evolved Packet System, EPS ) 由演进的通用地面无线接入 网 ( Evolved Universal Terrestrial Radio Access Network, E-UTRAN )、 移动 管理单元( Mobility Management Entity, MME )、服务网关( Serving Gateway, S-GW )、 分组数据网络网关(Packet Data Network Gateway, P-GW )和归 属用户服务器( Home Subscriber Server, HSS )组成。  The Evolved Packet System (EPS) of the 3rd Generation Partnership Project (3GPP) is evolved by Evolved Universal Terrestrial Radio Access Network (E-UTRAN), mobile The Mobility Management Entity (MME), the Serving Gateway (S-GW), the Packet Data Network Gateway (P-GW), and the Home Subscriber Server (HSS) are formed.
EPS支持与非 3GPP系统的互通, 如图 1所示, 其中, 与非 3GPP系统 的互通通过 S2a/b/c接口实现, P-GW作为 3GPP与非 3GPP系统间的锚点。 在 EPS的系统架构图中,非 3GPP系统接入被分为不可信任非 3GPP接入和 可信任非 3GPP接入; 其中, 不可信任非 3GPP接入需经过演进的分组数据 网关( Evolved Packet Data Gateway, ePDG )与 P-GW相连, ePDG与 P-GW 间的接口为 S2b; 可信任非 3GPP接入可直接通过 S2a接口与 P-GW连接, S2a接口采用 PMIP协议进行信息交互;另外, S2c接口提供了用户设备 ( User Equipment, UE )与 P-GW之间的用户面相关的控制和移动性支持, 其支持 的移动性管理协议为支持双栈的移动 IPv6 ( Moblie IPv6 Support for Dual Stack Hosts and Routers, DSMIPv6), 其可用于不可信任非 3GPP和可信任 非 3GPP接入。  The EPS supports interworking with non-3GPP systems, as shown in Figure 1, where interworking with non-3GPP systems is implemented through the S2a/b/c interface, and the P-GW acts as an anchor between 3GPP and non-3GPP systems. In the system architecture diagram of EPS, non-3GPP system access is divided into untrusted non-3GPP access and trusted non-3GPP access; wherein, untrusted non-3GPP access requires evolved packet data gateway (Evolved Packet Data Gateway) , ePDG) is connected to the P-GW, the interface between the ePDG and the P-GW is S2b; the trusted non-3GPP access can be directly connected to the P-GW through the S2a interface, and the S2a interface uses the PMIP protocol for information exchange; in addition, the S2c interface Provides user plane-related control and mobility support between User Equipment (UE) and P-GW. The supported mobility management protocol is dual-stack mobile IPv6 (Moblie IPv6 Support for Dual Stack Hosts and Routers, DSMIPv6), which can be used for untrusted non-3GPP and trusted non-3GPP access.
无线局域网络( Wireless Local Area Network, WLAN )可以作为可信任 或者不可信任的非 3GPP系统接入 EPS, 涉及到很多运营商关注的非 3GPP 系统和移动融合的互连互通问题。 Wireless Local Area Network (WLAN) can be trusted Or the untrusted non-3GPP system accesses the EPS, which involves the interworking problem of non-3GPP systems and mobile convergence that many operators pay attention to.
由于用户业务的多样性需求, 用户会同时访问多种业务, 这些业务的 资源需求不同。 如果所有终端都通过 WLAN网络或者 3GPP接入系统接入 到 3GPP的核心网,不仅增加了核心网的数据流量负荷, 而且多种业务抢占 有限的网络资源, 可能无法保证对 QoS 要求高的业务的质量, 例如: 像 internet等一类尽力而为 ( Best Effort, BE )业务, 对 QoS要求不是很高, 而语音等一类业务对 QoS要求非常高, 以上两类业务获得了同样的带宽, 这样的带宽对 BE业务来说足够了, 但是可能无法满足语音等业务的要求, 导致语音一类业务的传输质量极差甚至业务失败。 因此, 在移动终端通过 WLAN接入 EPS时, 对业务采用有效地分流是有必要的, 如图 2所示。  Due to the diverse needs of users, users access multiple services at the same time, and the resource requirements of these services are different. If all the terminals access the 3GPP core network through the WLAN network or the 3GPP access system, the data traffic load of the core network is increased, and the limited network resources are occupied by multiple services, and the services with high QoS requirements may not be guaranteed. Quality, for example: Best Effort (BE) services such as the Internet, the QoS requirements are not very high, and the services such as voice have very high QoS requirements. The above two types of services obtain the same bandwidth. The bandwidth is sufficient for the BE service, but may not meet the requirements of services such as voice, resulting in poor transmission quality or even business failure of voice-type services. Therefore, when the mobile terminal accesses the EPS through the WLAN, it is necessary to effectively split the service, as shown in FIG. 2 .
由于 WLAN的技术在不断增强, 一些运营商也认为其可以作为可信任 的非 3GPP系统, 因此, UE通过可信任的 WLAN接入 EPS的互联互通问 题也逐渐被重视并开始研究。 其中, 有缝的业务分流控制的场景也被作为 研究重点之一。  As the technology of WLAN is continuously enhanced, some operators also believe that it can be used as a trusted non-3GPP system. Therefore, the interconnection and interworking problem of UE accessing EPS through trusted WLAN is gradually being paid attention to and researched. Among them, the scene of seamed business diversion control is also regarded as one of the research priorities.
目前, 在 S2a场景下, 与 UE有缝的业务分流相关的方案仍然在研究, 并没有具体的方案。 一些关键问题需要考虑, 比如: 决定 UE是否进行有缝 的业务分流的因素是多方面的, 包括 UE的意愿、 可信任的非 3GPP接入网 络( trusted non-3 GPP IP access network, TNAN ) 网络运营商的意愿和移动 网络运营商的意愿, 以及在哪个网元上决策 UE有缝的业务分流比较合适。 发明内容  Currently, in the S2a scenario, the scheme related to the service splitting of the UE is still under study, and there is no specific solution. Some key issues need to be considered, such as: The factors that determine whether the UE performs the split traffic is multi-faceted, including the willingness of the UE, the trusted non-3 GPP IP access network (TNAN) network. It is more appropriate for the operator's willingness and the willingness of the mobile network operator, and on which network element the UE is sewn. Summary of the invention
有鉴于此, 本发明的主要目的在于提供一种有缝的业务分流控制的实 现方法、 系统和装置, 根据 UE的意愿、 TNAN网络的意愿和移动网络的意 愿综合决策 UE是否进行有缝的业务分流。  In view of this, the main object of the present invention is to provide a method, system and device for implementing a service split control according to a UE, and according to the will of the UE, the will of the TNAN network, and the willingness of the mobile network to comprehensively determine whether the UE performs a slotted service. Diversion.
为达到上述目的, 本发明的技术方案是这样实现的: 本发明提供了一种有缝的业务分流控制的实现方法, 包括: 决策网元根据签约的是否允许接入演进的分组核心网(EPC )、 和 /或是 否允许接入 EPC能力指示、 和 /或本地策略, 决定是否允许接入 EPC; In order to achieve the above object, the technical solution of the present invention is achieved as follows: The present invention provides a method for implementing a slotted service offload control, comprising: determining, by a decision network element, whether to allow access to an evolved packet core network (EPC), and/or whether to allow access to an EPC capability indication, and/or Or a local policy to determine whether to allow access to the EPC;
执行网元根据所述决定的是否允许接入 EPC, 执行业务接入的操作。 上述方案中, 所述决策网元为接入控制设备(AC )或支持 AC功能的 宽带网络网关(BNG )时, 该方法还包括: 所述 AC或 BNG获取所述签约 的是否允许接入 EPC, 为:  The performing network element performs the operation of the service access according to whether the decision is allowed to access the EPC. In the foregoing solution, when the determining network element is an access control device (AC) or a broadband network gateway (BNG) supporting the AC function, the method further includes: obtaining, by the AC or the BNG, whether the subscription is allowed to access the EPC. , for:
在可扩展的认证协议(EAP )认证过程中, 认证、 授权和计费(AAA ) 服务器获取到认证与密钥协商协议(ΑΚΑ' ) 矢量后, 向归属用户服务器 ( HSS )获取所述签约的是否允许接入 EPC;  In the Extensible Authentication Protocol (EAP) authentication process, after the authentication, authorization, and accounting (AAA) server obtains the authentication and key agreement protocol (ΑΚΑ') vector, the contract is obtained from the home subscriber server (HSS). Whether to allow access to the EPC;
所述 AAA服务器, 通过 EAP 认证过程中的 EAP 请求 /AKA'挑战 ( EAP-REQ/AKA'-Challenge )消息将所述签约的是否允许接入 EPC发送给 所述 AC/BNG。  The AAA server sends the subscribed EPC to the AC/BNG through an EAP Request/AKA' Challenge (EAP-REQ/AKA'-Challenge) message in the EAP authentication process.
上述方案中, 所述 EAP认证之前, 该方法还包括: 所述 AC或 BNG 获取 UE接入的服务集标识符(SSID ), 为: 接入点设备 ( AP )或者支持 AP功能的家庭网关(RG )根据接入的 UE的介质访问控制层(MAC )地 址和本地的 MAC映射关系确定 UE接入的 SSID,并告知所述 AC或 BNG。  In the foregoing solution, before the EAP authentication, the method further includes: obtaining, by the AC or the BNG, a service set identifier (SSID) accessed by the UE, that is, an access point device (AP) or a home gateway supporting the AP function ( RG) determining the SSID accessed by the UE according to the medium access control layer (MAC) address of the accessed UE and the local MAC mapping relationship, and notifying the AC or BNG.
上述方案中, 该方法还包括: 所述 AC或 BNG根据所述 SSID和 /或本 地策略确定所述是否允许接入 EPC能力指示。  In the above solution, the method further includes: determining, by the AC or the BNG, whether to allow access to the EPC capability indication according to the SSID and/or the local policy.
上述方案中, 所述决策网元为 AAA服务器时, 该方法还包括: 所述 AAA服务器获取所述是否允许接入 EPC能力指示, 为:  In the foregoing solution, when the determining network element is an AAA server, the method further includes: obtaining, by the AAA server, whether the EPC capability indication is allowed to be accessed, where:
AC或 BNG根据所述 SSID和 /或本地策略确定所述是否允许接入 EPC 能力指示, 并通过 EAP认证过程中的 EAP响应 /身份 ( EAP-RES/Identity ) 消息发送给 AAA服务器; 或者,  The AC or the BNG determines whether the EPC capability indication is allowed to be accessed according to the SSID and/or the local policy, and sends the EAP-RES/Identity message in the EAP authentication process to the AAA server; or
AC或 BNG通过 EAP认证过程中的 EAP-RES/Identity消息将 SSID发 送给 AAA服务器, 所述 AAA服务器根据所述 SSID和 /或本地策略确定所 述是否允许接入 EPC能力指示。 The AC or BNG sends the SSID through the EAP-RES/Identity message in the EAP authentication process. And sending to the AAA server, the AAA server determining, according to the SSID and/or the local policy, whether to allow access to the EPC capability indication.
