[go: up one dir, main page]

WO2014022993A1 - Tunnel forwarding method, apparatus, device and system - Google Patents

Tunnel forwarding method, apparatus, device and system Download PDF

Info

Publication number
WO2014022993A1
WO2014022993A1 PCT/CN2012/079843 CN2012079843W WO2014022993A1 WO 2014022993 A1 WO2014022993 A1 WO 2014022993A1 CN 2012079843 W CN2012079843 W CN 2012079843W WO 2014022993 A1 WO2014022993 A1 WO 2014022993A1
Authority
WO
WIPO (PCT)
Prior art keywords
tunnel
gateway
application server
user equipment
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2012/079843
Other languages
French (fr)
Chinese (zh)
Inventor
李岩
吴问付
魏凯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to PCT/CN2012/079843 priority Critical patent/WO2014022993A1/en
Priority to CN201280001349.6A priority patent/CN104025518B/en
Publication of WO2014022993A1 publication Critical patent/WO2014022993A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways

Definitions

  • the present invention relates to the field of communications, and in particular, to a tunnel forwarding method, apparatus, device, and system. Background technique
  • UE User Equipment
  • EPC Evolved Packet Core
  • the PDN network includes the Internet (Internet), Intranet (intranet).
  • ISP Internet Service Provider, Internet Service Provider, etc.
  • the network element or network involved in the method includes: a UE, an MME (Mobility Management Entity), a SGW (Serving Gateway), a PGW (PDN Gateway, PDN Gateway), and a PDN network.
  • the MME, the SGW, and the PGW are all network elements in the EPC mobile packet domain network, and the network elements in the EPC mobile packet domain network may further include an eNB (Evolved Node B, evolved Node B), and a Home Subscriber Server (HSS). Server), etc. (not specifically shown).
  • eNB evolved Node B
  • HSS Home Subscriber Server
  • Step 101 The process of the UE accessing the PDN network through the EPC mobile packet domain network and forwarding the data by using the tunnel is as follows: Step 101: The PGW pre-establishes a tunnel with a specific type of network in the PDN network, where the specific type of network may be an intranet, where The purpose of the tunnel is to meet the security or routing requirements of a specific type of network. For the Internet in the PDN network, the PGW usually accesses directly without establishing a tunnel.
  • Step 102 The UE sends a PDN connection setup request to the MME, where the PDN connection setup request carries the APN.
  • APN1 indicates that the UE wants to connect to the intranet
  • APN2 indicates that the UE wants to connect to the Internet
  • Step 103 MME cooperates with HSS (not shown) performing a subscription check on the UE, checking whether the UE is allowed to access the network corresponding to the APN, and the APN is an APN in the PDN connection establishment request; if allowed, selecting the PGW according to the APN, and further selecting according to the selected
  • the PGW selects the corresponding SGW, and then sends a create session request message to the SGW, where the create session request message carries the above APN;
  • Step 104 The SGW forwards a create session request message to the PGW.
  • Step 105 The PGW determines, according to the foregoing APN, which network the UE is connected to. If it is connected to the Internet, the PGW directly allocates an IP address to the UE from the local address pool. If it is connected to a specific type of network, the PGW needs to be associated with the specific a type of network performs signaling interaction, and allocates an IP address to the UE from an address pool of the specific type of network; Step 106: The PGW returns a create session response message to the SGW, where the create session response message carries the foregoing IP address.
  • Step 107 The SGW forwards a create session response message to the MME.
  • Step 108 The MME returns a PDN connection setup response message to the UE, where the PDN connection setup response message carries the foregoing IP address.
  • Step 109 The UE accesses the PDN network according to the foregoing IP address. If the PDN network is the Internet, the packet sent by the UE is directly routed to the Internet. If the PDN network is a specific type of network, the packet sent by the UE passes through step 101. The established tunnel is forwarded to a specific type of network.
  • the tunnels in the existing tunnel forwarding method are established based on different types of PDN networks, and different service flows in the same type of PDN network (such as online payment services with high security requirements and low security requirements) Service, etc.) cannot be distinguished, and different policies are used for forwarding. Data sent by different UEs accessing the same type of PDN network cannot be distinguished, and different policies are used for forwarding. Summary of the invention
  • the embodiments of the present invention provide a tunnel forwarding method, apparatus, device, and system, in order to solve the problem that the data of the service granularity or the UE granularity cannot be differentiated and forwarded in the existing tunnel forwarding method.
  • the technical solution is as follows:
  • a tunnel forwarding method includes:
  • the tunnel establishment request includes tunnel endpoint information and a tunnel forwarding rule
  • the tunnel establishment request further includes range indication information, where the at least one gateway establishes a tunnel with the application server corresponding to the tunnel endpoint information, and sends the tunnel forwarding rule to the gateway, specifically:
  • the selected gateway establishes a tunnel with the application server, and sends the tunnel forwarding rule to the gateway.
  • the at least one gateway instructs the application server corresponding to the tunnel endpoint information to establish a tunnel, and delivers the tunnel forwarding rule.
  • the gateway also includes:
  • Directing the designated user device to connect to the gateway includes:
  • the HSS is instructed to modify the subscription data of the specified user equipment, and the APN of the specified user equipment is replaced by a specific APN, and the specific APN is associated with the gateway, so that the MME boots the information according to the modified subscription data.
  • the tunnel establishment request further includes a tunnel type, and when the tunnel type is a security tunnel, the at least one gateway is configured to establish a tunnel with the application server corresponding to the tunnel endpoint information, and specifically includes:
  • a tunnel forwarding device comprising:
  • a request receiving module configured to receive a tunnel establishment request, where the tunnel establishment request includes tunnel endpoint information and a tunnel forwarding rule
  • a tunnel establishment module configured to: at least one gateway establishes a tunnel with an application server corresponding to the tunnel endpoint information, and sends the tunnel forwarding rule to the gateway, so that the gateway will meet the data of the tunnel forwarding rule. Forwarding to the application server using the tunnel.
  • the tunnel establishment request further includes range indication information
  • the tunnel establishment module specifically includes: a gateway selection unit and a tunnel establishment unit
  • the gateway selection unit is configured to select at least one gateway that belongs to the range indicated by the range indication information, where the tunnel establishment unit is configured to indicate that the selected gateway establishes a tunnel with the application server, and sends the tunnel The tunnel forwarding rule is sent to the gateway.
  • the tunnel forwarding device when the tunnel forwarding rule is to forward the data of the specified user equipment to the application server, the tunnel forwarding device further includes:
  • connection guiding module configured to guide the specified user equipment to connect to the gateway.
  • connection guiding module specifically includes:
  • a first indicating unit a second indicating unit or a third indicating unit
  • the first indication unit is configured to indicate that the home subscriber server HSS modifies the subscription data of the specified user equipment, and that each access point name APN of the specified user equipment is modified to be associated with the gateway, so as to be mobility.
  • Tube The physical entity MME directs the specified user equipment to connect to the gateway according to the modified subscription data.
  • the second indication unit is configured to instruct the HSS to modify the subscription data of the specified user equipment, and replace the designated user.
  • the APN of the device is a specific APN, and the specific APN is associated with the gateway, so that the MME directs the specified user equipment to connect to the gateway according to the modified subscription data.
  • the third indication unit is configured to indicate that the base station connected to the designated user equipment routes data of the specified user equipment to the gateway.
  • the tunnel establishment request further includes a tunnel type.
  • the tunnel establishment module specifically includes:
  • the authentication sending unit is configured to send authentication information to the gateway and the application server, respectively, so that the gateway and the application server complete mutual authentication when establishing a tunnel according to the authentication information.
  • an application server including:
  • a request sending module configured to send a tunnel establishment request, where the tunnel establishment request includes at least tunnel endpoint information and a tunnel forwarding rule;
  • the tunnel endpoint information corresponds to an application server to be tunneled
  • the tunnel forwarding rule includes forwarding data of the specified user equipment to the application server, and forwarding the data of the application server to the application server.
  • the tunnel establishment request further includes a tunnel type and/or range indication information
  • the tunnel type includes a normal tunnel or a secure tunnel
  • the range indication information is used to indicate a range to which the gateway belongs.
  • a home subscriber server including:
  • an indication receiving module configured to receive an indication of the tunnel forwarding device, where the indication includes identifier information of the specified user equipment
  • a data modification module configured to modify the subscription data of the specified user equipment according to the indication received by the indication receiving module
  • the modification includes: modifying each access point name of the specified user equipment, the APN is associated with the designated gateway;
  • the home subscriber server further includes: a connection determining module and a data pushing module; the connection determining module is configured to determine whether the specified user equipment has accessed other gateways, and the other gateways are not The application server establishes a gateway for the tunnel; The data pushing module is configured to: when the determination result of the connection determining module is YES, push the modified subscription data of the data modification module to the mobility management entity.
  • a tunnel forwarding system includes the tunnel forwarding device provided by the foregoing technical solution, the application server provided by the foregoing technical solution, and/or the home subscriber server provided by the foregoing technical solution.
  • the tunnel is established according to the tunnel establishment request, and the corresponding gateway is instructed to establish a tunnel with the application server, and the tunnel forwarding rule is sent to the gateway, so that the gateway can selectively forward the data to the application server according to the tunnel forwarding rule, thereby solving the existing tunnel forwarding method.
  • the technical problem that the service granularity or the UE granularity data cannot be distinguished and forwarded is that the gateway can forward the data to different application flows or different UEs to the application server.
  • FIG. 2 is a flowchart of a method for tunnel forwarding method according to Embodiment 1 of the present invention
  • FIG. 3 is a flowchart of a method for tunnel forwarding method according to Embodiment 2 of the present invention.
  • FIG. 4 is a flowchart of a method for tunnel forwarding method according to Embodiment 3 of the present invention.
  • Embodiment 4 of the present invention is a flowchart of a method for tunnel forwarding provided by Embodiment 4 of the present invention.
  • Embodiment 6 is a flowchart of a method for tunnel forwarding provided by Embodiment 5 of the present invention.
  • FIG. 7 is a structural block diagram of a tunnel forwarding apparatus according to Embodiment 6 of the present invention.
  • FIG. 8 is another structural block diagram of a tunnel forwarding apparatus according to Embodiment 6 of the present invention.
  • FIG. 9 is a block diagram showing still another structure of a tunnel forwarding apparatus according to Embodiment 6 of the present invention.
  • FIG. 10 is a block diagram showing still another structure of a tunnel forwarding apparatus according to Embodiment 6 of the present invention.
  • FIG. 11 is a block diagram showing still another structure of a tunnel forwarding apparatus according to Embodiment 6 of the present invention.
  • FIG. 12 is a block diagram showing the structure of an application server according to Embodiment 7 of the present invention.
  • FIG. 13 is a structural block diagram of a home subscriber server according to Embodiment 8 of the present invention.
  • FIG. 14 is another structural block diagram of a home subscriber server according to Embodiment 9 of the present invention.
  • FIG. 15 is a block diagram showing the structure of a tunnel forwarding system according to Embodiment 10 of the present invention. detailed description
  • the tunnel forwarding method may be performed by a logical entity network element: a tunnel forwarding network element, and the tunnel forwarding network element may be deployed in a physical control network element such as an MME.
  • the tunnel forwarding method may specifically include:
  • Step 201 Receive a tunnel establishment request, where the tunnel establishment request includes tunnel endpoint information and a tunnel forwarding rule.
  • the tunnel forwarding network element receives a tunnel establishment request sent by the application server A, where the tunnel establishment request includes tunnel endpoint information and a tunnel forwarding rule.
  • the tunnel endpoint information corresponds to the application server to be tunneled, and is usually the application server A that sends the tunnel establishment request.
  • the tunnel establishment request may also be sent by the application server A, but the tunnel endpoint information corresponds to the application server B, that is, the application server corresponding to the tunnel endpoint information may be different from the application server that sends the tunnel establishment request.
  • Tunnel forwarding rules are used to indicate which data needs to be forwarded in the established tunnel.
  • the tunnel forwarding rule is: forwarding the data of the specified user equipment to the application server; in other cases, the tunnel forwarding rule is: forwarding the destination address to the application server data to the application server.
  • the tunnel establishment request may also include a tunnel type and range indication information.
  • the tunnel type includes an ordinary tunnel or a security tunnel.
  • the common tunnel may be an IP in IP tunnel, an IP in GRE (generic route encapsulation) tunnel, or a Layer 2 Tunneling Protocol (L2TP) tunnel.
  • the tunnel may be an IPSEC (Internet Protocol Security) tunnel or the like.
  • the range indication information is used to indicate the scope of the gateway.
  • Step 202 Instruct the at least one gateway to establish a tunnel with the application server corresponding to the tunnel endpoint information, and send a tunnel forwarding rule to the gateway, so that the gateway forwards the data conforming to the tunnel forwarding rule to the application server by using the tunnel.
  • the tunnel forwarding network element After receiving the tunnel establishment request sent by the application server, the tunnel forwarding network element instructs one, two or more gateways to establish a tunnel with the application server corresponding to the tunnel endpoint information, and the gateway may be a PGW.
  • the tunnel forwarding NE Before the tunnel is established between the gateway and the application server, the tunnel forwarding NE needs to send the tunnel forwarding rule to the gateway at the same time. At this point, the gateway can forward the data conforming to the tunnel forwarding rule to the application server using the established tunnel.
  • the tunnel forwarding method provided in this embodiment indicates that the gateway establishes a tunnel with the application server according to the tunnel establishment request, and the tunnel forwarding rule is sent to the gateway, so that the gateway can selectively forward according to the tunnel forwarding rule.
  • Data to the application server which solves the problem that the existing tunnel forwarding method cannot be used for service granularity or UE granularity.
  • the technical problem of distinguishing and forwarding data reaches the effect that the gateway can forward the data to different application flows or different UEs to the application server.
  • the tunnel is established by the PGW and the application server A, instead of the UE establishing a tunnel with the application server A.
  • the UE does not need to establish a tunnel with the application server A. There is no need to deal with higher processing tasks, consume more mobile communication resources (the encapsulation of tunnel messages requires more wireless communication resources) and pay higher power consumption.
  • Embodiment 2
  • UE1 and UE2 access the Internet through PGW1 and PGW2 respectively.
  • the e-commerce website on the Internet wants all UEs in a certain area to access the application server of the website, it can be forwarded through a secure tunnel to enhance security.
  • the tunnel forwarding method may specifically include:
  • Step 301 The application server A sends a tunnel establishment request to the tunnel forwarding network element, where the tunnel establishment request includes a tunnel type, tunnel endpoint information, and a tunnel forwarding rule.
  • the tunnel type is: an IPSEC tunnel
  • the tunnel endpoint information corresponds to the application server to be tunneled, specifically the IP address of the application server A that sends the tunnel establishment request.
  • the tunnel forwarding rule is as follows:
  • the forwarding destination address is the data of the application server A to the application server.
  • the tunnel establishment request also includes the range indication information (Beijing).
  • Step 302 The tunnel forwarding network element sends a tunnel establishment request response information to the application server A, where the tunnel establishment request response information carries the authentication information.
  • the tunnel forwarding network element After receiving the tunnel establishment request sent by the application server A, the tunnel forwarding network element sends the tunnel establishment request response information to the application server A. Since the security tunnel (IPSEC tunnel) is established in this embodiment, the tunnel forwarding network element needs to carry the authentication information in the tunnel establishment request response information, so as to send the authentication information to the application server A.
  • IPSEC tunnel security tunnel
  • the tunnel forwarding network element acts as an entity trusted by the gateway and the application server, and needs to send authentication information to the gateway and the application server respectively, so that the gateway and the application server complete the tunnel according to the authentication information.
  • Mutual authentication if the tunnel type to be established is a secure tunnel, the tunnel forwarding network element acts as an entity trusted by the gateway and the application server, and needs to send authentication information to the gateway and the application server respectively, so that the gateway and the application server complete the tunnel according to the authentication information.
  • Step 303 The tunnel forwarding network element selects at least one PGW according to the range indication information, and sends the tunneling indication information to the selected PGW.
  • the tunneling indication information includes a tunnel type, a tunnel endpoint information, a tunnel forwarding rule, and authentication information. If the tunnel establishment request does not include the range indication information, the tunnel forwarding network element may select all PGWs that may establish a connection with the application server A.
  • the tunnel forwarding network element may select all the PGWs that may be connected to the application server A in the range indicated by the range indication information, for example, the range indication information is Beijing, and the tunnel forwarding network element selects All PGWs in Beijing that may be connected to Application Server A.
  • PGW1 and PGW2 are described as the selected PGW.
  • the tunnel forwarding network element sends the tunneling indication information to the PGW1 and the PGW2, where the tunneling indication information includes the tunnel type, the tunnel endpoint information, the tunnel forwarding rule, and the authentication information.
  • Step 304 The PGW1 and the PGW2 establish an IPSEC tunnel with the application server A according to the tunnel indication information.
  • the PGW1 and the PGW2 establish an IPSEC tunnel with the application server A according to the tunnel type and the tunnel endpoint information.
  • the PGW and the application server A use the authentication information delivered by the tunnel forwarding NE to complete the authentication.
  • the authentication information may be a certificate or a shared key.
  • PGW1 and PGW2 respectively save the tunnel forwarding rules.
  • Step 305 UE1 establishes a PDN connection through PGW1, and UE2 establishes a PDN connection through PGW2.
  • UE1 acts as a user under PGW1 and establishes a PDN connection through PGW1.
  • UE2 establishes a PDN connection through PGW2, and the process of establishing a PDN connection can refer to related steps in the background art.
  • Step 306 PGW1 and PGW2 forward the data conforming to the tunnel forwarding rule with the tunnel established between the application server A and the application server A.
  • the PGW1 and the PGW2 can receive the related data packet, and determine that the data packet complies with the tunnel forwarding rule. At this time, PGW1 and PGW2 can forward the data packet to the application server A by using the tunnel established between the application server and the application server A.
  • the tunnel forwarding method provided in this embodiment indicates that the gateway establishes a tunnel with the application server according to the tunnel establishment request, and the tunnel forwarding rule is sent to the gateway, so that the gateway can selectively forward according to the tunnel forwarding rule.
  • the data is applied to the application server, which solves the technical problem that the existing tunnel forwarding method cannot distinguish and forward the data of the service granularity, and achieves the effect that the gateway can forward the different service flows to the application server.
  • the application server A multiple UEs connected to the same PGW can share a tunnel of the PGW to itself, without requiring each UE to establish a tunnel with the application server A, and also reduce the tunnel. The number of management and the number of maintenance reduces the load.
  • Embodiment 3 Assume that the implementation scenario is as follows: The UE belongs to an employee in the enterprise. The UE needs to access the intranet of the enterprise through the tunnel, and needs to access the Internet. The enterprise hopes that the data of the UE accessing the Internet is also accessed through the tunnel of the intranet. Forward.
  • the tunnel forwarding method may include:
  • Step 401 The application server A sends a tunnel establishment request to the tunnel forwarding network element, where the tunnel establishment request includes a tunnel type, tunnel endpoint information, and a tunnel forwarding rule.
  • the tunnel type is: IP in IP tunnel
  • the tunnel endpoint information corresponds to the application server to be tunneled, specifically the IP address of the application server A that sends the tunnel establishment request, and the application server A is the server in the intranet;
  • the tunnel forwarding rule is: Forward all data of the specified UE to the application server A.
  • Step 402 The tunnel forwarding network element selects at least one PGW, and sends the tunneling indication information to the selected PGW, where the tunneling indication information includes a tunnel type, a tunnel endpoint information, and a tunnel forwarding rule.
  • the tunnel forwarding network element may select one or more PGWs that specify that the UE may establish a PDN connection. Specifically, for a PGW with similar access functions in each area, the tunnel forwarding network element only needs to select one PGW in the area.
  • the tunnel forwarding network element sends the tunnel establishment indication information to the selected PGW, where the tunnel establishment indication information includes the tunnel type, the tunnel endpoint information, and the tunnel forwarding rule.
