WO2007041925A1 - A method for inquiring access network user information - Google Patents

A method for inquiring access network user information Download PDF

Info

Publication number
WO2007041925A1
WO2007041925A1 PCT/CN2006/002205 CN2006002205W WO2007041925A1 WO 2007041925 A1 WO2007041925 A1 WO 2007041925A1 CN 2006002205 W CN2006002205 W CN 2006002205W WO 2007041925 A1 WO2007041925 A1 WO 2007041925A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
network
service
layer
information
Prior art date
Application number
PCT/CN2006/002205
Other languages
French (fr)
Chinese (zh)
Inventor
Yong Huang
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2007041925A1 publication Critical patent/WO2007041925A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2514Translation of Internet protocol [IP] addresses between local and global IP addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2854Wide area networks, e.g. public data networks
    • H04L12/2856Access arrangements, e.g. Internet access
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/256NAT traversal

Definitions

  • the present invention relates to the field of network communication technologies, and in particular, to a method for accessing network user information queries. Background of the invention
  • the network consists of three logical layers, as shown in Figure 1, which are the data bearer layer, the bearer control layer, and the service control layer.
  • the data bearer layer is configured to carry a user service data stream
  • the bearer control layer is configured to apply control actions to each network element of the data bearer layer, so that the network has manageable and operational features, and the bearer control layer provides a unified access interface to the service control layer to block differences of different networks;
  • the service control layer is mainly responsible for service-related control, which provides management for various services for the user, and the service control layer stores mutual information of the user's service layer, which is called user service access data;
  • the bearer control layer is mainly divided into two systems NASS (Network Access Attachment Subsystem) and RACS (Resource Admission Control Subsystem). );
  • the NASS is used to store the user's subscription information, and is mainly responsible for access authentication and accounting, address allocation, user network parameter configuration, and client device management of the access user.
  • the NASS stores the relevant subscription information of the user's bearer control layer. Called user network access data;
  • RACS is mainly responsible for QOS control and management
  • the user (user IP address, address domain) is used as the unique association identifier to associate the service control layer with the bearer control layer user data.
  • the specific process is -
  • TE terminal equipment accesses the network, is assigned an IP address, and stores the user's address and the user's network access related information in the NASS;
  • the TE interacts with the AF (application function entity) of the service control layer through the upper layer protocol, and the TE transmits the assigned network IP address to the AF in the upper layer protocol;
  • the AF uses the user IP address and the obtained user's address domain information as the association identifier pair (user IP address, local area), where the address domain is used as a set of IP addresses located in the same administrative domain, and is used by the AF. Determining the area to which the IP address belongs, and the service control layer AF sends a query to the bearer control layer, and carries the association identifier pair in the query;
  • the bearer control layer queries the user network access data and returns related information to the service control layer through the response message.
  • the service control layer and the bearer control layer can establish a data association with this user.
  • Layer protocol such as the IP address carried by the SIP (Initial Session Protocol) message, sometimes does not uniquely identify a user, because the TE may use the private network address.
  • NAT Network Address Translation
  • the NAT is located at the network boundary of the carrier, and the NAT function is implemented by the device of the carrier.
  • the NAT is located in the network environment of the user, that is, located at the user equipment TE and Between the carrier network entities, such as a CNG (User Gateway), the latter case is called Hosted NAT.
  • the end user equipment TE uses the private network IP address assigned by the CNG, and is no longer the bearer control layer. IP address assigned by NASS;
  • the IP address information carried by the user's upper layer protocol is different from the IP address assigned by the NASS.
  • the AF of the service control layer needs to obtain their mapping relationship and perform address translation of the upper information header field.
  • the object of the present invention is to provide a method for accessing a network user information query, and the service identifier of the user is transmitted to the access network when the network is accessed, so that the service control layer can use the service identifier of the user as a key to the connection. Find information about the requesting user in the network.
  • the service control layer uses the user layer of the user layer as a keyword to interact with the bearer control layer to query related information of the access network user.
  • the service layer user identifier is an identifier used by the service control layer to perform authentication management on the service used by the access user.
  • the method includes -
  • the user terminal equipment accesses the network, and when the network access authentication or the user network parameter configuration is performed, the user layer user identity of the user is transmitted to the access network;
  • the user terminal device interacts with the service control layer application function entity AF, and transmits the service layer user identifier to the application function entity;
  • the AF sends a query request message carrying a service layer user identifier to the bearer control layer;
  • the bearer control layer obtains service related information according to the service layer user identifier and transmits the information to the AF.
  • the method for transmitting the service layer user identifier to the access network in the step A includes: when the user applies for the network address through the dynamic host configuration protocol, the DHCP protocol option is used to transmit; or
  • the PPPOE is transmitted through the IP control protocol IPCP and IPCPv6 extension options;
  • the user layer When the user authenticates through the EAP authentication, the user layer carries the service layer user identifier by using the extension type or option in response to the request packet of the network. .
