[go: nahoru, domu]

WO2017129101A1 - Routing control method, apparatus and system - Google Patents

Routing control method, apparatus and system Download PDF

Info

Publication number
WO2017129101A1
WO2017129101A1 PCT/CN2017/072272 CN2017072272W WO2017129101A1 WO 2017129101 A1 WO2017129101 A1 WO 2017129101A1 CN 2017072272 W CN2017072272 W CN 2017072272W WO 2017129101 A1 WO2017129101 A1 WO 2017129101A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
information
lwa
indication information
network
Prior art date
Application number
PCT/CN2017/072272
Other languages
French (fr)
Chinese (zh)
Inventor
周星月
宗在峰
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2017129101A1 publication Critical patent/WO2017129101A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W40/00Communication routing or communication path finding
    • H04W40/34Modification of an existing route
    • H04W40/36Modification of an existing route due to handover
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/08Access restriction or access information delivery, e.g. discovery data delivery
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/18Selecting a network or a communication service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/14Reselecting a network or an air interface
    • H04W36/144Reselecting a network or an air interface over a different radio air interface technology
    • H04W36/1446Reselecting a network or an air interface over a different radio air interface technology wherein at least one of the networks is unlicensed

Definitions

  • the present invention relates to the field of communications, and in particular to a routing control method, apparatus, and system.
  • the Evolved Packet System supports interworking with non-3rd generation mobile communication partner program authentication and authorization charging 3GPP networks (e.g. WLAN) through the S2a/S2b/S2c interface.
  • the 3rd Generation Partnership Project (3GPP) network includes a trusted non-3GPP network and a non-trusted non-3GPP network, so the WLAN access network to the 3GPP Evolved Packet Core Network (EPC) It is also divided into a trusted WLAN access network (TWAN) and an untrusted WLAN access network.
  • TWAN trusted WLAN access network
  • untrusted WLAN access network untrusted WLAN access network
  • the trusted WLAN access network can be directly connected to the Packet Data Network Gateway (PDN GW) through the S2a interface; the untrusted WLAN access network must pass the Evolved Packet Data Gateway (ePDG). Connected to the PDN GW, the interface between the ePDG and the PDN GW is S2b.
  • PDN GW Packet Data Network Gateway
  • ePDG Evolved Packet Data Gateway
  • FIG. 1 The trusted WLAN and untrusted WLAN access to the EPC network architecture are shown in Figure 1.
  • the WLAN access EPC architecture in Figure 1 is implemented by TWAN or ePDG.
  • LTE Long-Term Evolution
  • WLAN requires a large number of core network signaling interactions and long time.
  • Delay, and support for LTE and WLAN for a service is also limited (although a scheme such as Multi-Path Transmission Control Protocol (TCP)) can implement one service at the same time, but it cannot be used according to LTE.
  • TCP Multi-Path Transmission Control Protocol
  • Dynamic adjustment of real-time conditions such as network load of WLAN). Based on the above considerations, 3GPP began to study LTE/WLAN tight coupling operation in the Rel-13 phase.
  • the WLAN access point function is integrated on the eNB, and the data on the air interface through LTE or WLAN is unified by the packet data convergence protocol ( The Packet Data Convergence Protocol (PDCP) layer is processed from the S1-U interface to the core network.
  • the scheme of Figure 2 does not support the WLAN AP access with traditional deployment. Many operators have strong requirements for supporting traditional WLAN APs. Therefore, related vendors have initiated tightly coupled operation tasks that support traditional APs.
  • FIG. 3 is a structural diagram of a LTE/WLAN Aggregation (LWA) supporting a legacy WLAN access network in the related art.
  • LWA LTE/WLAN Aggregation
  • an eNB provides a WLAN to a User Equipment (UE).
  • the information is equivalent to the Internet Protocol Security (IPSec) gateway module.
  • IPSec Internet Protocol Security
  • the UE After the UE connects to the traditional WLAN to obtain the local IP address, the UE initiates an IPSec tunnel to the IPSec gateway on the eNB.
  • the PDCP data packet of the UE is connected to the eNB through the WLAN IPSec tunnel path and then connected to the core network through the S1-U interface.
  • the LTE/WLAN tightly coupled scenario supports the LWA IPSec scheme of the traditional WLAN access.
  • the eNB does not allow the UE to access the current WLAN-related user sign.
  • the network does not know whether to allow the UE to connect to the eNB through the current WLAN, or whether the UE can access the EPC through the S2a or S2b mode, and the network lacks control of the UE access route.
  • the present invention provides a route control method, apparatus and system to at least solve the problem in the related art that the network does not know whether to allow the UE to connect to the eNB through the current WLAN.
  • a routing control method including: a network side device receiving first indication information sent by a terminal, where the first indication information is used to indicate that the terminal requests to establish a long term evolution LTE network and wireless
  • the local area network WLAN is tightly coupled to the LWA connection or indicates that the terminal has the capability of supporting the LWA connection; wherein the LWA connection is the connection of the terminal to the LTE base station through the WLAN access network; the network side device according to the network side device local pre-configuration information or the user subscription information Generating second indication information, where the second indication information is used to indicate that the terminal is allowed or denied to perform an LWA connection; and the network side device sends the second indication information to the terminal.
  • the local pre-configuration information is pre-configured by the operator or the network equipment vendor on the network side device;
  • the user subscription information is the network side device from the home subscriber server (HSS).
  • HSS home subscriber server
  • the method further includes: the network side device sets the address information of the LWA security gateway and/or the local internet protocol IP of the terminal. The address is sent to the terminal.
  • the method is applied to the terminal for performing WLAN access authentication and authorization in the case that the network side device is a 3GPP mobile communication partner plan 3GPP authentication and authorization (AAA) server. in the process of.
  • AAA 3GPP authentication and authorization
  • the network side device receiving the first indication information sent by the terminal includes: the network side device receiving the extensible identity verification protocol EAP response message sent by the terminal or enhancing The type authentication and key agreement mechanism challenges the AKA'-Challenge message to receive the first indication information.
  • the network side device when the network side device is the base station, the network side device generates the second indication information according to the user subscription information, and the network side device receives the mobile management entity MME according to the user subscription information and/or the location information of the terminal.
  • the second indication message sent.
  • a routing control method including: a terminal sending first indication information to a network side device, where the first indication information is used to indicate that the terminal requests to establish a long term evolution LTE network And none The line local area network WLAN is tightly coupled to the LWA connection or indicates that the terminal has the capability of supporting the LWA connection; wherein the LWA connection is a connection of the terminal to the LTE base station through the WLAN access network; the terminal receives the second indication information sent by the network side device; The second indication information is generated by the network side device according to the network side device local pre-configuration information or the user subscription information, to indicate that the terminal is allowed or denied to perform the LWA connection.
  • the local pre-configuration information is information pre-configured by the operator or the network equipment vendor on the network side device; the user subscription information is the subscription information acquired by the network side device from the home subscriber server HSS;
  • the second indication information is the indication information that allows the terminal to perform the LWA connection; the local pre-configuration information or the user subscription information is not allowed to perform the LWA connection by the terminal.
  • the second indication information is indication information that denies the terminal to perform an LWA connection.
  • the method further includes: the terminal receiving the address information of the LWA security gateway sent by the network side device and/or the locality of the terminal. Internet Protocol IP address.
  • the network side device is the third generation mobile communication partner plan authentication and authorization charging 3GPP AAA server
  • the foregoing method is applied to the process in which the terminal performs the WLAN access authentication and authorization.
  • the terminal when the network side device is a 3GPP AAA server, the terminal sends the first indication information to the network side device, where the terminal sends an Extensible Authentication Protocol (EAP) to the network side device.
  • EAP Extensible Authentication Protocol
  • the first indication information is sent by a response message or an Authentication and Key Agreement Protocol (Challenge, AKA-Challenge) message.
  • a routing control apparatus configured to send the second indication information to the terminal.
  • the apparatus is applied to a network side device, and includes: a receiving module, configured to receive first indication information sent by the terminal; wherein the first indication information is used by Instructing the terminal to request to establish a long-term evolution LTE network and a wireless local area network WLAN tightly coupled LWA connection or to indicate that the terminal has the capability of supporting an LWA connection; wherein the LWA connection is a connection of the terminal to the LTE base station through the WLAN access network; the generating module is set to The second indication information is generated according to the network side device local pre-configuration information or the user subscription information, where the second indication information is used to indicate that the terminal is allowed or denied to perform an LWA connection, and the sending module is configured to send the second indication information to the terminal.
  • the local pre-configuration information is information pre-configured by the operator or the network equipment vendor on the network side device; the user subscription information is the subscription information acquired by the network side device from the home subscriber server HSS;
  • the second indication information is the indication information that allows the terminal to perform the LWA connection; the local pre-configuration information or the user subscription information is not allowed to perform the LWA connection by the terminal.
  • the second indication information is indication information that denies the terminal to perform an LWA connection.
  • the sending module is further configured to send the address information of the LWA security gateway and/or the local internet protocol IP address of the terminal in the case that the local pre-configuration information or the user subscription information is to allow the terminal to perform the LWA connection. Give the terminal.
  • a routing control apparatus configured to send the first indication information to the network side device, where the first indication information is used to indicate that the terminal requests to establish a long term evolution LTE network and a wireless local area network WLAN tightly coupled LWA connection or to indicate that the terminal has the capability of supporting the LWA connection;
  • the LWA connection is a connection of the terminal to the LTE base station through the WLAN access network, and the receiving module is configured to receive the second indication information sent by the network side device, where the second indication information is that the network side device is locally pre-configured according to the network side device.
  • the configuration information or the user subscription information is generated to indicate that the terminal is allowed or denied to perform an LWA connection.
  • the local pre-configuration information is information pre-configured by the operator or the network equipment vendor on the network side device; the user subscription information is the subscription information acquired by the network side device from the home subscriber server HSS;
  • the second indication information is the indication information that allows the terminal to perform the LWA connection; the local pre-configuration information or the user subscription information is not allowed to perform the LWA connection by the terminal.
  • the second indication information is indication information that denies the terminal to perform an LWA connection.
  • the receiving module is further configured to receive the address information of the LWA security gateway sent by the network side device and/or the terminal when the local pre-configuration information or the user subscription information is to allow the terminal to perform the LWA connection.
  • Local internet protocol IP address is further configured to receive the address information of the LWA security gateway sent by the network side device and/or the terminal when the local pre-configuration information or the user subscription information is to allow the terminal to perform the LWA connection.
  • a routing control system including: a terminal, a wireless local area network WLAN access network device, a third generation mobile communication partner plan authentication and authorization charging 3GPP AAA server, and a home user server HSS,
  • the terminal is configured to send a scalable authentication protocol EPA response message or an enhanced authentication and key agreement mechanism to the 3GPP AAA server through the WLAN access network device to challenge the AKA'-Challenge message to establish a long-term evolution LTE network and a wireless local area network WLAN tightly coupled LWA Connecting or instructing the terminal to have the capability of supporting the LWA connection;
  • the LWA connection is a connection of the terminal to the LTE base station through the WLAN access network;
  • the 3GPP AAA server is configured to acquire the user subscription information of the terminal from the HSS; wherein the user subscription information includes permission Or rejecting the terminal to perform the LWA connection; and in the case that the user subscription information is to allow the terminal to perform the LWA connection, the WLAN access network device transmits the indication information for allowing the terminal to
  • a routing control system including: a terminal, a mobility management entity MME, and a base station; the MME is configured to acquire user subscription information of the terminal from the home subscriber server HSS, and according to the user subscription information or The terminal location information provides the base station with indication information that allows or denies the terminal to perform the LWA connection; wherein, in the case that the user subscription information is to allow the terminal to perform the LWA connection, the indication information is information indicating that the terminal is allowed to perform the LWA connection; In the case that the terminal is denied the LWA connection, the indication information is information indicating that the terminal is denied to perform the LWA connection; wherein the LWA connection is a connection of the terminal to the long-term evolution LTE network base station through the WLAN access network; the base station will indicate the information Send to the terminal.
  • the network side device is used to generate the indication information for instructing or denying the terminal to perform the LWA connection, so that the network can know whether to allow the terminal to perform the LWA connection, thereby solving the problem that the network does not know whether to allow the UE to connect through the current WLAN.
  • the problem of the eNB enhances the control of the network access route to the terminal.
  • 1 is an architectural diagram of a trusted WLAN and an untrusted WLAN accessing to an EPC network in the related art
  • LTE/WLAN Tightly Coupled Operation LWA
  • LWA LTE/WLAN Tightly Coupled Operation
  • FIG. 4 is a flowchart 1 of a routing control method according to an embodiment of the present invention.
  • FIG. 5 is a second flowchart of a route control method according to an embodiment of the present invention.
  • FIG. 6 is a flowchart of a route control method according to Embodiment 1 of the present invention.
  • FIG. 7 is a flowchart of a route control method according to Embodiment 2 of the present invention.
  • FIG. 9 is a flowchart of a route control method according to Embodiment 4 of the present invention.
  • FIG. 10 is a structural block diagram 1 of a routing control apparatus according to an embodiment of the present invention.
  • FIG. 11 is a structural block diagram 2 of a routing control apparatus according to an embodiment of the present invention.
  • FIG. 12 is a structural block diagram 1 of a routing control system according to an embodiment of the present invention.
  • FIG. 13 is a structural block diagram 2 of a routing control system according to an embodiment of the present invention.
  • FIG. 14 is a structural diagram of connecting from a WLAN access network to an eNB according to an embodiment of the present invention.
  • FIG. 4 is a flowchart 1 of a routing control method according to an embodiment of the present invention. As shown in FIG. 4, the process includes the following steps:
  • Step S402 The network side device receives the first indication information sent by the terminal, where the first indication information is used to indicate that the terminal requests to establish a long-term evolution LTE network and a wireless local area network WLAN tightly coupled LWA connection or indicate that the terminal has the capability of supporting the LWA connection.
  • the LWA connection is a connection of the terminal to the LTE base station through the WLAN access network;
  • Step S404 the network side device generates the second indication information according to the network side device local pre-configuration information or the user subscription information, where the second indication information is used to indicate that the terminal is allowed or denied to perform the LWA connection;
  • Step S406 The network side device sends the second indication information to the terminal.
  • the foregoing local pre-configuration information is information pre-configured by the operator or the network equipment vendor on the network side device; the user subscription information is the subscription information acquired by the network side device from the home subscriber server HSS; In the case that the configuration information or the user subscription information is to allow the terminal to perform the LWA connection, the second indication information is the indication information for allowing the terminal to perform the LWA connection; if the local pre-configuration information or the user subscription information is not allowing the terminal to perform the LWA connection, The second indication information is indication information that denies the terminal to perform an LWA connection. It should be noted that the foregoing local pre-configuration information may be set by the network side device when it is shipped from the factory, or may be set by the operator, but is not limited thereto.
  • the network side device generates indication information for indicating whether to allow or deny the terminal to perform the LWA connection, so that the network can know whether to allow the terminal to perform the LWA connection, thereby solving the problem that the network does not know whether to allow the UE to connect to the eNB through the current WLAN.
  • the problem is to enhance the control of the network to the terminal access route.
  • the network can know whether to allow the UE to connect to the eNB through the current WLAN, since the terminal has the capability of connecting to the eNB through the current WLAN, the terminal can connect to the eNB through the current WLAN, and thus can connect through the LWA connection.
  • EPC Evolved Packet Core Network
  • the method may further include: the network side device, the address information of the LWA security gateway and/or the locality of the terminal.
  • the internet protocol IP address is sent to the terminal.
  • the foregoing LWA security gateway may be an IPSec gateway, but is not limited thereto.
  • an IPSec tunnel establishment process may be initiated to the base station according to the address of the IPSec gateway, and an LWA connection is established.
  • the network side device may include at least one of the following: a 3GPP AAA server server and a base station.
  • the foregoing method may be applied to a process in which the terminal performs WLAN access authentication and authorization.
  • the method may further include: the network side device sends a message including the trust identifier of the WLAM to the terminal; wherein the trust identifier is used to indicate whether the WLAN is a trusted WLAN network or an untrusted WLAN network.
  • the message containing the trust identifier of the WLAM may be an AKA'-Challenge message, but is not limited thereto.
  • the foregoing step S402 can be implemented in the following manner: the network side device receives the first indication information by receiving an EAP response message or an AKA'-Challenge message sent by the terminal.
  • the network side device can transmit the address information of the LWA security gateway to the terminal through an AKA'-notification (AKA'-notification) message.
  • the method may further include: the network side device providing the terminal with a trust identifier of the WLAN; wherein the trust identifier is used to indicate whether the WLAN is a trusted WLAN network or an untrusted WLAN network.
  • the generating, by the network side device, the second indication information according to the user subscription information of the terminal acquired by the home subscriber server HSS may include: the network side device receiving the second indication information that is sent by the mobility management entity MME according to the user subscription information and/or the location information of the terminal.
  • FIG. 5 is a flow of a route control method according to an embodiment of the present invention. As shown in Figure 5, the process includes the following steps:
  • Step S502 The terminal sends the first indication information to the network side device, where the first indication information is used to indicate that the terminal requests to establish a long-term evolution LTE network and a wireless local area network WLAN tightly coupled LWA connection or indicate that the terminal has an LWA connection. Capability; wherein the LWA connection is a connection of the terminal to the LTE base station through the WLAN access network;
  • Step S504 The terminal receives the second indication information sent by the network side device, where the second indication information is generated by the network side device according to the network side device local pre-configuration information or the user subscription information, to indicate that the terminal is allowed or denied to perform the LWA connection.
  • the foregoing local pre-configuration information is information pre-configured by the operator or the network equipment vendor on the network side device; the user subscription information is the subscription information acquired by the network side device from the home subscriber server HSS; In the case that the configuration information or the user subscription information is to allow the terminal to perform the LWA connection, the second indication information is the indication information for allowing the terminal to perform the LWA connection; if the local pre-configuration information or the user subscription information is not allowing the terminal to perform the LWA connection, The second indication information is indication information that denies the terminal to perform an LWA connection. It should be noted that the foregoing local pre-configuration information may be set by the network side device when it is shipped from the factory, or may be set by the operator, but is not limited thereto.
  • the network side device is used to generate the indication information for instructing or denying the terminal to perform the LWA connection, so that the network can know whether to allow the terminal to perform the LWA connection, thereby solving the problem that the network does not know whether to allow the UE to connect to the eNB through the current WLAN.
  • the problem is to enhance the control of the network to the terminal access route.
  • the network can know whether to allow the UE to connect to the eNB through the current WLAN, since the terminal has the capability of connecting to the eNB through the current WLAN, the terminal can connect to the eNB through the current WLAN, and thus can connect through the LWA connection.
  • EPC Evolved Packet Core Network
  • the method further includes: the terminal receiving the address information and/or the terminal of the LWA security gateway sent by the network side device. Local internet protocol IP address.
  • the foregoing LWA security gateway may be an IPSec gateway, but is not limited thereto.
  • an IPSec tunnel establishment process may be initiated to the base station according to the address of the IPSec gateway, and an LWA connection is established.
  • the network side device may include at least one of the following: a 3GPP AAA server server and a base station.
  • the foregoing method is applied to a process in which the terminal performs WLAN access authentication and authorization.
  • the method further includes: the terminal receiving the trust identifier of the WLAM sent by the network side device; wherein the trust identifier is used to indicate whether the WLAN is a trusted WLAN network or a non-trusted WLAN network.