  • Step 403 The selected PGW establishes an IP in IP tunnel with the application server A according to the tunneling indication information.
  • the selected PGW establishes an IP in IP tunnel with the application server A according to the tunnel type and the tunnel endpoint information.
  • the selected PGW saves the tunnel forwarding rules.
  • the tunnel forwarding network element needs to direct the designated UE to connect to the selected gateway.
  • the tunnel forwarding network element may instruct the HSS to modify the subscription data of the designated UE, and modify each APN of the designated UE to be associated with the selected PGW, so that the MME guides the specified UE connection according to the modified subscription data. To the selected PGW.
  • Step 404 The tunnel forwarding network element sends an indication for modifying the subscription data to the HSS, where the indication carries the identifier information of the designated UE and the identifier information of the selected PGW.
  • the identifier information of the designated UE may be an IMSI (International Mobile Subscriber Identification Number).
  • the identification information of the designated UE can be obtained from a tunnel forwarding rule.
  • the identification information of the selected PGW may be the IP address of the PGW.
  • the HSS may modify each APN of the designated UE to be associated with the selected one. PGW.
  • Step 405 The specified UE sends an attach request to the MME.
  • the attach request may carry the APN. If not, the APN may be processed according to the default APN in the subscription data. In addition, the attach request usually carries the IMSI of the designated UE.
  • Step 406 The MME acquires subscription data of the designated UE from the HSS.
  • the MME After receiving the attach request, the MME obtains the subscription data of the designated UE from the HSS. In this process, the MME may use the IMSI of the designated UE to initiate a subscription data acquisition request to the HSS, so that the HSS returns the subscription data of the designated UE.
  • Step 407 The HSS returns, to the MME, the subscription data that the specified UE is modified.
  • the HSS returns the subscription data of the specified UE to the MME, and the modified subscription data includes an APN that is selected by the UE, and a PGW associated with each APN.
  • the PGW here is usually the PGW selected by the tunnel forwarding network element.
  • Step 408 The MME sends a create session request message to the PGW in the modified subscription data.
  • the create session request message includes the IMSI and the APN of the designated UE, and the APN may be the APN that the designated UE carries in the attach request.
  • the APN has no practical effect in the subsequent steps of this embodiment, the content is retained in order to make the changes to the prior art as small as possible. It is important to realize that the APN may not be included in the Create Session Request message.
  • Step 409 The PGW allocates an address to the application server A according to the IMSI of the specified UE.
  • the PGW After receiving the Create Session Request message sent by the MME, the PGW can determine that the current UE is the designated UE according to the IMSI and the tunnel forwarding rule of the specified UE. To this end, the PGW to Application Server A assigns an address to the designated UE.
  • the PGW determines that the current UE is the designated UE, it does not assign an address to the designated UE in the address pool corresponding to the APN according to the normal mode; instead, the APN information is ignored, and the address is directly assigned to the designated UE at the application server A. .
  • Step 410 The PGW returns a create session response message to the MME, where the create session response message carries the assigned address.
  • Step 411 The MME returns an attach response to the designated UE, where the attach response carries the address allocated by the PGW. Thereafter, the designated UE can complete the PDN access by using the address allocated by the PGW, and access the PDN network.
  • Step 412 The PGW receives the data packet of the specified UE, and forwards the data packet that meets the tunnel forwarding rule by using the tunnel established between the application server and the application server A.
  • the PGW can determine that the data packet complies with the tunnel forwarding rule according to the source address of the data packet, and then use the tunnel established between the data packet and the application server A. Forward.
  • the tunnel forwarding method provided in this embodiment indicates that the gateway establishes a tunnel with the application server according to the tunnel establishment request, and the tunnel forwarding rule is sent to the gateway, so that the gateway can selectively forward according to the tunnel forwarding rule.
  • the data is applied to the application server, which solves the technical problem that the existing tunnel forwarding method cannot distinguish and forward the data of the UE granularity, and achieves the effect that the gateway can forward the data of different UEs to the application server.
  • Embodiment 4 by establishing only a small number of PGWs to establish a tunnel with the application server A, and simultaneously modifying the HSS subscription data to guide the designated UE to connect to the selected PGW, so that the number of tunnels that the application server A needs to maintain and manage is reduced to less.
  • the UE belongs to an employee in the enterprise.
  • the UE needs to access the intranet of the enterprise through the tunnel, and needs to access the Internet.
  • the enterprise hopes that the data of the UE accessing the Internet is also connected to the tunnel through the intranet. To forward.
  • the gateway before the gateway establishes a tunnel with the application server, the UE has accessed the PDN network through a PGW.
  • the tunnel forwarding method may include:
  • Step 501 The application server A sends a tunnel establishment request to the tunnel forwarding network element, where the tunnel establishment request includes a tunnel type, tunnel endpoint information, and a tunnel forwarding rule.
  • the tunnel type is: an IP in GRE tunnel
  • the tunnel endpoint information corresponds to the application server to be tunneled, specifically the IP address of the application server A that sends the tunnel establishment request, and the application server A is the server in the intranet;
  • the tunnel forwarding rule is: Forward all data of the specified UE to the application server A.
  • Step 502 The tunnel forwarding network element selects at least one PGW, and sends the tunneling indication information to the selected PGW, where the tunneling indication information includes a tunnel type, tunnel endpoint information, and a tunnel forwarding rule.
  • the tunnel forwarding network element may select one or more PGWs that specify that the UE may establish a PDN connection. Specifically, for a PGW with similar access functions in each area, the tunnel forwarding network element only needs to select one PGW in the area.
  • PGW1 is used as the selected gateway to describe;
  • the tunnel forwarding network element sends a tunnel establishment indication information to the PGW1, where the tunnel establishment indication information includes a tunnel type, tunnel endpoint information, and a tunnel forwarding rule.
  • Step 503 The PGW1 establishes an IP in GRE tunnel with the application server A according to the tunnel indication information.
  • PGW1 establishes an IP in GRE tunnel with application server A according to the tunnel type and tunnel endpoint information. At the same time, PGW1 Save the tunnel forwarding rules.
  • the tunnel forwarding network element needs to direct the designated UE to connect to the selected gateway.
  • the tunnel forwarding network element may instruct the HSS to modify the subscription data of the designated UE, and modify the APN of the designated UE to be a specific APN, and the specific APN is associated with the PGW1, so that the MME guides the designated UE according to the modified subscription data. Connect to PGW1.
  • the tunnel forwarding network element needs to send the modified subscription data to the HSS after the HSS is instructed to modify the subscription data of the designated UE.
  • the MME so that the MME first deactivates the existing connection of the designated UE, and redirects the designated UE to connect to the PGW1 according to the modified subscription data.
  • Step 504 The tunnel forwarding network element sends an indication for modifying the subscription data to the HSS, where the indication carries the identifier information of the specified UE and the specific APN.
  • the identifier information of the designated UE may be IMSI.
  • the identification information of the designated UE can be obtained from a tunnel forwarding rule.
  • the specific APN is the APN associated with PGW1.
  • APN2 is used as a specific APN.
  • the HSS may replace the APN in the subscription data of the specified UE as APN2; Step 505, the HSS determines whether the specified UE has accessed other gateways, and the other gateways are gateways that do not establish a tunnel with the application server; If yes, proceed to step 506;
  • the HSS can determine that the UE has accessed the PGW2.
  • Step 506 the HSS actively sends the modified subscription data to the MME;
  • the modified subscription data includes the IMSI and APN2 of the designated UE;
  • Step 507 The MME deactivates the existing connection between the designated UE and the PGW2, and instructs the designated UE to re-establish the connection.
  • the MME may deactivate the existing connection between the designated UE and the PGW2 according to the IMSI of the designated UE included in the modified subscription data.
  • Step 508 the specified UE resends the attach request
  • the attachment request may carry APN1. Since the process of replacing the APN is not visible to the UE, this attach request still carries APN1.
  • Step 509 The MME selects to PGW1 by using APN2, and initiates a create session request message to PGW1. After receiving the attach request, the MME can select PGW1 according to APN2, and then to PGW1, because only PGW1 after tunnel establishment provides support of APN2. Initiate a create session request message.
  • the create session request message It includes the IMSI and APN2 of the specified UE.
  • Step 510 The PGW1 selects an application server A to allocate an address to the designated UE according to the APN2, and then returns a corresponding session creation message to the MME, where the corresponding message of the creation session carries the allocated address.
  • Step 511 The MME returns an attach response to the designated UE, where the attach response carries the address allocated by the PGW1. Thereafter, the designated UE can complete the PDN access by using the address allocated by the PGW1, and access the PDN network.
  • the PGW1 can determine that the data packet complies with the tunnel forwarding rule according to the source address of the data packet, and then use the tunnel established between the data packet and the application server A. Forward.
  • the tunnel forwarding method provided in this embodiment indicates that the gateway establishes a tunnel with the application server according to the tunnel establishment request, and the tunnel forwarding rule is sent to the gateway, so that the gateway can selectively forward according to the tunnel forwarding rule.
  • the data is applied to the application server, which solves the technical problem that the existing tunnel forwarding method cannot distinguish and forward the data of the UE granularity, and achieves the effect that the gateway can forward the data of different UEs to the application server.
  • the tunnel control network element determines whether the designated UE has accessed the PDN by using other gateways, and then deactivates the connection to the selected PDN, so that even if the designated UE has accessed the PDN, the specified UE can still be guided to pass.
  • the selected PGW accesses the PDN, thereby utilizing the established tunnel to forward the effect of the data of the designated UE.
  • control and forwarding separation means that the forwarding network element only processes data packets, and forwards the flow table to generate signaling, and other such as IP address allocation and PDN connection establishment are handled by the control network element.
  • FIG. 6 a flowchart of a method for tunnel forwarding provided by Embodiment 5 of the present invention is shown.
  • the tunnel forwarding network element is implemented in the controller and the router is used as the gateway.
  • the tunnel forwarding method may specifically include:
  • Step 601 The application server A sends a tunnel establishment request to the controller, where the tunnel establishment request includes a tunnel type, tunnel endpoint information, and a tunnel forwarding rule.
  • the tunnel type is: an L2TP tunnel
  • the tunnel endpoint information corresponds to the application server to be tunneled, specifically the IP address of the application server A that sends the tunnel establishment request, and the application server A is the server in the intranet;
  • the tunnel forwarding rule is: Forward all data of the specified UE to the application server A.
  • Step 602 The controller selects at least one router, and indicates, by using a flow table, the router to establish a tunnel flow table to the application server by using a flow table.
  • the controller may choose to specify one or more routers for which the UE may establish a PDN connection. Specifically, for a router with similar access functions in each area, the tunnel forwarding network element only needs to select one router in the area.
  • the controller instructs the router to establish a tunnel flow table to the application server through the flow table to the selected router.
  • Step 603 the router establishes a tunnel to the application server A;
  • the router can establish an L2TP tunnel to Application Server A.
  • Step 604 The UE sends a PDN connection establishment request to the controller, where the PDN connection establishment request carries the APN information.
  • the PDN connection establishment request usually further includes the IMSI of the UE.
  • Step 605 The controller ignores the APN information, and selects the application server A to allocate an address for the UE.
  • the controller may determine, according to the IMSI and the tunnel forwarding rule of the UE, that the UE is the designated UE. At this time, the controller ignores the APN information in the PDN connection establishment request, and selects an address from the address pool of the application server A to the UE.
  • Step 606 The controller returns a PDN connection setup response to the UE, where the PDN connection setup response carries the assigned address.
  • Step 607 The controller indicates, by using a flow table, the eNB connected to the UE, and forwards the data of the UE to the router. This step, that is, the process in which the controller directs the UE to connect to the router.
  • Step 608 The controller instructs the router through the flow table, and forwards the data of the UE to the application server A through the tunnel.
  • the tunnel forwarding method provided in this embodiment is configured to instruct the corresponding gateway to establish a tunnel with the application server according to the tunnel establishment request, so that the gateway can selectively forward data to the application server according to the tunnel forwarding rule, thereby solving the existing
  • the technical problem that the UE granular data cannot be distinguished and forwarded in the tunnel forwarding method is that the gateway can forward the data of different UEs to the application server.
  • FIG. 7 is a structural block diagram of a tunnel forwarding apparatus according to Embodiment 6 of the present invention.
  • the tunnel forwarding device can include a request receiving module 720 and a tunnel establishment module 740.
  • the request receiving module 720 is configured to receive a tunnel establishment request, where the tunnel establishment request includes tunnel endpoint information and a tunnel forwarding rule.
  • the tunnel establishment module 740 is configured to instruct the at least one gateway to establish a tunnel with the application server corresponding to the tunnel endpoint information received by the request receiving module 720, and send a tunnel forwarding rule to the gateway, so that the gateway forwards the data conforming to the tunnel forwarding rule by using the tunnel. To the application server.
  • the tunnel establishment module 740 may specifically include: a gateway selection unit 742 and a tunnel establishment unit 744, as shown in FIG.
  • the gateway selection unit 742 is configured to select at least one gateway that belongs to the range indicated by the range indication information.
  • the tunnel establishment unit 744 is configured to instruct the selected gateway to establish a tunnel with the application server, and send a tunnel forwarding rule to the gateway.
  • the tunnel forwarding device further includes: a connection guiding module 760, as shown in FIG.
  • the connection boot module 760 is configured to direct the specified user equipment to connect to the gateway selected by the tunnel establishment module 740 to establish a tunnel with the application server.
  • the connection guiding module 760 may specifically include: a first indicating unit 762a, a second indicating unit 762b, or a third indicating unit 762c, as shown in FIG.
  • the first indication unit 762a is configured to instruct the home subscriber server HSS to modify the subscription data of the specified user equipment, and modify each access point name APN of the specified user equipment to be associated with the gateway, so that the mobility management entity MME is modified according to the
  • the subscription data is used to guide the specified user equipment to connect to the gateway;
  • the second indication unit is configured to instruct the HSS to modify the subscription data of the specified user equipment, replace the APN of the specified user equipment with a specific APN, and the specific APN is associated with the gateway, so that the MME can modify the
  • the subsequent subscription data is used to guide the designated user equipment to connect to the gateway;
  • the third indication unit is configured to indicate that the base station connected to the designated user equipment routes the data of the designated user equipment to the gateway.
  • the tunnel establishment module 740 may further include: an authentication sending unit 746, as shown in FIG.
  • the authentication sending unit 746 is configured to separately send authentication information to the gateway and the application server, so that the gateway and the application server complete mutual authentication when establishing the tunnel according to the authentication information.
  • the tunnel forwarding apparatus indicates that the gateway establishes a tunnel with the application server according to the tunnel establishment request, so that the gateway can selectively forward data to the application server according to the tunnel forwarding rule, thereby solving the existing
  • the technical problem that the UE granular data cannot be distinguished and forwarded in the tunnel forwarding method is that the gateway can forward the data of different UEs to the application server.
  • FIG. 12 is a structural block diagram of an application server according to Embodiment 7 of the present invention.
  • the application server includes: a request sending module 120.
  • the request sending module 120 is configured to send a tunnel establishment request, where the tunnel establishment request includes at least tunnel endpoint information and a tunnel forwarding rule.
  • the tunnel endpoint information corresponds to the application server to be tunneled;
  • the tunnel forwarding rule includes forwarding the data of the specified user equipment to the application server, and forwarding the data of the application server to the application server.
  • the tunnel establishment request may further include a tunnel type and/or range indication information
  • Tunnel types include ordinary tunnels or secure tunnels.
  • the range indication information is used to indicate the scope of the gateway.
  • the application server provided in this embodiment sends a tunnel establishment request, so that the tunnel forwarding network element instructs the corresponding gateway to establish a tunnel with the application server according to the tunnel establishment request, so that the gateway can selectively select the tunnel according to the tunnel forwarding rule.
  • the data is forwarded to the application server, which solves the technical problem that the existing tunnel forwarding method cannot distinguish and forward the data of the UE granularity, and achieves the effect that the gateway can forward the data of different UEs to the application server.
  • FIG. 13 is a structural block diagram of a home subscriber server according to Embodiment 8 of the present invention.
  • the home subscriber server includes: an indication receiving module 132 and a data modification module 134.
  • the indication receiving module 132 is configured to receive an indication of the tunnel forwarding device, where the indication includes the identification information of the specified user equipment.
  • the data modification module 134 is configured to modify the subscription data of the specified user equipment according to the indication received by the indication receiving module 132.
  • the modification includes: modifying each access point name of the specified user equipment, the APN is associated with the designated gateway; or, replacing the APN of the specified user equipment with a specific APN, and the specific APN is associated with the designated gateway.
  • the home subscriber server further includes: a connection determination module 136 and a data push module 138, as shown in FIG.
  • the connection determining module 136 is configured to determine whether the specified user equipment has access to other gateways, and the other gateways are gateways that do not establish a tunnel with the application server.
  • the data pushing module 138 is configured to: when the determination result of the connection determining module 136 is yes, The modified subscription data of the data modification module 134 is pushed to the mobility management entity.
  • the home subscriber server modifies the subscription data of the specified user equipment according to the indication of the tunnel forwarding device, so that the designated user equipment can always connect to the gateway selected by the tunnel forwarding device, and the solution is resolved.
  • the technical problem that the data of the UE granularity cannot be distinguished and forwarded in the existing tunnel forwarding method is achieved, and the effect that the gateway can forward the data of different UEs to the application server is achieved.
  • FIG. 15 is a structural block diagram of a tunnel forwarding system according to Embodiment 9 of the present invention.
  • the tunnel forwarding system includes the tunnel forwarding device 700 provided in Embodiment 7, the application server 800 provided in Embodiment 8, and/or the Home Subscriber Server 900 provided in Embodiment 9.
  • the tunnel forwarding device, the application server, the home subscriber server, and the tunnel forwarding system provided by the foregoing embodiments use the tunnel to forward data, only the division of the foregoing functional modules is used for example, and the actual application is performed.
  • the above function assignment can be completed by different functional modules according to requirements, that is, the internal structure of the device is divided into different functional modules to complete all or part of the functions described above.
  • tunnel forwarding device the application server, the home subscriber server, and the tunnel forwarding system provided by the foregoing embodiments are the same as the embodiment of the tunnel forwarding method.
  • all or part of the steps of implementing the above embodiments may be completed by hardware, or may be instructed by a program to execute related hardware, and the program may be stored in a computer readable storage medium.
  • the storage medium mentioned may be a read only memory, a magnetic disk or an optical disk or the like. The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention. Any modifications, equivalent substitutions, improvements, etc., which are within the spirit and scope of the present invention, should be included in the protection of the present invention. Within the scope.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Provided are a tunnel forwarding method, apparatus, device and system, which relate to the field of communications. The method comprises: receiving a tunnel establishment request, the tunnel establishment request comprising tunnel endpoint information and a tunnel forwarding rule; and indicating at least one gateway to establish a tunnel with an application server corresponding to the tunnel endpoint information, and issuing the tunnel forwarding rule to the gateway, so that the gateway forwards the data conforming to the tunnel forwarding rule to the application server using the tunnel. According to the tunnel establishment request, the present invention indicates the corresponding gateway to establish a tunnel with the application server to enable the gateway to selectively forward data to the application server according to the tunnel forwarding rule, thereby solving the technical problem that the data of UE granularity cannot be distinguished and forwarded in existing tunnel forwarding methods, and achieving the effect that a gateway can distinguish the data for different UE and forward same to the application server.

