CN113746649A

CN113746649A - Network slice control method and communication device

Info

Publication number: CN113746649A
Application number: CN202010406046.9A
Authority: CN
Inventors: 吴义壮
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2020-05-14
Filing date: 2020-05-14
Publication date: 2021-12-03
Anticipated expiration: 2040-05-14
Also published as: WO2021227600A1; CN113746649B

Abstract

The application provides a network slice control method and a communication device, relates to the technical field of communication, and is used for improving the flexibility and user experience of network slice control. The method comprises the following steps: the AMF network element sends, to the AAA server through the authentication and authorization network element, first information that includes slice information of the first network slice and a first identifier of the first user equipment UE, for example, the slice information is an S-NSSAI or identifier information after mapping of the S-NSSAI, the first identifier is a GPSI, and the network slice that allows or is to allow the first UE to access includes the first network slice; receiving second information from the AAA server, that is, the second information is sent by the AAA server, for example, the AAA server sends the second information to the AMF network element through the authentication and authorization network element, where the second information includes first slice control information, and the first slice control information is information for controlling the first UE to use the first network slice.

Description

Network slice control method and communication device

Technical Field

The present application relates to the field of communications technologies, and in particular, to a network slice control method and a communications apparatus.

Background

Network Slice (NS) refers to customizing different logical networks according to service requirements of services of different tenants (tenants) on a physical or virtual network infrastructure. The network slice may be end-to-end (E2E) including the entire network, or part of the network functions may be shared among multiple network slices, and is a key technology for meeting the requirements of the fifth generation (5G) mobile communication technology for network differentiation proposed by the third generation partnership project (3 GPP). The multiple network slices may share a group of access and mobility management function (AMF) network elements, and a User Equipment (UE) may simultaneously access multiple network slices sharing the same group of AMF network elements.

Currently, slice control information of a network slice is stored in a Unified Data Management (UDM) network element in a subscription manner, and in a process that a UE registers in the network slice, an AMF network element serving the UE acquires subscription information including the slice control information from the UDM and sends the slice control information to an access network device, so that the access network device executes corresponding network slice control based on the slice control information.

However, when a new network slice is deployed in the network or the network slice is provided by a third party, if a provider of the network slice wants to modify slice control information of the network slice, subscription information update of the UE needs to be initiated, and the UDM updates the subscription information, so that the provider of the network slice cannot dynamically realize control of the network slice. Therefore, the conventional scheme for acquiring and modifying slice control information is not flexible enough, and the user experience is poor.

Disclosure of Invention

The application provides a network slice control method and device, which are used for improving the flexibility of network slice control and user experience.

In order to achieve the purpose, the technical scheme is as follows:

in a first aspect, a network slice control method is provided, where the method is applied to an access and mobility management function, AMF, network element, and the method includes: sending first information, for example, the AMF network element may send the first information to the AAA server through the AUSF network element, where the first information includes slice information of a first network slice and a first identity of the first user equipment UE, and the slice information may be used to determine the first network slice, for example, the slice information may be an S-NSSAI or identity information after mapping of the S-NSSAI, and the first identity may be a GPSI, where a network slice allowing or to be allowed to be accessed by the first UE includes the first network slice, that is, an allowed NSSAI or a pending NSSAI (the first UE may be allowed to be accessed after authentication and authorization is required) includes the S-NSSAI of the first network slice; and receiving second information from the AAA server, where the second information is sent by the AAA server, for example, the AAA server may send the second information to the AMF network element through authentication authorization, where the second information includes first slice control information, and the first slice control information is information for controlling the first UE to use the first network slice.

In the above technical solution, the AMF network element reports the first information to the AAA server, and the AAA server issues the first slice control information according to the first information, where the first slice control information is information for controlling the first UE to use the first network slice, so that the AAA server can reasonably allocate the slice control information to the first UE, and the AMF network element can dynamically acquire the slice control information of the first UE, thereby improving flexibility of network slice control and user experience.