  • the message containing the trust identifier of the WLAM may be an AKA'-Challenge message, but is not limited thereto.
  • the foregoing step S502 can be implemented in the following manner: the terminal sends the first indication information by sending an EAP response message or an AKA'-Challenge message to the network side device. Moreover, the terminal can receive the address information of the LWA security gateway sent by the network side device by using the AKA'-notification message.
  • the method may further include: the terminal receiving the trust identifier of the WLAN provided by the network side device; wherein the trust identifier is used to indicate whether the WLAN is a trusted WLAN network or an untrusted WLAN network.
  • the UE supports the LTE WLAN tightly coupled UE to discover the WLAN access network, the UE performs the WLAN access authentication and authorization process, the UE sends a request to the network or supports the LWA connection indication information, and the network permits the UE to perform the LWA connection according to the UE user subscription information. And provide the UE with the IPSec gateway address of the LWA connection.
  • the flow chart is shown in Figure 6. The specific implementation steps are as follows:
  • Step 601 The user equipment UE and the WLAN access network establish an IEEE 802.11-based connection.
  • Steps 602-603 the WLAN access network and the UE exchange an EAP Identity message, and perform identity authentication access configuration information interaction processing;
  • the WLAN access network sends a Diameter authentication authorization request message to the 3GPP AAA server server, and the 3GPP AAA server sends an EAP request (Request)/AKA'-Challenge to the UE, AKA' after acquiring the authentication vector from the HSS.
  • the -Chllenge message may include a trust identifier of the WLAN network, indicated as a trusted WLAN network or an untrusted WLAN network;
  • Steps 608-610 the UE sends an EAP Reply/AKA'-Challenge message to the 3GPP AAA server to request the LWA connection or instructs the UE to support the LWA connection; the 3GPP AAA server registers with the HSS to obtain the user user subscription information, and the 3GPP AAA server signs the subscription according to the user.
  • the information content or the local pre-configuration information determines that the UE can make an LWA connection from the current WLAN access network.
  • the 3GPP AAA server will allow the UE to perform the indication information of the LWA connection, and may also provide the address information of the LWA IPSec gateway to the UE, and send the information to the UE through the AKA'-notification message.
  • Steps 613-618 the UE completes the subsequent authentication and authorization process, and the authentication and authorization is successful.
  • the WLAN allocates a local IP address to the UE through DHCP or other network configuration protocols.
  • the UE initiates an IPSec tunnel establishment process to the LWA IPSec gateway address provided by the network, and establishes an LWA connection.
  • a UE that supports LTE WLAN tight coupling has established a connection from the 3GPP access and acquires information about the WLAN and the IPSec gateway from the eNB.
  • the UE discovers the WLAN access network, the process of the UE performing the WLAN access authentication and authorization, the request sent by the UE to the network or the LWA connection indication information, and the network rejects the UE LWA connection request according to the UE user subscription information.
  • the flow chart is shown in Figure 7. The specific implementation steps are as follows:
  • Step 701 The UE accesses the network from the 3GPP, and establishes an RRC connection with the eNB.
  • the eNB provides the WLAN and the IPSec gateway address and other information to the UE through the RRC message.
  • Step 702 The user equipment UE and the WLAN access network establish an IEEE 802.11-based connection.
  • Steps 703-704 the WLAN access network and the UE exchange EAP Identity messages, and perform identity authentication access configuration information interaction processing;
  • the WLAN access network sends a Diameter authentication authorization request message to the 3GPP AAA server server, and the 3GPP AAA server sends an EAP Request/AKA'-Challenge to the UE after obtaining the authentication vector from the HSS, and the AKA'-Chllenge message may include a trust identifier of the WLAN network, indicated as a trusted WLAN network or an untrusted WLAN network;
  • Steps 709-711 the UE sends an EAP Response/AKA'-Challenge message to the 3GPP AAA server to request an LWA connection or instructs the UE to support the LWA connection;
  • the 3GPP AAA server registers with the HSS to obtain user user subscription information, and the 3GPP AAA server server according to the user subscription information content Or the local pre-configuration information, determining that the UE prohibits the LWA connection from the current WLAN access network;
  • the 3GPP AAA server sends the indication information that the UE performs the LWA connection to the UE through the AKA'-notification message.
  • steps 714-717 the UE completes the subsequent authentication process, and the EAP authentication fails.
  • a UE that supports LTE WLAN tight coupling has established a connection from the 3GPP access and a WLAN from the eNB.
  • the UE discovers the WLAN access network, the process of the UE performing the authentication and authorization of the WLAN access, the request sent by the UE to the network, or the LWA connection indication information, and the network grants the UE the LWA connection according to the user subscription information of the UE, and provides the local IP to the UE.
  • Address and IPSec gateway address of the LWA connection is shown in Figure 8. The specific implementation steps are as follows:
  • Step 801 The UE accesses the network from the 3GPP, and establishes an RRC connection with the eNB.
  • the eNB provides the UE with the information of the WLAN access network through the RRC message.
  • Step 802 the user equipment UE and the WLAN establish an IEEE 802.11-based connection
  • Steps 803 to 804 the WLAN access network and the UE exchange EAP Identity messages, and perform identity authentication access configuration information interaction processing;
  • the WLAN access network sends a Diameter authentication authorization request message to the 3GPP AAA server server, and the 3GPP AAA server sends an EAP Request/AKA'-Challenge to the UE after obtaining the authentication vector from the HSS, and the AKA'-Chllenge message may include a trust identifier of the WLAN network, indicated as a trusted WLAN network or an untrusted WLAN network;
  • Steps 809-811 the UE sends an EAP Response/AKA'-Challenge message to the 3GPP AAA server to request the LWA connection or instructs the UE to support the LWA connection; the 3GPP AAA server registers with the HSS to obtain the user subscription information, and the 3GPP AAA server according to the user subscription information content or local Pre-configuration information, determining that the UE can proceed from the current WLAN access network LWA connection.
  • the 3GPP AAA server will allow the UE to perform the indication information of the LWA connection, and may also provide the UE with the address information of the LWA IPSec gateway and/or the local IP address of the UE, and send the message to the UE through the AKA'-notification message.
  • Steps 814-818 The UE completes the subsequent authentication and authorization process, and the authentication and authorization is successful.
  • the UE initiates an IPSec tunnel establishment process to the LWA IPSec gateway address provided by the network, and establishes an LWA connection.
  • the LTE WLAN tightly coupled UE is attached to the 3GPP access, and the MME has the UE user subscription information acquired from the HSS.
  • the eNB provides the LWA connection information for the UE according to the UE user subscription information and the local configuration.
  • the flow chart is shown in Figure 9. The specific implementation steps are as follows:
  • Step 901 The UE attaches from the 3GPP access, and the MME acquires the UE user subscription information from the HSS.
  • Step 902 The eNB and the MME exchange an S1-AP message, and the eNB reports the UE LWA capability to the MME, and the MME provides the UE with the UE according to the UE subscription information and/or the UE location information (such as the eNB cell identifier) and/or the local pre-configuration information. Whether to allow the execution of LWA instructions;
  • Step 903 The eNB sends an indication to the UE whether to permit the UE to perform the LWA connection according to the information obtained in step 902. If the UE is permitted to perform the LWA connection, the information provided by the eNB includes but is not limited to the identifier of the WLAN access network and/or the LWA on the eNB. Address information of a security gateway (such as an IPSec gateway);
  • the method according to the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course, by hardware, but in many cases, the former is A better implementation.
  • the technical solution of the present invention which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk,
  • the optical disc includes a number of instructions for causing a terminal device (which may be a cell phone, a computer, a server, or a network device, etc.) to perform the methods described in various embodiments of the present invention.
  • a routing control device is also provided, which is used to implement the foregoing embodiments and preferred embodiments, and has not been described again.
  • the term "module” may implement a combination of software and/or hardware of a predetermined function.
  • the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
  • FIG. 10 is a structural block diagram of a routing control apparatus according to an embodiment of the present invention.
  • the apparatus is applied to a network side device. As shown in FIG. 10, the apparatus includes:
  • the receiving module 1000 is configured to receive first indication information sent by the terminal, where the first indication information is used to indicate that the terminal requests to establish a long-term evolution LTE network and a wireless local area network WLAN tightly coupled LWA connection or indicate that the terminal has the capability of supporting an LWA connection.
  • the LWA connection is a connection of the terminal to the LTE base station through the WLAN access network;
  • the generating module 1002 is connected to the receiving module 1000, and is configured to generate the second indication information according to the network side device local pre-configuration information or the user subscription information, where the second indication information is used to indicate that the terminal is allowed or denied to perform the LWA connection;
  • the sending module 1004 is connected to the generating module 1002 and configured to send the second indication information to the terminal.
  • the foregoing local pre-configuration information is information pre-configured by the operator or the network equipment vendor on the network side device; the user subscription information is the subscription information acquired by the network side device from the home subscriber server HSS; In the case that the configuration information or the user subscription information is to allow the terminal to perform the LWA connection, the second indication information is the indication information for allowing the terminal to perform the LWA connection; if the local pre-configuration information or the user subscription information is not allowing the terminal to perform the LWA connection, The second indication information is indication information that denies the terminal to perform an LWA connection. It should be noted that the foregoing local pre-configuration information may be set by the network side device when it is shipped from the factory, or may be set by the operator, but is not limited thereto.
  • the generating module 1002 is used to generate the indication information that is set to indicate that the terminal is allowed to perform the LWA connection, so that the network side device can know whether to allow the terminal to perform the LWA connection, thereby solving the problem that the network does not know whether to allow the UE to connect through the current WLAN.
  • the problem of the eNB enhances the control of the network access route to the terminal.
  • the network can know whether to allow the UE to connect to the eNB through the current WLAN, since the terminal has the capability of connecting to the eNB through the current WLAN, the terminal can connect to the eNB through the current WLAN, and thus can connect through the LWA connection.
  • EPC Evolved Packet Core Network
  • the sending module 1004 is further configured to: if the local pre-configuration information or the user subscription information is to allow the terminal to perform an LWA connection, the address information of the LWA security gateway and/or the local Internet of the terminal.
  • the protocol IP address is sent to the terminal.
  • the LWA connection is an LTE/WLAN tight coupling operation, and specifically, the terminal may be connected to the base station through the current WLAN, but is not limited thereto.
  • the LWA security gateway may be an IPSec gateway, but is not limited thereto.
  • the terminal may initiate an IPSec tunnel establishment process to the base station according to the address of the IPSec gateway, and establish an LWA connection.
  • the network side device may be a 3GPP AAA server or a base station, but is not limited thereto.
  • the foregoing apparatus may be applied to a process in which the terminal performs WLAN access authentication and authorization.
  • FIG. 11 is a structural block diagram 2 of a routing control device according to an embodiment of the present invention.
  • the device is applied to a network side device, as shown in FIG. Show that the device includes:
  • the sending module 1100 is configured to send the first indication information to the network side device, where the first indication information is used to indicate that the terminal requests to establish a Long Term Evolution (LTE) network and a wireless local area network WLAN tightly coupled LWA connection or to indicate that the terminal has an LWA connection. Capability; wherein the LWA connection is a connection of the terminal to the LTE base station through the WLAN access network;
  • LTE Long Term Evolution
  • the receiving module 1102 is connected to the sending module 1100, and is configured to receive the second indication information sent by the network side device.
  • the second indication information is used by the network side device according to the network side device local pre-configuration information or the user subscription information. Indicates to allow or deny the terminal to make an LWA connection.
  • the foregoing local pre-configuration information is information pre-configured by the operator or the network equipment vendor on the network side device; the user subscription information is the subscription information acquired by the network side device from the home subscriber server HSS; In the case that the configuration information or the user subscription information is to allow the terminal to perform the LWA connection, the second indication information is the indication information for allowing the terminal to perform the LWA connection; if the local pre-configuration information or the user subscription information is not allowing the terminal to perform the LWA connection, The second indication information is indication information that denies the terminal to perform an LWA connection. It should be noted that the foregoing local pre-configuration information may be set by the network side device when it is shipped from the factory, or may be set by the operator, but is not limited thereto.
  • the receiving device 1102 is configured to receive the second indication information sent by the network side device, where the second indication information is generated by the network side device according to the preset policy, to indicate that the terminal is allowed or denied to perform the LWA connection, so that the network side device is configured. It can be known whether the terminal is allowed to perform the LWA connection, thereby solving the problem that the network does not know whether to allow the UE to connect to the eNB through the current WLAN, and enhances the control of the network access route to the terminal.
  • the network can know whether to allow the UE to connect to the eNB through the current WLAN, since the terminal has the capability of connecting to the eNB through the current WLAN, the terminal can connect to the eNB through the current WLAN, and thus can connect through the LWA connection.
  • EPC Evolved Packet Core Network
  • the receiving module 1102 is further configured to receive the address information of the LWA security gateway sent by the network side device, if the local pre-configuration information or the user subscription information is to allow the terminal to perform the LWA connection. Or the local internet protocol IP address of the terminal.
  • FIG. 12 is a structural block diagram of a routing control system according to an embodiment of the present invention. As shown in FIG. 12, the method includes: a terminal 1202, a WLAN access network of a wireless local area network. Device 1204, 3GPP AAA server 1206, home subscriber server HSS 1208;
  • the terminal 1202 is configured to send an EPA response message or an AKA '-Challenge message to the 3GPP AAA server 1206 through the WLAN access network device 1204 to request to establish a Long Term Evolution (LTE) network and a WLAN tightly coupled LWA connection or to indicate that the terminal has the capability to support the LWA connection.
  • LTE Long Term Evolution
  • the LWA connection is a connection of the terminal from the WLAN to the base station in the LTE;
  • the 3GPP AAA server 1206 is configured to acquire the user subscription information of the terminal from the HSS 88; wherein the user subscription information includes allowing or denying the terminal to perform the LWA connection; If the information is to allow the terminal to perform the LWA connection, the WLAN access network device 1204 sends the indication information that allows the terminal to perform the LWA connection to the terminal; and when the user subscription information is the rejected terminal for the LWA connection, the WLAN access network is used. The device sends an indication that the terminal refuses to perform the LWA connection to the terminal.
  • the 3GPP AAA server 1206 is used to acquire the user subscription information of the terminal from the HSS 1208, and send the indication information for allowing the terminal to perform the LWA connection to the terminal 1202 through the WLAN access network device 1204 according to the user subscription information; so that the network can know whether to allow or not
  • the terminal performs the LWA connection, thereby solving the problem that the network does not know whether to allow the UE to connect to the eNB through the current WLAN, and enhances the control of the network access route to the terminal.
  • the 3GPP AAA server 1206 is further configured to send the address information of the LWA security gateway to the terminal 1202 through the AKA'-notification message.
  • the LWA connection is an LTE/WLAN tight coupling operation, and specifically, the terminal may be connected to the base station through the current WLAN, but is not limited thereto.
  • the LWA security gateway may be an IPSec gateway, but is not limited thereto.
  • the terminal may initiate an IPSec tunnel establishment process to the base station according to the address of the IPSec gateway, and establish an LWA connection.
  • FIG. 13 is a structural block diagram 2 of a routing control system according to an embodiment of the present invention. As shown in FIG. 13, the method includes: a terminal 1300, a mobility management entity MME 1302, Base station 1304;
  • the MME 1302 is configured to acquire the user subscription information of the terminal from the home subscriber server HSS, and provide the base station 1304 with the indication information for allowing or denying the terminal 1300 to perform the LWA connection according to the user subscription information or the terminal location information; wherein, the user subscription information is allowed for the terminal.
  • the indication information is information indicating that the terminal 1300 is allowed to perform the LWA connection; and in the case where the user subscription information is the LWA connection by the rejection terminal 1300, the indication information is information indicating that the rejection terminal 1300 performs the LWA connection;
  • the LWA connection is a connection of the terminal to the long-term evolution LTE network base station through the WLAN access network of the wireless local area network;
  • the base station 1304 is configured to send the indication information to the terminal 1300.
  • the base station 1304 obtains the indication information for instructing or denying the terminal 1300 to perform the LWA connection through the MME 1302, so that the network can know whether to allow the terminal to perform the LWA connection, thereby solving the problem that the network does not know whether to allow the UE to connect to the eNB through the current WLAN.
  • the problem is to enhance the network's control over terminal access routing.
  • the base station 1304 can provide the terminal 1300 with the identifier of the WLAN access network and/or the LWA security gateway.
  • the LWA connection is an LTE/WLAN tight coupling operation, and specifically, the terminal may be connected to the base station through the current WLAN, but is not limited thereto.
  • the LWA security gateway may be an IPSec gateway, but is not limited thereto.
  • the terminal may initiate an IPSec tunnel establishment process to the base station according to the address of the IPSec gateway, and establish an LWA connection.
  • the WLAN access network may be a trusted WLAN, and the WLAN access network has an S2a interface connected to the PGW.
  • the UE may be connected to the ePDG through the WLAN access network, and the ePDG may be connected to the PGW through the S2b interface.
  • the UE supporting the LWA may also connect to the IPSec gateway on the eNB through the WLAN access network, that is, the LWA is supported at this time.
  • the UE can connect to the PGGW gateway on the eNB through the WLAN access network, and then connect to the PGW through the serving gateway SGW.
  • the corresponding device in the system shown in FIG. 12 and the corresponding device shown in FIG. 14 can implement the actions performed by the corresponding devices shown in Embodiments 1 to 3 above, as shown in FIG.
  • the corresponding device in the system can implement the actions performed by the corresponding device shown in the foregoing embodiment 4, and details are not described herein again.
  • each of the foregoing modules may be implemented by software or hardware.
  • the foregoing may be implemented by, but not limited to, the foregoing modules are all located in the same processor; or, the above modules are different. The combination is in a different processor.
  • Embodiments of the present invention also provide a storage medium.
  • the foregoing storage medium may be configured to store program code for performing the following steps:
  • the first indication information sent by the terminal is received, where the first indication information is used to indicate that the terminal requests to establish a long-term evolution LTE network and a wireless local area network WLAN tightly coupled LWA connection or indicates that the terminal has the capability of supporting an LWA connection;
  • the LWA connection is a connection of the terminal from the WLAN to the base station in the LTE;
  • the second indication information is generated according to the network side device local pre-configuration information or the user subscription information, where the second indication information is used to indicate that the terminal is allowed or denied to perform an LWA connection.
  • the foregoing storage medium may include, but not limited to, a USB flash drive, a Read-Only Memory (ROM), a Random Access Memory (RAM), a mobile hard disk, and a magnetic memory.
  • ROM Read-Only Memory
  • RAM Random Access Memory
  • a mobile hard disk e.g., a hard disk
  • magnetic memory e.g., a hard disk
  • modules or steps of the present invention described above can be implemented by a general-purpose computing device that can be centralized on a single computing device or distributed across a network of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein.
  • the steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated as a single integrated circuit module.
  • the invention is not limited to any specific combination of hardware and software.
  • the network side device is used to generate indication information for indicating that the terminal is allowed to perform the LWA connection, so that the network can know whether to allow the terminal to perform the LWA connection, thereby solving the problem that the network does not know whether to allow or not.
  • the problem that the UE connects to the eNB through the current WLAN enhances the control of the network access route to the terminal.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Provided are a routing control method, apparatus and system. The method comprises: a network-side device receiving first indication information sent by a terminal, the first indication information being used for indicating that the terminal requests establishment of a long term evolution (LTE) network and wireless local area network (WLAN) aggregation (LWA) connection or indicating that the terminal has the capability to support the LWA connection, the LWA connection being a connection of the terminal from a WLAN to a base station in an LTE; the network-side device generating second indication information according to local pre-configuration information of the network-side device or user subscription information, the second indication information being used for indicating allowance or refusal of the LWA connection of the terminal; and the network-side device sending the second indication information to the terminal. The present invention solves the problem that a network does not know whether to allow a UE to be connected to an eNB through the current WLAN, thereby enhancing control of the network over access routing of a terminal.