上述方案中, 所述 AAA服务器获取所述是否允许接入 EPC能力指示 之前, 该方法还包括: AC或 BNG获取所述 SSID, 为:  In the above solution, before the AAA server obtains the EPC capability indication, the method further includes: acquiring the SSID by the AC or the BNG, as follows:
AP或者 RG根据接入的 UE的 MAC地址和本地的 MAC映射关系确定 UE接入的 SSID, 并告知 AC或 BNG。  The AP or the RG determines the SSID accessed by the UE according to the MAC address of the accessed UE and the local MAC mapping relationship, and notifies the AC or the BNG.
上述方案中, 该方法还包括: 在 EAP认证过程中, AAA服务器获取到 AKA'矢量后, 向 HSS获取所述签约的是否允许接入 EPC。  In the above solution, the method further includes: after obtaining the AKA' vector in the EAP authentication process, the AAA server obtains, from the HSS, whether the subscription is allowed to access the EPC.
上述方案中, 决策网元根据签约的是否允许接入 EPC、 和 /或是否允许 接入 EPC能力指示、 和 /或本地策略, 决定是否允许接入 EPC为: 当所述 签约的是否允许接入 EPC和所述是否允许接入 EPC能力指示不相同时,所 述决策网元根据本地策略, 将签约的是否允许接入 EPC或者是否允许接入 EPC能力指示作为所述决定的是否允许接入 EPC。  In the above solution, the decision network element determines whether to allow access to the EPC according to whether the subscription is allowed to access the EPC, and/or whether to allow access to the EPC capability indication, and/or the local policy: when the subscription is allowed to access When the EPC and the EPC capability indication are different, the determining network element, according to the local policy, whether to allow access to the EPC or whether to allow access to the EPC capability indication as the decision whether to allow access to the EPC .
上述方案中, 所述签约的是否允许接入 EPC、 或者所述是否允许接入 EPC能力指示、 或者所述决定的是否允许接入 EPC, 为: 允许业务分流、 拒绝业务分流和接入 EPC、 以及拒绝业务分流但允许接入 EPC三种中的任 意一种。  In the above solution, whether the subscription is allowed to access the EPC, or whether the access to the EPC capability indication is allowed, or whether the decision is allowed to access the EPC is: allowing service offloading, denying service offloading, and accessing the EPC, And refuse to divert traffic but allow access to any of the three EPCs.
上述方案中, 所述决定的是否允许接入 EPC为允许业务分流时, 所述 执行网元包括: AAA服务器、 UE以及 AC或 BNG;  In the above solution, the determining whether the access to the EPC is allowed to be offloaded, the performing network element includes: an AAA server, a UE, and an AC or a BNG;
相应的, 所述执行网元执行业务接入的操作, 包括:  Correspondingly, the performing the operation of performing the service access by the network element includes:
AAA服务器向 UE回复 EAP认证成功的 EAP-Success消息, 并向 HSS 执行 UE的注册流程;  The AAA server replies to the EAP-Success message that the EAP authentication succeeds to the UE, and performs a registration process of the UE to the HSS;
EAP认证成功之后,当 AC或 BNG收到 UE请求分配 IP地址的消息时, 所述 AC或 BNG为 UE分配本地 IP地址, 并执行有缝的业务分流。  After the EAP authentication succeeds, when the AC or the BNG receives the message that the UE requests to allocate an IP address, the AC or the BNG allocates a local IP address to the UE, and performs a split service split.
上述方案中, 所述决定的是否允许接入 EPC 为拒绝业务分流和接入 EPC时, 所述执行网元包括: AAA服务器和 UE; In the foregoing solution, the determining whether to allow access to the EPC is to deny traffic offloading and accessing In the EPC, the execution network element includes: an AAA server and a UE;
相应的, 所述执行网元执行业务接入的操作, 包括:  Correspondingly, the performing the operation of performing the service access by the network element includes:
执行 AKA,通知( AKA'-Notification )流程后, AAA服务器向 UE回复 EAP认证失败的 EAP-Failure消息。  After performing the AKA and AKA'-Notification process, the AAA server replies to the UE with an EAP-Failure message that the EAP authentication failed.
上述方案中, 所述决定的是否允许接入 EPC为拒绝业务分流但允许接 入 EPC时, 所述执行网元包括: AAA服务器、 UE以及 AC或 BNG;  In the foregoing solution, the determining whether the accessing of the EPC is to allow the traffic to be offloaded but the access to the EPC is allowed, the executing network element includes: an AAA server, a UE, and an AC or a BNG;
相应的, 所述执行网元执行业务接入的操作, 包括:  Correspondingly, the performing the operation of performing the service access by the network element includes:
AAA服务器向 UE回复 EAP认证成功的 EAP-Success消息, 并向 HSS 执行 UE的注册流程;  The AAA server replies to the EAP-Success message that the EAP authentication succeeds to the UE, and performs a registration process of the UE to the HSS;
EAP认证成功之后, AC/BNG触发 UE接入 EPC。  After the EAP authentication succeeds, the AC/BNG triggers the UE to access the EPC.
本发明还提供了一种有缝的业务分流控制的实现系统, 包括: 决策网 元和执行网元, 其中:  The present invention also provides an implementation system for a slotted service offload control, comprising: a decision network element and an execution network element, wherein:
所述决策网元, 用于根据签约的是否允许接入 EPC、 和 /或是否允许接 入 EPC能力指示、 和 /或本地策略, 决定是否允许接入 EPC;  Determining whether to allow access to the EPC according to whether the contracted access to the EPC, and/or whether to allow access to the EPC capability indication, and/or the local policy;
所述执行网元, 用于根据所述决定的是否允许接入 EPC, 执行业务接 入的操作。  The execution network element is configured to perform an operation of the service access according to whether the determined access to the EPC is allowed.
上述方案中, 所述决策网元包括: AC或 BNG, 用于获取所述签约的 是否允许接入 EPC; 还用于获取 UE接入的 SSID, 并根据所述 SSID和 /或 本地策略确定所述是否允许接入 EPC能力指示。  In the foregoing solution, the determining network element includes: an AC or a BNG, configured to obtain whether the subscription is allowed to access the EPC, and is further configured to acquire an SSID accessed by the UE, and determine, according to the SSID and/or the local policy, Whether to allow access to the EPC capability indication.
上述方案中, 所述决策网元包括: AAA服务器, 用于获取所述是否允 许接入 EPC能力指示; 还用于获取签约的是否允许接入 EPC。  In the foregoing solution, the determining network element includes: an AAA server, configured to obtain the indication of whether the EPC capability is allowed to be accessed, and whether the subscription is allowed to access the EPC.
上述方案中, 所述决策网元, 还用于当所述签约的是否允许接入 EPC 和所述是否允许接入 EPC能力指示不相同时, 根据本地策略, 将签约的是 否允许接入 EPC或者是否允许接入 EPC能力指示作为所述决定的是否允许 接入 EPCo 上述方案中, 决定的是否允许接入 EPC为允许业务分流时, 所述执行 网元包括: AAA服务器、 UE以及 AC或 BNG; In the above solution, the determining network element is further configured to: when the subscription is allowed to access the EPC and the permission to access the EPC capability indication is different, according to the local policy, whether the subscription is allowed to access the EPC or Whether to allow access to the EPC capability indication as the decision whether to allow access to the EPCo In the foregoing solution, when determining whether to allow access to the EPC to allow traffic to be offloaded, the executing network element includes: an AAA server, a UE, and an AC or a BNG;
AAA服务器, 用于向 UE回复 EAP认证成功的 EAP-Success消息, 并 向 HSS执行 UE的注册流程;  An AAA server, configured to reply to the UE with an EAP-Success message that the EAP authentication succeeds, and perform a registration process of the UE to the HSS;
AC或 BNG, 用于 EAP认证成功之后, 当收到 UE请求分配 IP地址的 消息时, 为 UE分配本地 IP地址, 并执行有缝的业务分流。  After the EAP authentication is successful, the AC or the BNG is configured to allocate a local IP address to the UE and perform a split service split when receiving a message requesting the UE to allocate an IP address.
上述方案中,决定的是否允许接入 EPC为拒绝业务分流和接入 EPC时, 所述执行网元包括: AAA服务器和 UE;  In the foregoing solution, the determining whether the access to the EPC is allowed to be used for the traffic distribution and the access to the EPC, the performing network element includes: an AAA server and a UE;
AAA服务器和 UE执行 AKA' -Notification流程后, AAA服务器向 UE 回复 EAP认证失败的 EAP-Failure消息。  After the AAA server and the UE perform the AKA'-Notification process, the AAA server replies to the UE with an EAP-Failure message that the EAP authentication fails.
上述方案中, 决定的是否允许接入 EPC 为拒绝业务分流但允许接入 EPC时, 所述执行网元包括: AAA服务器、 UE以及 AC或 BNG;  In the foregoing solution, the determining whether the access to the EPC is allowed to be used for the service to be diverted but the EPC is allowed to be accessed, the execution network element includes: an AAA server, a UE, and an AC or a BNG;
AAA服务器, 用于向 UE回复 EAP认证成功的 EAP-Success消息, 并 向 HSS执行 UE的注册流程;  An AAA server, configured to reply to the UE with an EAP-Success message that the EAP authentication succeeds, and perform a registration process of the UE to the HSS;
AC或 BNG, 用于 EAP认证成功之后, 触发 UE接入 EPC。  After the EAP authentication is successful, the AC or BNG is triggered to access the EPC.
本发明还提供了一种有缝的业务分流控制的实现装置, 包括: 获取模块, 用于获取签约的是否允许接入演进的分组核心网(EPC )、 和 /或是否允许接入 EPC能力指示、 和 /或本地策略;  The present invention also provides an apparatus for implementing a service split control, including: an obtaining module, configured to obtain whether a subscription is allowed to access an evolved packet core network (EPC), and/or whether an EPC capability indication is allowed to be accessed. , and / or local strategy;
决策模块, 用于根据所述签约的是否允许接入演进的分组核心网 ( EPC )、 和 /或是否允许接入 EPC能力指示、 和 /或本地策略, 决定是否 允许接入 EPCo  a decision module, configured to determine whether to allow access to the EPCo according to whether the subscription is allowed to access an evolved packet core network (EPC), and/or whether to allow access to an EPC capability indication, and/or a local policy
上述方案中, 所述获取模块包括: AC或 BNG子模块, 用于获取所 述签约的是否允许接入 EPC; 还用于获取 UE接入的 SSID, 并根据所述 SSID和 /或本地策略确定所述是否允许接入 EPC能力指示。  In the above solution, the acquiring module includes: an AC or a BNG sub-module, configured to obtain whether the subscription is allowed to access the EPC, and is further configured to acquire an SSID accessed by the UE, and determine according to the SSID and/or the local policy. Whether to allow access to the EPC capability indication.