  • the step A includes:
  • a user equipment reports the user ID of the service layer to the user gateway device when applying for the local IP address to the user gateway.
  • the user gateway device allocates an IP address to the user, and records the service layer user identifier.
  • the user gateway transmits the service layer user identifier to the access network.
  • the step D specifically includes:
  • the bearer control layer uses the service layer user identifier as a keyword to query related information of the access user.
  • the information about the access user includes: a user ID, a user IP address, a user physical logical access line identifier, or user location information.
  • the service layer can query the related information of the access user by using the service layer user identifier as a key, effectively overcoming the host NAT problem, and not using the service control layer.
  • Obtaining an IP address improves the versatility of the method.
  • Figure 1 is a schematic diagram of three levels of a prior art next generation network
  • FIG. 2 is a flow chart showing the operation of the method of the present invention.
  • the core idea of the present invention is to provide a method for accessing a network user information query, and the service identifier of the user is transmitted to the access network when the network is accessed, so that the service control layer can use the service identifier of the user as a key to the connection. Enter the network to find information about access users.
  • the present invention provides a method for accessing network user information, and an operation flowchart of an embodiment is shown in FIG. 2. Referring to FIG. 2, the method specifically includes the following steps:
  • Step 10 The user terminal device TE accesses the network, and when the network access authentication or the user network parameter configuration is performed, the user layer user identity of the user is transmitted to the access network;
  • the service layer user identifier is: When the user uses various services on the network, the user needs to be authenticated and managed at the service control layer, and an identifier for service authentication and management is required, and the identifier is the service described in the present invention.
  • Layer user identifier the service layer user identifier is a unique identifier of the user at the service control layer, including but not limited to: an NAI (Network Access Identifier) type, an email address, an FQND (full name domain name), or a SIP URI (SIP Uniform Resource Identifier);
  • the method for the terminal device to transmit the service layer user identifier to the access network includes:
  • DHCP Dynamic Host Configuration Protocol
  • the user When the user applies for the IP address by using the DHCP protocol, or after applying for the address, the user puts the user ID of the service layer into an option of the DHCP and sends it to the corresponding entity of the bearer control layer.
  • the DHCP option can be used by option60, option61, and option82. Wait;
  • IPCP IP Control Protocol
  • IPCPv6 IP Control Protocol
  • PPPOE PPP over Ethernet
  • PPP Peer-to-Peer Communication Protocol
  • the service layer user identity is carried in the corresponding extended option in these protocols, and is delivered to the corresponding entity of the bearer control layer;
  • the user passes the EAP ( Extensible authentication protocol) protocol extension type implementation;
  • the network device When the user is used by the network to use the EAP authentication, the network device sends an EAP request (EAP Request) message to the service layer user identifier, and the user carries the service layer user identifier in the response packet, and reports the message to the bearer control layer.
  • EAP Request EAP request
  • the process of reporting the user ID of the service layer includes: 1) The user reports the user ID of the service layer to the user gateway device when applying for the local IP address to the user gateway; Include - When using the DHCP protocol, you can use DHCP request (request) message or DHCP inform (message) message carrying options, options include option 60, option 61, option 82, etc.
  • options include: client id option(l) (customer identification option), user class option(15) (user class information option), verdor_specific information option(17) (vendor-specific information option);
  • the user gateway device allocates an IP address to the user, and records the service layer user identifier; 3) The user gateway transmits the service layer user identifier to the access network, and the transmission process may be performed when the network is accessed or after the network is accessed.
  • Step 11 The TE interacts with the AF (application function entity) of the service control layer through the upper layer protocol, and transmits the service layer user identification information to the AF.
  • AF application function entity
  • Step 12 The AF interacts with the NASS through the interface between the service control layer and the NASS in the bearer control layer to query related information of the access user, where the query message carries the service layer user identification information;
  • Step 13 The NASS uses the received service layer user identifier as a key to search for user network access data that has been authorized by the bearer control layer, including, for example, user ID, user IP address, user physical logical access line identifier, and user. Positioning information, etc.
  • Step 4 The bearer control layer transmits the found information to the service control layer through the response message, and completes the exchange of user data between the bearer control layer and the service control layer.
  • the present invention uses the service layer user identifier to enable the service control layer to query the related information of the access user by using the user service identifier as a key, effectively overcoming the host NAT problem, and not using the service control layer to obtain an IP address. Improve the versatility of the method.

Abstract

A method for inquiring access network user information, comprises the steps: the user’s service ID (identification) is transferred to the access network at the time of network access authentication or user network parameter configuration, so as to enable the service control layer to inquiry the information associated with the requesting user with the user’s service ID as keyword. The invention enables the service control layer to inquiry the information associated with the accessing user with the service layer user ID as keyword, efficiently overcomes the issue of hostNAT, without utilizing the service control layer to acquire IP address, so that the versatility of the method is improved.