Description

路由控制方法、装置及系统Route control method, device and system 技术领域Technical field
本发明涉及通信领域,具体而言,涉及一种路由控制方法、装置及系统。The present invention relates to the field of communications, and in particular to a routing control method, apparatus, and system.
背景技术Background technique
随着无线局域网络(Wireless Local Area Networks,WLAN)接入技术的日益成熟,以及用户对高速无线接入网络的需求,国内外运营商都在大力发展WLAN业务。演进分组系统(Evolved Packet System,简称EPS)支持通过S2a/S2b/S2c接口实现与非第三代移动通信伙伴计划认证授权计费3GPP网络(e.g.WLAN)的互通。非第三代合作伙伴计划(3rd Generation Partnership Project,简称为3GPP)网络包括可信任非3GPP网络和非信任非3GPP网络,所以WLAN接入网到3GPP演进分组核心网(Evolved Packet Core Network,简称EPC)也分为信任的WLAN接入网(trusted WLAN access network,简称TWAN)和非信任的WLAN接入网(untrusted WLAN access network)。信任的WLAN接入网可直接通过S2a接口与分组数据网络网关(Packet Data Network Gateway,简称PDN GW)连接;非信任的WLAN接入网要经过演进分组数据网关(Evolved Packet Data Gateway,简称ePDG)与PDN GW相连,ePDG与PDN GW间的接口为S2b。信任的WLAN和非信任的WLAN接入到EPC网络架构如图1所示。With the increasing maturity of Wireless Local Area Networks (WLAN) access technologies and the demand for high-speed wireless access networks, domestic and foreign operators are vigorously developing WLAN services. The Evolved Packet System (EPS) supports interworking with non-3rd generation mobile communication partner program authentication and authorization charging 3GPP networks (e.g. WLAN) through the S2a/S2b/S2c interface. The 3rd Generation Partnership Project (3GPP) network includes a trusted non-3GPP network and a non-trusted non-3GPP network, so the WLAN access network to the 3GPP Evolved Packet Core Network (EPC) It is also divided into a trusted WLAN access network (TWAN) and an untrusted WLAN access network. The trusted WLAN access network can be directly connected to the Packet Data Network Gateway (PDN GW) through the S2a interface; the untrusted WLAN access network must pass the Evolved Packet Data Gateway (ePDG). Connected to the PDN GW, the interface between the ePDG and the PDN GW is S2b. The trusted WLAN and untrusted WLAN access to the EPC network architecture are shown in Figure 1.
图1中的WLAN接入EPC架构,数据流分流通过TWAN或ePDG完成,长期演进(Long-Term Evolution,简称LTE)与WLAN间的数据流切换需要大量的核心网信令交互和较长的时延,且对一个业务同时使用LTE和WLAN的支持也比较有限(虽然多路径传输控制协议(Transmission Control Protocol,简称TCP)(MPTCP)之类的方案可以实现一个业务同时使用,但没法根据LTE和WLAN的网络负载等实时情况进行动态的调节)。综合上述考虑,3GPP在Rel-13阶段开始研究LTE/WLAN紧耦合操作,如图2所示,eNB上集成了WLAN接入点功能,空口上通过LTE或者WLAN的数据统一由分组数据汇聚协议(Packet Data Convergence Protocol,简称PDCP)层处理,从S1-U接口连接到核心网。图2的方案不支持与传统单独部署的WLAN AP接入配合,而很多运营商对支持传统WLAN AP有很强烈的需求,因此相关厂商又发起了支持传统AP为目标的紧耦合操作课题。The WLAN access EPC architecture in Figure 1 is implemented by TWAN or ePDG. The data flow switching between Long-Term Evolution (LTE) and WLAN requires a large number of core network signaling interactions and long time. Delay, and support for LTE and WLAN for a service is also limited (although a scheme such as Multi-Path Transmission Control Protocol (TCP)) can implement one service at the same time, but it cannot be used according to LTE. Dynamic adjustment of real-time conditions such as network load of WLAN). Based on the above considerations, 3GPP began to study LTE/WLAN tight coupling operation in the Rel-13 phase. As shown in Figure 2, the WLAN access point function is integrated on the eNB, and the data on the air interface through LTE or WLAN is unified by the packet data convergence protocol ( The Packet Data Convergence Protocol (PDCP) layer is processed from the S1-U interface to the core network. The scheme of Figure 2 does not support the WLAN AP access with traditional deployment. Many operators have strong requirements for supporting traditional WLAN APs. Therefore, related vendors have initiated tightly coupled operation tasks that support traditional APs.
图3是相关技术中LTE/WLAN紧耦合操作(LTE and WLAN Aggregation,简称LWA)支持传统WLAN接入网的架构图,在此架构中,eNB向用户设备(User Equipment,简称为UE)提供WLAN信息,相当于网络协议安全性(Internet Protocol Security,简称IPSec)网关模块,UE连接到传统WLAN获取本地IP地址后向eNB上的IPSec网关发起建立IPSec隧道。这样UE的PDCP数据包通过WLAN IPSec隧道路径到eNB再经过S1-U接口连接到核心网。FIG. 3 is a structural diagram of a LTE/WLAN Aggregation (LWA) supporting a legacy WLAN access network in the related art. In this architecture, an eNB provides a WLAN to a User Equipment (UE). The information is equivalent to the Internet Protocol Security (IPSec) gateway module. After the UE connects to the traditional WLAN to obtain the local IP address, the UE initiates an IPSec tunnel to the IPSec gateway on the eNB. Thus, the PDCP data packet of the UE is connected to the eNB through the WLAN IPSec tunnel path and then connected to the core network through the S1-U interface.
UE使用运营商部署WLAN可能有相关的签约限制,上述LTE/WLAN紧耦合场景支持传统WLAN接入的LWA IPSec方案,eNB上没有是否允许UE接入当前WLAN相关的用户签 约信息,因此之后UE进行WLAN接入认证时,网络不知道是否允许UE通过当前WLAN连接到eNB,或者UE是否可以通过S2a或者S2b方式接入到EPC,网络缺乏对UE接入路由的控制。The LTE/WLAN tightly coupled scenario supports the LWA IPSec scheme of the traditional WLAN access. The eNB does not allow the UE to access the current WLAN-related user sign. When the UE performs the WLAN access authentication, the network does not know whether to allow the UE to connect to the eNB through the current WLAN, or whether the UE can access the EPC through the S2a or S2b mode, and the network lacks control of the UE access route.
针对上述技术问题,目前尚未提出有效的解决方案。In response to the above technical problems, no effective solution has been proposed yet.
发明内容Summary of the invention
本发明提供了一种路由控制方法、装置及系统,以至少解决相关技术中网络不知道是否允许UE通过当前WLAN连接到eNB的问题。The present invention provides a route control method, apparatus and system to at least solve the problem in the related art that the network does not know whether to allow the UE to connect to the eNB through the current WLAN.
根据本发明实施例的一个方面,提供了一种路由控制方法,包括:网络侧设备接收终端发送的第一指示信息;其中,该第一指示信息用于指示终端请求建立长期演进LTE网络和无线局域网络WLAN紧耦合LWA连接或者指示终端具有支持LWA连接的能力;其中,该LWA连接为终端通过WLAN接入网到LTE基站的连接;网络侧设备按照网络侧设备本地预配置信息或者用户签约信息生成第二指示信息,其中,该第二指示信息用于指示允许或拒绝终端进行LWA连接;网络侧设备将第二指示信息发送给终端。According to an aspect of the embodiments of the present invention, a routing control method is provided, including: a network side device receiving first indication information sent by a terminal, where the first indication information is used to indicate that the terminal requests to establish a long term evolution LTE network and wireless The local area network WLAN is tightly coupled to the LWA connection or indicates that the terminal has the capability of supporting the LWA connection; wherein the LWA connection is the connection of the terminal to the LTE base station through the WLAN access network; the network side device according to the network side device local pre-configuration information or the user subscription information Generating second indication information, where the second indication information is used to indicate that the terminal is allowed or denied to perform an LWA connection; and the network side device sends the second indication information to the terminal.
在本发明实施例中,上述本地预配置信息为运营商或者网络设备商在网络侧设备上预先配置的信息;上述用户签约信息为网络侧设备从归属用户服务器(Home Subscriber Server,简称为HSS)获取的签约信息;其中,在本地预配置信息或者用户签约信息为允许终端进行LWA连接的情况下,第二指示信息为允许终端进行LWA连接的指示信息;在本地预配置信息或者用户签约信息为不允许终端进行LWA连接的情况下,第二指示信息为拒绝终端进行LWA连接的指示信息。In the embodiment of the present invention, the local pre-configuration information is pre-configured by the operator or the network equipment vendor on the network side device; the user subscription information is the network side device from the home subscriber server (HSS). The obtained subscription information; wherein, when the local pre-configuration information or the user subscription information is to allow the terminal to perform the LWA connection, the second indication information is indication information that allows the terminal to perform the LWA connection; the local pre-configuration information or the user subscription information is When the terminal is not allowed to perform the LWA connection, the second indication information is indication information for denying the terminal to perform the LWA connection.
在本发明实施例中,在本地预配置信息或者用户签约信息为允许终端进行LWA连接的情况下,上述方法还包括:网络侧设备将LWA安全网关的地址信息和/或终端的本地互联网协议IP地址发送给终端。In the embodiment of the present invention, in the case that the local pre-configuration information or the user subscription information is to allow the terminal to perform the LWA connection, the method further includes: the network side device sets the address information of the LWA security gateway and/or the local internet protocol IP of the terminal. The address is sent to the terminal.
在本发明实施例中,在网络侧设备为第三代移动通信伙伴计划3GPP认证授权计费(Authentication、Authorization and Accounting,简称AAA)服务器的情况下,上述方法应用于终端进行WLAN接入认证授权的过程中。In the embodiment of the present invention, the method is applied to the terminal for performing WLAN access authentication and authorization in the case that the network side device is a 3GPP mobile communication partner plan 3GPP authentication and authorization (AAA) server. in the process of.
在本发明实施例中,在网络侧设备为3GPP AAA服务器的情况下,网络侧设备接收终端发送的第一指示信息包括:网络侧设备通过接收终端发送的可扩展身份验证协议EAP响应消息或增强型认证和密钥协商机制挑战AKA’-Challenge消息来接收第一指示信息。In the embodiment of the present invention, when the network side device is a 3GPP AAA server, the network side device receiving the first indication information sent by the terminal includes: the network side device receiving the extensible identity verification protocol EAP response message sent by the terminal or enhancing The type authentication and key agreement mechanism challenges the AKA'-Challenge message to receive the first indication information.
在本发明实施例中,在网络侧设备为基站的情况下,网络侧设备按照用户签约信息生成第二指示信息包括:网络侧设备接收移动管理实体MME根据用户签约信息和/或终端的位置信息发送的第二指示信息。In the embodiment of the present invention, when the network side device is the base station, the network side device generates the second indication information according to the user subscription information, and the network side device receives the mobile management entity MME according to the user subscription information and/or the location information of the terminal. The second indication message sent.
根据本发明实施例的另一方面,提供了一种路由控制方法,包括:终端向网络侧设备发送第一指示信息;其中,该第一指示信息用于指示所述终端请求建立长期演进LTE网络和无 线局域网络WLAN紧耦合LWA连接或者指示终端具有支持LWA连接的能力;其中,该LWA连接为所述终端通过WLAN接入网到LTE基站的连接;终端接收网络侧设备发送的第二指示信息;其中,第二指示信息为网络侧设备按照网络侧设备本地预配置信息或者用户签约信息生成的用于指示允许或者拒绝终端进行LWA连接。According to another aspect of the present invention, a routing control method is provided, including: a terminal sending first indication information to a network side device, where the first indication information is used to indicate that the terminal requests to establish a long term evolution LTE network And none The line local area network WLAN is tightly coupled to the LWA connection or indicates that the terminal has the capability of supporting the LWA connection; wherein the LWA connection is a connection of the terminal to the LTE base station through the WLAN access network; the terminal receives the second indication information sent by the network side device; The second indication information is generated by the network side device according to the network side device local pre-configuration information or the user subscription information, to indicate that the terminal is allowed or denied to perform the LWA connection.
在本发明实施例中,上述本地预配置信息为运营商或者网络设备商在网络侧设备上预先配置的信息;上述用户签约信息为网络侧设备从归属用户服务器HSS获取的签约信息;其中,在本地预配置信息或者用户签约信息为允许终端进行LWA连接的情况下,第二指示信息为允许终端进行LWA连接的指示信息;在本地预配置信息或者用户签约信息为不允许终端进行LWA连接的情况下,第二指示信息为拒绝终端进行LWA连接的指示信息。In the embodiment of the present invention, the local pre-configuration information is information pre-configured by the operator or the network equipment vendor on the network side device; the user subscription information is the subscription information acquired by the network side device from the home subscriber server HSS; In the case that the local pre-configuration information or the user subscription information is to allow the terminal to perform the LWA connection, the second indication information is the indication information that allows the terminal to perform the LWA connection; the local pre-configuration information or the user subscription information is not allowed to perform the LWA connection by the terminal. The second indication information is indication information that denies the terminal to perform an LWA connection.
在本发明实施例中,在本地预配置信息或者用户签约信息为允许终端进行LWA连接的情况下,上述方法还包括:终端接收网络侧设备发送的LWA安全网关的地址信息和/或终端的本地互联网协议IP地址。In the embodiment of the present invention, in the case that the local pre-configuration information or the user subscription information is to allow the terminal to perform the LWA connection, the method further includes: the terminal receiving the address information of the LWA security gateway sent by the network side device and/or the locality of the terminal. Internet Protocol IP address.
在本发明实施例中,在网络侧设备为第三代移动通信伙伴计划认证授权计费3GPP AAA服务器的情况下,上述方法应用于终端进行WLAN接入认证授权的过程中。In the embodiment of the present invention, in the case that the network side device is the third generation mobile communication partner plan authentication and authorization charging 3GPP AAA server, the foregoing method is applied to the process in which the terminal performs the WLAN access authentication and authorization.
在本发明实施例中,在网络侧设备为3GPP AAA服务器的情况下,终端向网络侧设备发送第一指示信息包括:终端通过向网络侧设备发送可扩展身份验证协议(Extensible authentication protocol,简称EAP)响应消息或增强型认证和密钥协商机制挑战(Authentication and Key Agreement Protocol–Challenge,简称AKA’-Challenge)消息来发送第一指示信息。In the embodiment of the present invention, when the network side device is a 3GPP AAA server, the terminal sends the first indication information to the network side device, where the terminal sends an Extensible Authentication Protocol (EAP) to the network side device. The first indication information is sent by a response message or an Authentication and Key Agreement Protocol (Challenge, AKA-Challenge) message.
根据本发明实施例的另一方面,提供了一种路由控制装置,该装置应用于网络侧设备,包括:接收模块,设置为接收终端发送的第一指示信息;其中,第一指示信息用于指示终端请求建立长期演进LTE网络和无线局域网络WLAN紧耦合LWA连接或者指示终端具有支持LWA连接的能力;其中,该LWA连接为终端通过WLAN接入网到LTE基站的连接;生成模块,设置为按照网络侧设备本地预配置信息或者用户签约信息生成第二指示信息,其中,该第二指示信息用于指示允许或拒绝终端进行LWA连接;发送模块,设置为将第二指示信息发送给终端。According to another aspect of the present invention, a routing control apparatus is provided, where the apparatus is applied to a network side device, and includes: a receiving module, configured to receive first indication information sent by the terminal; wherein the first indication information is used by Instructing the terminal to request to establish a long-term evolution LTE network and a wireless local area network WLAN tightly coupled LWA connection or to indicate that the terminal has the capability of supporting an LWA connection; wherein the LWA connection is a connection of the terminal to the LTE base station through the WLAN access network; the generating module is set to The second indication information is generated according to the network side device local pre-configuration information or the user subscription information, where the second indication information is used to indicate that the terminal is allowed or denied to perform an LWA connection, and the sending module is configured to send the second indication information to the terminal.
在本发明实施例中,上述本地预配置信息为运营商或者网络设备商在网络侧设备上预先配置的信息;上述用户签约信息为网络侧设备从归属用户服务器HSS获取的签约信息;其中,在本地预配置信息或者用户签约信息为允许终端进行LWA连接的情况下,第二指示信息为允许终端进行LWA连接的指示信息;在本地预配置信息或者用户签约信息为不允许终端进行LWA连接的情况下,第二指示信息为拒绝终端进行LWA连接的指示信息。In the embodiment of the present invention, the local pre-configuration information is information pre-configured by the operator or the network equipment vendor on the network side device; the user subscription information is the subscription information acquired by the network side device from the home subscriber server HSS; In the case that the local pre-configuration information or the user subscription information is to allow the terminal to perform the LWA connection, the second indication information is the indication information that allows the terminal to perform the LWA connection; the local pre-configuration information or the user subscription information is not allowed to perform the LWA connection by the terminal. The second indication information is indication information that denies the terminal to perform an LWA connection.
在本发明实施例中,发送模块,还设置为在本地预配置信息或者用户签约信息为允许终端进行LWA连接的情况下,将LWA安全网关的地址信息和/或终端的本地互联网协议IP地址发送给终端。In the embodiment of the present invention, the sending module is further configured to send the address information of the LWA security gateway and/or the local internet protocol IP address of the terminal in the case that the local pre-configuration information or the user subscription information is to allow the terminal to perform the LWA connection. Give the terminal.
根据本发明实施例的另一方面,提供了一种路由控制装置,该装置应用于终端,包括: 发送模块,设置为向网络侧设备发送第一指示信息;其中,第一指示信息用于指示终端请求建立长期演进LTE网络和无线局域网络WLAN紧耦合LWA连接或者指示终端具有支持LWA连接的能力;其中,该LWA连接为终端通过WLAN接入网到LTE基站的连接;接收模块,设置为接收网络侧设备发送的第二指示信息;其中,第二指示信息为网络侧设备按照网络侧设备本地预配置信息或者用户签约信息生成的用于指示允许或者拒绝终端进行LWA连接。According to another aspect of the present invention, a routing control apparatus is provided, where the apparatus is applied to a terminal, including: The sending module is configured to send the first indication information to the network side device, where the first indication information is used to indicate that the terminal requests to establish a long term evolution LTE network and a wireless local area network WLAN tightly coupled LWA connection or to indicate that the terminal has the capability of supporting the LWA connection; The LWA connection is a connection of the terminal to the LTE base station through the WLAN access network, and the receiving module is configured to receive the second indication information sent by the network side device, where the second indication information is that the network side device is locally pre-configured according to the network side device. The configuration information or the user subscription information is generated to indicate that the terminal is allowed or denied to perform an LWA connection.
在本发明实施例中,上述本地预配置信息为运营商或者网络设备商在网络侧设备上预先配置的信息;上述用户签约信息为网络侧设备从归属用户服务器HSS获取的签约信息;其中,在本地预配置信息或者用户签约信息为允许终端进行LWA连接的情况下,第二指示信息为允许终端进行LWA连接的指示信息;在本地预配置信息或者用户签约信息为不允许终端进行LWA连接的情况下,第二指示信息为拒绝终端进行LWA连接的指示信息。In the embodiment of the present invention, the local pre-configuration information is information pre-configured by the operator or the network equipment vendor on the network side device; the user subscription information is the subscription information acquired by the network side device from the home subscriber server HSS; In the case that the local pre-configuration information or the user subscription information is to allow the terminal to perform the LWA connection, the second indication information is the indication information that allows the terminal to perform the LWA connection; the local pre-configuration information or the user subscription information is not allowed to perform the LWA connection by the terminal. The second indication information is indication information that denies the terminal to perform an LWA connection.