上述方案中, 所述获取模块包括: AAA服务器子模块, 用于获取所 述是否允许接入 EPC能力指示; 还用于获取签约的是否允许接入 EPC。 上述方案中,所述决策模块,还用于当所述签约的是否允许接入 EPC 和所述是否允许接入 EPC能力指示不相同时, 根据本地策略, 将签约的 是否允许接入 EPC或者是否允许接入 EPC能力指示作为所述决定的是否 允许接入 EPCo In the above solution, the obtaining module includes: an AAA server submodule, configured to acquire Whether to allow access to the EPC capability indication; also for obtaining whether the subscription is allowed to access the EPC. In the above solution, the decision module is further configured to: when the subscription is allowed to access the EPC and the permission to access the EPC capability indication is different, according to the local policy, whether the subscription is allowed to access the EPC or whether Allow access to the EPC capability indication as the decision whether to allow access to the EPCo
上述方案中, 所述决策模块, 还用于决定的是否允许接入 EPC为以下 三种中的任意一种: 允许业务分流、 拒绝业务分流和接入 EPC以及拒绝业 务分流但允许接入 EPC。  In the foregoing solution, the determining module is further configured to determine whether to allow the access EPC to be any one of the following three types: allowing traffic offloading, denying traffic offloading and accessing the EPC, and denying traffic offloading but allowing access to the EPC.
本发明提出的有缝的业务分流控制的实现方法和系统, 决策网元根据 签约的是否允许接入 EPC、 和 /或是否允许接入 EPC能力指示、 和 /或本地 策略, 决定是否允许接入 EPC; 其中: 签约的是否允许接入 EPC即为移动 网络的意愿、 是否允许接入 EPC能力指示即为 UE和 TNAN网络的综合意 愿、 本地策略即为 TNAN 网络或者移动网络的意愿, 如此实现了根据 UE 的意愿、 TNAN网络的意愿和移动网络的意愿综合决策 UE是否进行有缝的 业务分流(即是否允许接入 EPC ),或者单独根据 TNAN网络的意愿或者移 动网络的意愿决策 UE是否进行有缝的业务分流。 附图说明  The method and system for implementing the slotted service offload control proposed by the present invention, the decision network element determines whether to allow access according to whether the subscription is allowed to access the EPC, and/or whether to allow access to the EPC capability indication, and/or the local policy EPC; where: whether the contracted access to the EPC is the willingness of the mobile network, whether the access to the EPC capability indication is allowed, is the willingness of the UE and the TNAN network, and the local policy is the willingness of the TNAN network or the mobile network, thus achieving According to the will of the UE, the willingness of the TNAN network, and the willingness of the mobile network, comprehensively decide whether the UE performs the slotted service offload (ie, whether to allow access to the EPC), or decides whether the UE performs according to the will of the TNAN network or the will of the mobile network. Sewing business diversion. DRAWINGS
图 1为现有技术中, 3GPP网络与非 3GPP网络互通的网络结构图; 图 2为 UE通过 WLAN S2a接口, 接入 EPC和执行有缝的业务分流的 架构示意图;  1 is a network structure diagram of interworking between a 3GPP network and a non-3GPP network in the prior art; FIG. 2 is a schematic diagram of a structure in which a UE accesses an EPC and performs slotted service offload through a WLAN S2a interface;
图 3为本发明实施例一有缝的业务分流控制的实现方法流程图; 图 4为本发明实施例二有缝的业务分流控制的实现方法流程图; 图 5为本发明实施例三有缝的业务分流控制的实现方法流程图; 图 6为本发明有缝的业务分流控制的实现系统结构示意图。 具体实施方式 本发明提供的有缝的业务分流控制的实现方法的基本思想是: 决策网 元根据签约的是否允许接入 EPC、 和 /或是否允许接入 EPC能力指示、 和 / 或本地策略, 决定是否允许接入 EPC; 执行网元根据决定的是否允许接入 EPC, 执行业务接入的操作。 3 is a flowchart of a method for implementing a service split control of a slot according to an embodiment of the present invention; FIG. 4 is a flowchart of a method for implementing a service split control with slotted according to a second embodiment of the present invention; FIG. 6 is a schematic structural diagram of an implementation system of a service split control according to the present invention. DETAILED DESCRIPTION The basic idea of the method for implementing the slotted service offload control provided by the present invention is: whether the decision network element allows access to the EPC according to the subscription, and/or whether to allow access to the EPC capability indication, and/or the local policy, Determining whether to allow access to the EPC; performing the operation of the service access according to whether the network element is allowed to access the EPC according to the decision.
上述签约的是否允许接入 EPC 也可以称为签约的有缝的业务分流允 许; 是否允许接入 EPC能力指示也可称为有缝的业务分流能力指示; 决定 的是否允许接入 EPC也可以称为决定的是否进行有缝的业务分流。  Whether the above-mentioned contracting is allowed to access the EPC may also be referred to as a contracted slotted service offloading permission; whether to allow access to the EPC capability indication may also be referred to as a slotted service offloading capability indication; determining whether to allow access to the EPC may also be called In order to determine whether there is a segregated business diversion.
上述方案的实施大致可分为以下的两种情形:  The implementation of the above scheme can be roughly divided into the following two situations:
一、 决策网元为接入控制设备(Access Controller, AC )或支持 AC功 能的宽带网络网关(Broadband Network Gateway, BNG ) 时:  1. When the decision network element is an Access Controller (AC) or a Broadband Network Gateway (BNG) that supports AC functions:
AC或 BNG获取签约的是否允许接入 EPC, 为:  Whether the AC or BNG obtains the contract to allow access to the EPC is:
在可扩展的认证协议(EAP )认证过程中, AAA服务器获取到认证与 密钥协商协议(ΑΚΑ' ) 矢量后, 向 HSS获取签约的是否允许接入 EPC;  In the process of the Authenticated Authentication Protocol (EAP) authentication, the AAA server obtains the authentication and key agreement protocol (ΑΚΑ') vector, and obtains whether the contract is allowed to access the EPC to the HSS;
AAA 服务器, 通过 EAP 认证过程中的 EAP 请求 /AKA,挑战 ( EAP-REQ/AKA'-Challenge ) 消息将签约的是否允许接入 EPC 发送给 AC/BNG。  The AAA server, through the EAP request /AKA in the EAP authentication process, challenges ( EAP-REQ/AKA'-Challenge ) message whether the signed access is allowed to be sent to the AC/BNG.
在 EAP认证之前, AC或 BNG还需要获取 UE接入的服务集标识符 ( Service Set Identifier, SSID ), 为: 接入点设备( Access Point, AP )或者 支持 AP功能的家庭网关( Residential Gateway, RG )根据接入的 UE的介 质访问控制层( Medium Access Control Layer, MAC )地址和本地的 MAC 映射关系确定 UE接入的 SSID, 并告知 AC或 BNG;  Before EAP authentication, the AC or BNG needs to obtain the Service Set Identifier (SSID) of the UE access, which is: an access point device (AP) or an AP gateway-enabled home gateway (Residential Gateway, RG) determining the SSID accessed by the UE according to the medium access control layer (MAC) address of the accessed UE and the local MAC mapping relationship, and notifying the AC or the BNG;
进一步地, AC或 BNG根据 SSID和 /或本地策略确定是否允许接入 EPC 能力指示。  Further, the AC or BNG determines whether to allow access to the EPC capability indication based on the SSID and/or the local policy.
之后, AC或 BNG就可以根据签约的是否允许接入 EPC、 和 /或是否允 许接入 EPC能力指示、 和 /或本地策略决定是否允许接入 EPC。 After that, the AC or BNG can be allowed to access the EPC according to the contract, and/or The access EPC capability indication, and/or local policy determines whether access to the EPC is allowed.
二、 决策网元为 AAA服务器时:  2. When the decision network element is an AAA server:
AAA服务器获取是否允许接入 EPC能力指示的方式有两种:  There are two ways for the AAA server to obtain access to EPC capability indications:
一是: AP或者 RG根据接入的 UE的 MAC地址和本地的 MAC映射关 系确定 UE接入的 SSID, 并告知 AC或 BNG; AC或 BNG根据 SSID和 / 或本地策略确定是否允许接入 EPC能力指示, 并通过 EAP认证过程中的 EAP-RES/Identity消息发送给 AAA服务器;  First, the AP or the RG determines the SSID accessed by the UE according to the MAC address of the accessed UE and the local MAC mapping relationship, and notifies the AC or the BNG; the AC or the BNG determines whether to allow access to the EPC according to the SSID and/or the local policy. Instruct, and send the EAP-RES/Identity message in the EAP authentication process to the AAA server;
一是: AP或者 RG根据接入的 UE的 MAC地址和本地的 MAC映射关 系确定 UE接入的 SSID, 并告知 AC或 BNG; AC或 BNG通过 EAP认证 过程中的 EAP-RES/Identity消息将 SSID发送给 AAA服务器, AAA服务器 根据 SSID和 /或本地策略确定是否允许接入 EPC能力指示。  The AP or the RG determines the SSID that the UE accesses according to the MAC address of the accessed UE and the local MAC mapping relationship, and informs the AC or BNG; the AC or BNG passes the EAP-RES/Identity message in the EAP authentication process to the SSID. Sended to the AAA server, the AAA server determines whether to allow access to the EPC capability indication based on the SSID and/or the local policy.
AAA服务器获取签约的是否允许接入 EPC, 为: 在 EAP认证过程中, AAA服务器获取到 AKA'矢量后, 向 HSS获取签约的是否允许接入 EPC。  The AAA server obtains whether the subscription is allowed to access the EPC. In the EAP authentication process, after the AAA server obtains the AKA' vector, the AAA server obtains the contract from the HSS to allow access to the EPC.
之后, AAA服务器就可以根据签约的是否允许接入 EPC、和 /或是否允 许接入 EPC能力指示、 和 /或本地策略决定是否允许接入 EPC。  The AAA server can then decide whether to allow access to the EPC based on whether the subscription is allowed to access the EPC, and/or whether access to the EPC capability indication, and/or local policy is allowed.
针对是上述决策网元的两种情形: 具体的, 决策网元决定是否允许接 入 EPC为: 当签约的是否允许接入 EPC和是否允许接入 EPC能力指示不 相同时, 决策网元根据本地策略, 将签约的是否允许接入 EPC或者是否允 许接入 EPC能力指示作为决定的是否允许接入 EPC。  For the two scenarios of the above-mentioned decision network element: Specifically, the decision network element determines whether the access to the EPC is allowed to be: when the subscription is allowed to access the EPC and the access EPC capability indication is not the same, the decision network element is based on the local The policy determines whether to allow access to the EPC or whether to allow access to the EPC capability indication as a decision whether to allow access to the EPC.