Description

一种接入网络用户信息査询的方法  Method for accessing network user information query
技术领域 Technical field
本发明涉及网络通信技术领域, 尤其涉及一种接入网络用户信息査询的方法。 发明背景  The present invention relates to the field of network communication technologies, and in particular, to a method for accessing network user information queries. Background of the invention
目前,迅速发展的下一代网络越来越受到业界的关注,该网络由三个逻辑层面组成, 如图 1所示, 分别为数据承载层、 承载控制层、 业务控制层。  At present, the rapidly developing next-generation network is getting more and more attention from the industry. The network consists of three logical layers, as shown in Figure 1, which are the data bearer layer, the bearer control layer, and the service control layer.
所述的数据承载层用于承载用户业务数据流;  The data bearer layer is configured to carry a user service data stream;
所述的承载控制层用于对数据承载层的各个网元施加控制行为,使得网络具备可管 理和可运营特征, 同时承载控制层给业务控制层提供统一的访问接口, 屏蔽不同网络的 差异;  The bearer control layer is configured to apply control actions to each network element of the data bearer layer, so that the network has manageable and operational features, and the bearer control layer provides a unified access interface to the service control layer to block differences of different networks;
所述的业务控制层主要负责业务相关控制, 它为用户提供各种服务的管理, 业务控 制层保存有用户的业务层的相互信息, 称之为用户业务接入数据;  The service control layer is mainly responsible for service-related control, which provides management for various services for the user, and the service control layer stores mutual information of the user's service layer, which is called user service access data;
在 TISPAN (用于高级网络互连的电信和英特网融合业务和协议)标准草案中, 将 承载控制层主要分为两个系统 NASS (网络接入附着子系统)和 RACS (资源接纳控制子 系统);  In the draft standard of TISPAN (Telecommunications and Internet Converged Services and Protocols for Advanced Network Interconnection), the bearer control layer is mainly divided into two systems NASS (Network Access Attachment Subsystem) and RACS (Resource Admission Control Subsystem). );
NASS用于存贮用户的签约信息, 主要负责接入用户的接入认证计费、 地址分配、 用户网络参数配置、 用户端设备管理等, NASS中保存有用户的承载控制层的相关签约 信息, 称之为用户网络接入数据; .  The NASS is used to store the user's subscription information, and is mainly responsible for access authentication and accounting, address allocation, user network parameter configuration, and client device management of the access user. The NASS stores the relevant subscription information of the user's bearer control layer. Called user network access data;
RACS主要负责 QOS控制与管理;  RACS is mainly responsible for QOS control and management;
现有的 TISPAN标准草稿中, 釆用 (用户 IP地址, 地址域) 对作为唯一关联标识, 进行业务控制层和承载控制层用户数据的关联, 具体过程为- In the existing draft of the TISPAN standard, the user (user IP address, address domain) is used as the unique association identifier to associate the service control layer with the bearer control layer user data. The specific process is -
1 ) TE (终端设备) 接入网络, 被分配 IP地址, 并将用户的地址、 用户的网络接入 相关信息存储于 NASS中; 1) TE (terminal equipment) accesses the network, is assigned an IP address, and stores the user's address and the user's network access related information in the NASS;
2 ) TE通过高层协议与业务控制层的 AF (应用功能实体) 交互, 在高层协议中 TE 将分配的网络 IP地址传递给 AF;  2) The TE interacts with the AF (application function entity) of the service control layer through the upper layer protocol, and the TE transmits the assigned network IP address to the AF in the upper layer protocol;
3 ) AF使用用户 IP地址及所获取的用户的地址域信息, 作为关联标识对 (用户 IP地 址, 地¾域), 其中的地址域作为位于同一管理域的 IP地址的集合, 被 AF用于确定 IP地 址所属的区域, 业务控制层 AF向承载控制层发送查询, 并在查询中携带此关联标识对; 3) The AF uses the user IP address and the obtained user's address domain information as the association identifier pair (user IP address, local area), where the address domain is used as a set of IP addresses located in the same administrative domain, and is used by the AF. Determining the area to which the IP address belongs, and the service control layer AF sends a query to the bearer control layer, and carries the association identifier pair in the query;
4) 根据关联标识对, 承载控制层查询到用户网络接入数据并将相关信息通过响应 消息返回给业务控制层。 业务控制层和承载控制层就可建立起关于此用户的数据关联。 以上叙述可知, 目前此方案存在如下缺点: 4) According to the association identifier pair, the bearer control layer queries the user network access data and returns related information to the service control layer through the response message. The service control layer and the bearer control layer can establish a data association with this user. As can be seen from the above description, the current solution has the following disadvantages:
( -)、 髙层协议, 如 SIP (起始会话协议) 消息携带的 IP地址有时并不能唯一标识一 个用户, 原因是 TE有可能使用私网地址, 此时, 需考虑 NAT (网络地址转换)穿越的问 题;  (-), Layer protocol, such as the IP address carried by the SIP (Initial Session Protocol) message, sometimes does not uniquely identify a user, because the TE may use the private network address. In this case, NAT (Network Address Translation) needs to be considered. Crossing problem