在本发明实施例中,上述接收模块,还设置为在本地预配置信息或用户签约信息为允许终端进行LWA连接的情况下,接收网络侧设备发送的LWA安全网关的地址信息和/或终端的本地互联网协议IP地址。In the embodiment of the present invention, the receiving module is further configured to receive the address information of the LWA security gateway sent by the network side device and/or the terminal when the local pre-configuration information or the user subscription information is to allow the terminal to perform the LWA connection. Local internet protocol IP address.
根据本发明实施例的另一方面,提供了一种路由控制系统,包括:终端,无线局域网WLAN接入网设备,第三代移动通信伙伴计划认证授权计费3GPP AAA服务器,归属用户服务器HSS,终端设置为通过WLAN接入网设备向3GPP AAA服务器发送可扩展身份验证协议EPA响应消息或增强型认证和密钥协商机制挑战AKA’-Challenge消息建立长期演进LTE网络和无线局域网络WLAN紧耦合LWA连接或者指示终端具有支持LWA连接的能力;其中,该LWA连接为终端通过WLAN接入网到LTE基站的连接;3GPP AAA服务器设置为向HSS获取终端的用户签约信息;其中,用户签约信息包括允许或拒绝终端进行LWA连接;以及在用户签约信息为允许终端进行LWA连接的情况下,通过WLAN接入网设备将允许终端执行LWA连接的指示信息发送给终端;在用户签约信息为拒绝终端进行LWA连接的情况下,通过WLAN接入网设备将拒绝终端执行LWA连接的指示信息发送给终端。According to another aspect of the present invention, a routing control system is provided, including: a terminal, a wireless local area network WLAN access network device, a third generation mobile communication partner plan authentication and authorization charging 3GPP AAA server, and a home user server HSS, The terminal is configured to send a scalable authentication protocol EPA response message or an enhanced authentication and key agreement mechanism to the 3GPP AAA server through the WLAN access network device to challenge the AKA'-Challenge message to establish a long-term evolution LTE network and a wireless local area network WLAN tightly coupled LWA Connecting or instructing the terminal to have the capability of supporting the LWA connection; wherein the LWA connection is a connection of the terminal to the LTE base station through the WLAN access network; the 3GPP AAA server is configured to acquire the user subscription information of the terminal from the HSS; wherein the user subscription information includes permission Or rejecting the terminal to perform the LWA connection; and in the case that the user subscription information is to allow the terminal to perform the LWA connection, the WLAN access network device transmits the indication information for allowing the terminal to perform the LWA connection to the terminal; and the user subscription information is the rejected terminal for the LWA. In the case of a connection, the device accessing the network through the WLAN will refuse The indication information that the terminal performs the LWA connection is sent to the terminal.
根据本发明实施例的另一方面,提供了一种路由控制系统,包括:终端,移动管理实体MME,基站;MME设置为从归属用户服务器HSS获取终端的用户签约信息,以及根据用户签约信息或终端位置信息向基站提供允许或者拒绝终端执行LWA连接的指示信息;其中,在用户签约信息为允许终端进行LWA连接的情况下,指示信息为指示允许终端进行LWA连接的信息;在用户签约信息为拒绝终端进行LWA连接的情况下,指示信息为指示拒绝终端执行LWA连接的信息;其中,上述LWA连接为终端通过无线局域网络WLAN接入网到长期演进LTE网络基站的连接;基站将指示信息下发给终端。According to another aspect of the present invention, a routing control system is provided, including: a terminal, a mobility management entity MME, and a base station; the MME is configured to acquire user subscription information of the terminal from the home subscriber server HSS, and according to the user subscription information or The terminal location information provides the base station with indication information that allows or denies the terminal to perform the LWA connection; wherein, in the case that the user subscription information is to allow the terminal to perform the LWA connection, the indication information is information indicating that the terminal is allowed to perform the LWA connection; In the case that the terminal is denied the LWA connection, the indication information is information indicating that the terminal is denied to perform the LWA connection; wherein the LWA connection is a connection of the terminal to the long-term evolution LTE network base station through the WLAN access network; the base station will indicate the information Send to the terminal.
通过本发明实施例,采用网络侧设备生成用于指示允许或者拒绝终端进行LWA连接的指示信息,使得网络能够获知是否允许终端进行LWA连接,进而解决了网络不知道是否允许UE通过当前WLAN连接到eNB的问题,增强了网络对终端接入路由的控制。With the embodiment of the present invention, the network side device is used to generate the indication information for instructing or denying the terminal to perform the LWA connection, so that the network can know whether to allow the terminal to perform the LWA connection, thereby solving the problem that the network does not know whether to allow the UE to connect through the current WLAN. The problem of the eNB enhances the control of the network access route to the terminal.
附图说明 DRAWINGS
此处所说明的附图用来提供对本发明的进一步理解,构成本申请的一部分,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The drawings described herein are intended to provide a further understanding of the invention, and are intended to be a part of the invention. In the drawing:
图1是相关技术中信任的WLAN和非信任的WLAN接入到EPC网络的架构图;1 is an architectural diagram of a trusted WLAN and an untrusted WLAN accessing to an EPC network in the related art;
图2是相关技术中LTE/WLAN紧耦合操作(LWA)中LTE中基站的架构图;2 is a structural diagram of a base station in LTE in LTE/WLAN Tightly Coupled Operation (LWA) in the related art;
图3是相关技术中LTE/WLAN紧耦合操作(LWA)支持传统WLAN接入网的架构图;3 is a structural diagram of a related art LTE/WLAN Tightly Coupled Operation (LWA) supporting a legacy WLAN access network;
图4是根据本发明实施例的路由控制方法的流程图一;4 is a flowchart 1 of a routing control method according to an embodiment of the present invention;
图5是根据本发明实施例的路由控制方法的流程图二;FIG. 5 is a second flowchart of a route control method according to an embodiment of the present invention; FIG.
图6是根据本发明实施例1的路由控制方法的流程图;6 is a flowchart of a route control method according to Embodiment 1 of the present invention;
图7是根据本发明实施例2的路由控制方法的流程图;7 is a flowchart of a route control method according to Embodiment 2 of the present invention;
图8是根据本发明实施例3的路由控制方法的流程图;8 is a flowchart of a route control method according to Embodiment 3 of the present invention;
图9是根据本发明实施例4的路由控制方法的流程图;9 is a flowchart of a route control method according to Embodiment 4 of the present invention;
图10是根据本发明实施例的路由控制装置的结构框图一;FIG. 10 is a structural block diagram 1 of a routing control apparatus according to an embodiment of the present invention; FIG.
图11是根据本发明实施例的路由控制装置的结构框图二;11 is a structural block diagram 2 of a routing control apparatus according to an embodiment of the present invention;
图12是根据本发明实施例的路由控制系统的结构框图一;12 is a structural block diagram 1 of a routing control system according to an embodiment of the present invention;
图13是根据本发明实施例的路由控制系统的结构框图二;13 is a structural block diagram 2 of a routing control system according to an embodiment of the present invention;
图14是本发明实施例提供的从WLAN接入网连接到eNB的架构图。FIG. 14 is a structural diagram of connecting from a WLAN access network to an eNB according to an embodiment of the present invention.
具体实施方式detailed description
下文中将参考附图并结合实施例来详细说明本发明。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。The invention will be described in detail below with reference to the drawings in conjunction with the embodiments. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict.
需要说明的是,本发明的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。It is to be understood that the terms "first", "second" and the like in the specification and claims of the present invention are used to distinguish similar objects, and are not necessarily used to describe a particular order or order.
在本实施例中提供了一种路由控制方法,图4是根据本发明实施例的路由控制方法的流程图一,如图4所示,该流程包括如下步骤:A routing control method is provided in this embodiment. FIG. 4 is a flowchart 1 of a routing control method according to an embodiment of the present invention. As shown in FIG. 4, the process includes the following steps:
步骤S402,网络侧设备接收终端发送的第一指示信息;其中,该第一指示信息用于指示终端请求建立长期演进LTE网络和无线局域网络WLAN紧耦合LWA连接或者指示终端具有支持LWA连接的能力;其中,该LWA连接为终端通过WLAN接入网到LTE基站的连接;Step S402: The network side device receives the first indication information sent by the terminal, where the first indication information is used to indicate that the terminal requests to establish a long-term evolution LTE network and a wireless local area network WLAN tightly coupled LWA connection or indicate that the terminal has the capability of supporting the LWA connection. Wherein the LWA connection is a connection of the terminal to the LTE base station through the WLAN access network;
步骤S404,网络侧设备按照网络侧设备本地预配置信息或者用户签约信息生成第二指示信息,其中,该第二指示信息用于指示允许或拒绝终端进行LWA连接; Step S404, the network side device generates the second indication information according to the network side device local pre-configuration information or the user subscription information, where the second indication information is used to indicate that the terminal is allowed or denied to perform the LWA connection;
步骤S406,网络侧设备将第二指示信息发送给终端。Step S406: The network side device sends the second indication information to the terminal.
需要说明的是,上述本地预配置信息为运营商或者网络设备商在网络侧设备上预先配置的信息;上述用户签约信息为网络侧设备从归属用户服务器HSS获取的签约信息;其中,在本地预配置信息或者用户签约信息为允许终端进行LWA连接的情况下,第二指示信息为允许终端进行LWA连接的指示信息;在本地预配置信息或者用户签约信息为不允许终端进行LWA连接的情况下,第二指示信息为拒绝终端进行LWA连接的指示信息。需要说明的是,上述本地预配置信息可以是网络侧设备进行出厂时设置的,也可以是运营商进行设置的,但并不限于此。It should be noted that the foregoing local pre-configuration information is information pre-configured by the operator or the network equipment vendor on the network side device; the user subscription information is the subscription information acquired by the network side device from the home subscriber server HSS; In the case that the configuration information or the user subscription information is to allow the terminal to perform the LWA connection, the second indication information is the indication information for allowing the terminal to perform the LWA connection; if the local pre-configuration information or the user subscription information is not allowing the terminal to perform the LWA connection, The second indication information is indication information that denies the terminal to perform an LWA connection. It should be noted that the foregoing local pre-configuration information may be set by the network side device when it is shipped from the factory, or may be set by the operator, but is not limited thereto.
通过上述步骤,通过网络侧设备生成用于指示允许或拒绝终端进行LWA连接的指示信息,使得网络能够获知是否允许终端进行LWA连接,进而解决了网络不知道是否允许UE通过当前WLAN连接到eNB的问题,增强了网络对终端接入路由的控制。Through the above steps, the network side device generates indication information for indicating whether to allow or deny the terminal to perform the LWA connection, so that the network can know whether to allow the terminal to perform the LWA connection, thereby solving the problem that the network does not know whether to allow the UE to connect to the eNB through the current WLAN. The problem is to enhance the control of the network to the terminal access route.
需要说明的是,在网络能够获知是否允许UE通过当前WLAN连接到eNB时,由于终端具有通过当前WLAN连接到eNB的能力,因而终端可以实现通过当前WLAN连接到eNB,进而可以实现通过LWA连接连接到演进分组核心网EPC。It should be noted that, when the network can know whether to allow the UE to connect to the eNB through the current WLAN, since the terminal has the capability of connecting to the eNB through the current WLAN, the terminal can connect to the eNB through the current WLAN, and thus can connect through the LWA connection. To the Evolved Packet Core Network EPC.
在本发明的一个实施例中,在本地预配置信息或者用户签约信息为允许终端进行LWA连接的情况下,上述方法还可以包括:网络侧设备将LWA安全网关的地址信息和/或终端的本地互联网协议IP地址发送给终端。In an embodiment of the present invention, in the case that the local pre-configuration information or the user subscription information is to allow the terminal to perform the LWA connection, the method may further include: the network side device, the address information of the LWA security gateway and/or the locality of the terminal. The internet protocol IP address is sent to the terminal.
需要说明的是,上述LWA安全网关可以为IPSec网关,但并不限于此,在LWA安全网关为IPSec网关的情况下,可以根据该IPSec网关的地址向基站发起IPSec隧道建立流程,建立LWA连接。It should be noted that the foregoing LWA security gateway may be an IPSec gateway, but is not limited thereto. In the case that the LWA security gateway is an IPSec gateway, an IPSec tunnel establishment process may be initiated to the base station according to the address of the IPSec gateway, and an LWA connection is established.
需要说明的是,上述网络侧设备可以包括以下至少之一:3GPP AAA服务器服务器、基站。It should be noted that the network side device may include at least one of the following: a 3GPP AAA server server and a base station.
在上述网络侧设备为3GPP AAA服务器的情况下,上述方法可以应用于终端进行WLAN接入认证授权的过程中。在上述步骤S402之前,上述方法还可以包括:网络侧设备将包含WLAM的信任标识的消息发送给终端;其中,信任标识用于指示WLAN是信任WLAN网络还是非信任WLAN网络。该包含WLAM的信任标识的消息可以是AKA’-Challenge消息,但并不限于此。上述步骤S402可以通过以下方式实现:网络侧设备通过接收终端发送的EAP响应消息或AKA’-Challenge消息来接收第一指示信息。网络侧设备可以通过AKA’-通知(AKA’-notification)消息将LWA安全网关的地址信息发送给终端。In the case that the network side device is a 3GPP AAA server, the foregoing method may be applied to a process in which the terminal performs WLAN access authentication and authorization. Before the foregoing step S402, the method may further include: the network side device sends a message including the trust identifier of the WLAM to the terminal; wherein the trust identifier is used to indicate whether the WLAN is a trusted WLAN network or an untrusted WLAN network. The message containing the trust identifier of the WLAM may be an AKA'-Challenge message, but is not limited thereto. The foregoing step S402 can be implemented in the following manner: the network side device receives the first indication information by receiving an EAP response message or an AKA'-Challenge message sent by the terminal. The network side device can transmit the address information of the LWA security gateway to the terminal through an AKA'-notification (AKA'-notification) message.
在上述网络侧设备为基站的情况下,上述方法还可以包括:网络侧设备向终端提供WLAN的信任标识;其中,信任标识用于指示WLAN是信任WLAN网络还是非信任WLAN网络。网络侧设备依据从归属用户服务器HSS获取的终端的用户签约信息生成第二指示信息可以包括:网络侧设备接收移动管理实体MME根据用户签约信息和/或终端的位置信息发送的第二指示信息。In the case that the network side device is a base station, the method may further include: the network side device providing the terminal with a trust identifier of the WLAN; wherein the trust identifier is used to indicate whether the WLAN is a trusted WLAN network or an untrusted WLAN network. The generating, by the network side device, the second indication information according to the user subscription information of the terminal acquired by the home subscriber server HSS may include: the network side device receiving the second indication information that is sent by the mobility management entity MME according to the user subscription information and/or the location information of the terminal.
在本实施例中提供了一种路由控制方法,图5是根据本发明实施例的路由控制方法的流 程图二,如图5所示,该流程包括如下步骤:In this embodiment, a route control method is provided, and FIG. 5 is a flow of a route control method according to an embodiment of the present invention. As shown in Figure 5, the process includes the following steps:
步骤S502,终端向网络侧设备发送第一指示信息;其中,该第一指示信息用于指示所述终端请求建立长期演进LTE网络和无线局域网络WLAN紧耦合LWA连接或者指示终端具有支持LWA连接的能力;其中,该LWA连接为所述终端通过WLAN接入网到LTE基站的连接;Step S502: The terminal sends the first indication information to the network side device, where the first indication information is used to indicate that the terminal requests to establish a long-term evolution LTE network and a wireless local area network WLAN tightly coupled LWA connection or indicate that the terminal has an LWA connection. Capability; wherein the LWA connection is a connection of the terminal to the LTE base station through the WLAN access network;
步骤S504,终端接收网络侧设备发送的第二指示信息;其中,第二指示信息为网络侧设备按照网络侧设备本地预配置信息或者用户签约信息生成的用于指示允许或者拒绝终端进行LWA连接。Step S504: The terminal receives the second indication information sent by the network side device, where the second indication information is generated by the network side device according to the network side device local pre-configuration information or the user subscription information, to indicate that the terminal is allowed or denied to perform the LWA connection.
需要说明的是,上述本地预配置信息为运营商或者网络设备商在网络侧设备上预先配置的信息;上述用户签约信息为网络侧设备从归属用户服务器HSS获取的签约信息;其中,在本地预配置信息或者用户签约信息为允许终端进行LWA连接的情况下,第二指示信息为允许终端进行LWA连接的指示信息;在本地预配置信息或者用户签约信息为不允许终端进行LWA连接的情况下,第二指示信息为拒绝终端进行LWA连接的指示信息。需要说明的是,上述本地预配置信息可以是网络侧设备进行出厂时设置的,也可以是运营商进行设置的,但并不限于此。It should be noted that the foregoing local pre-configuration information is information pre-configured by the operator or the network equipment vendor on the network side device; the user subscription information is the subscription information acquired by the network side device from the home subscriber server HSS; In the case that the configuration information or the user subscription information is to allow the terminal to perform the LWA connection, the second indication information is the indication information for allowing the terminal to perform the LWA connection; if the local pre-configuration information or the user subscription information is not allowing the terminal to perform the LWA connection, The second indication information is indication information that denies the terminal to perform an LWA connection. It should be noted that the foregoing local pre-configuration information may be set by the network side device when it is shipped from the factory, or may be set by the operator, but is not limited thereto.
上述步骤,通过采用网络侧设备生成用于指示允许或拒绝终端进行LWA连接的指示信息,使得网络能够获知是否允许终端进行LWA连接,进而解决了网络不知道是否允许UE通过当前WLAN连接到eNB的问题,增强了网络对终端接入路由的控制。In the above steps, the network side device is used to generate the indication information for instructing or denying the terminal to perform the LWA connection, so that the network can know whether to allow the terminal to perform the LWA connection, thereby solving the problem that the network does not know whether to allow the UE to connect to the eNB through the current WLAN. The problem is to enhance the control of the network to the terminal access route.
需要说明的是,在网络能够获知是否允许UE通过当前WLAN连接到eNB时,由于终端具有通过当前WLAN连接到eNB的能力,因而终端可以实现通过当前WLAN连接到eNB,进而可以实现通过LWA连接连接到演进分组核心网EPC。It should be noted that, when the network can know whether to allow the UE to connect to the eNB through the current WLAN, since the terminal has the capability of connecting to the eNB through the current WLAN, the terminal can connect to the eNB through the current WLAN, and thus can connect through the LWA connection. To the Evolved Packet Core Network EPC.
在本发明的一个实施例中,在本地预配置信息或者用户签约信息为允许终端进行LWA连接的情况下,上述方法还包括:终端接收网络侧设备发送的LWA安全网关的地址信息和/或终端的本地互联网协议IP地址。In an embodiment of the present invention, in the case that the local pre-configuration information or the user subscription information is to allow the terminal to perform the LWA connection, the method further includes: the terminal receiving the address information and/or the terminal of the LWA security gateway sent by the network side device. Local internet protocol IP address.