在某些情况下, 决策网元也可以只根据签约的是否允许接入 EPC或者 是否允许接入 EPC能力指示来决定是否允许接入 EPC, 即: 决策网元直接 将签约的是否允许接入 EPC或者是否允许接入 EPC能力指示作为决定的是 否允许接入 EPCo  In some cases, the decision network element may also decide whether to allow access to the EPC according to whether the subscription is allowed to access the EPC or whether to allow access to the EPC capability indication, that is, whether the decision network element directly permits the access to the EPC. Or whether to allow access to the EPC capability indication as a decision whether to allow access to the EPCo
签约的是否允许接入 EPC、 或者是否允许接入 EPC能力指示、 或者决 定的是否允许接入 EPC, 为: 允许业务分流、 拒绝业务分流和接入 EPC和 拒绝业务分流但允许接入 EPC三种中的任意一种。 Whether the contract is allowed to access the EPC, or whether to allow access to the EPC capability indication, or whether to allow access to the EPC, is: Allow traffic to be diverted, refuse traffic diversion, and access EPC and Reject traffic splitting but allow access to any of the three EPCs.
允许业务分流时, 执行网元包括: AAA服务器、 UE以及 AC或 BNG; 则执行网元执行业务接入的操作包括: AAA服务器向 UE回复 EAP认证成 功的 EAP-Success消息, 并向 HSS执行 UE的注册流程; EAP认证成功之 后, 当 AC或 BNG收到 UE请求分配 IP地址的消息时, 为 UE分配本地 IP 地址, 并执行有缝的业务分流。  When the service is allowed to be offloaded, the performing network element includes: an AAA server, a UE, and an AC or a BNG; and the performing the operation of the network element to perform the service access includes: the AAA server returns an EAP-Success message that the EAP authentication succeeds to the UE, and performs the UE to the HSS. After the EAP authentication succeeds, when the AC or the BNG receives the message that the UE requests to allocate an IP address, the UE allocates a local IP address and performs a split service split.
拒绝业务分流和接入 EPC时, 执行网元包括: AAA服务器和 UE; 则 执行网元执行业务接入的操作包括: 执行 AKA, -Notification流程后, AAA 服务器向 UE回复 EAP认证失败的 EAP-Failure消息。  The operation network element includes: an AAA server and a UE; and the performing the operation of the network element to perform the service access includes: After performing the AKA, -Notification process, the AAA server returns the EAP of the EAP authentication failure to the UE. Failure message.
拒绝业务分流但允许接入 EPC核心网时,执行网元包括: AAA服务器、 UE以及 AC或 BNG; 则执行网元执行业务接入的操作包括: AAA服务器 向 UE回复 EAP认证成功的 EAP-Success消息, 并向 HSS执行 UE的注册 流程; EAP认证成功之后, AC/BNG触发 UE接入 EPC。  The operation network element includes: an AAA server, a UE, and an AC or a BNG. The operation of performing the network element to perform the service access includes: the AAA server replies to the EAP-Success that the EAP authentication succeeds to the UE. The message, and the registration process of the UE is performed to the HSS; after the EAP authentication succeeds, the AC/BNG triggers the UE to access the EPC.
下面通过具体的实施例来说明本发明的方案.  The solution of the present invention will be described below by way of specific embodiments.
实施例一, 该实施例为上述情形一的具体描述。 如图 3 所示, 有缝的 业务分流的控制流程包括:  Embodiment 1 This embodiment is a specific description of the above case 1. As shown in Figure 3, the control flow of the seamed business distribution includes:
步骤 301, UE根据 WLAN的无线机制, 选择一个 SSID接入, 并接入 相应的 AP/RG ( AP或支持 AP功能的 RG, 如果为 AP则后续对应 AC, 如 果为 RG则后续对应 BNG )。  Step 301: The UE selects an SSID access according to the wireless mechanism of the WLAN, and accesses the corresponding AP/RG (the AP or the RG supporting the AP function, and if it is an AP, the corresponding AC, if it is the RG, the corresponding BNG).
步骤 302, AP/RG根据 UE的介质访问控制层( Medium Access Control Layer, MAC )地址,以及本地的 MAC映射关系,可以知道 UE接入的 SSID, 并将 UE接入的 SSID通过消息告知 AC/BNG。 具体的, 可以扩展无线接入 点的控制和提供 ( Control And Provisioning of Wireless Access Points , CAPWAP ) 消息来携带 UE接入的 SSID, 或者新增专门的消息来发送 UE 接入的 SSID。 步骤 303, AC/BNG作为可扩展的认证协议( Extensible Authentication Protocol, EAP )认证者,会向 UE触发 EAP认证流程,首先向 UE发送 EAP 请求 /身份 ( EAP-REQ/Identity ) 消息。 In step 302, the AP/RG can know the SSID accessed by the UE according to the Medium Access Control Layer (MAC) address of the UE and the local MAC mapping relationship, and notify the AC of the SSID accessed by the UE by using a message. BNG. Specifically, the Control and Provisioning of Wireless Access Points (CAPWAP) message may be extended to carry the SSID accessed by the UE, or a special message may be added to send the SSID accessed by the UE. Step 303: The AC/BNG, as an Extensible Authentication Protocol (EAP) Authenticator, triggers an EAP authentication process to the UE, and first sends an EAP Request/Identity (EAP-REQ/Identity) message to the UE.
步骤 304, UE向 AC/BNG返回 EAP响应 /身份 ( EAP-RES/Identity )消 息。  Step 304: The UE returns an EAP Response/Identity (EAP-RES/Identity) message to the AC/BNG.
步骤 305, AC/BNG通过认证、授权和计费( Authentication, Authorization and Accounting, AAA )代理将 EAP-RES/Identity消息发送给 AAA服务器。  Step 305: The AC/BNG sends an EAP-RES/Identity message to the AAA server through an Authentication, Authorization, and Accounting (AAA) proxy.
步骤 306, AAA服务器通过 AAA代理向 AC/BNG发送 EAP请求 /ΑΚΑ' 身份( EAP-REQ/AKA' -Identity ) 消息, AC/BNG将该消息转发给 UE;  Step 306, the AAA server sends an EAP request/ΑΚΑ' identity (EAP-REQ/AKA'-Identity) message to the AC/BNG through the AAA proxy, and the AC/BNG forwards the message to the UE;
UE向 AC/BNG返回 EAP响应 /AKA,身份 ( EAP-RES/AKA'-Identity ) 消息, AC/BNG通过 AAA代理将该消息发送给 AAA服务器。  The UE returns an EAP Response / AKA, Identity (EAP-RES/AKA'-Identity) message to the AC/BNG, and the AC/BNG sends the message to the AAA server through the AAA proxy.
步骤 307, AAA服务器收到 EAP-RES/AKA'-Identity消息后, 向 HSS 请求认证与密钥协商协议 ( Authentication and Key Agreement, AKA' )矢量, 此时, HSS先判断 UE注册的 AAA服务器与请求 ΑΚΑ'矢量的 AAA服务器 是否为同一个, 如果是, HSS向该 AAA服务器返回 ΑΚΑ'矢量; 如果不是, HSS向 UE注册的 AAA服务器返回 ΑΚΑ'矢量。  Step 307: After receiving the EAP-RES/AKA'-Identity message, the AAA server requests an authentication and Key Agreement (AKA') vector from the HSS. At this time, the HSS first determines the AAA server registered by the UE. Whether the AAA server requesting the vector is the same, if yes, the HSS returns a vector to the AAA server; if not, the HSS returns a vector to the AAA server registered by the UE.
步骤 308, 获取到 AKA'矢量后, AAA服务器向 HSS获取 UE签约的 信息, 主要包括: 签约的是否允许接入 EPC, HSS通过 return profile消息 携带该信息给 AAA服务器。  Step 308: After obtaining the AKA' vector, the AAA server obtains the information about the UE subscription from the HSS, which mainly includes: whether the subscription is allowed to access the EPC, and the HSS carries the information to the AAA server through the return profile message.
步骤 309, AAA服务器通过 AAA代理向 AC/BNG发送 EAP请求 /ΑΚΑ' 挑战( EAP-REQ/AKA,-Challenge )消息,其中携带签约的是否允许接入 EPC; AC/BNG 将 EAP-REQ/AKA,-Challenge 消 息发送给 UE , 此 时 EAP-REQ/AKA'-Challenge消息中可携带签约的是否允许接入 EPC (这种情 况下 UE不对签约的是否允许接入 EPC进行处理), 也可以不携带。  Step 309: The AAA server sends an EAP Request/ΑΚΑ' Challenge (EAP-REQ/AKA, -Challenge) message to the AC/BNG through the AAA proxy, where the bearer is allowed to access the EPC; the AC/BNG will EAP-REQ/AKA The -Challenge message is sent to the UE. In this case, the EAP-REQ/AKA'-Challenge message can carry the subscription to allow access to the EPC (in this case, the UE does not allow access to the EPC for processing the subscription), or not carry.
另夕卜, AC/BNG接收到 EAP-REQ/AKA'-Challenge消息后,根据签约的 是否允许接入 EPC、 和 /或 UE接入的 SSID和 /或本地策略, 决策是否允许 接入 EPCo In addition, after AC/BNG receives the EAP-REQ/AKA'-Challenge message, it is based on the contract. Whether to allow access to the EPC, and/or the SSID and/or local policy accessed by the UE, whether to allow access to the EPCo
需要指出的是,是否允许接入 EPC包括如下三种情况: 允许业务分流; 拒绝业务分流和接入 EPC; 拒绝业务分流但允许接入 EPC。 可以将上述三 种情况分别通过对应的值来表示, 例如: 1代表允许业务分流; 2代表拒绝 业务分流和接入 EPC; 3代表拒绝业务分流但允许接入 EPC。 当然也可以 通过定义其它形式的值来表示。  It should be noted that whether access to the EPC is allowed includes the following three cases: Allowing traffic to be offloaded; Denying traffic offloading and accessing the EPC; Denying traffic offloading but allowing access to the EPC. The above three cases can be represented by corresponding values, for example: 1 means that the service is allowed to be offloaded; 2 means that the service is offloaded and accesses the EPC; and 3 means that the service is offloaded but allowed to access the EPC. Of course, it can also be represented by defining other forms of values.
另夕卜, AC/BNG根据签约的是否允许接入 EPC、 和 /或 UE接入的 SSID 和 /或本地策略决策是否允许接入 EPC时:  In addition, the AC/BNG decides whether to allow access to the EPC according to whether the contracted access to the EPC, and/or the SSID and/or local policy of the UE access is allowed:
AC/BNG可以只根据签约的是否允许接入 EPC来决策, 直接将签约的 是否允许接入 EPC作为最终决定的是否允许接入 EPC;  The AC/BNG can decide whether to allow access to the EPC according to whether the subscription is allowed or not, and whether the subscription is allowed to access the EPC as the final decision whether to allow access to the EPC;
AC/BNG也可以只根据 UE接入的 SSID来决策,例如 AC/BNG本地配 置了是否允许接入 EPC的三种情况所对应的 SSID, AC/BNG根据 UE接入 的 SSID可以获知该 SSID对应的是否允许接入 EPC的情况,可以称为是否 允许接入 EPC能力指示; AC/BNG直接将是否允许接入 EPC能力指示作为 最终决定的是否允许接入 EPC;  The AC/BNG can also be determined according to the SSID of the UE access. For example, the AC/BNG is configured with the SSID corresponding to the three conditions of the EPC. The AC/BNG can know the SSID according to the SSID accessed by the UE. Whether the access to the EPC is allowed, may be referred to as whether to allow access to the EPC capability indication; whether the AC/BNG directly allows access to the EPC capability indication as the final decision whether to allow access to the EPC;