Description

隧道转发方法、 装置、 设备及系统 技术领域  Tunnel forwarding method, device, device and system

本发明涉及通信领域, 特别涉及一种隧道转发方法、 装置、 设备及系统。 背景技术  The present invention relates to the field of communications, and in particular, to a tunnel forwarding method, apparatus, device, and system. Background technique

UE (User Equipment, 用户设备)常基于 EPC (Evolved Packet Core, 演进分组核心网) 移动分组域网络接入 PDN (Packet Data network) 网络, PDN网络包括 Internet (因特网), Intranet (企业内部网), ISP (Internet Service Provider, 因特网服务提供商) 等。  UE (User Equipment) is often based on EPC (Evolved Packet Core), and the PDN network includes the Internet (Internet), Intranet (intranet). ISP (Internet Service Provider, Internet Service Provider), etc.

请参考图 1, 其示出了现有技术中一种隧道转发方法的流程示意图。该方法中涉及的网 元或者网络包括: UE、 MME (Mobility Management Entity,移动性管理实体)、 SGW (Serving Gateway, 月艮务网关)、 PGW (PDN Gateway, PDN网关)禾口 PDN网络。其中, MME、 SGW 和 PGW均是 EPC移动分组域网络中的网元, EPC移动分组域网络中的网元还可以包括 eNB (Evolved Node B, 演进节点 B), HSS (Home Subscriber Server, 归属用户服务器)等 (未 具体示出)。 UE通过 EPC移动分组域网络接入 PDN网络,并利用隧道转发数据的过程如下: 步骤 101, PGW预先与 PDN网络中的特定类型的网络建立隧道, 该特定类型的网络可 以是 Intranet, 此处建立隧道的目的是为了满足特定类型的网络对安全性或者路由寻址的要 求, 对于 PDN网络中的 Internet, PGW通常直接接入而不需要建立隧道;  Please refer to FIG. 1, which shows a schematic flowchart of a tunnel forwarding method in the prior art. The network element or network involved in the method includes: a UE, an MME (Mobility Management Entity), a SGW (Serving Gateway), a PGW (PDN Gateway, PDN Gateway), and a PDN network. The MME, the SGW, and the PGW are all network elements in the EPC mobile packet domain network, and the network elements in the EPC mobile packet domain network may further include an eNB (Evolved Node B, evolved Node B), and a Home Subscriber Server (HSS). Server), etc. (not specifically shown). The process of the UE accessing the PDN network through the EPC mobile packet domain network and forwarding the data by using the tunnel is as follows: Step 101: The PGW pre-establishes a tunnel with a specific type of network in the PDN network, where the specific type of network may be an intranet, where The purpose of the tunnel is to meet the security or routing requirements of a specific type of network. For the Internet in the PDN network, the PGW usually accesses directly without establishing a tunnel.

步骤 102, UE发送 PDN连接建立请求给 MME, 该 PDN连接建立请求中携带有 APN Step 102: The UE sends a PDN connection setup request to the MME, where the PDN connection setup request carries the APN.

(Access point name, 接入点名称), 在 EPC移动分组域网络内部, 使用 APN来区分 UE希 望连接哪个网络, 比如 APN1表示 UE希望连接 Intranet; APN2表示 UE希望连接 Internet; 步骤 103, MME配合 HSS (未示出) 对 UE进行签约检查, 检查 UE是否被允许接入 上述 APN对应的网络, 上述 APN是 PDN连接建立请求中的 APN; 如果允许, 则根据上述 APN选择 PGW, 并进一步根据选择的 PGW选择对应的 SGW, 然后向 SGW发送创建会话 请求消息, 该创建会话请求消息携带有上述 APN; (Access point name), within the EPC mobile packet domain network, use APN to distinguish which network the UE wants to connect to. For example, APN1 indicates that the UE wants to connect to the intranet; APN2 indicates that the UE wants to connect to the Internet; Step 103, MME cooperates with HSS (not shown) performing a subscription check on the UE, checking whether the UE is allowed to access the network corresponding to the APN, and the APN is an APN in the PDN connection establishment request; if allowed, selecting the PGW according to the APN, and further selecting according to the selected The PGW selects the corresponding SGW, and then sends a create session request message to the SGW, where the create session request message carries the above APN;

步骤 104, SGW向 PGW转发创建会话请求消息;  Step 104: The SGW forwards a create session request message to the PGW.

步骤 105, PGW根据上述 APN, 决定 UE连接到哪个网络, 如果是连接到 Internet, 则 PGW直接从本地地址池中分配 IP地址给 UE; 如果是连接到特定类型的网络, 则 PGW需 要和该特定类型的网络进行信令交互, 从该特定类型的网络的地址池中分配 IP地址给 UE; 步骤 106, PGW向 SGW返回创建会话响应消息, 该创建会话响应消息携带有上述 IP 地址; Step 105: The PGW determines, according to the foregoing APN, which network the UE is connected to. If it is connected to the Internet, the PGW directly allocates an IP address to the UE from the local address pool. If it is connected to a specific type of network, the PGW needs to be associated with the specific a type of network performs signaling interaction, and allocates an IP address to the UE from an address pool of the specific type of network; Step 106: The PGW returns a create session response message to the SGW, where the create session response message carries the foregoing IP address.

步骤 107, SGW向 MME转发创建会话响应消息;  Step 107: The SGW forwards a create session response message to the MME.

步骤 108, MME向 UE返回 PDN连接建立响应消息, 该 PDN连接建立响应消息携带 有上述 IP地址;  Step 108: The MME returns a PDN connection setup response message to the UE, where the PDN connection setup response message carries the foregoing IP address.

步骤 109, UE根据上述 IP地址接入 PDN网络, 如果 PDN网络是 Internet, 则由 UE 发送的报文直接路由到 Internet; 如果 PDN网络是特定类型的网络, 则由 UE发送的报文通 过步骤 101建立的隧道转发到特定类型的网络。  Step 109: The UE accesses the PDN network according to the foregoing IP address. If the PDN network is the Internet, the packet sent by the UE is directly routed to the Internet. If the PDN network is a specific type of network, the packet sent by the UE passes through step 101. The established tunnel is forwarded to a specific type of network.

现有的隧道转发方法中的隧道是基于不同类型的 PDN网络来建立的, 对同一种类型的 PDN 网络中的不同业务流 (比如安全性要求高的网上支付业务、 安全性要求低的网页浏览 业务等) 无法进行区分, 并采取不同的策略进行转发; 对接入同一种类型的 PDN网络中的 不同 UE发送的数据, 也无法进行区分, 并采取不同的策略进行转发。 发明内容  The tunnels in the existing tunnel forwarding method are established based on different types of PDN networks, and different service flows in the same type of PDN network (such as online payment services with high security requirements and low security requirements) Service, etc.) cannot be distinguished, and different policies are used for forwarding. Data sent by different UEs accessing the same type of PDN network cannot be distinguished, and different policies are used for forwarding. Summary of the invention

为了解决现有的隧道转发方法中无法对业务粒度或者 UE粒度的数据进行区分和转发, 本发明实施例提供了一种隧道转发方法、 装置、 设备及系统。 所述技术方案如下:  The embodiments of the present invention provide a tunnel forwarding method, apparatus, device, and system, in order to solve the problem that the data of the service granularity or the UE granularity cannot be differentiated and forwarded in the existing tunnel forwarding method. The technical solution is as follows:

一个方面, 提供了一种隧道转发方法, 所述方法包括:  In one aspect, a tunnel forwarding method is provided, where the method includes:

接收隧道建立请求, 所述隧道建立请求包括隧道端点信息和隧道转发规则;  Receiving a tunnel establishment request, where the tunnel establishment request includes tunnel endpoint information and a tunnel forwarding rule;

指示至少一个网关与所述隧道端点信息所对应的应用服务器建立隧道, 并下发所述隧 道转发规则给所述网关, 以便所述网关将符合所述隧道转发规则的数据利用所述隧道转发 至所述应用服务器。  Instructing the at least one gateway to establish a tunnel with the application server corresponding to the tunnel endpoint information, and delivering the tunnel forwarding rule to the gateway, so that the gateway forwards the data that meets the tunnel forwarding rule to the tunnel by using the tunnel to The application server.

进一步地, 所述隧道建立请求还包括范围指示信息, 所述指示至少一个网关与所述隧 道端点信息所对应的应用服务器建立隧道, 并下发所述隧道转发规则给所述网关, 具体包 括:  Further, the tunnel establishment request further includes range indication information, where the at least one gateway establishes a tunnel with the application server corresponding to the tunnel endpoint information, and sends the tunnel forwarding rule to the gateway, specifically:

选择属于所述范围指示信息指示的范围中的至少一个网关;  Selecting at least one gateway in a range that is indicated by the range indication information;

指示被选择的所述网关与所述应用服务器建立隧道, 并下发所述隧道转发规则给所述 网关。  And indicating that the selected gateway establishes a tunnel with the application server, and sends the tunnel forwarding rule to the gateway.

进一步地, 所述隧道转发规则为转发指定用户设备的数据至所述应用服务器时, 所述 指示至少一个网关与所述隧道端点信息所对应的应用服务器建立隧道, 并下发所述隧道转 发规则给所述网关之后, 还包括:  Further, when the tunnel forwarding rule is to forward data of the specified user equipment to the application server, the at least one gateway instructs the application server corresponding to the tunnel endpoint information to establish a tunnel, and delivers the tunnel forwarding rule. After the gateway, it also includes:

引导所述指定用户设备连接至所述网关。 进一步地, 所述引导所述指定用户设备连接至所述网关, 具体包括: Directing the designated user device to connect to the gateway. Further, the guiding the designated user equipment to connect to the gateway includes:

指示归属用户服务器 HSS将所述指定用户设备的签约数据进行修改, 修改所述指定用 户设备的每个接入点名称 APN都关联到所述网关, 以便移动性管理实体 MME根据修改后 的签约数据来引导所述指定用户设备连接至所述网关;  Instructing the home subscriber server HSS to modify the subscription data of the specified user equipment, and modifying each access point name APN of the specified user equipment to be associated with the gateway, so that the mobility management entity MME is configured according to the modified subscription data. And guiding the specified user equipment to connect to the gateway;

或,指示 HSS将所述指定用户设备的签约数据进行修改,替换所述指定用户设备的 APN 为特定 APN, 所述特定 APN与所述网关关联, 以便 MME根据修改后的签约数据来引导所 述指定用户设备连接至所述网关;  Or, the HSS is instructed to modify the subscription data of the specified user equipment, and the APN of the specified user equipment is replaced by a specific APN, and the specific APN is associated with the gateway, so that the MME boots the information according to the modified subscription data. Designating a user equipment to connect to the gateway;

或, 指示与所述指定用户设备相连接的基站将所述指定用户设备的数据路由至所述网 关。  Or, indicating that the base station connected to the designated user equipment routes data of the specified user equipment to the gateway.

进一步地, 所述隧道建立请求还包括隧道类型, 当所述隧道类型为安全隧道时, 所述 指示至少一个网关与所述隧道端点信息所对应的应用服务器建立隧道, 具体包括:  Further, the tunnel establishment request further includes a tunnel type, and when the tunnel type is a security tunnel, the at least one gateway is configured to establish a tunnel with the application server corresponding to the tunnel endpoint information, and specifically includes:

分别向所述网关和所述应用服务器发送认证信息, 以便所述网关和所述应用服务器根 据所述认证信息完成建立隧道时的相互认证。  And transmitting authentication information to the gateway and the application server, respectively, so that the gateway and the application server complete mutual authentication when establishing a tunnel according to the authentication information.

另一方面, 提供了一种隧道转发装置, 所述装置包括:  In another aspect, a tunnel forwarding device is provided, the device comprising:

请求接收模块, 用于接收隧道建立请求, 所述隧道建立请求包括隧道端点信息和隧道 转发规则;  a request receiving module, configured to receive a tunnel establishment request, where the tunnel establishment request includes tunnel endpoint information and a tunnel forwarding rule;

隧道建立模块, 用于指示至少一个网关与所述隧道端点信息所对应的应用服务器建立 隧道, 并下发所述隧道转发规则给所述网关, 以便所述网关将符合所述隧道转发规则的数 据利用所述隧道转发至所述应用服务器。  a tunnel establishment module, configured to: at least one gateway establishes a tunnel with an application server corresponding to the tunnel endpoint information, and sends the tunnel forwarding rule to the gateway, so that the gateway will meet the data of the tunnel forwarding rule. Forwarding to the application server using the tunnel.