需要说明的是,上述LWA安全网关可以为IPSec网关,但并不限于此,在LWA安全网关为IPSec网关的情况下,可以根据该IPSec网关的地址向基站发起IPSec隧道建立流程,建立LWA连接。It should be noted that the foregoing LWA security gateway may be an IPSec gateway, but is not limited thereto. In the case that the LWA security gateway is an IPSec gateway, an IPSec tunnel establishment process may be initiated to the base station according to the address of the IPSec gateway, and an LWA connection is established.
需要说明的是,上述网络侧设备可以包括以下至少之一:3GPP AAA服务器服务器、基站。It should be noted that the network side device may include at least one of the following: a 3GPP AAA server server and a base station.
在网络侧设备为3GPP AAA服务器的情况下,上述方法应用于终端进行WLAN接入认证授权的过程中。在步骤S502之前,上述方法还包括:终端接收网络侧设备发送的WLAM的信任标识;其中,信任标识用于指示WLAN是信任WLAN网络还是非信任WLAN网络。该包含WLAM的信任标识的消息可以是AKA’-Challenge消息,但并不限于此。上述步骤S502可以通过以下方式实现:终端通过向网络侧设备发送EAP响应消息或AKA’-Challenge消息来发送第一指示信息。并且,终端可以通过AKA’-notification消息接收网络侧设备发送的LWA安全网关的地址信息。 In the case that the network side device is a 3GPP AAA server, the foregoing method is applied to a process in which the terminal performs WLAN access authentication and authorization. Before the step S502, the method further includes: the terminal receiving the trust identifier of the WLAM sent by the network side device; wherein the trust identifier is used to indicate whether the WLAN is a trusted WLAN network or a non-trusted WLAN network. The message containing the trust identifier of the WLAM may be an AKA'-Challenge message, but is not limited thereto. The foregoing step S502 can be implemented in the following manner: the terminal sends the first indication information by sending an EAP response message or an AKA'-Challenge message to the network side device. Moreover, the terminal can receive the address information of the LWA security gateway sent by the network side device by using the AKA'-notification message.
在网络侧设备为基站的情况下,上述方法还可以包括:终端接收网络侧设备提供的WLAN的信任标识;其中,信任标识用于指示WLAN是信任WLAN网络还是非信任WLAN网络。In the case that the network side device is a base station, the method may further include: the terminal receiving the trust identifier of the WLAN provided by the network side device; wherein the trust identifier is used to indicate whether the WLAN is a trusted WLAN network or an untrusted WLAN network.
为了更好的理解本发明,以下结合优选的实施例对本发明做进一步解释。For a better understanding of the invention, the invention is further explained in conjunction with the preferred embodiments.
实施例1Example 1
支持LTE WLAN紧耦合的UE发现WLAN接入网,UE进行WLAN接入的认证授权的流程,UE向网络发送的请求或支持LWA连接指示信息,网络根据UE的用户签约信息准许UE进行LWA连接,并向UE提供LWA连接的IPSec网关地址。流程图如图6所示,具体实施步骤如下:The UE supports the LTE WLAN tightly coupled UE to discover the WLAN access network, the UE performs the WLAN access authentication and authorization process, the UE sends a request to the network or supports the LWA connection indication information, and the network permits the UE to perform the LWA connection according to the UE user subscription information. And provide the UE with the IPSec gateway address of the LWA connection. The flow chart is shown in Figure 6. The specific implementation steps are as follows:
步骤601,用户设备UE和WLAN接入网建立基于IEEE 802.11的连接;Step 601: The user equipment UE and the WLAN access network establish an IEEE 802.11-based connection.
步骤602~603,WLAN接入网和UE交互可扩展身份验证协议(EAP Identity)消息,进行身份认证接入配置信息交互处理;Steps 602-603, the WLAN access network and the UE exchange an EAP Identity message, and perform identity authentication access configuration information interaction processing;
步骤604~607,WLAN接入网将直径(Diameter)认证授权请求消息发送到3GPP AAA服务器服务器,3GPP AAA服务器从HSS获取认证向量后发送EAP请求(Request)/AKA’-Challenge到UE,AKA’-Chllenge消息中可能包含WLAN网络的信任标识,指示为信任的WLAN网络或非信任WLAN网络;Steps 604-607, the WLAN access network sends a Diameter authentication authorization request message to the 3GPP AAA server server, and the 3GPP AAA server sends an EAP request (Request)/AKA'-Challenge to the UE, AKA' after acquiring the authentication vector from the HSS. The -Chllenge message may include a trust identifier of the WLAN network, indicated as a trusted WLAN network or an untrusted WLAN network;
步骤608~610,UE向3GPP AAA服务器发送EAP应答(Response)/AKA’-Challenge消息请求LWA连接或指示UE支持LWA连接;3GPP AAA服务器向HSS注册获取用户用户签约信息,3GPP AAA服务器根据用户签约信息内容或者本地预配置信息,判定UE可以从当前WLAN接入网进行LWA连接。Steps 608-610, the UE sends an EAP Reply/AKA'-Challenge message to the 3GPP AAA server to request the LWA connection or instructs the UE to support the LWA connection; the 3GPP AAA server registers with the HSS to obtain the user user subscription information, and the 3GPP AAA server signs the subscription according to the user. The information content or the local pre-configuration information determines that the UE can make an LWA connection from the current WLAN access network.
步骤611~612,3GPP AAA服务器将允许UE执行LWA连接的指示信息,同时也可能向UE提供LWA IPSec网关的地址信息,通过AKA’-notification消息发送给UE。Steps 611-612, the 3GPP AAA server will allow the UE to perform the indication information of the LWA connection, and may also provide the address information of the LWA IPSec gateway to the UE, and send the information to the UE through the AKA'-notification message.
步骤613~618,UE完成后续认证授权流程,认证授权成功,WLAN通过DHCP或者其他网络配置协议为UE分配本地IP地址,UE向网络提供的LWA IPSec网关地址发起IPSec隧道建立流程,建立LWA连接。Steps 613-618, the UE completes the subsequent authentication and authorization process, and the authentication and authorization is successful. The WLAN allocates a local IP address to the UE through DHCP or other network configuration protocols. The UE initiates an IPSec tunnel establishment process to the LWA IPSec gateway address provided by the network, and establishes an LWA connection.
实施例2Example 2
支持LTE WLAN紧耦合的UE已经从3GPP接入建立连接,并从eNB获取到WLAN和IPSec网关的相关信息。UE发现WLAN接入网,UE进行WLAN接入的认证授权的流程,UE向网络发送的请求或支持LWA连接指示信息,网络根据UE的用户签约信息拒绝了UE LWA连接请求。流程图如图7所示,具体实施步骤如下:A UE that supports LTE WLAN tight coupling has established a connection from the 3GPP access and acquires information about the WLAN and the IPSec gateway from the eNB. The UE discovers the WLAN access network, the process of the UE performing the WLAN access authentication and authorization, the request sent by the UE to the network or the LWA connection indication information, and the network rejects the UE LWA connection request according to the UE user subscription information. The flow chart is shown in Figure 7. The specific implementation steps are as follows:
步骤701,UE从3GPP接入到网络,和eNB之间建立了RRC连接,eNB通过RRC消息为UE提供了WLAN和IPSec网关地址等信息; Step 701: The UE accesses the network from the 3GPP, and establishes an RRC connection with the eNB. The eNB provides the WLAN and the IPSec gateway address and other information to the UE through the RRC message.
步骤702,用户设备UE和WLAN接入网建立基于IEEE 802.11的连接;Step 702: The user equipment UE and the WLAN access network establish an IEEE 802.11-based connection.
步骤703~704,WLAN接入网和UE交互EAP Identity消息,进行身份认证接入配置信息交互处理;Steps 703-704, the WLAN access network and the UE exchange EAP Identity messages, and perform identity authentication access configuration information interaction processing;
步骤705~708,WLAN接入网将Diameter认证授权请求消息发送到3GPP AAA服务器服务器,3GPP AAA服务器从HSS获取认证向量后发送EAP Request/AKA’-Challenge到UE,AKA’-Chllenge消息中可能包含WLAN网络的信任标识,指示为信任的WLAN网络或非信任WLAN网络;Steps 705-708, the WLAN access network sends a Diameter authentication authorization request message to the 3GPP AAA server server, and the 3GPP AAA server sends an EAP Request/AKA'-Challenge to the UE after obtaining the authentication vector from the HSS, and the AKA'-Chllenge message may include a trust identifier of the WLAN network, indicated as a trusted WLAN network or an untrusted WLAN network;
步骤709~711,UE向3GPP AAA服务器发送EAP Response/AKA’-Challenge消息请求LWA连接或指示UE支持LWA连接;3GPP AAA服务器向HSS注册获取用户用户签约信息,3GPP AAA服务器服务器根据用户签约信息内容或者本地预配置信息,判定UE禁止从当前WLAN接入网进行LWA连接;Steps 709-711, the UE sends an EAP Response/AKA'-Challenge message to the 3GPP AAA server to request an LWA connection or instructs the UE to support the LWA connection; the 3GPP AAA server registers with the HSS to obtain user user subscription information, and the 3GPP AAA server server according to the user subscription information content Or the local pre-configuration information, determining that the UE prohibits the LWA connection from the current WLAN access network;
步骤712~713,3GPP AAA服务器将拒绝UE执行LWA连接的指示信息通过AKA’-notification消息发送给UE。In steps 712-713, the 3GPP AAA server sends the indication information that the UE performs the LWA connection to the UE through the AKA'-notification message.
步骤714~717,UE完成后续认证流程,EAP认证失败。In steps 714-717, the UE completes the subsequent authentication process, and the EAP authentication fails.
实施例3Example 3
支持LTE WLAN紧耦合的UE已经从3GPP接入建立连接,从eNB获取到WLAN。UE发现WLAN接入网,UE进行WLAN接入的认证授权的流程,UE向网络发送的请求或支持LWA连接指示信息,网络根据UE的用户签约信息准许UE进行LWA连接,并向UE提供本地IP地址和LWA连接的IPSec网关地址。流程图如图8所示,具体实施步骤如下:A UE that supports LTE WLAN tight coupling has established a connection from the 3GPP access and a WLAN from the eNB. The UE discovers the WLAN access network, the process of the UE performing the authentication and authorization of the WLAN access, the request sent by the UE to the network, or the LWA connection indication information, and the network grants the UE the LWA connection according to the user subscription information of the UE, and provides the local IP to the UE. Address and IPSec gateway address of the LWA connection. The flow chart is shown in Figure 8. The specific implementation steps are as follows:
步骤801,UE从3GPP接入到网络,和eNB之间建立了RRC连接,eNB通过RRC消息为UE提供了WLAN接入网的信息;Step 801: The UE accesses the network from the 3GPP, and establishes an RRC connection with the eNB. The eNB provides the UE with the information of the WLAN access network through the RRC message.
步骤802,用户设备UE和WLAN建立基于IEEE 802.11的连接;Step 802, the user equipment UE and the WLAN establish an IEEE 802.11-based connection;
步骤803~804,WLAN接入网和UE交互EAP Identity消息,进行身份认证接入配置信息交互处理; Steps 803 to 804, the WLAN access network and the UE exchange EAP Identity messages, and perform identity authentication access configuration information interaction processing;
步骤805~808,WLAN接入网将Diameter认证授权请求消息发送到3GPP AAA服务器服务器,3GPP AAA服务器从HSS获取认证向量后发送EAP Request/AKA’-Challenge到UE,AKA’-Chllenge消息中可能包含WLAN网络的信任标识,指示为信任的WLAN网络或非信任WLAN网络;Steps 805-808, the WLAN access network sends a Diameter authentication authorization request message to the 3GPP AAA server server, and the 3GPP AAA server sends an EAP Request/AKA'-Challenge to the UE after obtaining the authentication vector from the HSS, and the AKA'-Chllenge message may include a trust identifier of the WLAN network, indicated as a trusted WLAN network or an untrusted WLAN network;
步骤809~811,UE向3GPP AAA服务器发送EAP Response/AKA’-Challenge消息请求LWA连接或指示UE支持LWA连接;3GPP AAA服务器向HSS注册获取用户签约信息,3GPP AAA服务器根据用户签约信息内容或者本地预配置信息,判定UE可以从当前WLAN接入网进行 LWA连接。Steps 809-811, the UE sends an EAP Response/AKA'-Challenge message to the 3GPP AAA server to request the LWA connection or instructs the UE to support the LWA connection; the 3GPP AAA server registers with the HSS to obtain the user subscription information, and the 3GPP AAA server according to the user subscription information content or local Pre-configuration information, determining that the UE can proceed from the current WLAN access network LWA connection.
步骤812~813,3GPP AAA服务器将允许UE执行LWA连接的指示信息,同时也可能向UE提供LWA IPSec网关的地址信息和/或UE本地IP地址,通过AKA’-notification消息发送给UE。Steps 812-813, the 3GPP AAA server will allow the UE to perform the indication information of the LWA connection, and may also provide the UE with the address information of the LWA IPSec gateway and/or the local IP address of the UE, and send the message to the UE through the AKA'-notification message.
步骤814~818,UE完成后续认证授权流程,认证授权成功,UE向网络提供的LWA IPSec网关地址发起IPSec隧道建立流程,建立LWA连接。Steps 814-818: The UE completes the subsequent authentication and authorization process, and the authentication and authorization is successful. The UE initiates an IPSec tunnel establishment process to the LWA IPSec gateway address provided by the network, and establishes an LWA connection.
实施例4Example 4
支持LTE WLAN紧耦合的UE从3GPP接入附着,MME上有从HSS获取的UE用户签约信息,eNB根据UE用户签约信息和或本地配置为UE提供LWA连接信息。流程图如图9所示,具体实施步骤如下:The LTE WLAN tightly coupled UE is attached to the 3GPP access, and the MME has the UE user subscription information acquired from the HSS. The eNB provides the LWA connection information for the UE according to the UE user subscription information and the local configuration. The flow chart is shown in Figure 9. The specific implementation steps are as follows:
步骤901,UE从3GPP接入附着,MME从HSS获取UE用户用户签约信息;Step 901: The UE attaches from the 3GPP access, and the MME acquires the UE user subscription information from the HSS.
步骤902,eNB和MME交互S1-AP消息,eNB向MME上报UE LWA能力,MME根据UE的用户签约信息和/或UE位置信息(比如eNB小区标识)和/或本地预配置信息向eNB提供UE是否允许执行LWA的指示信息;Step 902: The eNB and the MME exchange an S1-AP message, and the eNB reports the UE LWA capability to the MME, and the MME provides the UE with the UE according to the UE subscription information and/or the UE location information (such as the eNB cell identifier) and/or the local pre-configuration information. Whether to allow the execution of LWA instructions;
步骤903,eNB根据步骤902获得的信息向UE发送是否准许UE执行LWA连接的指示;如果准许UE执行LWA连接,eNB提供的信息包括但不限于WLAN接入网的标识和/或eNB上LWA的安全网关(比如IPSec网关等)地址信息;Step 903: The eNB sends an indication to the UE whether to permit the UE to perform the LWA connection according to the information obtained in step 902. If the UE is permitted to perform the LWA connection, the information provided by the eNB includes but is not limited to the identifier of the WLAN access network and/or the LWA on the eNB. Address information of a security gateway (such as an IPSec gateway);
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到根据上述实施例的方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行本发明各个实施例所述的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the method according to the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course, by hardware, but in many cases, the former is A better implementation. Based on such understanding, the technical solution of the present invention, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk, The optical disc includes a number of instructions for causing a terminal device (which may be a cell phone, a computer, a server, or a network device, etc.) to perform the methods described in various embodiments of the present invention.
在本实施例中还提供了一种路由控制装置,该装置用于实现上述实施例及优选实施方式,已经进行过说明的不再赘述。如以下所使用的,术语“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。In the embodiment, a routing control device is also provided, which is used to implement the foregoing embodiments and preferred embodiments, and has not been described again. As used below, the term "module" may implement a combination of software and/or hardware of a predetermined function. Although the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
图10是根据本发明实施例的路由控制装置的结构框图一,该装置应用于网络侧设备,如图10所示,该装置包括:FIG. 10 is a structural block diagram of a routing control apparatus according to an embodiment of the present invention. The apparatus is applied to a network side device. As shown in FIG. 10, the apparatus includes:
接收模块1000,设置为接收终端发送的第一指示信息;其中,该第一指示信息用于指示终端请求建立长期演进LTE网络和无线局域网络WLAN紧耦合LWA连接或者指示终端具有支持LWA连接的能力;其中,该LWA连接为终端通过WLAN接入网到LTE基站的连接; The receiving module 1000 is configured to receive first indication information sent by the terminal, where the first indication information is used to indicate that the terminal requests to establish a long-term evolution LTE network and a wireless local area network WLAN tightly coupled LWA connection or indicate that the terminal has the capability of supporting an LWA connection. Wherein the LWA connection is a connection of the terminal to the LTE base station through the WLAN access network;
生成模块1002,与上述接收模块1000连接,设置为按照网络侧设备本地预配置信息或者用户签约信息生成第二指示信息,其中,该第二指示信息用于指示允许或拒绝终端进行LWA连接;The generating module 1002 is connected to the receiving module 1000, and is configured to generate the second indication information according to the network side device local pre-configuration information or the user subscription information, where the second indication information is used to indicate that the terminal is allowed or denied to perform the LWA connection;
发送模块1004,与上述生成模块1002连接,设置为将第二指示信息发送给终端。The sending module 1004 is connected to the generating module 1002 and configured to send the second indication information to the terminal.
需要说明的是,上述本地预配置信息为运营商或者网络设备商在网络侧设备上预先配置的信息;上述用户签约信息为网络侧设备从归属用户服务器HSS获取的签约信息;其中,在本地预配置信息或者用户签约信息为允许终端进行LWA连接的情况下,第二指示信息为允许终端进行LWA连接的指示信息;在本地预配置信息或者用户签约信息为不允许终端进行LWA连接的情况下,第二指示信息为拒绝终端进行LWA连接的指示信息。需要说明的是,上述本地预配置信息可以是网络侧设备进行出厂时设置的,也可以是运营商进行设置的,但并不限于此。It should be noted that the foregoing local pre-configuration information is information pre-configured by the operator or the network equipment vendor on the network side device; the user subscription information is the subscription information acquired by the network side device from the home subscriber server HSS; In the case that the configuration information or the user subscription information is to allow the terminal to perform the LWA connection, the second indication information is the indication information for allowing the terminal to perform the LWA connection; if the local pre-configuration information or the user subscription information is not allowing the terminal to perform the LWA connection, The second indication information is indication information that denies the terminal to perform an LWA connection. It should be noted that the foregoing local pre-configuration information may be set by the network side device when it is shipped from the factory, or may be set by the operator, but is not limited thereto.
通过上述装置,采用生成模块1002生成设置为指示允许或拒绝终端进行LWA连接的指示信息,使得网络侧设备能够获知是否允许终端进行LWA连接,进而解决了网络不知道是否允许UE通过当前WLAN连接到eNB的问题,增强了网络对终端接入路由的控制。Through the foregoing device, the generating module 1002 is used to generate the indication information that is set to indicate that the terminal is allowed to perform the LWA connection, so that the network side device can know whether to allow the terminal to perform the LWA connection, thereby solving the problem that the network does not know whether to allow the UE to connect through the current WLAN. The problem of the eNB enhances the control of the network access route to the terminal.