AC/BNG也可以同时根据签约的是否允许接入 EPC、是否允许接入 EPC 能力指示和本地策略来决策, 比如: 当签约的是否允许接入 EPC和是否允 许接入 EPC能力指示冲突(即不相同 )时, 可以根据 AC/BNG本地策略的 相关配置进行, 将签约的是否允许接入 EPC作为决策结果, 或者将是否允 许接入 EPC能力指示作为决策结果。  The AC/BNG can also be determined according to whether the subscription is allowed to access the EPC, whether the access to the EPC capability indication and the local policy are allowed, for example: when the subscription is allowed to access the EPC and whether the access to the EPC capability indication conflict is allowed (ie, no The same can be performed according to the configuration of the AC/BNG local policy, whether the contracted access to the EPC is allowed as the decision result, or whether the access to the EPC capability indication is allowed as the decision result.
AC/BNG也可以只根据本地策略, 来决策是否允许接入 EPC。  AC/BNG can also decide whether to allow access to EPC based on local policies.
步骤 310 : UE 向 AC/BNG 返回 EAP 响应 /ΑΚΑ'挑战 ( EAP-RES/AKA'-Challenge )消息, AC/BNG在 EAP-RES/AKA' -Challenge 消息中携带决策出的是否允许接入 EPC通过 AAA代理发送给 AAA服务 器。 Step 310: The UE returns an EAP Response/ΑΚΑA Challenge (EAP-RES/AKA'-Challenge) message to the AC/BNG, and the AC/BNG carries the determined EPC-RES/AKA'-Challenge message to allow access to the EPC. Send to AAA service through AAA proxy Device.
AAA服务器会根据决策出的是否允许接入 EPC,, 执行相应的业务接 入操作处理, 可以分为如下三种情形:  The AAA server performs the corresponding service access operation processing according to whether it is allowed to access the EPC, and can be divided into the following three situations:
场景 1 :  scene 1 :
步骤 311-312, 如果决策出的是否允许接入 EPC为允许业务分流, 则 AAA服务器向 UE回复 EAP-Success消息 ( EAP成功消息), 表明 EAP认 证成功。 并且, AAA服务器向 HSS执行 UE的注册流程, AAA服务器会 保存该 UE相关的接入会话信息。  In step 311-312, if the decision is made to allow access to the EPC to allow traffic to be offloaded, the AAA server replies with an EAP-Success message (EAP success message) to the UE, indicating that the EAP authentication is successful. Moreover, the AAA server performs a registration process of the UE to the HSS, and the AAA server saves the access session information related to the UE.
步骤 313, 在 EAP认证成功之后, 当 AC/BNG收到 UE请求分配 IP地 址的消息时, 会根据决策出的是否允许接入 EPC (允许业务分流), 本地为 UE分配 IP地址, 并执行有缝的业务分流。  Step 313: After the EAP authentication succeeds, when the AC/BNG receives the message that the UE requests to allocate an IP address, the AC/BNG allocates an IP address to the UE according to the decision whether to allow access to the EPC (allowing traffic splitting), and performs an IP address locally. Sewing business diversion.
场景 2:  Scene 2:
步骤 311 : 如果决策出的是否允许接入 EPC 为拒绝业务分流和接入 EPC, 则 AAA服务器和 UE之间执行 AKA,通知( AKA, -Notification )流程, 通过该流程, AAA服务器可以向 UE告知失败的结果。  Step 311: If the deciding whether to allow the access EPC to deny the traffic offloading and accessing the EPC, the AKA, the notification (AKA, -Notification) process is performed between the AAA server and the UE, and the AAA server may notify the UE through the process. The result of the failure.
步骤 312: 执行 AKA, -Notification流程后, AAA服务器向 UE 回复 EAP-Failure消息 ( EAP失败消息)。  Step 312: After performing the AKA, -Notification process, the AAA server replies to the UE with an EAP-Failure message (EAP failure message).
至此, 因为 EAP认证失败, UE被终止接入。  At this point, the UE is terminated because the EAP authentication fails.
这种场景可能发生在恶意 UE请求一个只允许业务分流或者接入 EPC 的 SSID, 但是, 签约的业务分流指示正好与之请求的相反, 因此, EAP认 证会失败。  This scenario may occur when a malicious UE requests an SSID that only allows traffic to be offloaded or accesses the EPC. However, the contracted traffic offload indication is exactly the opposite of what is requested, and therefore, the EAP authentication fails.
场景 3:  Scene 3:
步骤 311〜312, 如果决策出的是否允许接入 EPC为拒绝业务分流但允 许接入 EPC,则 AAA服务器向 UE回复 EAP-Success消息,表明 EAP认证 成功。 并且, AAA服务器向 HSS执行 UE的注册流程, AAA服务器会保 存该 UE相关的接入会话信息。 In steps 311 312, the AAA server replies with an EAP-Success message to the UE, indicating that the EAP authentication is successful, if the EPC is allowed to access the EPC to allow the traffic to be diverted. Moreover, the AAA server performs the registration process of the UE to the HSS, and the AAA server guarantees The access session information related to the UE is stored.
步骤 313, 在 EAP认证成功之后, AC/BNG会触发 UE接入 EPC。 实施例二, 该实施例为上述情形二的具体描述。 如图 4所示, 有缝的 业务分流控制的实现流程包括:  Step 313: After the EAP authentication succeeds, the AC/BNG triggers the UE to access the EPC. Embodiment 2 This embodiment is a specific description of the above case 2. As shown in Figure 4, the implementation process of the seamed traffic distribution control includes:
步骤 401, UE根据 WLAN的无线机制, 选择一个 SSID接入, 并接入 相应的 AP/RG。  Step 401: The UE selects an SSID access according to the wireless mechanism of the WLAN, and accesses the corresponding AP/RG.
步骤 402, AP/RG根据 UE的 MAC地址, 以及本地的 MAC映射关系, 可以知道 UE接入的 SSID, 并将 UE接入的 SSID通过消息告知 AC/BNG。  Step 402: The AP/RG can know the SSID accessed by the UE according to the MAC address of the UE and the local MAC mapping relationship, and notify the AC/BNG of the SSID accessed by the UE by using a message.
AC/BNG根据 UE接入的 SSID确定是否允许接入 EPC能力指示。 步骤 403〜404同步骤 303〜304, 此处不再赘述。  The AC/BNG determines whether to allow access to the EPC capability indication based on the SSID accessed by the UE. Steps 403 to 404 are the same as steps 303 to 304, and are not described herein again.
步骤 405, AC/BNG收到 UE发送的 EAP-RES/Identity消息后, 在消息 中携带是否允许接入 EPC能力指示, 并通过 AAA代理发给 AAA服务器。  Step 405: After receiving the EAP-RES/Identity message sent by the UE, the AC/BNG carries the EPC capability indication in the message, and sends the EPC capability indication to the AAA server through the AAA proxy.
步骤 406〜407同步骤 306〜307, 此处不再赘述。  Steps 406 to 407 are the same as steps 306 to 307, and are not described herein again.
步骤 408, 获取到 AKA'矢量后, AAA服务器向 HSS获取 UE签约的 信息, 主要包括: 签约的是否允许接入 EPC, HSS通过 return profile消息 携带该信息给 AAA服务器。  Step 408: After obtaining the AKA' vector, the AAA server obtains the information about the UE subscription from the HSS, including: whether the subscription is allowed to access the EPC, and the HSS carries the information to the AAA server through the return profile message.
进一步地, AAA服务器根据签约的是否允许接入 EPC、和 /或是否允许 接入 EPC能力指示和 /或本地策略决策是否允许接入 EPC。  Further, the AAA server decides whether to allow access to the EPC according to whether the subscription allows access to the EPC, and/or whether access to the EPC capability indication and/or local policy decision is allowed.
AAA服务器可以只根据签约的是否允许接入 EPC来决策,直接将签约 的是否允许接入 EPC作为最终决定的是否允许接入 EPC;  The AAA server can decide whether to allow access to the EPC according to whether the subscription is allowed, and whether the subscription is allowed to access the EPC as the final decision whether to allow access to the EPC;
AAA服务器也可以只根据是否允许接入 EPC能力指示来决策,直接将 是否允许接入 EPC能力指示作为最终决定的是否允许接入 EPC;  The AAA server may also decide whether to allow access to the EPC capability indication according to whether to allow access to the EPC capability indication, and whether to allow access to the EPC capability indication as a final decision whether to allow access to the EPC;
AAA服务器也可以同时根据签约的是否允许接入 EPC、 是否允许接入 EPC能力指示和本地策略来决策, 具体的: 当签约的是否允许接入 EPC和 是否允许接入 EPC能力指示冲突(即不相同) 时, 可以根据 AAA服务器 本地策略的相关配置进行, 将签约的是否允许接入 EPC作为决策结果, 或 者将是否允许接入 EPC能力指示作为决策结果。 The AAA server can also decide whether to allow access to the EPC, whether to allow access to the EPC capability indication, and the local policy. Specifically: when the subscription is allowed to access the EPC and whether access to the EPC capability indication conflict is allowed (ie, no The same), according to the AAA server The related configuration of the local policy is performed, whether the contracted access to the EPC is allowed as the decision result, or whether the access to the EPC capability indication is allowed as the decision result.
AAA服务器也可以只根据本地策略, 来决策是否允许接入 EPC。  The AAA server can also decide whether to allow access to the EPC based on the local policy.
步骤 409, AAA服务器和 UE之间完成 AKA, -Challenge流程。具体的: Step 409, the AKA, -Challenge process is completed between the AAA server and the UE. specific:
AAA服务器通过 AAA代理向 AC/BNG发送 EAP-REQ/AKA'-Challenge消 息, 其中携带有决策出 的是否允许接入 EPC。 AC/BNG 将The AAA server sends an EAP-REQ/AKA'-Challenge message to the AC/BNG through the AAA proxy, which carries the decision to allow access to the EPC. AC/BNG will
EAP-REQ/AKA'-Challenge消息发送给 UE,此时 EAP-REQ/AKA'-Challenge 消息中可携带决策出的是否允许接入 EPC (这种情况下 UE不对决策出的 是否允许接入 EPC进行处理), 也可以不携带。 The EAP-REQ/AKA'-Challenge message is sent to the UE. In this case, the EAP-REQ/AKA'-Challenge message can carry the decision whether to allow access to the EPC. In this case, the UE does not allow access to the EPC. It can be processed or not.
UE 向 AC/BNG返回 EAP-RES/AKA'-Challenge 消息, AC/BNG 将 The UE returns an EAP-RES/AKA'-Challenge message to the AC/BNG, AC/BNG will
EAP-RES/AKA'-Challenge消息通过 AAA代理发送给 AAA服务器。 The EAP-RES/AKA'-Challenge message is sent to the AAA server through the AAA proxy.
后续流程同场景 1、 场景 2或场景 3, 此处不再赘述。  The subsequent process is the same as scenario 1, scenario 2, or scenario 3, and is not mentioned here.