进一步地, 所述隧道建立请求还包括范围指示信息, 所述隧道建立模块, 具体包括: 网关选择单元和隧道建立单元;  Further, the tunnel establishment request further includes range indication information, and the tunnel establishment module specifically includes: a gateway selection unit and a tunnel establishment unit;

所述网关选择单元, 用于选择属于所述范围指示信息指示的范围中的至少一个网关; 所述隧道建立单元, 用于指示被选择的所述网关与所述应用服务器建立隧道, 并下发 所述隧道转发规则给所述网关。  The gateway selection unit is configured to select at least one gateway that belongs to the range indicated by the range indication information, where the tunnel establishment unit is configured to indicate that the selected gateway establishes a tunnel with the application server, and sends the tunnel The tunnel forwarding rule is sent to the gateway.

进一步地, 所述隧道转发规则为转发指定用户设备的数据至所述应用服务器时, 所述 隧道转发装置, 还包括:  Further, when the tunnel forwarding rule is to forward the data of the specified user equipment to the application server, the tunnel forwarding device further includes:

连接引导模块, 用于引导所述指定用户设备连接至所述网关。  And a connection guiding module, configured to guide the specified user equipment to connect to the gateway.

进一步地, 所述连接引导模块, 具体包括:  Further, the connection guiding module specifically includes:

第一指示单元、 第二指示单元或第三指示单元;  a first indicating unit, a second indicating unit or a third indicating unit;

所述第一指示单元, 用于指示归属用户服务器 HSS将所述指定用户设备的签约数据进 行修改, 修改所述指定用户设备的每个接入点名称 APN都关联到所述网关, 以便移动性管 理实体 MME根据修改后的签约数据来引导所述指定用户设备连接至所述网关; 所述第二指示单元, 用于指示 HSS将所述指定用户设备的签约数据进行修改, 替换所 述指定用户设备的 APN为特定 APN, 所述特定 APN与所述网关关联, 以便 MME根据修 改后的签约数据来引导所述指定用户设备连接至所述网关; The first indication unit is configured to indicate that the home subscriber server HSS modifies the subscription data of the specified user equipment, and that each access point name APN of the specified user equipment is modified to be associated with the gateway, so as to be mobility. Tube The physical entity MME directs the specified user equipment to connect to the gateway according to the modified subscription data. The second indication unit is configured to instruct the HSS to modify the subscription data of the specified user equipment, and replace the designated user. The APN of the device is a specific APN, and the specific APN is associated with the gateway, so that the MME directs the specified user equipment to connect to the gateway according to the modified subscription data.

所述第三指示单元, 用于指示与所述指定用户设备相连接的基站将所述指定用户设备 的数据路由至所述网关。  The third indication unit is configured to indicate that the base station connected to the designated user equipment routes data of the specified user equipment to the gateway.

进一步地, 所述隧道建立请求还包括隧道类型, 当所述隧道类型为安全隧道时, 所述 隧道建立模块, 具体包括:  Further, the tunnel establishment request further includes a tunnel type. When the tunnel type is a security tunnel, the tunnel establishment module specifically includes:

认证发送单元;  Authentication sending unit;

所述认证发送单元, 用于分别向所述网关和所述应用服务器发送认证信息, 以便所述 网关和所述应用服务器根据所述认证信息完成建立隧道时的相互认证。  The authentication sending unit is configured to send authentication information to the gateway and the application server, respectively, so that the gateway and the application server complete mutual authentication when establishing a tunnel according to the authentication information.

再一方面, 提供了一种应用服务器, 包括:  In another aspect, an application server is provided, including:

请求发送模块, 用于发送隧道建立请求, 所述隧道建立请求至少包括隧道端点信息和 隧道转发规则;  a request sending module, configured to send a tunnel establishment request, where the tunnel establishment request includes at least tunnel endpoint information and a tunnel forwarding rule;

其中, 所述隧道端点信息对应于待建立隧道的应用服务器;  The tunnel endpoint information corresponds to an application server to be tunneled;

所述隧道转发规则包括转发指定用户设备的数据至所述应用服务器, 转发目标地址为 所述应用服务器的数据至所述应用服务器。  The tunnel forwarding rule includes forwarding data of the specified user equipment to the application server, and forwarding the data of the application server to the application server.

进一步地, 所述隧道建立请求还包括隧道类型和 /或范围指示信息;  Further, the tunnel establishment request further includes a tunnel type and/or range indication information;

所述隧道类型包括普通隧道或者安全隧道;  The tunnel type includes a normal tunnel or a secure tunnel;

所述范围指示信息用于指示网关所属范围。  The range indication information is used to indicate a range to which the gateway belongs.

另一方面, 提供了一种归属用户服务器, 包括:  In another aspect, a home subscriber server is provided, including:

指示接收模块, 用于接收隧道转发装置的指示, 所述指示中包括指定用户设备的标识 信息;  And an indication receiving module, configured to receive an indication of the tunnel forwarding device, where the indication includes identifier information of the specified user equipment;

数据修改模块, 用于根据所述指示接收模块接收的指示, 将所述指定用户设备的签约 数据进行修改;  a data modification module, configured to modify the subscription data of the specified user equipment according to the indication received by the indication receiving module;

其中, 所述修改包括: 修改所述指定用户设备的每个接入点名称 APN都关联到指定网 关;  The modification includes: modifying each access point name of the specified user equipment, the APN is associated with the designated gateway;

或, 替换所述指定用户设备的 APN为特定 APN, 所述特定 APN与指定网关关联。 进一步地, 所述归属用户服务器, 还包括: 连接判断模块和数据推送模块; 所述连接判断模块, 用于判断所述指定用户设备是否已经接入其它网关, 所述其它网 关为未与所述应用服务器建立隧道的网关; 所述数据推送模块, 用于在所述连接判断模块的判断结果为是时, 将所述数据修改模 块修改后的签约数据推送给移动性管理实体。 Or, replacing the APN of the specified user equipment with a specific APN, where the specific APN is associated with the designated gateway. Further, the home subscriber server further includes: a connection determining module and a data pushing module; the connection determining module is configured to determine whether the specified user equipment has accessed other gateways, and the other gateways are not The application server establishes a gateway for the tunnel; The data pushing module is configured to: when the determination result of the connection determining module is YES, push the modified subscription data of the data modification module to the mobility management entity.

还一方面, 提供了一种隧道转发系统, 所述系统包括上述技术方案提供的隧道转发装 置、 上述技术方案提供的应用服务器和 /或上述技术方案提供的归属用户服务器。  On the other hand, a tunnel forwarding system is provided, and the system includes the tunnel forwarding device provided by the foregoing technical solution, the application server provided by the foregoing technical solution, and/or the home subscriber server provided by the foregoing technical solution.

本发明实施例提供的技术方案的有益效果是:  The beneficial effects of the technical solutions provided by the embodiments of the present invention are:

通过根据隧道建立请求来指示相应的网关与应用服务器建立隧道, 且下发隧道转发规 则给网关, 使得网关能够根据隧道转发规则选择性地转发数据至应用服务器, 解决了现有 的隧道转发方法中无法对业务粒度或者 UE粒度的数据进行区分和转发的技术问题,达到了 网关可以对不同的业务流或者不同 UE的数据区分转发到应用服务器的效果。 附图说明  The tunnel is established according to the tunnel establishment request, and the corresponding gateway is instructed to establish a tunnel with the application server, and the tunnel forwarding rule is sent to the gateway, so that the gateway can selectively forward the data to the application server according to the tunnel forwarding rule, thereby solving the existing tunnel forwarding method. The technical problem that the service granularity or the UE granularity data cannot be distinguished and forwarded is that the gateway can forward the data to different application flows or different UEs to the application server. DRAWINGS

为了更清楚地说明本发明实施例中的技术方案, 下面将对实施例描述中所需要使用的 附图作简单地介绍, 显而易见地, 下面描述中的附图仅仅是本发明的一些实施例, 对于本 领域普通技术人员来讲, 在不付出创造性劳动的前提下, 还可以根据这些附图获得其他的 附图。  In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly described. It is obvious that the drawings in the following description are only some embodiments of the present invention. Other drawings may also be obtained from those of ordinary skill in the art in view of the drawings.

图 1是现有技术中的一种隧道转发方法的方法流程图;  1 is a flowchart of a method for tunnel forwarding in the prior art;

图 2是本发明实施例一提供的隧道转发方法的方法流程图;  2 is a flowchart of a method for tunnel forwarding method according to Embodiment 1 of the present invention;

图 3是本发明实施例二提供的隧道转发方法的方法流程图;  3 is a flowchart of a method for tunnel forwarding method according to Embodiment 2 of the present invention;

图 4是本发明实施例三提供的隧道转发方法的方法流程图;  4 is a flowchart of a method for tunnel forwarding method according to Embodiment 3 of the present invention;

图 5是本发明实施例四提供的隧道转发方法的方法流程图;  5 is a flowchart of a method for tunnel forwarding provided by Embodiment 4 of the present invention;

图 6是本发明实施例五提供的隧道转发方法的方法流程图;  6 is a flowchart of a method for tunnel forwarding provided by Embodiment 5 of the present invention;

图 7是本发明实施例六提供的隧道转发装置的一种结构方框图;  7 is a structural block diagram of a tunnel forwarding apparatus according to Embodiment 6 of the present invention;

图 8是本发明实施例六提供的隧道转发装置的另一种结构方框图;  8 is another structural block diagram of a tunnel forwarding apparatus according to Embodiment 6 of the present invention;

图 9是本发明实施例六提供的隧道转发装置的再一种结构方框图;  9 is a block diagram showing still another structure of a tunnel forwarding apparatus according to Embodiment 6 of the present invention;

图 10是本发明实施例六提供的隧道转发装置的还一种结构方框图;  10 is a block diagram showing still another structure of a tunnel forwarding apparatus according to Embodiment 6 of the present invention;

图 11是本发明实施例六提供的隧道转发装置的再一种结构方框图;  11 is a block diagram showing still another structure of a tunnel forwarding apparatus according to Embodiment 6 of the present invention;

图 12是本发明实施例七提供的应用服务器的结构方框图;  12 is a block diagram showing the structure of an application server according to Embodiment 7 of the present invention;

图 13是本发明实施例八提供的归属用户服务器的一种结构方框图;  13 is a structural block diagram of a home subscriber server according to Embodiment 8 of the present invention;

图 14是本发明实施例九提供的归属用户服务器的另一种结构方框图;  14 is another structural block diagram of a home subscriber server according to Embodiment 9 of the present invention;

图 15是本发明实施例十提供的隧道转发系统的结构方框图。 具体实施方式 Figure 15 is a block diagram showing the structure of a tunnel forwarding system according to Embodiment 10 of the present invention. detailed description

为使本发明的目的、 技术方案和优点更加清楚, 下面将结合附图对本发明实施方式作 进一步地详细描述。  The embodiments of the present invention will be further described in detail below with reference to the accompanying drawings.

实施例一  Embodiment 1

请参考图 2, 其示出了本发明实施例一提供的隧道转发方法的方法流程图。该隧道转发 方法可以由逻辑实体网元: 隧道转发网元来执行, 该隧道转发网元可以独立部署于 MME 之类的物理控制网元中, 该隧道转发方法可以具体包括:  Referring to FIG. 2, a flowchart of a method for tunnel forwarding provided by Embodiment 1 of the present invention is shown. The tunnel forwarding method may be performed by a logical entity network element: a tunnel forwarding network element, and the tunnel forwarding network element may be deployed in a physical control network element such as an MME. The tunnel forwarding method may specifically include:

步骤 201, 接收隧道建立请求, 隧道建立请求包括隧道端点信息和隧道转发规则; 隧道转发网元接收应用服务器 A发送的隧道建立请求, 该隧道建立请求包括隧道端点 信息和隧道转发规则。 其中, 隧道端点信息对应于待建立隧道的应用服务器, 通常就是发 送隧道建立请求的应用服务器 A。 在一些情况下, 也可以由应用服务器 A发送隧道建立请 求,但隧道端点信息对应于应用服务器 B,也即隧道端点信息对应的应用服务器可能与发送 隧道建立请求的应用服务器不同。  Step 201: Receive a tunnel establishment request, where the tunnel establishment request includes tunnel endpoint information and a tunnel forwarding rule. The tunnel forwarding network element receives a tunnel establishment request sent by the application server A, where the tunnel establishment request includes tunnel endpoint information and a tunnel forwarding rule. The tunnel endpoint information corresponds to the application server to be tunneled, and is usually the application server A that sends the tunnel establishment request. In some cases, the tunnel establishment request may also be sent by the application server A, but the tunnel endpoint information corresponds to the application server B, that is, the application server corresponding to the tunnel endpoint information may be different from the application server that sends the tunnel establishment request.

隧道转发规则用于表示哪些数据需要在建立后的隧道中转发。 一些情况下, 隧道转发 规则是: 转发指定用户设备的数据至应用服务器; 另一些情况下, 隧道转发规则是: 转发 目标地址为应用服务器的数据至应用服务器。  Tunnel forwarding rules are used to indicate which data needs to be forwarded in the established tunnel. In some cases, the tunnel forwarding rule is: forwarding the data of the specified user equipment to the application server; in other cases, the tunnel forwarding rule is: forwarding the destination address to the application server data to the application server.

隧道建立请求中还可以包括隧道类型和范围指示信息等。 其中, 隧道类型包括普通隧 道或者安全隧道, 普通隧道可能是 IP in IP隧道、 IP in GRE ( generic route encapsulation;通用 路由封装) 隧道、 L2TP (Layer 2 Tunneling Protocol, 二层隧道协议) 隧道等; 安全隧道可 能是 IPSEC (Internet Protocol Security, 因特网协议安全) 隧道等。 范围指示信息用于指示 网关所属范围。  The tunnel establishment request may also include a tunnel type and range indication information. The tunnel type includes an ordinary tunnel or a security tunnel. The common tunnel may be an IP in IP tunnel, an IP in GRE (generic route encapsulation) tunnel, or a Layer 2 Tunneling Protocol (L2TP) tunnel. The tunnel may be an IPSEC (Internet Protocol Security) tunnel or the like. The range indication information is used to indicate the scope of the gateway.

步骤 202, 指示至少一个网关与隧道端点信息所对应的应用服务器建立隧道, 并下发隧 道转发规则给网关, 以便网关将符合隧道转发规则的数据利用隧道转发至应用服务器。  Step 202: Instruct the at least one gateway to establish a tunnel with the application server corresponding to the tunnel endpoint information, and send a tunnel forwarding rule to the gateway, so that the gateway forwards the data conforming to the tunnel forwarding rule to the application server by using the tunnel.

隧道转发网元在接收到应用服务器发送的隧道建立请求之后, 将指示一个、 两个或者 多个网关与隧道端点信息所对应的应用服务器建立隧道, 网关可以是 PGW。 在网关和应用 服务器之间建立隧道之前、 之中或者之后, 隧道转发网元还需要将隧道转发规则同时下发 给网关。 此时, 网关可以将符合隧道转发规则的数据利用已经建立的隧道转发至应用服务 器。  After receiving the tunnel establishment request sent by the application server, the tunnel forwarding network element instructs one, two or more gateways to establish a tunnel with the application server corresponding to the tunnel endpoint information, and the gateway may be a PGW. Before the tunnel is established between the gateway and the application server, the tunnel forwarding NE needs to send the tunnel forwarding rule to the gateway at the same time. At this point, the gateway can forward the data conforming to the tunnel forwarding rule to the application server using the established tunnel.

综上所述, 本实施例提供的隧道转发方法, 通过根据隧道建立请求来指示相应的网关 与应用服务器建立隧道, 且下发隧道转发规则给网关, 使得网关能够根据隧道转发规则选 择性地转发数据至应用服务器,解决了现有的隧道转发方法中无法对业务粒度或者 UE粒度 的数据进行区分和转发的技术问题,达到了网关可以对不同的业务流或者不同 UE的数据区 分转发到应用服务器的效果。另一方面, 由于本实施例中是由 PGW与应用服务器 A来建立 隧道, 而不是 UE与应用服务器 A建立隧道, 所以, 对于 UE来讲, 自身不需要与应用服务 器 A来建立隧道, 也就不需要处理更高的处理任务、 消耗更多的移动通信资源 (隧道报文 的封装需要占用更多无线通信资源) 和付出更高的功耗。 实施例二 In summary, the tunnel forwarding method provided in this embodiment indicates that the gateway establishes a tunnel with the application server according to the tunnel establishment request, and the tunnel forwarding rule is sent to the gateway, so that the gateway can selectively forward according to the tunnel forwarding rule. Data to the application server, which solves the problem that the existing tunnel forwarding method cannot be used for service granularity or UE granularity. The technical problem of distinguishing and forwarding data reaches the effect that the gateway can forward the data to different application flows or different UEs to the application server. On the other hand, in this embodiment, the tunnel is established by the PGW and the application server A, instead of the UE establishing a tunnel with the application server A. Therefore, for the UE, the UE does not need to establish a tunnel with the application server A. There is no need to deal with higher processing tasks, consume more mobile communication resources (the encapsulation of tunnel messages requires more wireless communication resources) and pay higher power consumption. Embodiment 2

假设实施场景为: UE1和 UE2分别通过 PGW1和 PGW2接入因特网, Internet上的电 子商务网站希望所有或者某一地域的 UE访问该网站的应用服务器时,能够通过安全隧道转 发以增强安全性。  Assume that the implementation scenario is as follows: UE1 and UE2 access the Internet through PGW1 and PGW2 respectively. When the e-commerce website on the Internet wants all UEs in a certain area to access the application server of the website, it can be forwarded through a secure tunnel to enhance security.