由于 NAT存在的位置不同分为两种情形: 一种是 NAT位于运营商的网络边界, 由运 营商的设备完成 NAT转换功能; 另一种是 NAT位于用户端网络环境, 即位于用户设备 TE 和运营商网络实体之间, 比如一个 CNG (用户网关), 后一种情况被称为 Hosted NAT, 此时, 终端用户设备 TE使用的是 CNG分配的私网 IP地址, 而不再是承载控制层的 NASS 分配的 IP地址;  There are two situations in which the location of the NAT is different. One is that the NAT is located at the network boundary of the carrier, and the NAT function is implemented by the device of the carrier. The other is that the NAT is located in the network environment of the user, that is, located at the user equipment TE and Between the carrier network entities, such as a CNG (User Gateway), the latter case is called Hosted NAT. At this time, the end user equipment TE uses the private network IP address assigned by the CNG, and is no longer the bearer control layer. IP address assigned by NASS;
在 Hosted NAT情况下, 用户高层协议携带的 IP地址信息和 NASS 分配的 IP地址已 经不同了,业务控制层的 AF需要获取它们的映射关系,并进行高层信息头域的地址转换。  In the case of Hosted NAT, the IP address information carried by the user's upper layer protocol is different from the IP address assigned by the NASS. The AF of the service control layer needs to obtain their mapping relationship and perform address translation of the upper information header field.
在 Hosted NAT情况下, 由于 CNG可能并不是由运营商控制的, 这种映射关系是得 不到的。 所以在这种情况下, 不能再使用 IP地址作为业务控制层和承载控制层的用户数 据关联标识。  In the case of Hosted NAT, since the CNG may not be controlled by the operator, this mapping relationship is not available. Therefore, in this case, the IP address can no longer be used as the user data association identifier of the service control layer and the bearer control layer.
(二)、此方案并没有深入考虑在应用控制层地址域信息的可获得性; 由于高层协议目 前并不具备传送地址域信息的能力, IP地址域信息存在于承载控制层, 而应用控制层和 承载控制层义是相对独立的。  (2) This scheme does not deeply consider the availability of information in the application control layer address domain; since the upper layer protocol does not currently have the ability to transmit address domain information, the IP address domain information exists in the bearer control layer, and the application control layer And the bearer control layer is relatively independent.
发明内容 Summary of the invention
本发明的目的在于提供一种接入网络用户信息査询的方法,将用户的业务标识在网 络接入时传递给接入网络,使业务控制层可以通过用户的业务标识做为关键字到接入网 络中査找请求用户的相关信息。  The object of the present invention is to provide a method for accessing a network user information query, and the service identifier of the user is transmitted to the access network when the network is accessed, so that the service control layer can use the service identifier of the user as a key to the connection. Find information about the requesting user in the network.
本发明的目的是通过以下技术方案实现的:  The object of the invention is achieved by the following technical solutions:
一种接入网络用户信息査询的方法,业务控制层利用用户的业务层用户标识作为关 键字与承载控制层交互, 査询接入网络用户的相关信息。  A method for accessing network user information, the service control layer uses the user layer of the user layer as a keyword to interact with the bearer control layer to query related information of the access network user.
所述业务层用户标识为业务控制层对接入用户使用的业务进行认证管理所使用的 标识。  The service layer user identifier is an identifier used by the service control layer to perform authentication management on the service used by the access user.
所述方法包括- The method includes -
A、 用户终端设备接入网络, 在进行网络接入认证或用户网络参数配置时, 将用户 本身的业务层用户标识传送给接入网络; B、用户终端设备与业务控制层应用功能实体 AF交互, 将所述业务层用户标识传送 给所述应用功能实体; A. The user terminal equipment accesses the network, and when the network access authentication or the user network parameter configuration is performed, the user layer user identity of the user is transmitted to the access network; B. The user terminal device interacts with the service control layer application function entity AF, and transmits the service layer user identifier to the application function entity;
C、 所述 AF发送承载有业务层用户标识的查询请求消息给承载控制层;  C. The AF sends a query request message carrying a service layer user identifier to the bearer control layer;
D、 承载控制层根据所述业务层用户标识获取业务相关信息传送给 AF。  D. The bearer control layer obtains service related information according to the service layer user identifier and transmits the information to the AF.
所述步骤 A中将业务层用户标识传送给接入网络的方法包括- 用户在通过动态主机配置协议 DHCP申请网络地址时, 通过 DHCP协议选项来传送; 或,  The method for transmitting the service layer user identifier to the access network in the step A includes: when the user applies for the network address through the dynamic host configuration protocol, the DHCP protocol option is used to transmit; or
用户在通过点对点通信协议 PPP、以太网 PPP协议 PPPOE接入网络时,通过 IP控制协 议 IPCP、 IPCPv6扩展选项传递; 或,  When the user accesses the network through the peer-to-peer communication protocol PPP and the Ethernet PPP protocol, the PPPOE is transmitted through the IP control protocol IPCP and IPCPv6 extension options; or