需要说明的是,在网络能够获知是否允许UE通过当前WLAN连接到eNB时,由于终端具有通过当前WLAN连接到eNB的能力,因而终端可以实现通过当前WLAN连接到eNB,进而可以实现通过LWA连接连接到演进分组核心网EPC。It should be noted that, when the network can know whether to allow the UE to connect to the eNB through the current WLAN, since the terminal has the capability of connecting to the eNB through the current WLAN, the terminal can connect to the eNB through the current WLAN, and thus can connect through the LWA connection. To the Evolved Packet Core Network EPC.
在本发明的一个实施例中,上述发送模块1004,还设置为在本地预配置信息或者用户签约信息为允许终端进行LWA连接的情况下,将LWA安全网关的地址信息和/或终端的本地互联网协议IP地址发送给终端。In an embodiment of the present invention, the sending module 1004 is further configured to: if the local pre-configuration information or the user subscription information is to allow the terminal to perform an LWA connection, the address information of the LWA security gateway and/or the local Internet of the terminal. The protocol IP address is sent to the terminal.
需要说明的是,LWA连接为LTE/WLAN紧耦合操作,具体地可以是终端通过当前WLAN连接到基站,但并不限于此。上述LWA安全网关可以为IPSec网关,但并不限于此,在LWA安全网关为IPSec网关的情况下,终端可以根据该IPSec网关的地址向基站发起IPSec隧道建立流程,建立LWA连接。It should be noted that the LWA connection is an LTE/WLAN tight coupling operation, and specifically, the terminal may be connected to the base station through the current WLAN, but is not limited thereto. The LWA security gateway may be an IPSec gateway, but is not limited thereto. In the case that the LWA security gateway is an IPSec gateway, the terminal may initiate an IPSec tunnel establishment process to the base station according to the address of the IPSec gateway, and establish an LWA connection.
需要说明的是,上述网络侧设备可以为3GPP AAA服务器或者基站,但并不限于此。It should be noted that the network side device may be a 3GPP AAA server or a base station, but is not limited thereto.
在上述网络侧设备为3GPP AAA服务器的情况下,上述装置可以应用于终端进行WLAN接入认证授权的过程中。In the case that the network side device is a 3GPP AAA server, the foregoing apparatus may be applied to a process in which the terminal performs WLAN access authentication and authorization.
在本发明实施例中提供了另一种路由控制装置,该装置应用于终端,图11是根据本发明实施例的路由控制装置的结构框图二,该装置应用于网络侧设备,如图11所示,该装置包括:In the embodiment of the present invention, another routing control device is provided, which is applied to a terminal. FIG. 11 is a structural block diagram 2 of a routing control device according to an embodiment of the present invention. The device is applied to a network side device, as shown in FIG. Show that the device includes:
发送模块1100,设置为向网络侧设备发送第一指示信息;其中,第一指示信息用于指示所述终端请求建立长期演进LTE网络和无线局域网络WLAN紧耦合LWA连接或者指示终端具有支持LWA连接的能力;其中,该LWA连接为所述终端通过WLAN接入网到LTE基站的连接; The sending module 1100 is configured to send the first indication information to the network side device, where the first indication information is used to indicate that the terminal requests to establish a Long Term Evolution (LTE) network and a wireless local area network WLAN tightly coupled LWA connection or to indicate that the terminal has an LWA connection. Capability; wherein the LWA connection is a connection of the terminal to the LTE base station through the WLAN access network;
接收模块1102,与上述发送模块1100连接,设置为接收网络侧设备发送的第二指示信息;其中,第二指示信息为网络侧设备按照网络侧设备本地预配置信息或者用户签约信息生成的用于指示允许或者拒绝终端进行LWA连接。The receiving module 1102 is connected to the sending module 1100, and is configured to receive the second indication information sent by the network side device. The second indication information is used by the network side device according to the network side device local pre-configuration information or the user subscription information. Indicates to allow or deny the terminal to make an LWA connection.
需要说明的是,上述本地预配置信息为运营商或者网络设备商在网络侧设备上预先配置的信息;上述用户签约信息为网络侧设备从归属用户服务器HSS获取的签约信息;其中,在本地预配置信息或者用户签约信息为允许终端进行LWA连接的情况下,第二指示信息为允许终端进行LWA连接的指示信息;在本地预配置信息或者用户签约信息为不允许终端进行LWA连接的情况下,第二指示信息为拒绝终端进行LWA连接的指示信息。需要说明的是,上述本地预配置信息可以是网络侧设备进行出厂时设置的,也可以是运营商进行设置的,但并不限于此。It should be noted that the foregoing local pre-configuration information is information pre-configured by the operator or the network equipment vendor on the network side device; the user subscription information is the subscription information acquired by the network side device from the home subscriber server HSS; In the case that the configuration information or the user subscription information is to allow the terminal to perform the LWA connection, the second indication information is the indication information for allowing the terminal to perform the LWA connection; if the local pre-configuration information or the user subscription information is not allowing the terminal to perform the LWA connection, The second indication information is indication information that denies the terminal to perform an LWA connection. It should be noted that the foregoing local pre-configuration information may be set by the network side device when it is shipped from the factory, or may be set by the operator, but is not limited thereto.
通过上述装置,采用接收模块1102接收网络侧设备发送的第二指示信息;其中,第二指示信息为网络侧设备按照预设策略生成的用于指示允许或者拒绝终端进行LWA连接,使得网络侧设备能够获知是否允许终端进行LWA连接,进而解决了网络不知道是否允许UE通过当前WLAN连接到eNB的问题,增强了网络对终端接入路由的控制。The receiving device 1102 is configured to receive the second indication information sent by the network side device, where the second indication information is generated by the network side device according to the preset policy, to indicate that the terminal is allowed or denied to perform the LWA connection, so that the network side device is configured. It can be known whether the terminal is allowed to perform the LWA connection, thereby solving the problem that the network does not know whether to allow the UE to connect to the eNB through the current WLAN, and enhances the control of the network access route to the terminal.
需要说明的是,在网络能够获知是否允许UE通过当前WLAN连接到eNB时,由于终端具有通过当前WLAN连接到eNB的能力,因而终端可以实现通过当前WLAN连接到eNB,进而可以实现通过LWA连接连接到演进分组核心网EPC。It should be noted that, when the network can know whether to allow the UE to connect to the eNB through the current WLAN, since the terminal has the capability of connecting to the eNB through the current WLAN, the terminal can connect to the eNB through the current WLAN, and thus can connect through the LWA connection. To the Evolved Packet Core Network EPC.
在本发明的一个实施例中,上述接收模块1102,还设置为在本地预配置信息或者用户签约信息为允许终端进行LWA连接的情况下,接收网络侧设备发送的LWA安全网关的地址信息和/或终端的本地互联网协议IP地址。In an embodiment of the present invention, the receiving module 1102 is further configured to receive the address information of the LWA security gateway sent by the network side device, if the local pre-configuration information or the user subscription information is to allow the terminal to perform the LWA connection. Or the local internet protocol IP address of the terminal.
在本发明的实施例中,提供了一种路由控制系统,图12是根据本发明实施例的路由控制系统的结构框图一,如图12所示,包括:终端1202,无线局域网WLAN接入网设备1204,3GPP AAA服务器1206,归属用户服务器HSS1208;In the embodiment of the present invention, a routing control system is provided. FIG. 12 is a structural block diagram of a routing control system according to an embodiment of the present invention. As shown in FIG. 12, the method includes: a terminal 1202, a WLAN access network of a wireless local area network. Device 1204, 3GPP AAA server 1206, home subscriber server HSS 1208;
终端1202设置为通过WLAN接入网设备1204向3GPP AAA服务器1206发送EPA响应消息或AKA’-Challenge消息请求建立长期演进LTE网络和无线局域网络WLAN紧耦合LWA连接或者指示终端具有支持LWA连接的能力;其中,该LWA连接为终端从WLAN到LTE中基站的连接;3GPP AAA服务器1206设置为向HSS88获取终端的用户签约信息;其中,用户签约信息包括允许或拒绝终端进行LWA连接;以及在用户签约信息为允许终端进行LWA连接的情况下,通过WLAN接入网设备1204将允许终端执行LWA连接的指示信息发送给终端;在用户签约信息为拒绝终端进行LWA连接的情况下,通过WLAN接入网设备将拒绝终端执行LWA连接的指示信息发送给终端。The terminal 1202 is configured to send an EPA response message or an AKA '-Challenge message to the 3GPP AAA server 1206 through the WLAN access network device 1204 to request to establish a Long Term Evolution (LTE) network and a WLAN tightly coupled LWA connection or to indicate that the terminal has the capability to support the LWA connection. Wherein the LWA connection is a connection of the terminal from the WLAN to the base station in the LTE; the 3GPP AAA server 1206 is configured to acquire the user subscription information of the terminal from the HSS 88; wherein the user subscription information includes allowing or denying the terminal to perform the LWA connection; If the information is to allow the terminal to perform the LWA connection, the WLAN access network device 1204 sends the indication information that allows the terminal to perform the LWA connection to the terminal; and when the user subscription information is the rejected terminal for the LWA connection, the WLAN access network is used. The device sends an indication that the terminal refuses to perform the LWA connection to the terminal.
通过上述系统,采用3GPP AAA服务器1206向HSS1208获取终端的用户签约信息以及根据该用户签约信息通过WLAN接入网设备1204将允许终端执行LWA连接的指示信息发送给终端1202;使得网络能够获知是否允许终端进行LWA连接,进而解决了网络不知道是否允许UE通过当前WLAN连接到eNB的问题,增强了网络对终端接入路由的控制。 Through the above system, the 3GPP AAA server 1206 is used to acquire the user subscription information of the terminal from the HSS 1208, and send the indication information for allowing the terminal to perform the LWA connection to the terminal 1202 through the WLAN access network device 1204 according to the user subscription information; so that the network can know whether to allow or not The terminal performs the LWA connection, thereby solving the problem that the network does not know whether to allow the UE to connect to the eNB through the current WLAN, and enhances the control of the network access route to the terminal.
需要说明的是,3GPP AAA服务器1206还设置为通过AKA’-notification消息将LWA安全网关的地址信息发送给终端1202。It should be noted that the 3GPP AAA server 1206 is further configured to send the address information of the LWA security gateway to the terminal 1202 through the AKA'-notification message.
需要说明的是,LWA连接为LTE/WLAN紧耦合操作,具体地可以是终端通过当前WLAN连接到基站,但并不限于此。上述LWA安全网关可以为IPSec网关,但并不限于此,在LWA安全网关为IPSec网关的情况下,终端可以根据该IPSec网关的地址向基站发起IPSec隧道建立流程,建立LWA连接。It should be noted that the LWA connection is an LTE/WLAN tight coupling operation, and specifically, the terminal may be connected to the base station through the current WLAN, but is not limited thereto. The LWA security gateway may be an IPSec gateway, but is not limited thereto. In the case that the LWA security gateway is an IPSec gateway, the terminal may initiate an IPSec tunnel establishment process to the base station according to the address of the IPSec gateway, and establish an LWA connection.
在本发明的实施例中,提供了另一种路由控制系统,图13是根据本发明实施例的路由控制系统的结构框图二,如图13所示,包括:终端1300,移动管理实体MME1302,基站1304;In the embodiment of the present invention, another routing control system is provided. FIG. 13 is a structural block diagram 2 of a routing control system according to an embodiment of the present invention. As shown in FIG. 13, the method includes: a terminal 1300, a mobility management entity MME 1302, Base station 1304;
MME1302设置为从归属用户服务器HSS获取终端的用户签约信息,以及根据用户签约信息或终端位置信息向基站1304提供允许或者拒绝终端1300执行LWA连接的指示信息;其中,在用户签约信息为允许终端进行LWA连接的情况下,指示信息为指示允许终端1300进行LWA连接的信息;在用户签约信息为拒绝终端1300进行LWA连接的情况下,指示信息为指示拒绝终端1300执行LWA连接的信息;其中,上述LWA连接为终端通过无线局域网络WLAN接入网到长期演进LTE网络基站的连接;The MME 1302 is configured to acquire the user subscription information of the terminal from the home subscriber server HSS, and provide the base station 1304 with the indication information for allowing or denying the terminal 1300 to perform the LWA connection according to the user subscription information or the terminal location information; wherein, the user subscription information is allowed for the terminal. In the case of the LWA connection, the indication information is information indicating that the terminal 1300 is allowed to perform the LWA connection; and in the case where the user subscription information is the LWA connection by the rejection terminal 1300, the indication information is information indicating that the rejection terminal 1300 performs the LWA connection; The LWA connection is a connection of the terminal to the long-term evolution LTE network base station through the WLAN access network of the wireless local area network;
基站1304设置为将指示信息下发给终端1300。The base station 1304 is configured to send the indication information to the terminal 1300.
上述系统,基站1304通过MME1302获取到用于指示允许或者拒绝终端1300进行LWA连接的指示信息,使得网络能够获知是否允许终端进行LWA连接,进而解决了网络不知道是否允许UE通过当前WLAN连接到eNB的问题,增强了网络对终端接入路由的控制。In the above system, the base station 1304 obtains the indication information for instructing or denying the terminal 1300 to perform the LWA connection through the MME 1302, so that the network can know whether to allow the terminal to perform the LWA connection, thereby solving the problem that the network does not know whether to allow the UE to connect to the eNB through the current WLAN. The problem is to enhance the network's control over terminal access routing.
需要说明的是,在允许终端1300进行LWA连接的情况下,基站1304可以向终端1300提供WLAN接入网的标识和/或LWA安全网关。It should be noted that, in the case that the terminal 1300 is allowed to perform the LWA connection, the base station 1304 can provide the terminal 1300 with the identifier of the WLAN access network and/or the LWA security gateway.
需要说明的是,LWA连接为LTE/WLAN紧耦合操作,具体地可以是终端通过当前WLAN连接到基站,但并不限于此。上述LWA安全网关可以为IPSec网关,但并不限于此,在LWA安全网关为IPSec网关的情况下,终端可以根据该IPSec网关的地址向基站发起IPSec隧道建立流程,建立LWA连接。It should be noted that the LWA connection is an LTE/WLAN tight coupling operation, and specifically, the terminal may be connected to the base station through the current WLAN, but is not limited thereto. The LWA security gateway may be an IPSec gateway, but is not limited thereto. In the case that the LWA security gateway is an IPSec gateway, the terminal may initiate an IPSec tunnel establishment process to the base station according to the address of the IPSec gateway, and establish an LWA connection.
图14是本发明提供的从WLAN接入网连接到eNB的架构图,如图14所示,WLAN接入网可能是信任的WLAN,此时WLAN接入网有连接到PGW的S2a接口;也可能是非信任的WLAN,此时UE通过WLAN接入网连接到ePDG,ePDG通过S2b接口连接PGW;支持LWA的UE也可以通过WLAN接入网连接到eNB上的IPSec网关,即此时支持LWA的UE可以通过WLAN接入网连接到eNB上的IPSec网关后,再通过服务网关SGW连接到PGW。14 is a schematic diagram of the connection from the WLAN access network to the eNB provided by the present invention. As shown in FIG. 14, the WLAN access network may be a trusted WLAN, and the WLAN access network has an S2a interface connected to the PGW. The UE may be connected to the ePDG through the WLAN access network, and the ePDG may be connected to the PGW through the S2b interface. The UE supporting the LWA may also connect to the IPSec gateway on the eNB through the WLAN access network, that is, the LWA is supported at this time. The UE can connect to the PGGW gateway on the eNB through the WLAN access network, and then connect to the PGW through the serving gateway SGW.
需要说明的是,上述图12所示的系统中的相应设备和图14中所示的相应设备可以实现上述实施例1至实施例3所示的相应设备所执行的动作,上述图13所示的系统中的相应设备可以实现上述实施例4所示的相应设备所执行的动作,此处不再赘述。 It should be noted that the corresponding device in the system shown in FIG. 12 and the corresponding device shown in FIG. 14 can implement the actions performed by the corresponding devices shown in Embodiments 1 to 3 above, as shown in FIG. The corresponding device in the system can implement the actions performed by the corresponding device shown in the foregoing embodiment 4, and details are not described herein again.
需要说明的是,上述各个模块是可以通过软件或硬件来实现的,对于后者,可以通过以下方式实现,但不限于此:上述模块均位于同一处理器中;或者,上述各个模块以不同的组合方式位于不同的处理器中。It should be noted that each of the foregoing modules may be implemented by software or hardware. For the latter, the foregoing may be implemented by, but not limited to, the foregoing modules are all located in the same processor; or, the above modules are different. The combination is in a different processor.
本发明的实施例还提供了一种存储介质。可选地,在本实施例中,上述存储介质可以被设置为存储用于执行以下步骤的程序代码:Embodiments of the present invention also provide a storage medium. Optionally, in the embodiment, the foregoing storage medium may be configured to store program code for performing the following steps:
S1,接收终端发送的第一指示信息;其中,该第一指示信息用于指示终端请求建立长期演进LTE网络和无线局域网络WLAN紧耦合LWA连接或者指示终端具有支持LWA连接的能力;其中,该LWA连接为终端从WLAN到LTE中基站的连接;S1. The first indication information sent by the terminal is received, where the first indication information is used to indicate that the terminal requests to establish a long-term evolution LTE network and a wireless local area network WLAN tightly coupled LWA connection or indicates that the terminal has the capability of supporting an LWA connection; The LWA connection is a connection of the terminal from the WLAN to the base station in the LTE;
S2,按照网络侧设备本地预配置信息或者用户签约信息生成第二指示信息,其中,该第二指示信息用于指示允许或拒绝终端进行LWA连接;S2. The second indication information is generated according to the network side device local pre-configuration information or the user subscription information, where the second indication information is used to indicate that the terminal is allowed or denied to perform an LWA connection.
S3,将第二指示信息发送给终端。S3. Send the second indication information to the terminal.
可选地,在本实施例中,上述存储介质可以包括但不限于:U盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。Optionally, in this embodiment, the foregoing storage medium may include, but not limited to, a USB flash drive, a Read-Only Memory (ROM), a Random Access Memory (RAM), a mobile hard disk, and a magnetic memory. A variety of media that can store program code, such as a disc or a disc.
可选地,本实施例中的具体示例可以参考上述实施例及可选实施方式中所描述的示例,本实施例在此不再赘述。For example, the specific examples in this embodiment may refer to the examples described in the foregoing embodiments and the optional embodiments, and details are not described herein again.
显然,本领域的技术人员应该明白,上述的本发明的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本发明不限制于任何特定的硬件和软件结合。It will be apparent to those skilled in the art that the various modules or steps of the present invention described above can be implemented by a general-purpose computing device that can be centralized on a single computing device or distributed across a network of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein. The steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated as a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software.
以上所述仅为本发明的优选实施例而已,并不用于限制本发明,对于本领域的技术人员来说,本发明可以有各种更改和变化。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above description is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.
工业实用性Industrial applicability
基于本发明优选实施例提供的上述技术方案,采用网络侧设备生成用于指示允许或者拒绝终端进行LWA连接的指示信息,使得网络能够获知是否允许终端进行LWA连接,进而解决了网络不知道是否允许UE通过当前WLAN连接到eNB的问题,增强了网络对终端接入路由的控制。 Based on the foregoing technical solution provided by the preferred embodiment of the present invention, the network side device is used to generate indication information for indicating that the terminal is allowed to perform the LWA connection, so that the network can know whether to allow the terminal to perform the LWA connection, thereby solving the problem that the network does not know whether to allow or not. The problem that the UE connects to the eNB through the current WLAN enhances the control of the network access route to the terminal.