In a possible implementation manner of the first aspect, the method further includes: sending the first slice control information to the unified data management, UDM, network element, so that the first slice control information can be stored locally when the UDM network element receives the first slice control information. In the possible implementation manner, the UDM network element may obtain, in real time, information for controlling the first UE to use the first network slice, and further, in a dual registration scenario, the UDM network element may provide the first slice control information to another AMF network element used by the first UE, so that the another AMF network element does not need to initiate a new procedure to obtain the first slice control information.

In a possible implementation manner of the first aspect, the method further includes: sending first slice control information to a policy control function PCF network element; and receiving authorization slice control information from the PCF network element, wherein the authorization slice control information can be the same as or different from the first slice control information. In the possible implementation manner, the validity and reasonableness of the slice control information of the first UE for the first network slice may be ensured.

In a possible implementation manner of the first aspect, the method further includes: and sending authorization slice control information to a Unified Data Management (UDM) network element. In the possible implementation manner, the UDM network element may obtain information used by the first UE for the first network slice in real time, and further, in a dual registration scenario, the UDM network element may provide the first slice control information to another AMF network element used by the first UE, so that the another AMF network element does not need to initiate a new procedure to obtain the first slice control information.

In a possible implementation manner of the first aspect, the method further includes: and receiving third information, wherein the third information comprises second slice control information, and the second slice control information is used for updating information for controlling the first UE to use the first network slice. Optionally, the network slice allowing or to be allowed to be accessed by the second UE includes the first network slice, and the third information further includes third slice control information, where the third slice control information is used to update information for controlling the second UE to use the first network slice. In the possible implementation manner, the AAA server may reasonably and dynamically adjust the slice control information of the first UE, thereby improving the flexibility of network slice control and the user experience. When the slice control information of a plurality of UEs is changed, the slice control information of the plurality of UEs is contained in the same message, so that the overhead of network signaling can be saved.

In a possible implementation manner of the first aspect, the method further includes: information for controlling use of the first network slice by the first UE is stored in a context of the first UE. In the possible implementation manner, when the AMF network element serving the first UE is switched, the target AMF network element after switching can accurately acquire the information of the first UE, and the authorization procedure is prevented from being executed again on the network slice executing the authorization procedure.

In a possible implementation manner of the first aspect, before sending the first information, the method further includes: obtaining authorization indication information of a network slice which is allowed or is to be allowed to be accessed by the first UE; and determining that the first network slice needs authorization according to the authorization indication information. Optionally, the obtaining authorization indication information of the network slice to which the first UE is allowed to access includes: acquiring authorization indication information from local; or acquiring subscription information of the first UE from the unified data management UDM network element, wherein the subscription information comprises authorization indication information; or, obtaining authorization indication information from a network slice selection function NSSF network element. In the possible implementation manner, the AMF network element may dynamically acquire slice control information of the first UE in an authorization procedure of the first network slice, so as to improve flexibility of network slice control and user experience.

In a possible implementation manner of the first aspect, the first information further includes a second identifier of the first UE, where the second identifier is an identifier of the first UE in the first network slice. In the above possible implementation, the second identifier may be used to identify the first UE in the first network slice, which may cause the AAA server to perform slice authentication and/or authorization for the first UE.

In one possible implementation manner of the first aspect, the network slice allowing or to be allowed for access by the first UE includes at least one network slice, and the at least one network slice includes the first network slice, and the method further includes: a second identification of the first UE in each of the at least one network slice is obtained from the first UE. In the foregoing possible implementation manner, when the at least one network slice includes multiple network slices, the signaling overhead of the AMF network element for acquiring the second identifier of the first UE in the multiple network slices may be reduced.

In a possible implementation manner of the first aspect, the first information is carried in an authorization request message of the first network slice, and the second information is carried in an authorization response message of the first network slice; or, the first information is carried in the authentication and authorization request message of the first network slice, and the second information is carried in the authentication and authorization response message of the first network slice. In the possible implementation manner, the AAA server may dynamically adjust the slice control information of the first UE in the authorization procedure of the first network slice, and the AMF network element may dynamically acquire the slice control information of the first UE, thereby improving flexibility of network slice control and user experience.