用户通过可扩展认证协议 EAP认证时, 通过响应网络的请求报文, 利用扩展类型或 选项携带所述业务层用户标识。 .  When the user authenticates through the EAP authentication, the user layer carries the service layer user identifier by using the extension type or option in response to the request packet of the network. .
当用户使用一个用户端网关实现网络地址转换 NAT时, 所述步骤 A包括:  When the user implements network address translation NAT by using a client gateway, the step A includes:
A 用户设备向用户网关申请本地 IP地址时, 将自己的业务层用户标识上报给用户 网关设备;  A user equipment reports the user ID of the service layer to the user gateway device when applying for the local IP address to the user gateway.
A2、 用户网关设备给用户分配 IP地址, 同时记录所述的业务层用户标识;  A2. The user gateway device allocates an IP address to the user, and records the service layer user identifier.
A3、 用户网关将业务层用户标识传递给接入网络。  A3. The user gateway transmits the service layer user identifier to the access network.
所述步骤 D具体包括:  The step D specifically includes:
承载控制层使用业务层用户标识作为关键字, 查询所述接入用户的相关信息。 所述接入用户相关信息包括: 用户 ID、 用户 IP地址、 用户物理逻辑接入线路标识或 用户定位信息。  The bearer control layer uses the service layer user identifier as a keyword to query related information of the access user. The information about the access user includes: a user ID, a user IP address, a user physical logical access line identifier, or user location information.
由上述本发明提供的技术方案可以看出,本发明通过使用业务层用户标识作为关键 字使业务控制层可以査询接入用户的相关信息, 有效克服了 host NAT问题, 且不利用业 务控制层获取 IP地址, 提高了该方法的通用性。  It can be seen from the technical solution provided by the present invention that the service layer can query the related information of the access user by using the service layer user identifier as a key, effectively overcoming the host NAT problem, and not using the service control layer. Obtaining an IP address improves the versatility of the method.
附图简要说明 BRIEF DESCRIPTION OF THE DRAWINGS
图 1为现有技术下一代网络三个层面示意图;  Figure 1 is a schematic diagram of three levels of a prior art next generation network;
图 2为本发明所述方法操作流程图。  2 is a flow chart showing the operation of the method of the present invention.
实施本发明的方式 Mode for carrying out the invention
本发明的核心思想是提供一种接入网络用户信息查询的方法,将用户的业务标识在 网络接入时传递给接入网络,使业务控制层可以通过用户的业务标识做为关键字到接入 网络中查找接入用户的相关信息。 本发明提供一种接入网络用户信息查询的方法, 其一种实施例操作流程图如图 2所 示, 参照图 2该方法具体包括如下步骤: The core idea of the present invention is to provide a method for accessing a network user information query, and the service identifier of the user is transmitted to the access network when the network is accessed, so that the service control layer can use the service identifier of the user as a key to the connection. Enter the network to find information about access users. The present invention provides a method for accessing network user information, and an operation flowchart of an embodiment is shown in FIG. 2. Referring to FIG. 2, the method specifically includes the following steps:
步骤 10: 用户终端设备 TE接入网络, 在进行网络接入认证或用户网络参数配置时, 将用户本身的业务层用户标识传送给接入网络;  Step 10: The user terminal device TE accesses the network, and when the network access authentication or the user network parameter configuration is performed, the user layer user identity of the user is transmitted to the access network;
所述业务层用户标识为: 用户在使用网络上各种业务时, 需要在业务控制层被认证 和管理, 需要一个用于业务认证和管理的标识, 所述标识即为本发明所述的业务层用户 标识, 该业务层用户标识为用户在业务控制层的唯一标识, 它包括但不限于: 一个 NAI (网络接入标识符)类型、一个电子邮件地址、一个 FQND (全称域名),或一个 SIP URI (SIP统一资源标识符);  The service layer user identifier is: When the user uses various services on the network, the user needs to be authenticated and managed at the service control layer, and an identifier for service authentication and management is required, and the identifier is the service described in the present invention. Layer user identifier, the service layer user identifier is a unique identifier of the user at the service control layer, including but not limited to: an NAI (Network Access Identifier) type, an email address, an FQND (full name domain name), or a SIP URI (SIP Uniform Resource Identifier);
终端设备传送业务层用户标识给接入网络的方法包括:  The method for the terminal device to transmit the service layer user identifier to the access network includes:
a)用户通过 DHCP (动态主机配置协议)协议选项来传递;  a) the user is delivered via the DHCP (Dynamic Host Configuration Protocol) protocol option;
当用户利用 DHCP协议申请分配 IP地址时, 或在申请地址后, 用户把自己的业务层 用户标识放入 DHCP的一个选项中, 传递到承载控制层相应实体, DHCP选项可采用 option60、 option61、 option82等;  When the user applies for the IP address by using the DHCP protocol, or after applying for the address, the user puts the user ID of the service layer into an option of the DHCP and sends it to the corresponding entity of the bearer control layer. The DHCP option can be used by option60, option61, and option82. Wait;
b)用户通过 IPCP (IP控制协议)、 IPCPv6等扩展选项实现;  b) The user implements through extended options such as IPCP (IP Control Protocol) and IPCPv6;