请参考图 3, 其示出了本发明实施例二提供的隧道转发方法的方法流程图。该隧道转发 方法可以具体包括:  Referring to FIG. 3, a flowchart of a method for tunnel forwarding provided by Embodiment 2 of the present invention is shown. The tunnel forwarding method may specifically include:

步骤 301, 应用服务器 A 向隧道转发网元发送隧道建立请求, 该隧道建立请求包括隧 道类型、 隧道端点信息和隧道转发规则;  Step 301: The application server A sends a tunnel establishment request to the tunnel forwarding network element, where the tunnel establishment request includes a tunnel type, tunnel endpoint information, and a tunnel forwarding rule.

在本实施例中, 隧道类型为: IPSEC隧道;  In this embodiment, the tunnel type is: an IPSEC tunnel;

隧道端点信息对应于待建立隧道的应用服务器, 具体是发送隧道建立请求的应用服务 器 A的 IP地址;  The tunnel endpoint information corresponds to the application server to be tunneled, specifically the IP address of the application server A that sends the tunnel establishment request.

隧道转发规则为: 转发目标地址为应用服务器 A的数据至该应用服务器。  The tunnel forwarding rule is as follows: The forwarding destination address is the data of the application server A to the application server.

如果电子商务网站希望某一地域(如北京)的 UE的数据被转发, 则隧道建立请求还包 括范围指示信息 (北京)。  If the e-commerce website wants the data of the UE of a certain area (such as Beijing) to be forwarded, the tunnel establishment request also includes the range indication information (Beijing).

步骤 302, 隧道转发网元向应用服务器 A发送隧道建立请求响应信息, 该隧道建立请 求响应信息中携带有认证信息;  Step 302: The tunnel forwarding network element sends a tunnel establishment request response information to the application server A, where the tunnel establishment request response information carries the authentication information.

隧道转发网元接收到应用服务器 A发送的隧道建立请求之后, 向应用服务器 A发送隧 道建立请求响应信息。 由于本实施例中建立的是安全隧道 (IPSEC隧道), 则隧道转发网元 还需要在该隧道建立请求响应信息中携带认证信息, 以便将认证信息下发给应用服务器 A。  After receiving the tunnel establishment request sent by the application server A, the tunnel forwarding network element sends the tunnel establishment request response information to the application server A. Since the security tunnel (IPSEC tunnel) is established in this embodiment, the tunnel forwarding network element needs to carry the authentication information in the tunnel establishment request response information, so as to send the authentication information to the application server A.

换句话说, 如果需要建立的隧道类型为安全隧道, 隧道转发网元作为网关和应用服务 器共同信任的实体, 需要分别向网关和应用服务器发送认证信息, 以便网关和应用服务器 根据认证信息完成建立隧道时的相互认证。  In other words, if the tunnel type to be established is a secure tunnel, the tunnel forwarding network element acts as an entity trusted by the gateway and the application server, and needs to send authentication information to the gateway and the application server respectively, so that the gateway and the application server complete the tunnel according to the authentication information. Mutual authentication.

步骤 303,隧道转发网元根据范围指示信息选择至少一个 PGW,并向选择的 PGW发送 建立隧道指示信息, 该建立隧道指示信息包括隧道类型、 隧道端点信息、 隧道转发规则和 认证信息; 如果隧道建立请求中不包含范围指示信息, 隧道转发网元可以选择所有可能与应用服 务器 A建立连接的 PGW; Step 303: The tunnel forwarding network element selects at least one PGW according to the range indication information, and sends the tunneling indication information to the selected PGW. The tunneling indication information includes a tunnel type, a tunnel endpoint information, a tunnel forwarding rule, and authentication information. If the tunnel establishment request does not include the range indication information, the tunnel forwarding network element may select all PGWs that may establish a connection with the application server A.

如果隧道建立请求中包含范围指示信息, 隧道转发网元可以选择该范围指示信息所指 示的范围内的所有可能与应用服务器 A建立连接的 PGW, 比如范围指示信息为北京, 则隧 道转发网元选择北京范围内所有可能与应用服务器 A建立连接的 PGW。本例中, 以 PGW1 和 PGW2为被选择的 PGW来进行描述。  If the tunnel establishment request includes the range indication information, the tunnel forwarding network element may select all the PGWs that may be connected to the application server A in the range indicated by the range indication information, for example, the range indication information is Beijing, and the tunnel forwarding network element selects All PGWs in Beijing that may be connected to Application Server A. In this example, PGW1 and PGW2 are described as the selected PGW.

然后, 隧道转发网元向 PGW1和 PGW2发送建立隧道指示信息, 该建立隧道指示信息 包括隧道类型、 隧道端点信息、 隧道转发规则和认证信息。  Then, the tunnel forwarding network element sends the tunneling indication information to the PGW1 and the PGW2, where the tunneling indication information includes the tunnel type, the tunnel endpoint information, the tunnel forwarding rule, and the authentication information.

步骤 304, PGW1和 PGW2根据建立隧道指示信息与应用服务器 A建立 IPSEC隧道; PGW1和 PGW2根据隧道类型和隧道端点信息与应用服务器 A建立 IPSEC隧道。在建 立 IPSEC隧道过程中, PGW与应用服务器 A之间相互利用隧道转发网元下发的认证信息完 成认证, 该认证信息可以是证书或者共享密钥等。 同时, PGW1和 PGW2分别保存隧道转 发规则。  Step 304: The PGW1 and the PGW2 establish an IPSEC tunnel with the application server A according to the tunnel indication information. The PGW1 and the PGW2 establish an IPSEC tunnel with the application server A according to the tunnel type and the tunnel endpoint information. During the establishment of the IPSEC tunnel, the PGW and the application server A use the authentication information delivered by the tunnel forwarding NE to complete the authentication. The authentication information may be a certificate or a shared key. At the same time, PGW1 and PGW2 respectively save the tunnel forwarding rules.

步骤 305, UE1通过 PGW1建立 PDN连接, UE2通过 PGW2建立 PDN连接;  Step 305: UE1 establishes a PDN connection through PGW1, and UE2 establishes a PDN connection through PGW2.

UE1作为 PGW1下的用户, 通过 PGW1建立 PDN连接;  UE1 acts as a user under PGW1 and establishes a PDN connection through PGW1.

UE2作为 PGW2下的用户, 通过 PGW2建立 PDN连接, 建立 PDN连接的过程可以参 考背景技术中的相关步骤。  As the user under PGW2, UE2 establishes a PDN connection through PGW2, and the process of establishing a PDN connection can refer to related steps in the background art.

步骤 306, PGW1和 PGW2将符合隧道转发规则的数据利用与应用服务器 A之间建立 的隧道进行转发。  Step 306: PGW1 and PGW2 forward the data conforming to the tunnel forwarding rule with the tunnel established between the application server A and the application server A.

当 UE1或者 UE2访问应用服务器 A时, PGW1和 PGW2可以接收到相关的数据报文, 并且判断到该数据报文符合隧道转发规则。 此时, PGW1和 PGW2可以将该数据报文利用 与应用服务器 A之间建立的隧道转发至应用服务器 A。  When the UE1 or the UE2 accesses the application server A, the PGW1 and the PGW2 can receive the related data packet, and determine that the data packet complies with the tunnel forwarding rule. At this time, PGW1 and PGW2 can forward the data packet to the application server A by using the tunnel established between the application server and the application server A.

综上所述, 本实施例提供的隧道转发方法, 通过根据隧道建立请求来指示相应的网关 与应用服务器建立隧道, 且下发隧道转发规则给网关, 使得网关能够根据隧道转发规则选 择性地转发数据至应用服务器, 解决了现有的隧道转发方法中无法对业务粒度的数据进行 区分和转发的技术问题, 达到了网关可以对不同的业务流区分转发到应用服务器的效果。 另一方面,对于应用服务器 A来讲,同时连接到同一 PGW的多个 UE可以共用一条该 PGW 至自身的隧道, 而不需要每个 UE都与应用服务器 A来建立一条隧道, 也减少了隧道的管 理数量和维持数量, 降低了负载。 实施例三 假设实施场景为: UE属于企业中的一个员工, 该 UE不仅需要通过隧道接入该企业的 Intranet, 还需要接入 Internet, 该企业希望该 UE接入 Internet的数据也经由接入 Intranet的 隧道来转发。 In summary, the tunnel forwarding method provided in this embodiment indicates that the gateway establishes a tunnel with the application server according to the tunnel establishment request, and the tunnel forwarding rule is sent to the gateway, so that the gateway can selectively forward according to the tunnel forwarding rule. The data is applied to the application server, which solves the technical problem that the existing tunnel forwarding method cannot distinguish and forward the data of the service granularity, and achieves the effect that the gateway can forward the different service flows to the application server. On the other hand, for the application server A, multiple UEs connected to the same PGW can share a tunnel of the PGW to itself, without requiring each UE to establish a tunnel with the application server A, and also reduce the tunnel. The number of management and the number of maintenance reduces the load. Embodiment 3 Assume that the implementation scenario is as follows: The UE belongs to an employee in the enterprise. The UE needs to access the intranet of the enterprise through the tunnel, and needs to access the Internet. The enterprise hopes that the data of the UE accessing the Internet is also accessed through the tunnel of the intranet. Forward.

请参考图 4, 其示出了本发明实施例三提供的隧道转发方法的方法流程图。该隧道转发 方法可以包括:  Referring to FIG. 4, a flowchart of a method for tunnel forwarding provided by Embodiment 3 of the present invention is shown. The tunnel forwarding method may include:

步骤 401, 应用服务器 A 向隧道转发网元发送隧道建立请求, 该隧道建立请求包括隧 道类型、 隧道端点信息和隧道转发规则;  Step 401: The application server A sends a tunnel establishment request to the tunnel forwarding network element, where the tunnel establishment request includes a tunnel type, tunnel endpoint information, and a tunnel forwarding rule.

在本实施例中, 隧道类型为: IP in IP隧道;  In this embodiment, the tunnel type is: IP in IP tunnel;

隧道端点信息对应于待建立隧道的应用服务器, 具体是发送隧道建立请求的应用服务 器 A的 IP地址, 应用服务器 A是企业内部网中的服务器;  The tunnel endpoint information corresponds to the application server to be tunneled, specifically the IP address of the application server A that sends the tunnel establishment request, and the application server A is the server in the intranet;

隧道转发规则为: 转发指定 UE的所有数据至该应用服务器 A。  The tunnel forwarding rule is: Forward all data of the specified UE to the application server A.

步骤 402,隧道转发网元选择至少一个 PGW,并向选择的 PGW发送建立隧道指示信息, 该建立隧道指示信息包括隧道类型、 隧道端点信息和隧道转发规则;  Step 402: The tunnel forwarding network element selects at least one PGW, and sends the tunneling indication information to the selected PGW, where the tunneling indication information includes a tunnel type, a tunnel endpoint information, and a tunnel forwarding rule.

隧道转发网元可以选择指定 UE可能建立 PDN连接的一个或多个 PGW。具体地讲, 对 于每一地域接入功能类似的 PGW, 隧道转发网元只需要选择该地域中的一个 PGW即可。  The tunnel forwarding network element may select one or more PGWs that specify that the UE may establish a PDN connection. Specifically, for a PGW with similar access functions in each area, the tunnel forwarding network element only needs to select one PGW in the area.

然后, 隧道转发网元向选择的 PGW发送建立隧道指示信息, 该建立隧道指示信息包括 隧道类型、 隧道端点信息和隧道转发规则。  Then, the tunnel forwarding network element sends the tunnel establishment indication information to the selected PGW, where the tunnel establishment indication information includes the tunnel type, the tunnel endpoint information, and the tunnel forwarding rule.

步骤 403, 被选择的 PGW根据建立隧道指示信息与应用服务器 A建立 IP in IP隧道; 被选择的 PGW根据隧道类型和隧道端点信息与应用服务器 A建立 IP in IP隧道。同时, 被选择的 PGW保存隧道转发规则。  Step 403: The selected PGW establishes an IP in IP tunnel with the application server A according to the tunneling indication information. The selected PGW establishes an IP in IP tunnel with the application server A according to the tunnel type and the tunnel endpoint information. At the same time, the selected PGW saves the tunnel forwarding rules.

需要说明的是, 由于指定 UE在一个地域时, 其接入 PDN时选择的 PGW不一定正好 是隧道转发网元选择的 PGW。为此, 隧道转发网元需要引导指定 UE连接至被选择的网关。 在本实施例中, 隧道转发网元可以指示 HSS将指定 UE的签约数据进行修改, 修改指定 UE 的每个 APN都关联到被选择的 PGW, 以便 MME根据修改后的签约数据来引导指定 UE连 接至被选择的 PGW。  It should be noted that, when the designated UE is in a certain area, the PGW selected when accessing the PDN is not necessarily the PGW selected by the tunnel forwarding network element. To this end, the tunnel forwarding network element needs to direct the designated UE to connect to the selected gateway. In this embodiment, the tunnel forwarding network element may instruct the HSS to modify the subscription data of the designated UE, and modify each APN of the designated UE to be associated with the selected PGW, so that the MME guides the specified UE connection according to the modified subscription data. To the selected PGW.

步骤 404, 隧道转发网元向 HSS发送修改签约数据的指示, 该指示中携带有指定 UE 的标识信息和被选择的 PGW的标识信息;  Step 404: The tunnel forwarding network element sends an indication for modifying the subscription data to the HSS, where the indication carries the identifier information of the designated UE and the identifier information of the selected PGW.

其中, 指定 UE 的标识信息可以是 IMSI (International Mobile Subscriberldentification Number, 国际移动用户识别码)。 该指定 UE的标识信息可以从隧道转发规则中获得。  The identifier information of the designated UE may be an IMSI (International Mobile Subscriber Identification Number). The identification information of the designated UE can be obtained from a tunnel forwarding rule.

被选择的 PGW的标识信息可以是 PGW的 IP地址。  The identification information of the selected PGW may be the IP address of the PGW.

HSS接收到隧道转发网元的指示后, 可以修改指定 UE的每个 APN都关联到被选择的 PGW。 After receiving the indication of the tunnel forwarding network element, the HSS may modify each APN of the designated UE to be associated with the selected one. PGW.

步骤 405, 指定 UE向 MME发送附着请求;  Step 405: The specified UE sends an attach request to the MME.

该附着请求中可以携带有 APN, 如果未携带, 可以按照签约数据中的默认 APN处理。 另外, 该附着请求中通常还携带有指定 UE的 IMSI。  The attach request may carry the APN. If not, the APN may be processed according to the default APN in the subscription data. In addition, the attach request usually carries the IMSI of the designated UE.

步骤 406, MME向 HSS获取该指定 UE的签约数据;  Step 406: The MME acquires subscription data of the designated UE from the HSS.

MME在收到附着请求后, 向 HSS获取该指定 UE的签约数据。 此过程中, MME可以 使用指定 UE的 IMSI来发起签约数据获取请求给 HSS, 以便 HSS返回该指定 UE的签约数 据。  After receiving the attach request, the MME obtains the subscription data of the designated UE from the HSS. In this process, the MME may use the IMSI of the designated UE to initiate a subscription data acquisition request to the HSS, so that the HSS returns the subscription data of the designated UE.

步骤 407, HSS向 MME返回该指定 UE被修改过的签约数据;  Step 407: The HSS returns, to the MME, the subscription data that the specified UE is modified.

HSS向 MME返回该指定 UE被修改过的签约数据, 修改过的签约数据包括指定 UE可 选的 APN, 以及每个 APN关联的 PGW。此处的 PGW通常都是隧道转发网元选择的 PGW。  The HSS returns the subscription data of the specified UE to the MME, and the modified subscription data includes an APN that is selected by the UE, and a PGW associated with each APN. The PGW here is usually the PGW selected by the tunnel forwarding network element.

步骤 408, MME向修改过的签约数据中的 PGW发送创建会话请求消息;  Step 408: The MME sends a create session request message to the PGW in the modified subscription data.

该创建会话请求消息包括指定 UE的 IMSI和 APN, 该 APN可以是指定 UE在附着请 求中携带的 APN。虽然该 APN在本实施例的后续步骤中已经没有实际作用, 但是为了对现 有技术的改动尽量小, 仍然保留了该内容。 需要意识到, 创建会话请求消息中可以不包括 该 APN。  The create session request message includes the IMSI and the APN of the designated UE, and the APN may be the APN that the designated UE carries in the attach request. Although the APN has no practical effect in the subsequent steps of this embodiment, the content is retained in order to make the changes to the prior art as small as possible. It is important to realize that the APN may not be included in the Create Session Request message.

步骤 409, PGW根据指定 UE的 IMSI到应用服务器 A分配地址;  Step 409: The PGW allocates an address to the application server A according to the IMSI of the specified UE.