In a second aspect, a network slice control method is provided, where the method is applied in an authentication, authorization, and accounting AAA server, and the method includes: receiving first information, where the first information includes slice information of a first network slice and a first identity of a first user equipment UE, where the slice information may be used to determine the first network slice, for example, the slice information may be an S-NSSAI or identity information after mapping of the S-NSSAI, and the first identity may be a GPSI, where a network slice to which the first UE is allowed or to be allowed to access includes the first network slice, that is, an allowed NSSAI or a pending NSSAI of the first UE (the first UE is allowed to access after authentication and authorization is required) includes the S-NSSAI of the first network slice; and sending second information to an access and mobility management function (AMF) network element, wherein the second information comprises first slice control information, and the first slice control information is used for controlling the first UE to use the first network slice.

In one possible implementation manner of the second aspect, the method further includes: and when the first slice control information is determined to be changed, sending third information to the AMF network element, wherein the third information comprises second slice control information, and the second slice control information is used for updating information used for controlling the first UE to use the first network slice.

In a possible implementation manner of the second aspect, the network slice that the second UE is allowed or is to be allowed to access includes a first network slice, and when it is determined that the slice control information of the second UE in the first network slice is changed, the third information further includes third slice control information, where the third slice control information is used to update information for controlling the second UE to use the first network slice. In the above possible implementation manner, when the slice control information of multiple UEs is changed, the AAA server may adjust the slice control information of multiple UEs through signaling interaction at a time, thereby reducing the signaling overhead of the AAA server.

In a possible implementation manner of the second aspect, the network slice that the second UE is allowed or is to be allowed to access includes a second network slice, and when it is determined that the slice control information of the second UE in the second network slice is changed, the third information further includes fourth slice control information, and the fourth slice control information is used to update information for controlling the second UE to use the second network slice. In the above possible implementation manner, when the slice control information of multiple UEs is changed, the AAA server may adjust the slice control information of multiple UEs through signaling interaction at a time, thereby reducing the signaling overhead of the AAA server.

In a possible implementation manner of the second aspect, the first information further includes a second identity of the first UE, where the second identity is an identity of the first UE in the first network slice.

In a possible implementation manner of the second aspect, the first information is carried in an authorization request message of the first network slice, and the second information is carried in an authorization response message of the first network slice; or, the first information is carried in the authentication and authorization request message of the first network slice, and the second information is carried in the authentication and authorization response message of the first network slice.

In a third aspect, a network slice control method is provided, which is applied to an authentication and authorization network element, where the authentication and authorization network element may be an AUSF network element, an NEF network element, an NSSAAF network element, or another network element used for authentication and authorization procedures, and the method includes: receiving first information from an access and mobility management function (AMF) network element, wherein the first information includes slice information of a first network slice and a first identity of a first User Equipment (UE), the slice information may be used to determine the first network slice, for example, the slice information may be S-NSSAI or identity information after mapping of the S-NSSAI, the first identity may be GPSI, and a network slice allowing or to be allowed to be accessed by the first UE includes the first network slice, that is, an allowed NSSAI or a pending NSSAI of the first UE (the first UE may be allowed to be accessed after authentication and authorization is required) includes the S-NSSAI of the first network slice; sending first forwarding information to an authentication, authorization, and accounting AAA server, where the first forwarding information includes a first identifier of the first UE and the slice information or conversion information of the slice information, for example, the slice information is S-NSSAI, the first forwarding information includes conversion information of the slice information (i.e., identification information after obtaining S-NSSAI mapping according to S-NSSAI), or the slice information is S-NSSAI, the first forwarding information includes the slice information (i.e., S-NSSAI), or the slice information is identification information after S-NSSAI mapping, and the first forwarding information includes the slice information (identification information after S-NSSAI mapping); receiving second information from the AAA server, wherein the second information comprises first slice control information, and the first slice control information is used for controlling the first UE to use the first network slice; and sending the second information to the AMF network element.