Claims (19)

  1. 一种路由控制方法,包括:A routing control method includes:
    网络侧设备接收终端发送的第一指示信息;其中,所述第一指示信息用于指示所述终端请求建立长期演进LTE网络和无线局域网络WLAN紧耦合LWA连接或者指示所述终端具有支持LWA连接的能力;其中,所述LWA连接为所述终端通过WLAN接入网到LTE基站的连接;The network side device receives the first indication information sent by the terminal, where the first indication information is used to indicate that the terminal requests to establish a long term evolution LTE network and a wireless local area network WLAN tightly coupled LWA connection or that the terminal has an LWA connection supported. The LWA connection is a connection of the terminal to the LTE base station through the WLAN access network;
    所述网络侧设备按照网络侧设备本地预配置信息或者用户签约信息生成第二指示信息,其中,该第二指示信息用于指示允许或拒绝所述终端进行所述LWA连接;The network side device generates the second indication information according to the network side device local pre-configuration information or the user subscription information, where the second indication information is used to indicate that the terminal is allowed or denied to perform the LWA connection;
    所述网络侧设备将所述第二指示信息发送给所述终端。The network side device sends the second indication information to the terminal.
  2. 根据权利要求1所述的方法,其中,The method of claim 1 wherein
    所述本地预配置信息为运营商或者网络设备商在网络侧设备上预先配置的信息;The local pre-configuration information is information pre-configured by the operator or the network equipment vendor on the network side device;
    所述用户签约信息为所述网络侧设备从归属用户服务器HSS获取的签约信息;The user subscription information is subscription information acquired by the network side device from the home subscriber server HSS;
    其中,在所述本地预配置信息或者所述用户签约信息为允许所述终端进行所述LWA连接的情况下,所述第二指示信息为允许所述终端进行所述LWA连接的指示信息;在所述本地预配置信息或者所述用户签约信息为不允许所述终端进行所述LWA连接的情况下,所述第二指示信息为拒绝所述终端进行所述LWA连接的指示信息。Wherein, in the case that the local pre-configuration information or the user subscription information is to allow the terminal to perform the LWA connection, the second indication information is indication information that allows the terminal to perform the LWA connection; In the case that the local pre-configuration information or the user subscription information is not allowed to perform the LWA connection by the terminal, the second indication information is indication information for rejecting the terminal to perform the LWA connection.
  3. 根据权利要求2所述的方法,其中,在所述本地预配置信息或者所述用户签约信息为允许所述终端进行所述LWA连接的情况下,所述方法还包括:The method of claim 2, wherein, in the case that the local pre-configuration information or the user subscription information is to allow the terminal to perform the LWA connection, the method further includes:
    所述网络侧设备将LWA安全网关的地址信息和/或所述终端的本地互联网协议IP地址发送给所述终端。The network side device sends the address information of the LWA security gateway and/or the local internet protocol IP address of the terminal to the terminal.
  4. 根据权利要求1至3中任一项所述的方法,其中,在所述网络侧设备为第三代移动通信伙伴计划认证授权计费3GPP AAA服务器的情况下,所述方法应用于所述终端进行WLAN接入认证授权的过程中。The method according to any one of claims 1 to 3, wherein, in a case where the network side device is a third generation mobile communication partner plan authentication and authorization charging 3GPP AAA server, the method is applied to the terminal In the process of performing WLAN access authentication and authorization.
  5. 根据权利要求1至3中任一项所述的方法,其中,在所述网络侧设备为3GPP AAA服务器的情况下,网络侧设备接收所述终端发送的第一指示信息包括:The method according to any one of claims 1 to 3, wherein, when the network side device is a 3GPP AAA server, the network side device receiving the first indication information sent by the terminal includes:
    所述网络侧设备通过接收所述终端发送的增强型认证和密钥协商机制挑战消息AKA’-Challenge消息或者可扩展身份验证协议EAP响应消息来接收所述第一指示信息。The network side device receives the first indication information by receiving an enhanced authentication and key agreement mechanism challenge message AKA'-Challenge message or an extensible identity verification protocol EAP response message sent by the terminal.
  6. 根据权利要求2所述的方法,其中,在所述网络侧设备为基站的情况下,所述网络侧设备按照用户签约信息生成第二指示信息包括:所述网络侧设备接收移动管理实体MME根据所述用户签约信息和/或所述终端的位置信息发送的所述第二指示信息。The method according to claim 2, wherein, in the case that the network side device is a base station, the generating, by the network side device, the second indication information according to the user subscription information comprises: the network side device receiving the mobility management entity MME according to the method The second indication information sent by the user subscription information and/or the location information of the terminal.
  7. 一种路由控制方法,包括:A routing control method includes:
    终端向网络侧设备发送第一指示信息;其中,所述第一指示信息用于指示所述终端 请求建立长期演进LTE网络和无线局域网络WLAN紧耦合LWA连接或者指示所述终端具有支持LWA连接的能力;其中,所述LWA连接为所述终端从WLAN到LTE中基站的连接;The terminal sends the first indication information to the network side device, where the first indication information is used to indicate the terminal Requesting to establish a long term evolution LTE network and a wireless local area network WLAN tightly coupled LWA connection or to indicate that the terminal has the capability of supporting an LWA connection; wherein the LWA connection is a connection of the terminal from a WLAN to a base station in LTE;
    所述终端接收所述网络侧设备发送的第二指示信息;其中,所述第二指示信息为所述网络侧设备按照网络侧设备本地预配置信息或者用户签约信息生成的用于指示允许或者拒绝所述终端进行所述LWA连接。The terminal receives the second indication information that is sent by the network side device, where the second indication information is used by the network side device according to the network side device local pre-configuration information or the user subscription information to indicate permission or rejection. The terminal performs the LWA connection.
  8. 根据权利要求7所述的方法,其中,The method of claim 7 wherein
    所述网络侧设备本地预配置信息为运营商或者网络设备商在网络侧设备上预先配置的信息;The local pre-configuration information of the network side device is pre-configured by the operator or the network equipment vendor on the network side device;
    所述用户签约信息为所述网络侧设备从归属用户服务器HSS获取的签约信息;The user subscription information is subscription information acquired by the network side device from the home subscriber server HSS;
    其中,在所述本地预配置信息或者所述用户签约信息为允许所述终端进行所述LWA连接的情况下,所述第二指示信息为允许所述终端进行所述LWA连接的指示信息;在所述本地预配置信息或者所述用户签约信息为不允许所述终端进行所述LWA连接的情况下,所述第二指示信息为拒绝所述终端进行所述LWA连接的指示信息。Wherein, in the case that the local pre-configuration information or the user subscription information is to allow the terminal to perform the LWA connection, the second indication information is indication information that allows the terminal to perform the LWA connection; In the case that the local pre-configuration information or the user subscription information is not allowed to perform the LWA connection by the terminal, the second indication information is indication information for rejecting the terminal to perform the LWA connection.
  9. 根据权利要求8所述的方法,其中,在所述本地预配置信息或者所述用户签约信息为允许所述终端进行所述LWA连接的情况下,所述方法还包括:The method of claim 8, wherein, in the case that the local pre-configuration information or the user subscription information is to allow the terminal to perform the LWA connection, the method further includes:
    所述终端接收所述网络侧设备发送的LWA安全网关的地址信息和/或所述终端的本地互联网协议IP地址。The terminal receives address information of an LWA security gateway sent by the network side device and/or a local internet protocol IP address of the terminal.
  10. 根据权利要求7至9中任一项所述的方法,其中,在所述网络侧设备为第三代移动通信伙伴计划认证授权计费3GPP AAA服务器的情况下,所述方法应用于所述终端进行WLAN接入认证授权的过程中。The method according to any one of claims 7 to 9, wherein, in a case where the network side device is a third generation mobile communication partner plan authentication and authorization charging 3GPP AAA server, the method is applied to the terminal In the process of performing WLAN access authentication and authorization.
  11. 根据权利要求7至9中任一项所述的方法,其中,在所述网络侧设备为3GPP AAA服务器的情况下,所述终端向网络侧设备发送第一指示信息包括:The method according to any one of claims 7 to 9, wherein, when the network side device is a 3GPP AAA server, the sending, by the terminal, the first indication information to the network side device includes:
    所述终端通过向所述网络侧设备发送增强型认证和密钥协商机制挑战消息AKA’-Challenge消息或者可扩展身份验证协议EAP响应消息来发送所述第一指示信息。The terminal sends the first indication information by sending an enhanced authentication and key agreement mechanism challenge message AKA'-Challenge message or an extensible identity verification protocol EAP response message to the network side device.
  12. 一种路由控制装置,所述装置应用于网络侧设备,包括:A routing control device, the device being applied to a network side device, comprising:
    接收模块,设置为接收终端发送的第一指示信息;其中,所述第一指示信息用于指示所述终端请求建立长期演进LTE网络和无线局域网络WLAN紧耦合LWA连接或者指示所述终端具有支持LWA连接的能力;其中,所述LWA连接为所述终端通过WLAN接入网到LTE基站的连接;The receiving module is configured to receive the first indication information sent by the terminal, where the first indication information is used to indicate that the terminal requests to establish a long-term evolution LTE network and a wireless local area network WLAN tightly coupled LWA connection or to indicate that the terminal has support The capability of the LWA connection; wherein the LWA connection is a connection of the terminal to the LTE base station through the WLAN access network;
    生成模块,设置为按照网络侧设备本地预配置信息或者用户签约信息生成第二指示信息,其中,该第二指示信息用于指示允许或拒绝所述终端进行所述LWA连接; a generating module, configured to generate second indication information according to the network side device local pre-configuration information or the user subscription information, where the second indication information is used to indicate that the terminal is allowed or denied to perform the LWA connection;
    发送模块,设置为将所述第二指示信息发送给所述终端。And a sending module, configured to send the second indication information to the terminal.
  13. 根据权利要求12所述的装置,其中,The device according to claim 12, wherein
    所述本地预配置信息为运营商或者网络设备商在网络侧设备上预先配置的信息;The local pre-configuration information is information pre-configured by the operator or the network equipment vendor on the network side device;
    所述用户签约信息为所述网络侧设备从归属用户服务器HSS获取的签约信息;The user subscription information is subscription information acquired by the network side device from the home subscriber server HSS;
    其中,在所述本地预配置信息或者所述用户签约信息为允许所述终端进行所述LWA连接的情况下,所述第二指示信息为允许所述终端进行所述LWA连接的指示信息;在所述本地预配置信息或者所述用户签约信息为不允许所述终端进行所述LWA连接的情况下,所述第二指示信息为拒绝所述终端进行所述LWA连接的指示信息。Wherein, in the case that the local pre-configuration information or the user subscription information is to allow the terminal to perform the LWA connection, the second indication information is indication information that allows the terminal to perform the LWA connection; In the case that the local pre-configuration information or the user subscription information is not allowed to perform the LWA connection by the terminal, the second indication information is indication information for rejecting the terminal to perform the LWA connection.
  14. 根据权利要求13所述的装置,其中,所述发送模块,还设置为在所述本地预配置信息或者所述用户签约信息为允许所述终端进行所述LWA连接的情况下,将LWA安全网关的地址信息和/或所述终端的本地互联网协议IP地址发送给所述终端。The apparatus according to claim 13, wherein the sending module is further configured to: when the local pre-configuration information or the user subscription information is to allow the terminal to perform the LWA connection, to the LWA security gateway The address information and/or the local internet protocol IP address of the terminal is sent to the terminal.
  15. 一种路由控制装置,所述装置应用于终端,包括:A routing control device, the device being applied to a terminal, comprising:
    发送模块,设置为向网络侧设备发送第一指示信息;其中,所述第一指示信息用于指示所述终端请求建立长期演进LTE网络和无线局域网络WLAN紧耦合LWA连接或者指示所述终端具有支持LWA连接的能力;其中,所述LWA连接为所述终端通过WLAN接入网到LTE基站的连接;a sending module, configured to send first indication information to the network side device, where the first indication information is used to indicate that the terminal requests to establish a long term evolution LTE network and a wireless local area network WLAN tightly coupled LWA connection or to indicate that the terminal has The capability of supporting an LWA connection; wherein the LWA connection is a connection of the terminal to a LTE base station through a WLAN access network;
    接收模块,设置为接收所述网络侧设备发送的第二指示信息;其中,所述第二指示信息为所述网络侧设备按照网络侧设备本地预配置信息或者用户签约信息生成的用于指示允许或者拒绝所述终端进行所述LWA连接。The receiving module is configured to receive the second indication information sent by the network side device, where the second indication information is used by the network side device according to the network side device local pre-configuration information or the user subscription information to indicate permission Or rejecting the terminal to perform the LWA connection.
  16. 根据权利要求15所述的装置,其中,The device according to claim 15, wherein
    所述网络侧设备本地预配置信息为运营商或者网络设备商在网络侧设备上预先配置的信息;The local pre-configuration information of the network side device is pre-configured by the operator or the network equipment vendor on the network side device;
    所述用户签约信息为所述网络侧设备从归属用户服务器HSS获取的签约信息;The user subscription information is subscription information acquired by the network side device from the home subscriber server HSS;
    其中,在所述本地预配置信息或者所述用户签约信息为允许所述终端进行所述LWA连接的情况下,所述第二指示信息为允许所述终端进行所述LWA连接的指示信息;在所述本地预配置信息或者所述用户签约信息为不允许所述终端进行所述LWA连接的情况下,所述第二指示信息为拒绝所述终端进行所述LWA连接的指示信息。Wherein, in the case that the local pre-configuration information or the user subscription information is to allow the terminal to perform the LWA connection, the second indication information is indication information that allows the terminal to perform the LWA connection; In the case that the local pre-configuration information or the user subscription information is not allowed to perform the LWA connection by the terminal, the second indication information is indication information for rejecting the terminal to perform the LWA connection.
  17. 根据权利要求16所述的装置,其中,所述接收模块,还设置为在所述本地预配置信息或者所述用户签约信息为允许所述终端进行所述LWA连接的情况下,接收所述网络侧设备发送的LWA安全网关的地址信息和/或所述终端的本地互联网协议IP地址。The apparatus according to claim 16, wherein the receiving module is further configured to receive the network if the local pre-configuration information or the user subscription information is to allow the terminal to perform the LWA connection. The address information of the LWA security gateway sent by the side device and/or the local internet protocol IP address of the terminal.
  18. 一种路由控制系统,包括:终端,无线局域网WLAN接入网设备,第三代移动通信伙伴计划认证授权计费3GPP AAA服务器,归属用户服务器HSS,其中, A routing control system, comprising: a terminal, a wireless local area network WLAN access network device, a third generation mobile communication partner plan authentication and authorization charging 3GPP AAA server, and a home user server HSS, wherein
    所述终端,设置为通过所述WLAN接入网设备向所述3GPP AAA服务器发送可扩展身份验证协议EPA响应消息或增强型认证和密钥协商机制挑战AKA’-Challenge消息建立长期演进LTE网络和无线局域网络WLAN紧耦合LWA连接或者指示所述终端具有支持LWA连接的能力;其中,所述LWA连接为所述终端通过WLAN接入网到LTE基站的连接;The terminal is configured to send a scalable identity verification protocol EPA response message or an enhanced authentication and key agreement mechanism to the 3GPP AAA server by using the WLAN access network device to challenge the AKA'-Challenge message to establish a long term evolution LTE network and The wireless local area network WLAN is tightly coupled to the LWA connection or indicates that the terminal has the capability of supporting an LWA connection; wherein the LWA connection is a connection of the terminal to the LTE base station through the WLAN access network;
    所述3GPP AAA服务器,设置为向所述HSS获取所述终端的用户签约信息;其中,所述用户签约信息包括允许或拒绝所述终端进行所述LWA连接;以及在所述用户签约信息为允许所述终端进行所述LWA连接的情况下,通过所述WLAN接入网设备将允许所述终端执行LWA连接的指示信息发送给所述终端;在所述用户签约信息为拒绝所述终端进行所述LWA连接的情况下,通过所述WLAN接入网设备将拒绝所述终端执行LWA连接的指示信息发送给所述终端。The 3GPP AAA server is configured to acquire user subscription information of the terminal to the HSS, where the user subscription information includes allowing or denying the terminal to perform the LWA connection; and the user subscription information is allowed When the terminal performs the LWA connection, the WLAN access network device sends indication information that allows the terminal to perform an LWA connection to the terminal; and the user subscription information is rejected by the terminal. In the case of the LWA connection, the WLAN access network device sends the indication information rejecting the terminal to perform the LWA connection to the terminal.
  19. 一种路由控制系统,包括:终端,移动管理实体MME,基站;A routing control system includes: a terminal, a mobility management entity MME, and a base station;
    所述MME,设置为从归属用户服务器HSS获取终端的用户签约信息,以及根据所述用户签约信息或终端位置信息向所述基站提供允许或者拒绝所述终端执行LWA连接的指示信息;其中,在所述用户签约信息为允许所述终端进行所述LWA连接的情况下,所述指示信息为指示允许所述终端进行所述LWA连接的信息;在所述用户签约信息为拒绝所述终端进行所述LWA连接的情况下,所述指示信息为指示拒绝所述终端执行LWA连接的信息;其中,所述LWA连接为所述终端通过无线局域网络WLAN接入网到长期演进LTE网络基站的连接;The MME is configured to acquire user subscription information of the terminal from the home subscriber server HSS, and provide indication information for allowing or rejecting the terminal to perform an LWA connection according to the user subscription information or terminal location information; In the case that the user subscription information is to allow the terminal to perform the LWA connection, the indication information is information indicating that the terminal is allowed to perform the LWA connection; and the user subscription information is to reject the terminal. In the case of the LWA connection, the indication information is information indicating that the terminal is refused to perform an LWA connection; wherein the LWA connection is a connection of the terminal to the long-term evolution LTE network base station through the WLAN access network of the wireless local area network;
    所述基站,设置为将所述指示信息下发给所述终端。 The base station is configured to send the indication information to the terminal.
PCT/CN2017/072272 2016-01-26 2017-01-23 Routing control method, apparatus and system WO2017129101A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610053979.8 2016-01-26
CN201610053979.8A CN106998552A (en) 2016-01-26 2016-01-26 Route control method, apparatus and system