实施例三, 如图 5所示, 该流程与图 4流程基本相同, 区别在于: 步骤 505中, AC/BNG收到 UE发送的 EAP-RES/Identity消息后,在消 息中携带 UE接入的 SSID, 而不是是否允许接入 EPC能力指示。  In the third embodiment, as shown in FIG. 5, the process is basically the same as the process in FIG. 4, and the difference is: in step 505, after receiving the EAP-RES/Identity message sent by the UE, the AC/BNG carries the UE access message in the message. SSID, instead of whether to allow access to EPC capability indications.
相应的,步骤 508, AAA服务器获取签约的是否允许接入 EPC后, AAA 服务器根据签约的是否允许接入 EPC、 和 /或 UE接入的 SSID和 /或本地策 略决策是否允许接入 EPC, 具体的:  Correspondingly, in step 508, after the AAA server obtains whether the subscription is allowed to access the EPC, the AAA server decides whether to allow access to the EPC according to whether the subscription is allowed to access the EPC, and/or the SSID and/or the local policy accessed by the UE, specifically of:
AAA服务器可以只根据签约的是否允许接入 EPC来决策,直接将签约 的是否允许接入 EPC作为最终决定的是否允许接入 EPC;  The AAA server can decide whether to allow access to the EPC according to whether the subscription is allowed, and whether the subscription is allowed to access the EPC as the final decision whether to allow access to the EPC;
AAA服务器也可以只根据 UE接入的 SSID来决策, 例如 AAA服务器 本地配置了是否允许接入 EPC的三种情况所对应的 SSID, AAA服务器根 据 UE接入的 SSID可以获知该 SSID对应的是否允许接入 EPC的情况, 可 以称为是否允许接入 EPC能力指示; AAA服务器直接将是否允许接入 EPC 能力指示作为最终决定的是否允许接入 EPC; AAA服务器也可以同时根据签约的是否允许接入 EPC、 是否允许接入 EPC能力指示和本地策略来决策, 比如: 当签约的是否允许接入 EPC和是 否允许接入 EPC能力指示冲突(即不相同 ) 时, 可以根据 AAA服务器本 地策略的相关配置进行, 将签约的是否允许接入 EPC作为决策结果, 或者 将是否允许接入 EPC能力指示作为决策结果。 The AAA server can also be determined according to the SSID of the UE access. For example, the AAA server locally configures the SSID corresponding to the three conditions for accessing the EPC. The AAA server can know whether the SSID is allowed according to the SSID accessed by the UE. The case of accessing the EPC may be referred to as whether to allow access to the EPC capability indication; the AAA server directly determines whether to allow access to the EPC capability indication as the final decision whether to allow access to the EPC; The AAA server can also make decisions according to whether the subscription is allowed to access the EPC, whether to allow access to the EPC capability indication, and the local policy, for example: when the subscription is allowed to access the EPC and whether the access to the EPC capability indication conflict is allowed (ie, not the same) According to the configuration of the local policy of the AAA server, whether the contracted access to the EPC is allowed as the decision result, or whether the access to the EPC capability indication is allowed as the decision result.
AAA服务器也可以只根据本地策略, 来决策是否允许接入 EPC。  The AAA server can also decide whether to allow access to the EPC based on the local policy.
上述实施例中主要是针对 AP/RG作为桥接模式来描述的,对于 AP/RG 为路由模式的场景也同样适用, 此时, AP/RG代替 AC/BNG来执行相应的 操作, 包括: 做为 EAP认证者, 以及决策有缝的业务分流允许等操作。  The above embodiment is mainly described for the AP/RG as the bridge mode. The same applies to the scenario where the AP/RG is in the route mode. In this case, the AP/RG replaces the AC/BNG to perform the corresponding operations, including: EAP certifiers, as well as decision-making operations that allow for the segregation of business.
为了实现上述方法, 本发明还提供了一种有缝的业务分流控制的实现 系统, 如图 6所示, 包括: 决策网元和执行网元, 其中:  In order to implement the above method, the present invention further provides a system for implementing a service split control with a seam, as shown in FIG. 6, comprising: a decision network element and an execution network element, where:
决策网元,用于根据签约的是否允许接入 EPC、和 /或是否允许接入 EPC 能力指示、 和 /或本地策略, 决定是否允许接入 EPC;  a decision network element, configured to determine whether to allow access to the EPC according to whether the contract is allowed to access the EPC, and/or whether to allow access to the EPC capability indication, and/or the local policy;
执行网元, 用于根据决定的是否允许接入 EPC, 执行业务接入的操作。 决策网元包括: AC或 BNG, 用于获取签约的是否允许接入 EPC; 还 用于获取 UE接入的 SSID, 并根据 SSID和 /或本地策略确定是否允许接入 EPC能力指示。  The operation network element is configured to perform an operation of accessing the service according to whether the access is allowed to access the EPC. The decision network element includes: AC or BNG, which is used to obtain whether the subscription is allowed to access the EPC; and is used to obtain the SSID accessed by the UE, and determine whether to allow access to the EPC capability indication according to the SSID and/or the local policy.
决策网元包括: AAA服务器, 用于获取是否允许接入 EPC能力指示; 还用于获取签约的是否允许接入 EPC。  The decision network element includes: an AAA server, configured to obtain whether to allow access to the EPC capability indication; and also used to obtain whether the subscription is allowed to access the EPC.
决策网元,还用于当签约的是否允许接入 EPC和是否允许接入 EPC能 力指示不相同时, 根据本地策略, 将签约的是否允许接入 EPC或者是否允 许接入 EPC能力指示作为决定的是否允许接入 EPC。  The decision network element is further configured to: when the subscription is allowed to access the EPC and whether the access to the EPC capability indication is different, according to the local policy, whether the subscription is allowed to access the EPC or whether the access to the EPC capability indication is allowed is determined. Whether to allow access to the EPC.
决定的是否允许接入 EPC为允许业务分流时,执行网元包括: AAA服 务器、 UE以及 AC或 BNG;  When determining whether to allow access to the EPC to allow traffic to be offloaded, the executing network element includes: an AAA server, a UE, and an AC or BNG;
AAA服务器, 用于向 UE回复 EAP认证成功的 EAP-Success消息, 并 向 HSS执行 UE的注册流程; An AAA server, configured to reply to the EAP-Success message that the EAP authentication succeeds to the UE, and Performing a registration process of the UE to the HSS;
AC或 BNG, 用于 EAP认证成功之后, 当收到 UE请求分配 IP地址的 消息时, 为 UE分配本地 IP地址, 并执行有缝的业务分流。  After the EAP authentication is successful, the AC or the BNG is configured to allocate a local IP address to the UE and perform a split service split when receiving a message requesting the UE to allocate an IP address.
决定的是否允许接入 EPC为拒绝业务分流和接入 EPC时,执行网元包 括: AAA服务器和 UE;  Determining whether to allow access to the EPC to deny traffic and access the EPC, the execution network element includes: an AAA server and a UE;
AAA服务器和 UE执行 AKA' -Notification流程后, AAA服务器向 UE 回复 EAP认证失败的 EAP-Failure消息。  After the AAA server and the UE perform the AKA'-Notification process, the AAA server replies to the UE with an EAP-Failure message that the EAP authentication fails.
决定的是否允许接入 EPC为拒绝业务分流但允许接入 EPC时,执行网 元包括: AAA服务器、 UE以及 AC或 BNG;  Determining whether to allow access to the EPC to deny traffic but allow access to the EPC, the execution network element includes: an AAA server, a UE, and an AC or BNG;
AAA服务器, 用于向 UE回复 EAP认证成功的 EAP-Success消息, 并 向 HSS执行 UE的注册流程;  An AAA server, configured to reply to the UE with an EAP-Success message that the EAP authentication succeeds, and perform a registration process of the UE to the HSS;
AC或 BNG, 用于 EAP认证成功之后, 触发 UE接入 EPC。  After the EAP authentication is successful, the AC or BNG is triggered to access the EPC.
本发明还提出了一种有缝的业务分流控制的实现装置, 优选地, 该 装置适用于上述的决策网元, 该装置包括:  The present invention also provides an apparatus for implementing a service split control of a slot. Preferably, the apparatus is applicable to the decision network element described above, and the apparatus includes:
获取模块, 用于获取签约的是否允许接入演进的分组核心网(EPC )、 和 /或是否允许接入 EPC能力指示、 和 /或本地策略;  An obtaining module, configured to obtain whether the subscription is allowed to access an evolved packet core network (EPC), and/or whether to allow access to an EPC capability indication, and/or a local policy;
决策模块, 用于根据签约的是否允许接入演进的分组核心网(EPC )、 和 /或是否允许接入 EPC 能力指示、 和 /或本地策略, 决定是否允许接入 EPC。  The decision module is configured to determine whether to allow access to the EPC according to whether the contracted access to the evolved packet core network (EPC), and/or whether to allow access to the EPC capability indication, and/or the local policy.
优选地, 获取模块包括: AC或 BNG子模块, 用于获取签约的是否 允许接入 EPC; 还用于获取 UE接入的 SSID, 并根据 SSID和 /或本地策 略确定是否允许接入 EPC能力指示。  Preferably, the obtaining module includes: an AC or BNG sub-module, configured to obtain whether the subscription is allowed to access the EPC; and is further configured to acquire an SSID accessed by the UE, and determine whether to allow access to the EPC capability indication according to the SSID and/or the local policy. .
或者,  Or,
获取模块包括: AAA服务器子模块, 用于获取是否允许接入 EPC能 力指示; 还用于获取签约的是否允许接入 EPC。 决策模块, 还用于当签约的是否允许接入 EPC和是否允许接入 EPC 能力指示不相同时, 根据本地策略, 将签约的是否允许接入 EPC或者是 否允许接入 EPC能力指示作为决定的是否允许接入 EPC。 The obtaining module includes: an AAA server sub-module, configured to obtain whether to allow access to the EPC capability indication, and also used to obtain whether the subscription is allowed to access the EPC. The decision module is further configured to: when the subscription is allowed to access the EPC and whether the access EPC capability indication is different, according to the local policy, whether the subscription is allowed to access the EPC or whether the access to the EPC capability indication is allowed as the decision is Allow access to the EPC.
决策模块, 还用于决定是否允许接入 EPC为以下三种中的任意一种: 允许业务分流、 拒绝业务分流和接入 EPC 以及拒绝业务分流但允许接入 EPC。  The decision module is also used to determine whether to allow access to the EPC in any of the following three types: Allow traffic offload, Deny traffic offload and access EPC, and Deny traffic offload but allow access to EPC.
以上所述, 仅为本发明的较佳实施例而已, 并非用于限定本发明的保 护范围。  The above is only the preferred embodiment of the present invention and is not intended to limit the scope of the present invention.