In a possible implementation manner of the third aspect, the method further includes: receiving third information from the AAA server, wherein the third information comprises second slice control information, and the second slice control information is used for updating the use information of the first UE on the first network slice; and sending third forwarding information to the AMF network element, wherein the third forwarding information comprises second slice control information.

In a possible implementation manner of the third aspect, the network slice that the second UE is allowed or is to be allowed to access includes the first network slice, the third information further includes third slice control information, and the third forwarding information further includes third slice control information, where the third slice control information is used to update information for controlling the second UE to use the first network slice.

In a possible implementation manner of the third aspect, the network slice that the second UE is allowed or is to be allowed to access includes a second network slice, the third information further includes fourth slice control information, and the method further includes: and sending fourth forwarding information to an AMF network element serving the second network slice, wherein the fourth forwarding information comprises fourth slice control information, and the fourth slice control information is used for updating information used for controlling the second UE to use the second network slice.

In a possible implementation manner of the third aspect, the first information further includes at least one of the following items; a second identity of the first UE, AAA server identity; wherein the second identifier is an identifier of the first UE in the first network slice; the first forwarding information may further include: a second identity of the first UE.

In a possible implementation manner of the third aspect, the first information is carried in an authorization request message of the first network slice, and the second information sent to the AMF network element is carried in an authorization response message of the first network slice.

In a fourth aspect, a communication apparatus is provided, which is an access and mobility management function AMF network element or a chip built in the AMF network element, and includes: a sending unit, configured to send first information, where the first information includes slice information of a first network slice and a first identifier of a first user equipment UE, and a network slice allowing or to be allowed to be accessed by the first UE includes the first network slice; and the receiving unit is used for receiving second information from the authentication, authorization and accounting AAA server, wherein the second information comprises first slice control information, and the first slice control information is used for controlling the first UE to use the first network slice.

In a possible implementation manner of the fourth aspect, the sending unit is further configured to: and sending the first slice control information to a Unified Data Management (UDM) network element.

In a possible implementation manner of the fourth aspect, the sending unit is further configured to send the first slice control information to a policy control function PCF network element; the receiving unit is further configured to receive authorization slice control information from the PCF network element.

In a possible implementation manner of the fourth aspect, the sending unit is further configured to: and sending authorization slice control information to a Unified Data Management (UDM) network element.

In a possible implementation manner of the fourth aspect, the receiving unit is further configured to: and receiving third information, wherein the third information comprises second slice control information, and the second slice control information is used for updating information for controlling the first UE to use the first network slice.

In a possible implementation manner of the fourth aspect, the network slice that the second UE is allowed or is to be allowed to access includes the first network slice, and the third information further includes third slice control information, where the third slice control information is used to update information for controlling the second UE to use the first network slice.

In a possible implementation manner of the fourth aspect, the apparatus further includes: a processing unit to store information for controlling use of the first network slice by the first UE in a context of the first UE.

In a possible implementation manner of the fourth aspect, the receiving unit is further configured to acquire authorization indication information of a network slice to which the first UE is allowed to access; the processing unit is further configured to determine that the first network slice requires authorization according to the authorization indication information.

In a possible implementation manner of the fourth aspect, the receiving unit is further configured to: acquiring authorization indication information from local; or acquiring subscription information of the first UE from the unified data management UDM network element, wherein the subscription information comprises authorization indication information; or, obtaining authorization indication information from a network slice selection function NSSF network element.

In a possible implementation manner of the fourth aspect, the first information further includes a second identifier of the first UE, where the second identifier is an identifier of the first UE in the first network slice.

In a possible implementation manner of the fourth aspect, the network slice that the first UE is allowed or is to be allowed to access includes at least one network slice, the at least one network slice includes the first network slice, and the receiving unit is further configured to: a second identification of the first UE in each of the at least one network slice is obtained from the first UE.