PGW接收到 MME发送的创建会话请求消息之后,根据其中的指定 UE的 IMSI和隧道 转发规则可以判断到当前 UE是指定 UE。为此, PGW到应用服务器 A为指定 UE分配地址。  After receiving the Create Session Request message sent by the MME, the PGW can determine that the current UE is the designated UE according to the IMSI and the tunnel forwarding rule of the specified UE. To this end, the PGW to Application Server A assigns an address to the designated UE.

也就是说, PGW判断到当前 UE是指定 UE时, 并不按照正常模式, 在 APN对应的地 址池中为指定 UE分配地址; 而是忽略 APN信息, 直接到应用服务器 A处为指定 UE分配 地址。  That is, when the PGW determines that the current UE is the designated UE, it does not assign an address to the designated UE in the address pool corresponding to the APN according to the normal mode; instead, the APN information is ignored, and the address is directly assigned to the designated UE at the application server A. .

步骤 410, PGW向 MME返回创建会话响应消息, 该创建会话响应消息携带有分配的 地址。  Step 410: The PGW returns a create session response message to the MME, where the create session response message carries the assigned address.

步骤 411, MME向指定 UE返回附着响应, 该附着响应携带有 PGW分配的地址; 此后, 指定 UE可以利用 PGW分配的地址完成 PDN接入, 并访问 PDN网络。  Step 411: The MME returns an attach response to the designated UE, where the attach response carries the address allocated by the PGW. Thereafter, the designated UE can complete the PDN access by using the address allocated by the PGW, and access the PDN network.

步骤 412, PGW接收到指定 UE的数据报文, 将符合隧道转发规则的该数据报文利用 与应用服务器 A之间建立的隧道进行转发。  Step 412: The PGW receives the data packet of the specified UE, and forwards the data packet that meets the tunnel forwarding rule by using the tunnel established between the application server and the application server A.

当指定 UE发送的数据报文发送给 PGW时, PGW可以根据数据报文的来源地址判断 出该数据报文符合隧道转发规则, 然后将该数据报文利用与应用服务器 A之间建立的隧道 进行转发。 综上所述, 本实施例提供的隧道转发方法, 通过根据隧道建立请求来指示相应的网关 与应用服务器建立隧道, 且下发隧道转发规则给网关, 使得网关能够根据隧道转发规则选 择性地转发数据至应用服务器,解决了现有的隧道转发方法中无法对 UE粒度的数据进行区 分和转发的技术问题, 达到了网关可以对不同的 UE的数据区分转发到应用服务器的效果。 另一方面, 通过只选择少量的 PGW与应用服务器 A建立隧道, 同时利用修改 HSS的签约 数据的方式来引导指定 UE连接到被选择的 PGW, 使得应用服务器 A需要维持和管理的隧 道数量减到更少。 实施例四 When the data packet sent by the UE is sent to the PGW, the PGW can determine that the data packet complies with the tunnel forwarding rule according to the source address of the data packet, and then use the tunnel established between the data packet and the application server A. Forward. In summary, the tunnel forwarding method provided in this embodiment indicates that the gateway establishes a tunnel with the application server according to the tunnel establishment request, and the tunnel forwarding rule is sent to the gateway, so that the gateway can selectively forward according to the tunnel forwarding rule. The data is applied to the application server, which solves the technical problem that the existing tunnel forwarding method cannot distinguish and forward the data of the UE granularity, and achieves the effect that the gateway can forward the data of different UEs to the application server. On the other hand, by establishing only a small number of PGWs to establish a tunnel with the application server A, and simultaneously modifying the HSS subscription data to guide the designated UE to connect to the selected PGW, so that the number of tunnels that the application server A needs to maintain and manage is reduced to less. Embodiment 4

假设实施场景仍然为: UE属于企业中的一个员工, 该 UE不仅需要通过隧道接入该企 业的 Intranet,还需要接入 Internet,该企业希望该 UE接入 Internet的数据也经由接入 Intranet 的隧道来转发。  It is assumed that the implementation scenario is as follows: The UE belongs to an employee in the enterprise. The UE needs to access the intranet of the enterprise through the tunnel, and needs to access the Internet. The enterprise hopes that the data of the UE accessing the Internet is also connected to the tunnel through the intranet. To forward.

但是与实施例三不同的是,在网关与应用服务器建立隧道之前, UE已经通过一个 PGW 接入 PDN网络。  However, different from the third embodiment, before the gateway establishes a tunnel with the application server, the UE has accessed the PDN network through a PGW.

请参考图 5, 其示出了本发明实施例四提供的隧道转发方法的方法流程图。该隧道转发 方法可以包括:  Referring to FIG. 5, a flowchart of a method for tunnel forwarding provided by Embodiment 4 of the present invention is shown. The tunnel forwarding method may include:

步骤 501, 应用服务器 A 向隧道转发网元发送隧道建立请求, 该隧道建立请求包括隧 道类型、 隧道端点信息和隧道转发规则;  Step 501: The application server A sends a tunnel establishment request to the tunnel forwarding network element, where the tunnel establishment request includes a tunnel type, tunnel endpoint information, and a tunnel forwarding rule.

在本实施例中, 隧道类型为: IP in GRE隧道;  In this embodiment, the tunnel type is: an IP in GRE tunnel;

隧道端点信息对应于待建立隧道的应用服务器, 具体是发送隧道建立请求的应用服务 器 A的 IP地址, 应用服务器 A是企业内部网中的服务器;  The tunnel endpoint information corresponds to the application server to be tunneled, specifically the IP address of the application server A that sends the tunnel establishment request, and the application server A is the server in the intranet;

隧道转发规则为: 转发指定 UE的所有数据至该应用服务器 A。  The tunnel forwarding rule is: Forward all data of the specified UE to the application server A.

步骤 502,隧道转发网元选择至少一个 PGW,并向选择的 PGW发送建立隧道指示信息, 该建立隧道指示信息包括隧道类型、 隧道端点信息和隧道转发规则;  Step 502: The tunnel forwarding network element selects at least one PGW, and sends the tunneling indication information to the selected PGW, where the tunneling indication information includes a tunnel type, tunnel endpoint information, and a tunnel forwarding rule.

隧道转发网元可以选择指定 UE可能建立 PDN连接的一个或多个 PGW。具体地讲, 对 于每一地域接入功能类似的 PGW, 隧道转发网元只需要选择该地域中的一个 PGW即可。 本实施例中, 以 PGW1为被选择的网关来进行描述;  The tunnel forwarding network element may select one or more PGWs that specify that the UE may establish a PDN connection. Specifically, for a PGW with similar access functions in each area, the tunnel forwarding network element only needs to select one PGW in the area. In this embodiment, PGW1 is used as the selected gateway to describe;

然后, 隧道转发网元向 PGW1发送建立隧道指示信息, 该建立隧道指示信息包括隧道 类型、 隧道端点信息和隧道转发规则。  Then, the tunnel forwarding network element sends a tunnel establishment indication information to the PGW1, where the tunnel establishment indication information includes a tunnel type, tunnel endpoint information, and a tunnel forwarding rule.

步骤 503, PGW1根据建立隧道指示信息与应用服务器 A建立 IP in GRE隧道; Step 503: The PGW1 establishes an IP in GRE tunnel with the application server A according to the tunnel indication information.

PGW1根据隧道类型和隧道端点信息与应用服务器 A建立 IP in GRE隧道。同时, PGW1 保存隧道转发规则。 PGW1 establishes an IP in GRE tunnel with application server A according to the tunnel type and tunnel endpoint information. At the same time, PGW1 Save the tunnel forwarding rules.

需要说明的一点是, 由于指定 UE在一个地域时, 其接入 PDN时选择的 PGW不一定 正好是隧道转发网元选择的 PGW。 为此, 隧道转发网元需要引导指定 UE连接至被选择的 网关。 在本实施例中, 隧道转发网元可以指示 HSS将指定 UE的签约数据进行修改, 修改 替换指定 UE的 APN为特定 APN, 特定 APN与 PGW1关联, 以便 MME根据修改后的签 约数据来引导指定 UE连接至 PGW1。  It should be noted that, when the designated UE is in a certain area, the PGW selected when accessing the PDN is not necessarily the PGW selected by the tunnel forwarding network element. To this end, the tunnel forwarding network element needs to direct the designated UE to connect to the selected gateway. In this embodiment, the tunnel forwarding network element may instruct the HSS to modify the subscription data of the designated UE, and modify the APN of the designated UE to be a specific APN, and the specific APN is associated with the PGW1, so that the MME guides the designated UE according to the modified subscription data. Connect to PGW1.

需要说明的另一点是: 由于指定 UE预先已经与 PGW2建立 PDN连接, 为此, 隧道转 发网元在指示 HSS将指定 UE的签约数据进行修改之后, 还需要 HSS将修改后的签约数据 主动发送给 MME, 以便 MME先将指定 UE的已有连接去激活, 并重新根据修改后的签约 数据来引导指定 UE连接至 PGW1。  Another point to be explained is: Since the designated UE has established a PDN connection with the PGW2 in advance, the tunnel forwarding network element needs to send the modified subscription data to the HSS after the HSS is instructed to modify the subscription data of the designated UE. The MME, so that the MME first deactivates the existing connection of the designated UE, and redirects the designated UE to connect to the PGW1 according to the modified subscription data.

步骤 504, 隧道转发网元向 HSS发送修改签约数据的指示, 该指示中携带有指定 UE 的标识信息和特定 APN;  Step 504: The tunnel forwarding network element sends an indication for modifying the subscription data to the HSS, where the indication carries the identifier information of the specified UE and the specific APN.

其中, 指定 UE的标识信息可以是 IMSI。 该指定 UE的标识信息可以从隧道转发规则 中获得。  The identifier information of the designated UE may be IMSI. The identification information of the designated UE can be obtained from a tunnel forwarding rule.

特定 APN是与 PGW1关联的 APN。 在本实施例中, 以 APN2作为特定 APN。  The specific APN is the APN associated with PGW1. In the present embodiment, APN2 is used as a specific APN.

HSS接收到隧道转发网元的指示后,可以替换指定 UE的签约数据中的 APN为 APN2; 步骤 505, HSS判断指定 UE是否已经接入其它网关, 其它网关为未与应用服务器建立 隧道的网关; 如果是, 则进入步骤 506;  After receiving the indication of the tunnel forwarding network element, the HSS may replace the APN in the subscription data of the specified UE as APN2; Step 505, the HSS determines whether the specified UE has accessed other gateways, and the other gateways are gateways that do not establish a tunnel with the application server; If yes, proceed to step 506;

HSS修改指定 UE的签约数据之后, HSS可以判断到 UE已经接入 PGW2。  After the HSS modifies the subscription data of the specified UE, the HSS can determine that the UE has accessed the PGW2.

步骤 506, HSS将修改后的签约数据主动发送给 MME;  Step 506, the HSS actively sends the modified subscription data to the MME;

修改后的签约数据包括指定 UE的 IMSI和 APN2;  The modified subscription data includes the IMSI and APN2 of the designated UE;

步骤 507, MME对指定 UE与 PGW2的已有连接去激活, 并指示指定 UE重新建立连 接;  Step 507: The MME deactivates the existing connection between the designated UE and the PGW2, and instructs the designated UE to re-establish the connection.

MME在收到 HSS发送的修改后的签约数据之后, 可以根据修改后的签约数据包括的 指定 UE的 IMSI, 来对指定 UE与 PGW2的已有连接进行去激活。  After receiving the modified subscription data sent by the HSS, the MME may deactivate the existing connection between the designated UE and the PGW2 according to the IMSI of the designated UE included in the modified subscription data.

步骤 508, 指定 UE重新发送附着请求,  Step 508, the specified UE resends the attach request,

该附着请求中可以携带有 APN1。 由于替换 APN的过程对于 UE不可见, 所以此附着 请求仍然携带 APN1。  The attachment request may carry APN1. Since the process of replacing the APN is not visible to the UE, this attach request still carries APN1.

步骤 509, MME利用 APN2选择到 PGW1 , 并向 PGW1发起创建会话请求消息; MME在收到附着请求后, 由于只有建立隧道后的 PGW1提供 APN2的支持, MME根 据 APN2可以选择到 PGW1 , 然后向 PGW1发起创建会话请求消息。 该创建会话请求消息 包括指定 UE的 IMSI和 APN2。 Step 509: The MME selects to PGW1 by using APN2, and initiates a create session request message to PGW1. After receiving the attach request, the MME can select PGW1 according to APN2, and then to PGW1, because only PGW1 after tunnel establishment provides support of APN2. Initiate a create session request message. The create session request message It includes the IMSI and APN2 of the specified UE.

步骤 510, PGW1根据 APN2选择到应用服务器 A为指定 UE分配地址, 然后向 MME 返回创建会话相应消息, 该创建会话相应消息携带有分配的地址。  Step 510: The PGW1 selects an application server A to allocate an address to the designated UE according to the APN2, and then returns a corresponding session creation message to the MME, where the corresponding message of the creation session carries the allocated address.

步骤 511, MME向指定 UE返回附着响应, 该附着响应携带有 PGW1分配的地址; 此后, 指定 UE可以利用 PGW1分配的地址重新完成 PDN接入, 并访问 PDN网络。 步骤 512, PGW1接收到指定 UE的数据报文, 将符合隧道转发规则的该数据报文利用 与应用服务器 A之间建立的隧道进行转发。  Step 511: The MME returns an attach response to the designated UE, where the attach response carries the address allocated by the PGW1. Thereafter, the designated UE can complete the PDN access by using the address allocated by the PGW1, and access the PDN network. Step 512: The PGW1 receives the data packet of the specified UE, and forwards the data packet that meets the tunnel forwarding rule by using the tunnel established between the application server and the application server A.

当指定 UE发送的数据报文发送给 PGW1时, PGW1可以根据数据报文的来源地址判 断出该数据报文符合隧道转发规则, 然后将该数据报文利用与应用服务器 A之间建立的隧 道进行转发。  When the data packet sent by the specified UE is sent to the PGW1, the PGW1 can determine that the data packet complies with the tunnel forwarding rule according to the source address of the data packet, and then use the tunnel established between the data packet and the application server A. Forward.

综上所述, 本实施例提供的隧道转发方法, 通过根据隧道建立请求来指示相应的网关 与应用服务器建立隧道, 且下发隧道转发规则给网关, 使得网关能够根据隧道转发规则选 择性地转发数据至应用服务器,解决了现有的隧道转发方法中无法对 UE粒度的数据进行区 分和转发的技术问题, 达到了网关可以对不同的 UE的数据区分转发到应用服务器的效果。 另一方面, 通过隧道控制网元来判断指定 UE是否已经利用其他网关接入 PDN, 然后去激 活连接至被选择的 PDN的方式, 达到了即便指定 UE 已经接入 PDN, 仍然能够引导指定 UE通过选择的 PGW接入 PDN, 从而利用建立的隧道转发该指定 UE的数据的效果。 实施例五  In summary, the tunnel forwarding method provided in this embodiment indicates that the gateway establishes a tunnel with the application server according to the tunnel establishment request, and the tunnel forwarding rule is sent to the gateway, so that the gateway can selectively forward according to the tunnel forwarding rule. The data is applied to the application server, which solves the technical problem that the existing tunnel forwarding method cannot distinguish and forward the data of the UE granularity, and achieves the effect that the gateway can forward the data of different UEs to the application server. On the other hand, the tunnel control network element determines whether the designated UE has accessed the PDN by using other gateways, and then deactivates the connection to the selected PDN, so that even if the designated UE has accessed the PDN, the specified UE can still be guided to pass. The selected PGW accesses the PDN, thereby utilizing the established tunnel to forward the effect of the data of the designated UE. Embodiment 5

上述实施例均已基于 EPC的分组域网络架构来描述, 但是上述隧道转发方法也可以用 于控制和转发分离的移动分组网络架构。 所谓的控制与转发分离, 指的是转发网元仅处理 数据报文, 和转发流表生成信令, 而其他诸如 IP地址分配, PDN连接建立等均由控制网元 处理。  The above embodiments have been described based on the EPC packet domain network architecture, but the tunnel forwarding method described above can also be used to control and forward separate mobile packet network architectures. The so-called control and forwarding separation means that the forwarding network element only processes data packets, and forwards the flow table to generate signaling, and other such as IP address allocation and PDN connection establishment are handled by the control network element.

请参考图 6,其示出了本发明实施例五提供的隧道转发方法的方法流程图。本实施例中, 隧道转发网元实施与控制器中, 路由器作为网关, 该隧道转发方法可以具体包括:  Referring to FIG. 6, a flowchart of a method for tunnel forwarding provided by Embodiment 5 of the present invention is shown. In this embodiment, the tunnel forwarding network element is implemented in the controller and the router is used as the gateway. The tunnel forwarding method may specifically include:

步骤 601, 应用服务器 A向控制器发送隧道建立请求, 该隧道建立请求包括隧道类型、 隧道端点信息和隧道转发规则;  Step 601: The application server A sends a tunnel establishment request to the controller, where the tunnel establishment request includes a tunnel type, tunnel endpoint information, and a tunnel forwarding rule.