当用户通过 PPPOE (以太网上的 PPP) 或 PPP (点对点通信协议) 接入网络时, 通 过在这些协议中相应扩展选项携带业务层用户标识, 传递到承载控制层相应实体; c)用户通过 EAP (可扩展认证协议)协议扩展类型实现;  When a user accesses the network through PPPOE (PPP over Ethernet) or PPP (Peer-to-Peer Communication Protocol), the service layer user identity is carried in the corresponding extended option in these protocols, and is delivered to the corresponding entity of the bearer control layer; c) the user passes the EAP ( Extensible authentication protocol) protocol extension type implementation;
当用户被网络使用 EAP认证时, 网络设备发送 EAP request (EAP请求)报文询问业 务层用户标识, 用户在响应报文中携带业务层用户标识, 上报给承载控制层;  When the user is used by the network to use the EAP authentication, the network device sends an EAP request (EAP Request) message to the service layer user identifier, and the user carries the service layer user identifier in the response packet, and reports the message to the bearer control layer.
当用户使用一个用户端网关并实现 NAT时, 其上报业务层用户标识的过程包括: 1 )用户在向用户网关申请本地 IP地址时, 将自己的业务层用户标识上报给用户网 关设备; 具体方法包括- 当采用 DHCP协议时, 可以利用 DHCP request (请求) 消息或 DHCP inform (通知) 消息携带选项, 选项包括选项 60、 选项 61、 选项 82等;  When a user uses a client gateway and implements NAT, the process of reporting the user ID of the service layer includes: 1) The user reports the user ID of the service layer to the user gateway device when applying for the local IP address to the user gateway; Include - When using the DHCP protocol, you can use DHCP request (request) message or DHCP inform (message) message carrying options, options include option 60, option 61, option 82, etc.
对于 DHCPv6协议,利用 renew (重更新)、 rebind (重绑定)、 information— request (信 息请求) 消息携带选项, 选项包括: client id option(l) (客户标识选项)、 user class option(15) (用户类信息选项), verdor_specific information option(17) (厂商特有信息选 项);  For the DHCPv6 protocol, use the renew (re-update), rebind (re-binding), information-request (information request) message carrying options, options include: client id option(l) (customer identification option), user class option(15) (user class information option), verdor_specific information option(17) (vendor-specific information option);
2)用户网关设备给用户分配 IP地址, 同时记录所述的业务层用户标识; 3 )用户网关将业务层用户标识传递给接入网络, 该传递过程可以在网络接入时, 也可以在网络接入后。 2) The user gateway device allocates an IP address to the user, and records the service layer user identifier; 3) The user gateway transmits the service layer user identifier to the access network, and the transmission process may be performed when the network is accessed or after the network is accessed.
步骤 11 : TE通过高层协议与业务控制层的 AF (应用功能实体)交互, 将业务层用 户标识信息传递给 AF;  Step 11: The TE interacts with the AF (application function entity) of the service control layer through the upper layer protocol, and transmits the service layer user identification information to the AF.
步骤 12: AF通过业务控制层与承载控制层中 NASS的接口与 NASS交互, 查询接入 用户的相关信息, 所述査询消息中承载有业务层用户标识信息;  Step 12: The AF interacts with the NASS through the interface between the service control layer and the NASS in the bearer control layer to query related information of the access user, where the query message carries the service layer user identification information;
步骤 13: NASS使用所述接收到的业务层用户标识作为关键字, 査找承载控制层已 被授权的用户网络接入数据,包括如用户 ID、用户 IP地址、用户物理逻辑接入线路标识、 用户定位信息等;  Step 13: The NASS uses the received service layer user identifier as a key to search for user network access data that has been authorized by the bearer control layer, including, for example, user ID, user IP address, user physical logical access line identifier, and user. Positioning information, etc.
步 άΐ4: 承载控制层将查找到的信息通过回应消息传送给业务控制层, 完成承载控 制层与业务控制层间用户数据的交换。 '  Step 4: The bearer control layer transmits the found information to the service control layer through the response message, and completes the exchange of user data between the bearer control layer and the service control layer. '
综上所述,本发明通过使用业务层用户标识使业务控制层可以通过用户业务标识作 为关键字查询接入用户的相关信息, 有效克服了 host NAT问题, 且不利用业务控制层获 取 IP地址, 提高了该方法的通用性。  In summary, the present invention uses the service layer user identifier to enable the service control layer to query the related information of the access user by using the user service identifier as a key, effectively overcoming the host NAT problem, and not using the service control layer to obtain an IP address. Improve the versatility of the method.
以上所述, 仅为本发明较佳的具体实施方式, 但本发明的保护范围并不局限于此, 任何熟悉本技术领域的技术人员在本发明揭露的技术范围内, 可轻易想到的变化或替 换, 都应涵盖在本发明的保护范围之内。 因此, 本发明的保护范围应该以权利要求的保 护范围为准。  The above is only a preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or within the technical scope disclosed by the present invention. Alternatives are intended to be covered by the scope of the present invention. Therefore, the scope of protection of the present invention should be determined by the scope of the claims.