Claims

1、 一种有缝的业务分流控制的实现方法, 其特征在于, 包括: 决策网元根据签约的是否允许接入演进的分组核心网(EPC )、 和 /或是 否允许接入 EPC能力指示、 和 /或本地策略, 决定是否允许接入 EPC; A method for implementing a service split control of a slotted service, comprising: determining, by a decision network element, whether to allow access to an evolved packet core network (EPC), and/or whether to allow access to an EPC capability indication, And/or local policy to determine whether to allow access to the EPC;
执行网元根据所述决定的是否允许接入 EPC, 执行业务接入的操作。 The performing network element performs the operation of the service access according to whether the decision is allowed to access the EPC.
2、根据权利要求 1所述有缝的业务分流控制的实现方法,其特征在于, 所述决策网元为接入控制设备( AC )或支持 AC功能的宽带网络网关( BNG ) 时, 该方法还包括: 所述 AC或 BNG获取所述签约的是否允许接入 EPC, 为: The method for implementing a service split control according to claim 1, wherein the method is: when the decision network element is an access control device (AC) or a broadband network gateway (BNG) supporting an AC function, the method The method further includes: obtaining, by the AC or the BNG, whether the subscription is allowed to access the EPC, where:
在可扩展的认证协议(EAP )认证过程中, 认证、 授权和计费(AAA ) 服务器获取到认证与密钥协商协议(ΑΚΑ' ) 矢量后, 向归属用户服务器 ( HSS )获取所述签约的是否允许接入 EPC;  In the Extensible Authentication Protocol (EAP) authentication process, after the authentication, authorization, and accounting (AAA) server obtains the authentication and key agreement protocol (ΑΚΑ') vector, the contract is obtained from the home subscriber server (HSS). Whether to allow access to the EPC;
所述 AAA服务器, 通过 EAP 认证过程中的 EAP 请求 /AKA'挑战 ( EAP-REQ/AKA'-Challenge )消息将所述签约的是否允许接入 EPC发送给 所述 AC/BNG。  The AAA server sends the subscribed EPC to the AC/BNG through an EAP Request/AKA' Challenge (EAP-REQ/AKA'-Challenge) message in the EAP authentication process.
3、根据权利要求 2所述有缝的业务分流控制的实现方法,其特征在于, 所述 EAP认证之前, 该方法还包括: 所述 AC或 BNG获取 UE接入的服务 集标识符 ( SSID ), 为:  The method for implementing the serviced traffic distribution control according to claim 2, wherein before the EAP authentication, the method further comprises: obtaining, by the AC or the BNG, a service set identifier (SSID) accessed by the UE. , for:
接入点设备(AP )或者支持 AP 功能的家庭网关 (RG )根据接入的 UE的介质访问控制层( MAC )地址和本地的 MAC映射关系确定 UE接入 的 SSID, 并告知所述 AC或 BNG。  The access point device (AP) or the AP function-enabled home gateway (RG) determines the SSID accessed by the UE according to the medium access control layer (MAC) address of the accessed UE and the local MAC mapping relationship, and informs the AC or BNG.
4、根据权利要求 3所述有缝的业务分流控制的实现方法,其特征在于, 该方法还包括: 所述 AC或 BNG根据所述 SSID和 /或本地策略确定所述是 否允许接入 EPC能力指示。  The method for implementing the serviced traffic distribution control according to claim 3, wherein the method further comprises: determining, by the AC or BNG, whether to allow access to the EPC according to the SSID and/or the local policy. Instructions.
5、根据权利要求 1所述有缝的业务分流控制的实现方法,其特征在于, 所述决策网元为 AAA服务器时, 该方法还包括: 所述 AAA服务器获取所 述是否允许接入 EPC能力指示, 为: 5. The method for implementing a service split control according to claim 1, wherein: When the determining network element is an AAA server, the method further includes: obtaining, by the AAA server, whether the EPC capability indication is allowed to be accessed, where:
AC或 BNG根据 SSID和 /或本地策略确定所述是否允许接入 EPC能力 指示, 并通过 EAP认证过程中的 EAP响应 /身份 ( EAP-RES/Identity )消息 发送给 AAA服务器; 或者,  The AC or the BNG determines whether to allow access to the EPC capability indication according to the SSID and/or the local policy, and sends the EAP-RES/Identity message in the EAP authentication process to the AAA server; or
AC或 BNG通过 EAP认证过程中的 EAP-RES/Identity消息将 SSID发 送给 AAA服务器, 所述 AAA服务器根据所述 SSID和 /或本地策略确定所 述是否允许接入 EPC能力指示。  The AC or BNG sends the SSID to the AAA server through the EAP-RES/Identity message in the EAP authentication process, and the AAA server determines whether the EPC capability indication is allowed to be accessed according to the SSID and/or the local policy.
6、根据权利要求 5所述有缝的业务分流控制的实现方法,其特征在于, 所述 AAA服务器获取所述是否允许接入 EPC能力指示之前, 该方法还包 括: AC或 BNG获取所述 SSID, 为:  The method for implementing the serviced traffic distribution control according to claim 5, wherein before the AAA server obtains the indication of whether the EPC capability is allowed to be accessed, the method further includes: acquiring the SSID by the AC or the BNG. , for:
AP或者 RG根据接入的 UE的 MAC地址和本地的 MAC映射关系确定 UE接入的 SSID, 并告知 AC或 BNG。  The AP or the RG determines the SSID accessed by the UE according to the MAC address of the accessed UE and the local MAC mapping relationship, and notifies the AC or the BNG.
7、 根据权利要求 5或 6所述有缝的业务分流控制的实现方法, 其特征 在于, 该方法还包括: 在 EAP认证过程中, AAA服务器获取到 AKA'矢量 后, 向 HSS获取所述签约的是否允许接入 EPC。  The method for implementing the service split control according to claim 5 or 6, wherein the method further comprises: after the AAA server obtains the AKA' vector, obtaining the contract from the HSS in the EAP authentication process. Whether to allow access to the EPC.
8、根据权利要求 1所述有缝的业务分流控制的实现方法,其特征在于, 决策网元根据签约的是否允许接入 EPC、和 /或是否允许接入 EPC能力指示、 和 /或本地策略, 决定是否允许接入 EPC为:  8. The method for implementing slotted traffic offload control according to claim 1, wherein the decision network element is allowed to access the EPC according to the subscription, and/or whether to allow access to the EPC capability indication, and/or the local policy. , decide whether to allow access to the EPC as:
当所述签约的是否允许接入 EPC和所述是否允许接入 EPC能力指示不 相同时, 所述决策网元根据本地策略, 将签约的是否允许接入 EPC或者是 否允许接入 EPC能力指示作为所述决定的是否允许接入 EPC。  When the signing is allowed to access the EPC and the access to the EPC capability indication is not the same, the determining network element, according to the local policy, whether the contracted access to the EPC or the access to the EPC capability indication is allowed Whether the decision allows access to the EPC.
9、根据权利要求 8所述有缝的业务分流控制的实现方法,其特征在于, 所述签约的是否允许接入 EPC、 或者所述是否允许接入 EPC能力指示、 或 者所述决定的是否允许接入 EPC, 为: 允许业务分流、 拒绝业务分流和接 入 EPC、 以及拒绝业务分流但允许接入 EPC三种中的任意一种。 The method for implementing the serviced traffic distribution control according to claim 8, wherein whether the subscription is allowed to access the EPC, or whether the access to the EPC capability indication is allowed, or whether the decision is allowed Access to the EPC, as follows: Allow traffic to be offloaded, refuse traffic splitting and pick up Enter EPC, and reject traffic splitting but allow access to EPC.
10、 根据权利要求 9所述有缝的业务分流控制的实现方法, 其特征在 于,所述决定的是否允许接入 EPC为允许业务分流时,所述执行网元包括: AAA服务器、 UE以及 AC或 BNG;  The implementation method of the slotted service offloading control according to claim 9, wherein the performing network element includes: an AAA server, a UE, and an AC, if the determined access to the EPC is allowed to be offloaded. Or BNG;
相应的, 所述执行网元执行业务接入的操作, 包括:  Correspondingly, the performing the operation of performing the service access by the network element includes:
AAA服务器向 UE回复 EAP认证成功的 EAP-Success消息, 并向 HSS 执行 UE的注册流程;  The AAA server replies to the EAP-Success message that the EAP authentication succeeds to the UE, and performs a registration process of the UE to the HSS;
EAP认证成功之后,当 AC或 BNG收到 UE请求分配 IP地址的消息时, 所述 AC或 BNG为 UE分配本地 IP地址, 并执行有缝的业务分流。  After the EAP authentication succeeds, when the AC or the BNG receives the message that the UE requests to allocate an IP address, the AC or the BNG allocates a local IP address to the UE, and performs a split service split.
11、 根据权利要求 9所述有缝的业务分流控制的实现方法, 其特征在 于, 所述决定的是否允许接入 EPC为拒绝业务分流和接入 EPC时, 所述执 行网元包括: AAA服务器和 UE;  The implementation method of the slotted service offloading control according to claim 9, wherein the determining the accessing EPC is to deny the traffic offloading and accessing the EPC, the executing network element comprises: an AAA server And UE;
相应的, 所述执行网元执行业务接入的操作, 包括:  Correspondingly, the performing the operation of performing the service access by the network element includes:
执行 AKA,通知( AKA'-Notification )流程后, AAA服务器向 UE回复 EAP认证失败的 EAP-Failure消息。  After performing the AKA and AKA'-Notification process, the AAA server replies to the UE with an EAP-Failure message that the EAP authentication failed.
12、 根据权利要求 9所述有缝的业务分流控制的实现方法, 其特征在 于, 所述决定的是否允许接入 EPC为拒绝业务分流但允许接入 EPC时, 所 述执行网元包括: AAA服务器、 UE以及 AC或 BNG;  The method for implementing the service-sharing control of the slotted service according to claim 9, wherein, when the determining whether the access EPC is allowed to be used for the traffic-distribution but the access to the EPC is allowed, the executing network element includes: Server, UE, and AC or BNG;
相应的, 所述执行网元执行业务接入的操作, 包括:  Correspondingly, the performing the operation of performing the service access by the network element includes:
AAA服务器向 UE回复 EAP认证成功的 EAP-Success消息, 并向 HSS 执行 UE的注册流程;  The AAA server replies to the EAP-Success message that the EAP authentication succeeds to the UE, and performs a registration process of the UE to the HSS;
EAP认证成功之后, AC/BNG触发 UE接入 EPC。  After the EAP authentication succeeds, the AC/BNG triggers the UE to access the EPC.
13、 一种有缝的业务分流控制的实现系统, 其特征在于, 包括: 决策 网元和执行网元, 其中:  A system for implementing a service split control with a seam, comprising: a decision network element and an execution network element, wherein:
所述决策网元, 用于根据签约的是否允许接入 EPC、 和 /或是否允许接 入 EPC能力指示、 和 /或本地策略, 决定是否允许接入 EPC; 所述执行网元, 用于根据所述决定的是否允许接入 EPC, 执行业务接 入的操作。 The decision network element is configured to allow access to the EPC according to the subscription, and/or whether to allow access Entering an EPC capability indication, and/or a local policy, determining whether to allow access to the EPC; and the executing network element, configured to perform an operation of the service access according to the determined whether to allow access to the EPC.
14、 根据权利要求 13所述有缝的业务分流控制的实现系统, 其特征在 于, 所述决策网元包括: AC或 BNG, 用于获取所述签约的是否允许接入 EPC; 还用于获取 UE接入的 SSID, 并根据所述 SSID和 /或本地策略确定 所述是否允许接入 EPC能力指示。  The implementation system of the slotted service traffic distribution control according to claim 13, wherein the decision network element comprises: an AC or a BNG, configured to obtain whether the subscription is allowed to access the EPC; The SSID accessed by the UE, and determining whether to allow access to the EPC capability indication according to the SSID and/or the local policy.
15、 根据权利要求 13所述有缝的业务分流控制的实现系统, 其特征在 于, 所述决策网元包括: AAA服务器, 用于获取所述是否允许接入 EPC能 力指示; 还用于获取签约的是否允许接入 EPC。  The implementation system of the slotted service offloading control according to claim 13, wherein the decision network element comprises: an AAA server, configured to acquire whether the EPC capability indication is allowed to be accessed, and is also used to obtain a subscription Whether to allow access to the EPC.
16、 根据权利要求 14或 15所述有缝的业务分流控制的实现系统, 其 特征在于, 所述决策网元, 还用于当所述签约的是否允许接入 EPC和所述 是否允许接入 EPC能力指示不相同时, 根据本地策略, 将签约的是否允许 接入 EPC或者是否允许接入 EPC能力指示作为所述决定的是否允许接入 EPC。  The implementation system of the slotted service offload control according to claim 14 or 15, wherein the decision network element is further configured to: when the subscription is allowed to access the EPC, and whether the access is allowed When the EPC capability indications are different, according to the local policy, whether the subscription is allowed to access the EPC or whether the access EPC capability indication is allowed as the decision is allowed to access the EPC.
17、 根据权利要求 16所述有缝的业务分流控制的实现系统, 其特征在 于,  17. The system for implementing split service split control according to claim 16, wherein:
决定的是否允许接入 EPC为允许业务分流时,所述执行网元包括: AAA 服务器、 UE以及 AC或 BNG;  Determining whether to allow access to the EPC to allow traffic to be offloaded, the execution network element includes: an AAA server, a UE, and an AC or BNG;
AAA服务器, 用于向 UE回复 EAP认证成功的 EAP-Success消息, 并 向 HSS执行 UE的注册流程;  An AAA server, configured to reply to the UE with an EAP-Success message that the EAP authentication succeeds, and perform a registration process of the UE to the HSS;
AC或 BNG, 用于 EAP认证成功之后, 当收到 UE请求分配 IP地址的 消息时, 为 UE分配本地 IP地址, 并执行有缝的业务分流。  After the EAP authentication is successful, the AC or the BNG is configured to allocate a local IP address to the UE and perform a split service split when receiving a message requesting the UE to allocate an IP address.
18、 根据权利要求 16所述有缝的业务分流控制的实现系统, 其特征在 于, 决定的是否允许接入 EPC为拒绝业务分流和接入 EPC时,所述执行网 元包括: AAA服务器和 UE; 18. The system for implementing a split traffic split control according to claim 16, wherein: Determining whether to allow access to the EPC to deny traffic and access the EPC, the performing network element includes: an AAA server and a UE;
AAA服务器和 UE执行 AKA' -Notification流程后, AAA服务器向 UE 回复 EAP认证失败的 EAP-Failure消息。  After the AAA server and the UE perform the AKA'-Notification process, the AAA server replies to the UE with an EAP-Failure message that the EAP authentication fails.
19、 根据权利要求 16所述有缝的业务分流控制的实现系统, 其特征在 于,  19. The system for implementing a service split control according to claim 16 wherein:
决定的是否允许接入 EPC为拒绝业务分流但允许接入 EPC时,所述执 行网元包括: AAA服务器、 UE以及 AC或 BNG;  Determining whether to allow access to the EPC to deny traffic but to allow access to the EPC, the executing network element includes: an AAA server, a UE, and an AC or BNG;
AAA服务器, 用于向 UE回复 EAP认证成功的 EAP-Success消息, 并 向 HSS执行 UE的注册流程;  An AAA server, configured to reply to the UE with an EAP-Success message that the EAP authentication succeeds, and perform a registration process of the UE to the HSS;
AC或 BNG, 用于 EAP认证成功之后, 触发 UE接入 EPC。  After the EAP authentication is successful, the AC or BNG is triggered to access the EPC.
20、 一种有缝的业务分流控制的实现装置, 其特征在于, 包括: 获取模块, 用于获取签约的是否允许接入演进的分组核心网(EPC )、 和 /或是否允许接入 EPC能力指示、 和 /或本地策略;  A device for implementing a service split control, comprising: an obtaining module, configured to obtain whether a subscription is allowed to access an evolved packet core network (EPC), and/or whether access to an EPC is allowed. Indication, and/or local policy;
决策模块, 用于根据所述签约的是否允许接入演进的分组核心网 ( EPC )、 和 /或是否允许接入 EPC能力指示、 和 /或本地策略, 决定是否 允许接入 EPCo  a decision module, configured to determine whether to allow access to the EPCo according to whether the subscription is allowed to access an evolved packet core network (EPC), and/or whether to allow access to an EPC capability indication, and/or a local policy
21、 根据权利要求 20所述有缝的业务分流控制的实现装置, 其特征 在于, 所述获取模块包括: AC或 BNG子模块, 用于获取所述签约的是 否允许接入 EPC; 还用于获取 UE接入的 SSID, 并根据所述 SSID和 /或 本地策略确定所述是否允许接入 EPC能力指示。  The device for implementing the service-sharing control according to claim 20, wherein the acquiring module comprises: an AC or BNG sub-module, configured to obtain whether the subscription is allowed to access the EPC; Obtaining an SSID accessed by the UE, and determining, according to the SSID and/or the local policy, whether to allow access to the EPC capability indication.
22、 根据权利要求 20所述有缝的业务分流控制的实现装置, 其特征 在于, 所述获取模块包括: AAA服务器子模块, 用于获取所述是否允许 接入 EPC能力指示; 还用于获取签约的是否允许接入 EPC。  The apparatus for implementing the service-sharing control according to claim 20, wherein the obtaining module comprises: an AAA server sub-module, configured to obtain whether the EPC capability indication is allowed to be accessed; Whether the contract is allowed to access the EPC.
23、 根据权利要求 21或 22所述有缝的业务分流控制的实现装置, 其特征在于, 所述决策模块, 还用于当所述签约的是否允许接入 EPC和 所述是否允许接入 EPC能力指示不相同时, 根据本地策略, 将签约的是 否允许接入 EPC或者是否允许接入 EPC能力指示作为所述决定的是否允 许接入 EPCo 23. The apparatus for implementing a service split control according to claim 21 or 22, The determining module is further configured to: when the subscription is allowed to access the EPC and the permission to access the EPC capability indication is different, according to the local policy, whether the subscription is allowed to access the EPC or whether Allow access to the EPC capability indication as the decision whether to allow access to the EPCo
24、 根据权利要求 23所述有缝的业务分流控制的实现装置, 其特征 在于, 所述决策模块, 还用于决定的是否允许接入 EPC为以下三种中的 任意一种: 允许业务分流、 拒绝业务分流和接入 EPC以及拒绝业务分流 但允许接入 EPC。  The device for implementing the traffic distribution control according to claim 23, wherein the decision module is further configured to determine whether the access EPC is allowed to be any one of the following three types: , Denying traffic offloading and accessing the EPC and denying traffic offloading but allowing access to the EPC.
PCT/CN2012/081755 2011-09-26 2012-09-21 Seaming service shunt control implementation method, system and device WO2013044759A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110287808.9 2011-09-26
CN2011102878089A CN103024738A (en) 2011-09-26 2011-09-26 Seaming service shunt control implementation method and system