在本实施例中, 隧道类型为: L2TP隧道;  In this embodiment, the tunnel type is: an L2TP tunnel;

隧道端点信息对应于待建立隧道的应用服务器, 具体是发送隧道建立请求的应用服务 器 A的 IP地址, 应用服务器 A是企业内部网中的服务器;  The tunnel endpoint information corresponds to the application server to be tunneled, specifically the IP address of the application server A that sends the tunnel establishment request, and the application server A is the server in the intranet;

隧道转发规则为: 转发指定 UE的所有数据至该应用服务器 A。 步骤 602, 控制器选择至少一个路由器, 向选择的路由器通过流表来指示路由器建立到 应用服务器的隧道流表; The tunnel forwarding rule is: Forward all data of the specified UE to the application server A. Step 602: The controller selects at least one router, and indicates, by using a flow table, the router to establish a tunnel flow table to the application server by using a flow table.

控制器可以选择指定 UE可能建立 PDN连接的一个或多个路由器。 具体地讲, 对于每 一地域接入功能类似的路由器, 隧道转发网元只需要选择该地域中的一个路由器即可。  The controller may choose to specify one or more routers for which the UE may establish a PDN connection. Specifically, for a router with similar access functions in each area, the tunnel forwarding network element only needs to select one router in the area.

然后, 控制器向选择的路由器通过流表来指示路由器建立到应用服务器的隧道流表。 步骤 603, 路由器建立到应用服务器 A的隧道;  Then, the controller instructs the router to establish a tunnel flow table to the application server through the flow table to the selected router. Step 603, the router establishes a tunnel to the application server A;

具体地讲, 路由器可以建立到应用服务器 A的 L2TP隧道。  Specifically, the router can establish an L2TP tunnel to Application Server A.

步骤 604, UE发送 PDN连接建立请求给控制器,该 PDN连接建立请求携带 APN信息; 该 PDN连接建立请求通常还包括有 UE的 IMSI。  Step 604: The UE sends a PDN connection establishment request to the controller, where the PDN connection establishment request carries the APN information. The PDN connection establishment request usually further includes the IMSI of the UE.

步骤 605, 控制器忽略 APN信息, 选择应用服务器 A来为 UE分配地址;  Step 605: The controller ignores the APN information, and selects the application server A to allocate an address for the UE.

控制器可以根据 UE的 IMSI和隧道转发规则, 判断出 UE为指定 UE。此时, 控制器忽 略 PDN连接建立请求中的 APN信息,选择从应用服务器 A的地址池中分配一个地址给 UE。  The controller may determine, according to the IMSI and the tunnel forwarding rule of the UE, that the UE is the designated UE. At this time, the controller ignores the APN information in the PDN connection establishment request, and selects an address from the address pool of the application server A to the UE.

步骤 606, 控制器向 UE返回 PDN连接建立响应, 该 PDN连接建立响应携带有分配的 地址;  Step 606: The controller returns a PDN connection setup response to the UE, where the PDN connection setup response carries the assigned address.

步骤 607, 控制器通过流表指示该 UE连接的 eNB, 将该 UE的数据转发到路由器; 此步骤, 也即控制器引导 UE连接到路由器的过程。  Step 607: The controller indicates, by using a flow table, the eNB connected to the UE, and forwards the data of the UE to the router. This step, that is, the process in which the controller directs the UE to connect to the router.

步骤 608,控制器通过流表指示路由器,将该 UE的数据通过隧道转发至应用服务器 A。 综上所述, 本实施例提供的隧道转发方法, 通过根据隧道建立请求来指示相应的网关 与应用服务器建立隧道, 使得网关能够根据隧道转发规则选择性地转发数据至应用服务器, 解决了现有的隧道转发方法中无法对 UE粒度的数据进行区分和转发的技术问题,达到了网 关可以对不同的 UE的数据区分转发到应用服务器的效果。 实施例六  Step 608: The controller instructs the router through the flow table, and forwards the data of the UE to the application server A through the tunnel. In summary, the tunnel forwarding method provided in this embodiment is configured to instruct the corresponding gateway to establish a tunnel with the application server according to the tunnel establishment request, so that the gateway can selectively forward data to the application server according to the tunnel forwarding rule, thereby solving the existing The technical problem that the UE granular data cannot be distinguished and forwarded in the tunnel forwarding method is that the gateway can forward the data of different UEs to the application server. Embodiment 6

请参考图 7, 其示出了本发明实施例六提供的隧道转发装置的结构方框图。该隧道转发 装置可以包括请求接收模块 720和隧道建立模块 740。  Please refer to FIG. 7, which is a structural block diagram of a tunnel forwarding apparatus according to Embodiment 6 of the present invention. The tunnel forwarding device can include a request receiving module 720 and a tunnel establishment module 740.

请求接收模块 720用于接收隧道建立请求, 该隧道建立请求包括隧道端点信息和隧道 转发规则。  The request receiving module 720 is configured to receive a tunnel establishment request, where the tunnel establishment request includes tunnel endpoint information and a tunnel forwarding rule.

隧道建立模块 740用于指示至少一个网关与请求接收模块 720接收到的隧道端点信息 所对应的应用服务器建立隧道, 并下发隧道转发规则给网关, 以便网关将符合隧道转发规 则的数据利用隧道转发至应用服务器。  The tunnel establishment module 740 is configured to instruct the at least one gateway to establish a tunnel with the application server corresponding to the tunnel endpoint information received by the request receiving module 720, and send a tunnel forwarding rule to the gateway, so that the gateway forwards the data conforming to the tunnel forwarding rule by using the tunnel. To the application server.

如果请求接收模块 720接收到隧道建立请求中还包括范围指示信息,隧道建立模块 740 可以具体包括: 网关选择单元 742和隧道建立单元 744, 如图 8所示。 其中, 网关选择单元 742用于选择属于范围指示信息指示的范围中的至少一个网关;隧道建立单元 744用于指示 被选择的网关与应用服务器建立隧道, 并下发隧道转发规则给网关。 If the request receiving module 720 receives the tunnel establishment request and further includes range indication information, the tunnel establishment module 740 It may specifically include: a gateway selection unit 742 and a tunnel establishment unit 744, as shown in FIG. The gateway selection unit 742 is configured to select at least one gateway that belongs to the range indicated by the range indication information. The tunnel establishment unit 744 is configured to instruct the selected gateway to establish a tunnel with the application server, and send a tunnel forwarding rule to the gateway.

如果请求接收模块 720接收到的隧道转发规则为转发指定用户设备的数据至应用服务 器时, 隧道转发装置, 还包括: 连接引导模块 760, 如图 9所示。 连接引导模块 760用于引 导指定用户设备连接至隧道建立模块 740选择的与应用服务器建立隧道的网关。  If the tunnel forwarding rule received by the request receiving module 720 is to forward the data of the specified user equipment to the application server, the tunnel forwarding device further includes: a connection guiding module 760, as shown in FIG. The connection boot module 760 is configured to direct the specified user equipment to connect to the gateway selected by the tunnel establishment module 740 to establish a tunnel with the application server.

连接引导模块 760可以具体包括: 第一指示单元 762a、第二指示单元 762b或第三指示 单元 762c, 如图 10所示。 其中, 第一指示单元 762a用于指示归属用户服务器 HSS将指定 用户设备的签约数据进行修改, 修改指定用户设备的每个接入点名称 APN都关联到网关, 以便移动性管理实体 MME根据修改后的签约数据来引导指定用户设备连接至网关;第二指 示单元用于指示 HSS将指定用户设备的签约数据进行修改,替换指定用户设备的 APN为特 定 APN, 特定 APN与网关关联, 以便 MME根据修改后的签约数据来引导指定用户设备连 接至网关; 第三指示单元用于指示与指定用户设备相连接的基站将指定用户设备的数据路 由至网关。  The connection guiding module 760 may specifically include: a first indicating unit 762a, a second indicating unit 762b, or a third indicating unit 762c, as shown in FIG. The first indication unit 762a is configured to instruct the home subscriber server HSS to modify the subscription data of the specified user equipment, and modify each access point name APN of the specified user equipment to be associated with the gateway, so that the mobility management entity MME is modified according to the The subscription data is used to guide the specified user equipment to connect to the gateway; the second indication unit is configured to instruct the HSS to modify the subscription data of the specified user equipment, replace the APN of the specified user equipment with a specific APN, and the specific APN is associated with the gateway, so that the MME can modify the The subsequent subscription data is used to guide the designated user equipment to connect to the gateway; the third indication unit is configured to indicate that the base station connected to the designated user equipment routes the data of the designated user equipment to the gateway.

如果请求接收模块 720接收到的隧道建立请求还包括隧道类型, 当隧道类型为安全隧 道时, 隧道建立模块 740还可以具体包括: 认证发送单元 746, 如图 11所示。 认证发送单 元 746用于分别向网关和应用服务器发送认证信息, 以便网关和应用服务器根据认证信息 完成建立隧道时的相互认证。  If the tunnel establishment request received by the request receiving module 720 further includes a tunnel type, when the tunnel type is a secure tunnel, the tunnel establishment module 740 may further include: an authentication sending unit 746, as shown in FIG. The authentication sending unit 746 is configured to separately send authentication information to the gateway and the application server, so that the gateway and the application server complete mutual authentication when establishing the tunnel according to the authentication information.

综上所述, 本实施例提供的隧道转发装置, 通过根据隧道建立请求来指示相应的网关 与应用服务器建立隧道, 使得网关能够根据隧道转发规则选择性地转发数据至应用服务器, 解决了现有的隧道转发方法中无法对 UE粒度的数据进行区分和转发的技术问题,达到了网 关可以对不同的 UE的数据区分转发到应用服务器的效果。 实施例七  In summary, the tunnel forwarding apparatus provided in this embodiment indicates that the gateway establishes a tunnel with the application server according to the tunnel establishment request, so that the gateway can selectively forward data to the application server according to the tunnel forwarding rule, thereby solving the existing The technical problem that the UE granular data cannot be distinguished and forwarded in the tunnel forwarding method is that the gateway can forward the data of different UEs to the application server. Example 7

请参考图 12, 其示出了本发明实施例七提供的应用服务器的结构方框图。 该应用服务 器包括: 请求发送模块 120。  Please refer to FIG. 12, which is a structural block diagram of an application server according to Embodiment 7 of the present invention. The application server includes: a request sending module 120.

请求发送模块 120用于发送隧道建立请求, 该隧道建立请求至少包括隧道端点信息和 隧道转发规则。 其中, 隧道端点信息对应于待建立隧道的应用服务器; 隧道转发规则包括 转发指定用户设备的数据至应用服务器, 转发目标地址为应用服务器的数据至应用服务器。  The request sending module 120 is configured to send a tunnel establishment request, where the tunnel establishment request includes at least tunnel endpoint information and a tunnel forwarding rule. The tunnel endpoint information corresponds to the application server to be tunneled; the tunnel forwarding rule includes forwarding the data of the specified user equipment to the application server, and forwarding the data of the application server to the application server.

隧道建立请求还可以包括隧道类型和 /或范围指示信息;  The tunnel establishment request may further include a tunnel type and/or range indication information;

隧道类型包括普通隧道或者安全隧道。 范围指示信息用于指示网关所属范围。 Tunnel types include ordinary tunnels or secure tunnels. The range indication information is used to indicate the scope of the gateway.

综上所述, 本实施例提供的应用服务器, 通过发送隧道建立请求, 来使得隧道转发网 元根据隧道建立请求来指示相应的网关与应用服务器建立隧道, 使得网关能够根据隧道转 发规则选择性地转发数据至应用服务器,解决了现有的隧道转发方法中无法对 UE粒度的数 据进行区分和转发的技术问题,达到了网关可以对不同的 UE的数据区分转发到应用服务器 的效果。 实施例八  In summary, the application server provided in this embodiment sends a tunnel establishment request, so that the tunnel forwarding network element instructs the corresponding gateway to establish a tunnel with the application server according to the tunnel establishment request, so that the gateway can selectively select the tunnel according to the tunnel forwarding rule. The data is forwarded to the application server, which solves the technical problem that the existing tunnel forwarding method cannot distinguish and forward the data of the UE granularity, and achieves the effect that the gateway can forward the data of different UEs to the application server. Example eight

请参考图 13, 其示出了本发明实施例八提供的归属用户服务器的结构方框图。 该归属 用户服务器包括: 指示接收模块 132和数据修改模块 134。  Please refer to FIG. 13, which is a structural block diagram of a home subscriber server according to Embodiment 8 of the present invention. The home subscriber server includes: an indication receiving module 132 and a data modification module 134.

指示接收模块 132用于接收隧道转发装置的指示, 指示中包括指定用户设备的标识信 息。  The indication receiving module 132 is configured to receive an indication of the tunnel forwarding device, where the indication includes the identification information of the specified user equipment.

数据修改模块 134用于根据指示接收模块 132接收的指示, 将指定用户设备的签约数 据进行修改。 其中, 修改包括: 修改指定用户设备的每个接入点名称 APN都关联到指定网 关; 或, 替换指定用户设备的 APN为特定 APN, 特定 APN与指定网关关联。  The data modification module 134 is configured to modify the subscription data of the specified user equipment according to the indication received by the indication receiving module 132. The modification includes: modifying each access point name of the specified user equipment, the APN is associated with the designated gateway; or, replacing the APN of the specified user equipment with a specific APN, and the specific APN is associated with the designated gateway.

归属用户服务器还包括: 连接判断模块 136和数据推送模块 138, 如图 14所示。 其中, 连接判断模块 136用于判断指定用户设备是否已经接入其它网关, 其它网关为未与应用服 务器建立隧道的网关; 数据推送模块 138用于在连接判断模块 136的判断结果为是时, 将 数据修改模块 134修改后的签约数据推送给移动性管理实体。  The home subscriber server further includes: a connection determination module 136 and a data push module 138, as shown in FIG. The connection determining module 136 is configured to determine whether the specified user equipment has access to other gateways, and the other gateways are gateways that do not establish a tunnel with the application server. The data pushing module 138 is configured to: when the determination result of the connection determining module 136 is yes, The modified subscription data of the data modification module 134 is pushed to the mobility management entity.

综上所述, 本实施例提供的归属用户服务器, 通过根据隧道转发装置的指示来对指定 用户设备的签约数据进行修改, 使得指定用户设备总是能够连接到隧道转发装置选择的网 关上, 解决了现有的隧道转发方法中无法对 UE粒度的数据进行区分和转发的技术问题, 达 到了网关可以对不同的 UE的数据区分转发到应用服务器的效果。 实施例九  In summary, the home subscriber server provided in this embodiment modifies the subscription data of the specified user equipment according to the indication of the tunnel forwarding device, so that the designated user equipment can always connect to the gateway selected by the tunnel forwarding device, and the solution is resolved. The technical problem that the data of the UE granularity cannot be distinguished and forwarded in the existing tunnel forwarding method is achieved, and the effect that the gateway can forward the data of different UEs to the application server is achieved. Example nine

请参考图 15, 其示出了本发明实施例九提供的隧道转发系统的结构方框图。 该隧道转 发系统包括实施例七提供的隧道转发装置 700、 实施例八提供的应用服务器 800和 /或实施 例九提供的归属用户服务器 900。 需要说明的是: 上述实施例提供的隧道转发装置、 应用服务器、 归属用户服务器和隧 道转发系统在利用隧道转发数据时, 仅以上述各功能模块的划分进行举例说明, 实际应用 中, 可以根据需要而将上述功能分配由不同的功能模块完成, 即将设备的内部结构划分成 不同的功能模块, 以完成以上描述的全部或者部分功能。 另外, 上述实施例提供的隧道转 发装置、 应用服务器、 归属用户服务器和隧道转发系统与隧道转发方法实施例属于同一构 思, 其具体实现过程详见方法实施例, 这里不再赘述。 本领域普通技术人员可以理解实现上述实施例的全部或部分步骤可以通过硬件来完 成, 也可以通过程序来指令相关的硬件完成, 所述的程序可以存储于一种计算机可读存储 介质中, 上述提到的存储介质可以是只读存储器, 磁盘或光盘等。 以上所述仅为本发明的较佳实施例, 并不用以限制本发明, 凡在本发明的精神和原则 之内, 所作的任何修改、 等同替换、 改进等, 均应包含在本发明的保护范围之内。 Please refer to FIG. 15, which is a structural block diagram of a tunnel forwarding system according to Embodiment 9 of the present invention. The tunnel forwarding system includes the tunnel forwarding device 700 provided in Embodiment 7, the application server 800 provided in Embodiment 8, and/or the Home Subscriber Server 900 provided in Embodiment 9. It should be noted that, when the tunnel forwarding device, the application server, the home subscriber server, and the tunnel forwarding system provided by the foregoing embodiments use the tunnel to forward data, only the division of the foregoing functional modules is used for example, and the actual application is performed. In the above, the above function assignment can be completed by different functional modules according to requirements, that is, the internal structure of the device is divided into different functional modules to complete all or part of the functions described above. In addition, the tunnel forwarding device, the application server, the home subscriber server, and the tunnel forwarding system provided by the foregoing embodiments are the same as the embodiment of the tunnel forwarding method. For details, refer to the method embodiment, and details are not described herein. A person skilled in the art may understand that all or part of the steps of implementing the above embodiments may be completed by hardware, or may be instructed by a program to execute related hardware, and the program may be stored in a computer readable storage medium. The storage medium mentioned may be a read only memory, a magnetic disk or an optical disk or the like. The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention. Any modifications, equivalent substitutions, improvements, etc., which are within the spirit and scope of the present invention, should be included in the protection of the present invention. Within the scope.