Claims

权利要求 Rights request
1、 一种接入网络用户信息查询的方法, 其特征在于, 业务控制层利用用户的业务 层用户标识作为关键字与承载控制层交互, 査询接入网络用户的相关信息。  A method for accessing a network user information query, wherein the service control layer uses the user layer of the user layer as a key to interact with the bearer control layer to query related information of the access network user.
2、 如权利要求 1所述的一种接入网络用户信息查询的方法, 其特征在于, 所述业务 层用户标识为业务控制层对接入用户使用的业务进行认证管理所使用的标识。  The method for querying access network user information according to claim 1, wherein the service layer user identifier is an identifier used by the service control layer to perform authentication management on a service used by the access user.
3、 如权利要求 1所述的一种接入网络用户信息査询的方法, 其特征在于, 所述方法 包括:  The method for accessing a network user information query according to claim 1, wherein the method comprises:
A、 用户终端设备接入网络, 在进行网络接入认证或用户网络参数配置时, 将用户 本身的业务层用户标识传送给接入网络;  A. The user terminal equipment accesses the network, and when the network access authentication or the user network parameter configuration is performed, the user layer user identity of the user is transmitted to the access network;
B、用户终端设备与业务控制层应用功能实体 AF交互, 将所述业务层用户标识传送 给所述应用功能实体;  B. The user terminal device interacts with the service control layer application function entity AF, and transmits the service layer user identifier to the application function entity;
C、 所述 AF发送承载有业务层用户标识的査询请求消息给承载控制层;  C. The AF sends a query request message carrying a service layer user identifier to the bearer control layer;
D、 承载控制层根据所述业务层用户标识获取业务相关信息传送给 AF。  D. The bearer control layer obtains service related information according to the service layer user identifier and transmits the information to the AF.
4、 如权利要求 3所述的一种接入网络用户信息查询的方法, 其特征在于, 所述步骤 A中将业务层用户标识传送给接入网络的方法包括:  The method for accessing the network user information query according to claim 3, wherein the method for transmitting the service layer user identifier to the access network in the step A includes:
用户在通过动态主机配置协议 DHCP申请网络地址时, 通过 DHCP协议选项来传送; 或,  When the user applies for a network address through the Dynamic Host Configuration Protocol (DHCP), the DHCP protocol option is used to transmit; or,
用户在通过点对点通信协议 PPP、以太网 PPP协议 PPPOE接入网络时,通过 IP控制协 议 IPCP、 IPCPv6扩展选项传递; 或,  When the user accesses the network through the peer-to-peer communication protocol PPP and the Ethernet PPP protocol, the PPPOE is transmitted through the IP control protocol IPCP and IPCPv6 extension options; or
用户通过可扩展认证协议 EAP认证时, 通过响应网络的请求报文, 利用扩展类型或 选项携带所述业务层用户标识。  When the user authenticates through the EAP authentication, the user layer carries the service layer user identifier by using the extension type or option in response to the request packet of the network.
5、 如权利要求 3所述的一种接入网络用户信息查询的方法, 其特征在于, 当用户使 用一个用户端网关实现网络地址转换 NAT时, 所述步骤 A包括:  The method for accessing a network user information query according to claim 3, wherein when the user uses a client gateway to implement network address translation NAT, the step A includes:
Al、用户设备向用户网关申请本地 IP地址时, 将自己的业务层用户标识上报给用户 网关设备;  When the user equipment applies for the local IP address to the user gateway, the user equipment reports the user ID of the service layer to the user gateway device.
A2、 用户网关设备给用户分配 IP地址, 同时记录所述的业务层用户标识;  A2. The user gateway device allocates an IP address to the user, and records the service layer user identifier.
A3、 用户网关将业务层用户标识传递给接入网络。  A3. The user gateway transmits the service layer user identifier to the access network.
6、 如权利要求 3所述的一种接入网络用户信息查询的方法, 其特征在于, 所述步骤 D具体包括:  The method for accessing the user information of the access network according to claim 3, wherein the step D specifically includes:
承载控制层使用业务层用户标识作为关键字, 查询所述接入用户的相关信息。 The bearer control layer uses the service layer user identifier as a keyword to query related information of the access user.
7、 如权利要求 1至 6中任一项所述的一种接入网络用户信息查询的方法, 其特征在 于, 所述接入用户相关信息包括: 用户 ID、 用户 IP地址、 用户物理逻辑接入线路标识或 用户定位信息。 The method for accessing the user information of the access network according to any one of claims 1 to 6, wherein the information about the access user includes: a user ID, a user IP address, and a physical physical connection of the user. Incoming line identification or user positioning information.
PCT/CN2006/002205 2005-10-12 2006-08-28 A method for inquiring access network user information WO2007041925A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2005101127388A CN1949755B (en) 2005-10-12 2005-10-12 Method for inquiring access network user message
CN200510112738.8 2005-10-12