Publications (1)

Publication Number Publication Date
WO2013044759A1 true WO2013044759A1 (en) 2013-04-04

Family

ID=47972774

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/081755 WO2013044759A1 (en) 2011-09-26 2012-09-21 Seaming service shunt control implementation method, system and device

Country Status (2)

Country Link
CN (1) CN103024738A (en)
WO (1) WO2013044759A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103391565B (en) * 2013-07-12 2016-05-11 深圳市共进电子股份有限公司 A kind of wireless access integral system
CN112911596A (en) 2018-05-22 2021-06-04 华为技术有限公司 Network access method, related device and system
WO2019223557A1 (en) * 2018-05-22 2019-11-28 华为技术有限公司 Network access method, related device, and system
CN115811728A (en) * 2021-09-14 2023-03-17 华为技术有限公司 Network element selection method, communication device and communication system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1997206A (en) * 2006-01-04 2007-07-11 华为技术有限公司 A method for correct service network choice of the user terminal
CN101166133A (en) * 2007-09-26 2008-04-23 中兴通讯股份有限公司 Location limit method and system for home base station
CN101472263A (en) * 2008-05-04 2009-07-01 中兴通讯股份有限公司 Method for deciding network connection mode
WO2010124740A1 (en) * 2009-04-30 2010-11-04 Telefonaktiebolaget Lm Ericsson (Publ) Core network node selection in a mobile communication network
CN102056168A (en) * 2009-10-28 2011-05-11 中兴通讯股份有限公司 Access method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1997206A (en) * 2006-01-04 2007-07-11 华为技术有限公司 A method for correct service network choice of the user terminal
CN101166133A (en) * 2007-09-26 2008-04-23 中兴通讯股份有限公司 Location limit method and system for home base station
CN101472263A (en) * 2008-05-04 2009-07-01 中兴通讯股份有限公司 Method for deciding network connection mode
WO2010124740A1 (en) * 2009-04-30 2010-11-04 Telefonaktiebolaget Lm Ericsson (Publ) Core network node selection in a mobile communication network
CN102056168A (en) * 2009-10-28 2011-05-11 中兴通讯股份有限公司 Access method and device

Also Published As

Publication number Publication date
CN103024738A (en) 2013-04-03

Similar Documents

Publication Publication Date Title
US9717019B2 (en) Data flow control method, and related device and communications system
US20100048161A1 (en) Method, system and apparatuses thereof for realizing emergency communication service
US10432632B2 (en) Method for establishing network connection, gateway, and terminal
US9167430B2 (en) Access method and system, and mobile intelligent access point
US20060182061A1 (en) Interworking between wireless WAN and other networks
US20120069763A1 (en) Method and Apparatus for Negotiation Control of Quality of Service Parameters
US20110078442A1 (en) Method, device, system and server for network authentication
WO2009135385A1 (en) Method, system and device for obtaining a trust type of a non-3gpp access system
CN102958046B (en) A kind of control method, system and the DRA of mobile terminal accessing business
WO2012152185A1 (en) Gateway selection method and device
CA2523915A1 (en) Method for resolving and accessing selected service in wireless local area network
WO2011015001A1 (en) Method and system for carrying out access through wireless local area network access network
EP1693995B1 (en) A method for implementing access authentication of wlan user
WO2014101793A1 (en) Communication service method, dynamic subscription server and mobile management network element
WO2014000520A1 (en) Method, apparatus and system for policy control
WO2009046598A1 (en) A method for establishing a dedicated bearer for a user terminal
US20190223013A1 (en) Method for establishing public data network connection and related device
WO2010069202A1 (en) Authentication negotiation method and the system thereof, security gateway, home node b
WO2014101755A1 (en) Service data shunting method and system
WO2014063530A1 (en) Method and system for mobile user to access fixed network
WO2018058365A1 (en) Network access authorization method, and related device and system
WO2013044759A1 (en) Seaming service shunt control implementation method, system and device
US8929327B2 (en) Reducing handoff latency for a mobile station
WO2010091589A1 (en) Security authentication method
WO2017129101A1 (en) Routing control method, apparatus and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12835994

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12835994

Country of ref document: EP

Kind code of ref document: A1