Publications (1)

Publication Number Publication Date
WO2017129101A1 true WO2017129101A1 (en) 2017-08-03

Family

ID=59397426

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/072272 WO2017129101A1 (en) 2016-01-26 2017-01-23 Routing control method, apparatus and system

Country Status (2)

Country Link
CN (1) CN106998552A (en)
WO (1) WO2017129101A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110225456B (en) * 2018-03-02 2021-09-10 北京佰才邦技术股份有限公司 Mobility management method and terminal
CN112954694B (en) * 2019-11-26 2023-05-05 上海华为技术有限公司 Subscription information processing method, device and equipment
CN115589351B (en) * 2021-07-06 2024-07-30 华为技术有限公司 Query method, device and equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101841880A (en) * 2010-05-14 2010-09-22 华中科技大学 LTE and WLAN interconnecting system and switching method
CN101873589A (en) * 2009-04-21 2010-10-27 华为技术有限公司 Multi-network access control method, communication system and related equipment
CN103181237A (en) * 2011-09-21 2013-06-26 联发科技股份有限公司 Method and apparatus of ip flow mobility in 4g wireless communication networks
CN103813395A (en) * 2012-11-09 2014-05-21 中兴通讯股份有限公司 Method for moving seamlessly among different networks by terminal user, and wireless local area network optimization gateway (WOG)

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101873589A (en) * 2009-04-21 2010-10-27 华为技术有限公司 Multi-network access control method, communication system and related equipment
CN101841880A (en) * 2010-05-14 2010-09-22 华中科技大学 LTE and WLAN interconnecting system and switching method
CN103181237A (en) * 2011-09-21 2013-06-26 联发科技股份有限公司 Method and apparatus of ip flow mobility in 4g wireless communication networks
CN103813395A (en) * 2012-11-09 2014-05-21 中兴通讯股份有限公司 Method for moving seamlessly among different networks by terminal user, and wireless local area network optimization gateway (WOG)

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ANONYMOUS: "3GPP system to Wireless Local Area Network (WLAN) interworking; System description (Release 12.0.0)", 3GPP TS 23.234 V12.0.0, 30 September 2014 (2014-09-30), pages 1 - 84, XP055402651, Retrieved from the Internet <URL:www.3GPP.org> *

Also Published As

Publication number Publication date
CN106998552A (en) 2017-08-01

Similar Documents

Publication Publication Date Title
US20210321257A1 (en) Unified authentication for integrated small cell and wi-fi networks
WO2020073838A1 (en) Network slice access control method and device
US10432632B2 (en) Method for establishing network connection, gateway, and terminal
JP6564022B2 (en) Effective user equipment identification information for heterogeneous networks
WO2013082984A1 (en) Method for attaching e-utran and mobility management entity
KR102604893B1 (en) Supporting multiple concurrent service contexts with a single connectivity context
EP3020219B1 (en) Trusted wireless local area network (wlan) access scenarios
WO2009000206A1 (en) Method and system for access control of home node b
CN105359554A (en) Secure discovery for proximity based service communication
EP3515098B1 (en) Local service authorization method and related device
JP2017538345A (en) Method, apparatus and system
US20190223013A1 (en) Method for establishing public data network connection and related device
WO2012100684A1 (en) Method and device for controlling access to local network
TW202234940A (en) Authentication and authorization associated with layer 3 wireless-transmit/receive-unit-to-network
JP2022535933A (en) Apparatus, system, method and computer readable medium for performing service delivery for multi-user mobile terminals
US20230048066A1 (en) Slice authentication method and apparatus
WO2010069202A1 (en) Authentication negotiation method and the system thereof, security gateway, home node b
WO2018058365A1 (en) Network access authorization method, and related device and system
JP2024513853A (en) Modifying the first data connection to support the data traffic of the second data connection
WO2021229474A1 (en) Onboarding devices in standalone non-public networks
WO2017129101A1 (en) Routing control method, apparatus and system
JP7572568B2 (en) Information processing method, device, communication device, and readable storage medium
CN113498055B (en) Access control method and communication equipment
WO2022166892A1 (en) Information processing method and apparatus, communication device, and readable storage medium
WO2023273790A1 (en) Authentication method and communication apparatus

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17743716

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17743716

Country of ref document: EP

Kind code of ref document: A1