Publications (1)

Publication Number Publication Date
WO2007041925A1 true WO2007041925A1 (en) 2007-04-19

Family

ID=37942299

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2006/002205 WO2007041925A1 (en) 2005-10-12 2006-08-28 A method for inquiring access network user information

Country Status (2)

Country Link
CN (1) CN1949755B (en)
WO (1) WO2007041925A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101087208B (en) * 2007-06-27 2010-08-11 华为技术有限公司 Method for configuring user access network data, function entity and system
CN101729363B (en) 2008-10-21 2012-05-30 华为技术有限公司 Method for initializing resource, device and system
CN111465000B (en) * 2020-04-01 2022-07-22 中国联合网络通信集团有限公司 Call addressing method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002268972A (en) * 2001-03-07 2002-09-20 F Media Kk Information access support system
JP2004112777A (en) * 2002-08-29 2004-04-08 Plat One:Kk User information providing system
KR20050000880A (en) * 2003-06-25 2005-01-06 주식회사 케이티 System and method for servicing asymmetric digital subscriber line, and computer readable medium storing thereof
WO2005032088A1 (en) * 2003-10-01 2005-04-07 Telenor Asa Subscriber information system
CN1642079A (en) * 2004-01-16 2005-07-20 华为技术有限公司 Method for obtaining user identification information for network application entity

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002268972A (en) * 2001-03-07 2002-09-20 F Media Kk Information access support system
JP2004112777A (en) * 2002-08-29 2004-04-08 Plat One:Kk User information providing system
KR20050000880A (en) * 2003-06-25 2005-01-06 주식회사 케이티 System and method for servicing asymmetric digital subscriber line, and computer readable medium storing thereof
WO2005032088A1 (en) * 2003-10-01 2005-04-07 Telenor Asa Subscriber information system
CN1642079A (en) * 2004-01-16 2005-07-20 华为技术有限公司 Method for obtaining user identification information for network application entity

Also Published As

Publication number Publication date
CN1949755B (en) 2011-04-06
CN1949755A (en) 2007-04-18

Similar Documents

Publication Publication Date Title
US9154378B2 (en) Architecture for virtualized home IP service delivery
CA2567303C (en) Server for routing connection to client device
EP2291979B1 (en) Remote access between upnp devices
WO2007068167A1 (en) A method and network device for configuring the domain name in ipv6 access network
US7934014B2 (en) System for the internet connections, and server for routing connections to a client machine
CN101056178B (en) A method and system for controlling the user network access right
JP5876877B2 (en) Telecommunication network and method and system for efficient use of connection between telecommunication network and customer premises equipment
WO2008019624A1 (en) Method and system for implementing configuration management of devices in network
WO2007045157A1 (en) Service provisioning method and system thereof
WO2010048874A1 (en) Method, device and system for identifying ip session
WO2011140919A1 (en) Method, device, server and system for accessing service wholesale network
JP2010534005A (en) Bundle authentication method and system between service network and access network of wired / wireless terminal in next generation network
WO2007101378A1 (en) A device and method and system for acquiring ipv6 address
KR101276798B1 (en) System and method for offering communication provider selection service in distribution network
EP1881639B1 (en) A method and system for cpecf (customer premises equipment configuration function) obtaining the terminal equipment information and configuring the terminal equipment
US20150244560A1 (en) IPoE Dual-Stack Subscriber for Bridged Residential Gateway Configuration
CN1972225B (en) Method for interacting user information between different sub-systems in next generation network
WO2006038391A1 (en) Network apparatus and network system
WO2007041925A1 (en) A method for inquiring access network user information
WO2007003105A1 (en) A method system and apparatus for relating the information associated with user in nass
KR100625240B1 (en) Apparatus and method of internet protocol address management in high speed portable internet
JP5261432B2 (en) Communication system, packet transfer method, network switching apparatus, access control apparatus, and program
WO2008055448A1 (en) A method, an apparatus and a system for acquiring access information of a user terminal
CN102577299B (en) The Access Network authentication information bearing protocol simplified
WO2013079897A1 (en) Discovering data network infrastructure services

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06775522

Country of ref document: EP

Kind code of ref document: A1