Claims

权 利 要 求 书 claims 1、 一种隧道转发方法, 其特征在于, 所述方法包括: 1. A tunnel forwarding method, characterized in that the method includes: 接收隧道建立请求, 所述隧道建立请求包括隧道端点信息和隧道转发规则; Receive a tunnel establishment request, where the tunnel establishment request includes tunnel endpoint information and tunnel forwarding rules; 指示至少一个网关与所述隧道端点信息所对应的应用服务器建立隧道, 并下发所述隧道 转发规则给所述网关, 以便所述网关将符合所述隧道转发规则的数据利用所述隧道转发至所 述应用服务器。 Instruct at least one gateway to establish a tunnel with the application server corresponding to the tunnel endpoint information, and deliver the tunnel forwarding rule to the gateway, so that the gateway forwards data that conforms to the tunnel forwarding rule using the tunnel to The application server. 2、 根据权利要求 1所述的隧道转发方法,其特征在于,所述隧道建立请求还包括范围指 示信息, 所述指示至少一个网关与所述隧道端点信息所对应的应用服务器建立隧道, 并下发 所述隧道转发规则给所述网关, 具体包括: 2. The tunnel forwarding method according to claim 1, wherein the tunnel establishment request further includes range indication information, which instructs at least one gateway to establish a tunnel with the application server corresponding to the tunnel endpoint information, and downloads Send the tunnel forwarding rules to the gateway, specifically including: 选择属于所述范围指示信息指示的范围中的至少一个网关; Select at least one gateway belonging to the range indicated by the range indication information; 指示被选择的所述网关与所述应用服务器建立隧道, 并下发所述隧道转发规则给所述网 关。 Instruct the selected gateway to establish a tunnel with the application server, and deliver the tunnel forwarding rule to the gateway. 3、 根据权利要求 1所述的隧道转发方法,其特征在于,所述隧道转发规则为转发指定用 户设备的数据至所述应用服务器时, 所述指示至少一个网关与所述隧道端点信息所对应的应 用服务器建立隧道, 并下发所述隧道转发规则给所述网关之后, 还包括: 3. The tunnel forwarding method according to claim 1, wherein when the tunnel forwarding rule is to forward data of a designated user equipment to the application server, the indicated at least one gateway corresponds to the tunnel endpoint information. After the application server establishes the tunnel and delivers the tunnel forwarding rule to the gateway, it also includes: 引导所述指定用户设备连接至所述网关。 Direct the designated user equipment to connect to the gateway. 4、根据权利要求 3所述的隧道转发方法, 其特征在于, 所述引导所述指定用户设备连接 至所述网关, 具体包括: 4. The tunnel forwarding method according to claim 3, characterized in that: guiding the designated user equipment to connect to the gateway specifically includes: 指示归属用户服务器 HSS将所述指定用户设备的签约数据进行修改, 修改所述指定用户 设备的每个接入点名称 APN都关联到所述网关, 以便移动性管理实体 MME根据修改后的签 约数据来引导所述指定用户设备连接至所述网关; Instruct the home user server HSS to modify the subscription data of the designated user equipment, and modify each access point name APN of the designated user equipment to be associated with the gateway, so that the mobility management entity MME can modify the subscription data according to the modified subscription data. to guide the designated user equipment to connect to the gateway; 或,指示 HSS将所述指定用户设备的签约数据进行修改, 替换所述指定用户设备的 APN 为特定 APN,所述特定 APN与所述网关关联, 以便 MME根据修改后的签约数据来引导所述 指定用户设备连接至所述网关; Or, instruct the HSS to modify the subscription data of the designated user equipment and replace the APN of the designated user equipment with a specific APN, and the specific APN is associated with the gateway, so that the MME can guide the MME according to the modified subscription data. Designate user equipment to connect to the gateway; 或,指示与所述指定用户设备相连接的基站将所述指定用户设备的数据路由至所述网关。 Or, instruct the base station connected to the designated user equipment to route the data of the designated user equipment to the gateway. 5、 根据权利要求 1至 4任一所述的隧道转发方法, 其特征在于, 所述隧道建立请求还 包括隧道类型, 当所述隧道类型为安全隧道时, 所述指示至少一个网关与所述隧道端点信息 所对应的应用服务器建立隧道, 具体包括: 5. The tunnel forwarding method according to any one of claims 1 to 4, characterized in that the tunnel establishment request further includes a tunnel type, and when the tunnel type is a secure tunnel, the indication is that at least one gateway is connected to the tunnel. The application server corresponding to the tunnel endpoint information establishes the tunnel, including: 分别向所述网关和所述应用服务器发送认证信息, 以便所述网关和所述应用服务器根据 所述认证信息完成建立隧道时的相互认证。 Authentication information is sent to the gateway and the application server respectively, so that the gateway and the application server complete mutual authentication when establishing a tunnel based on the authentication information. 6、 一种隧道转发装置, 其特征在于, 所述装置包括: 6. A tunnel forwarding device, characterized in that the device includes: 请求接收模块, 用于接收隧道建立请求, 所述隧道建立请求包括隧道端点信息和隧道转 发规则; A request receiving module, configured to receive a tunnel establishment request, where the tunnel establishment request includes tunnel endpoint information and tunnel forwarding rules; 隧道建立模块, 用于指示至少一个网关与所述隧道端点信息所对应的应用服务器建立隧 道, 并下发所述隧道转发规则给所述网关, 以便所述网关将符合所述隧道转发规则的数据利 用所述隧道转发至所述应用服务器。 A tunnel establishment module, configured to instruct at least one gateway to establish a tunnel with the application server corresponding to the tunnel endpoint information, and deliver the tunnel forwarding rules to the gateway, so that the gateway will forward data that conforms to the tunnel forwarding rules. Use the tunnel to forward to the application server. 7、 根据权利要求 6所述的隧道转发装置, 其特征在于, 所述隧道建立请求还包括范围 指示信息, 所述隧道建立模块, 具体包括: 7. The tunnel forwarding device according to claim 6, wherein the tunnel establishment request further includes range indication information, and the tunnel establishment module specifically includes: 网关选择单元和隧道建立单元; gateway selection unit and tunnel establishment unit; 所述网关选择单元, 用于选择属于所述范围指示信息指示的范围中的至少一个网关; 所述隧道建立单元, 用于指示被选择的所述网关与所述应用服务器建立隧道, 并下发所 述隧道转发规则给所述网关。 The gateway selection unit is used to select at least one gateway belonging to the range indicated by the range indication information; the tunnel establishment unit is used to instruct the selected gateway to establish a tunnel with the application server, and issue The tunnel forwards the rules to the gateway. 8、 根据权利要求 6所述的隧道转发装置, 其特征在于, 所述隧道转发规则为转发指定 用户设备的数据至所述应用服务器时, 所述隧道转发装置, 还包括: 8. The tunnel forwarding device according to claim 6, wherein when the tunnel forwarding rule is to forward data of a designated user equipment to the application server, the tunnel forwarding device further includes: 连接引导模块, 用于引导所述指定用户设备连接至所述网关。 A connection guidance module, configured to guide the specified user equipment to connect to the gateway. 9、 根据权利要求 8所述的隧道转发装置, 其特征在于, 所述连接引导模块, 具体包括: 第一指示单元、 第二指示单元或第三指示单元; 9. The tunnel forwarding device according to claim 8, wherein the connection guidance module specifically includes: a first indication unit, a second indication unit or a third indication unit; 所述第一指示单元, 用于指示归属用户服务器 HSS将所述指定用户设备的签约数据进行 修改, 修改所述指定用户设备的每个接入点名称 APN都关联到所述网关, 以便移动性管理实 体 MME根据修改后的签约数据来引导所述指定用户设备连接至所述网关; The first instruction unit is used to instruct the home user server HSS to modify the subscription data of the designated user equipment, and modify each access point name APN of the designated user equipment to be associated with the gateway to facilitate mobility. The management entity MME guides the designated user equipment to connect to the gateway according to the modified subscription data; 所述第二指示单元, 用于指示 HSS将所述指定用户设备的签约数据进行修改, 替换所述 指定用户设备的 APN为特定 APN, 所述特定 APN与所述网关关联, 以便 MME根据修改后 的签约数据来引导所述指定用户设备连接至所述网关; The second instruction unit is used to instruct the HSS to modify the subscription data of the designated user equipment, replacing the The APN of the designated user equipment is a specific APN, and the specific APN is associated with the gateway, so that the MME guides the designated user equipment to connect to the gateway according to the modified subscription data; 所述第三指示单元, 用于指示与所述指定用户设备相连接的基站将所述指定用户设备的 数据路由至所述网关。 The third instructing unit is used to instruct the base station connected to the designated user equipment to route the data of the designated user equipment to the gateway. 10、 根据权利要求 6至 9任一所述的隧道转发装置, 其特征在于, 所述隧道建立请求还 包括隧道类型, 当所述隧道类型为安全隧道时, 所述隧道建立模块, 具体包括: 10. The tunnel forwarding device according to any one of claims 6 to 9, characterized in that the tunnel establishment request further includes a tunnel type, and when the tunnel type is a secure tunnel, the tunnel establishment module specifically includes: 认证发送单元; Authentication sending unit; 所述认证发送单元, 用于分别向所述网关和所述应用服务器发送认证信息, 以便所述网 关和所述应用服务器根据所述认证信息完成建立隧道时的相互认证。 The authentication sending unit is configured to send authentication information to the gateway and the application server respectively, so that the gateway and the application server complete mutual authentication when establishing a tunnel based on the authentication information. 11、 一种应用服务器, 其特征在于, 包括: 11. An application server, characterized by including: 请求发送模块, 用于发送隧道建立请求, 所述隧道建立请求至少包括隧道端点信息和隧 道转发规则; A request sending module, configured to send a tunnel establishment request, which at least includes tunnel endpoint information and tunnel forwarding rules; 其中, 所述隧道端点信息对应于待建立隧道的应用服务器; Wherein, the tunnel endpoint information corresponds to the application server to which the tunnel is to be established; 所述隧道转发规则包括转发指定用户设备的数据至所述应用服务器, 转发目标地址为所 述应用服务器的数据至所述应用服务器。 The tunnel forwarding rules include forwarding data of a designated user equipment to the application server, and forwarding data whose target address is the application server to the application server. 12、 根据权利要求 11所述的应用服务器, 所述隧道建立请求还包括隧道类型和 /或范围 指示信息; 12. The application server according to claim 11, the tunnel establishment request further includes tunnel type and/or range indication information; 所述隧道类型包括普通隧道或者安全隧道; The tunnel types include ordinary tunnels or safety tunnels; 所述范围指示信息用于指示网关所属范围。 The range indication information is used to indicate the range to which the gateway belongs. 13、 一种归属用户服务器, 其特征在于, 包括: 13. A home user server, characterized by including: 指示接收模块, 用于接收隧道转发装置的指示, 所述指示中包括指定用户设备的标识信 息; An instruction receiving module, configured to receive instructions from the tunnel forwarding device, where the instructions include identification information of the designated user equipment; 数据修改模块, 用于根据所述指示接收模块接收的指示, 将所述指定用户设备的签约数 据进行修改; A data modification module, configured to modify the contract data of the designated user equipment according to the instruction received by the instruction receiving module; 其中,所述修改包括:修改所述指定用户设备的每个接入点名称 APN都关联到指定网关; 或, 替换所述指定用户设备的 APN为特定 APN, 所述特定 APN与指定网关关联。 Wherein, the modification includes: modifying each access point name APN of the designated user equipment to be associated with a designated gateway; or, replacing the APN of the designated user equipment with a specific APN, and the specific APN is associated with the designated gateway. 14、 根据权利要求 13所述的归属用户服务器, 其特征在于, 所述归属用户服务器, 还 包括: 连接判断模块和数据推送模块; 14. The home user server according to claim 13, characterized in that the home user server further includes: a connection judgment module and a data push module; 所述连接判断模块, 用于判断所述指定用户设备是否已经接入其它网关, 所述其它网关 为未与所述应用服务器建立隧道的网关; The connection determination module is used to determine whether the designated user equipment has accessed other gateways, and the other gateways are gateways that have not established a tunnel with the application server; 所述数据推送模块, 用于在所述连接判断模块的判断结果为是时, 将所述数据修改模块 修改后的签约数据推送给移动性管理实体。 The data push module is configured to push the subscription data modified by the data modification module to the mobility management entity when the judgment result of the connection judgment module is yes. 15、 一种隧道转发系统, 其特征在于, 所述系统包括如权利要求 6至 10任一项所述的隧 道转发装置、 如权利要求 11至 12所述的应用服务器和 /或如权利要求 13或 14所述的归属用 户服务器。 15. A tunnel forwarding system, characterized in that the system includes the tunnel forwarding device according to any one of claims 6 to 10, the application server according to claims 11 to 12, and/or the application server according to claim 13 or the home user server described in 14.
PCT/CN2012/079843 2012-08-08 2012-08-08 Tunnel forwarding method, apparatus, device and system Ceased WO2014022993A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2012/079843 WO2014022993A1 (en) 2012-08-08 2012-08-08 Tunnel forwarding method, apparatus, device and system
CN201280001349.6A CN104025518B (en) 2012-08-08 2012-08-08 Tunnel forwarding method, device, equipment and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2012/079843 WO2014022993A1 (en) 2012-08-08 2012-08-08 Tunnel forwarding method, apparatus, device and system

Publications (1)

Publication Number Publication Date
WO2014022993A1 true WO2014022993A1 (en) 2014-02-13

Family

ID=50067384

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/079843 Ceased WO2014022993A1 (en) 2012-08-08 2012-08-08 Tunnel forwarding method, apparatus, device and system

Country Status (2)

Country Link
CN (1) CN104025518B (en)
WO (1) WO2014022993A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018103108A1 (en) * 2016-12-10 2018-06-14 华为技术有限公司 Routing method and device for data message
US20190166634A1 (en) * 2016-05-26 2019-05-30 Huawei Technologies Co., Ltd. Communication control method, and related network element

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116938639B (en) * 2023-09-13 2023-12-01 中移(苏州)软件技术有限公司 Virtual private network access method, equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101547132A (en) * 2008-03-25 2009-09-30 华为技术有限公司 Method, system and device for establishing data forwarding tunnel
CN101606353A (en) * 2006-12-14 2009-12-16 北方电讯网络有限公司 SIP interworking is provided in next generation network
CN102595367A (en) * 2011-01-07 2012-07-18 中兴通讯股份有限公司 Realization method and system of packet switching service between roaming user and attribution

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101606353A (en) * 2006-12-14 2009-12-16 北方电讯网络有限公司 SIP interworking is provided in next generation network
CN101547132A (en) * 2008-03-25 2009-09-30 华为技术有限公司 Method, system and device for establishing data forwarding tunnel
CN102595367A (en) * 2011-01-07 2012-07-18 中兴通讯股份有限公司 Realization method and system of packet switching service between roaming user and attribution

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190166634A1 (en) * 2016-05-26 2019-05-30 Huawei Technologies Co., Ltd. Communication control method, and related network element
WO2018103108A1 (en) * 2016-12-10 2018-06-14 华为技术有限公司 Routing method and device for data message

Also Published As

Publication number Publication date
CN104025518B (en) 2017-06-13
CN104025518A (en) 2014-09-03

Similar Documents

Publication Publication Date Title
KR102332880B1 (en) System and method of ip session continuity in a device to device communication system
US20210105196A1 (en) Support group communications with shared downlink data
CN111770545A (en) A service flow routing control method, device and system
TWI713614B (en) Methods and apparatus for wireless communication using a security model to support multiple connectivity and service contexts
JP2019537334A (en) System and method for session management
US9788353B2 (en) Mobile network communications method, communications apparatus, and communications system
US20170026896A1 (en) Terminal device, relay terminal device, and communication control method
JP2019521588A (en) Communication control method and related network element
US8989124B1 (en) Management of bearers in a cellular wireless communication system
KR102114630B1 (en) Data service control method and related devices
CN106105381B (en) Method of controlling wireless access gateway, wireless access gateway and wireless network
US11930358B2 (en) Seamless handoff between wireless access gateways
CN103428731B (en) Routing optimization method and system, gateway
WO2017008252A1 (en) Ip address allocation method and device
KR102017167B1 (en) Method and apparatus for data traffic offload in a wireless communication system
CN105580442A (en) Access to local ANDSF server with dedicated bearer
CN102014039B (en) Data transmission method and access point
KR101875346B1 (en) Obtaining authorization to use proximity services in a mobile communication system
WO2018058691A1 (en) Method for establishing public data network connection and related device
CN104025518B (en) Tunnel forwarding method, device, equipment and system
US11451489B2 (en) Wireless access gateway
WO2017084042A1 (en) Service flow transmission method and apparatus
WO2016169015A1 (en) Method and apparatus for switching network communication and direct communication
KR101530558B1 (en) Method and system for setting local routing at mobile communication system
JP2013141106A (en) Communication node

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12882680

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12882680

Country of ref document: EP

Kind code of ref document: A1