In a fifth aspect, there is provided a communication apparatus as an authentication, authorization and accounting AAA server or a chip built in the AAA server, the apparatus comprising: a receiving unit, configured to receive first information, where the first information includes slice information of a first network slice and a first identifier of a first user equipment UE, and a network slice allowing or to be allowed to be accessed by the first UE includes the first network slice; a sending unit, configured to send second information to an access and mobility management function (AMF) network element, where the second information includes first slice control information, and the first slice control information is information used to control the first UE to use the first network slice.

In a possible implementation manner of the fifth aspect, the sending unit is further configured to: and when it is determined that the first slice control information is changed, sending third information to the AMF network element, where the third information includes second slice control information, and the second slice control information is used to update information for controlling the first UE to use the first network slice.

In a possible implementation manner of the fifth aspect, the network slice that the second UE is allowed or is to be allowed to access includes a first network slice, and when it is determined that the slice control information of the second UE in the first network slice is changed, the third information further includes third slice control information, where the third slice control information is used to update information for controlling the second UE to use the first network slice.

In a possible implementation manner of the fifth aspect, the network slice that the second UE is allowed or is to be allowed to access includes a second network slice, and when it is determined that the slice control information of the second UE in the second network slice is changed, the third information further includes fourth slice control information, and the fourth slice control information is used to update information for controlling the second UE to use the second network slice.

In a possible implementation manner of the fifth aspect, the first information further includes a second identity of the first UE, where the second identity is an identity of the first UE in the first network slice.

In one possible implementation manner of the fifth aspect, the slice information includes: the single network slice of the first network slice selects the side information S-NSSAI.

In one possible implementation manner of the fifth aspect, the first identifier includes: the generic public user identity GPSI.

In a possible implementation manner of the fifth aspect, the first information is carried in an authorization request message of the first network slice, and the second information is carried in an authorization response message of the first network slice; or, the first information is carried in the authentication and authorization request message of the first network slice, and the second information is carried in the authentication and authorization response message of the first network slice.

In a sixth aspect, a communication apparatus is provided, where the apparatus is used as an authentication and authorization network element or a chip built in the authentication and authorization network element, and the authentication and authorization network element may be an AUSF network element, an NEF network element, a NAASSF network element, or another network element used for authentication and authorization procedures, and the apparatus includes: a receiving unit, configured to receive first information from an access and mobility management function (AMF) network element, where the first information includes slice information of a first network slice and a first identifier of a first User Equipment (UE), and a network slice allowed or to be allowed to be accessed by the first UE includes the first network slice; a sending unit, configured to send first forwarding information to an authentication, authorization, and accounting AAA server, where the first forwarding information includes a first identifier of a first UE and the slice information or conversion information of the slice information; the receiving unit is further configured to receive second information from the AAA server, where the second information includes first slice control information, and the first slice control information is information for controlling the first UE to use the first network slice; and the sending unit is further configured to send the second information to the AMF network element.

In one possible implementation manner of the sixth aspect, the slice information includes: the single network slice of the first network slice selects the side information S-NSSAI.

In a possible implementation manner of the sixth aspect, the first identifier includes: the generic public user identity GPSI.

In a possible implementation manner of the sixth aspect, the receiving unit is further configured to receive third information from the AAA server, where the third information includes second slice control information, and the second slice control information is used to update the usage information of the first network slice by the first UE; the sending unit is further configured to send third forwarding information to the AMF network element, where the third forwarding information includes second slice control information.

In a possible implementation manner of the sixth aspect, the network slice that the second UE is allowed or is to be allowed to access includes the first network slice, the third information further includes third slice control information, and the third forwarding information further includes third slice control information, where the third slice control information is used to update information for controlling the second UE to use the first network slice.

In a possible implementation manner of the sixth aspect, the network slice that the second UE is allowed or is to be allowed to access includes a second network slice, the third information further includes fourth slice control information, and the sending unit is further configured to: and sending fourth forwarding information to an AMF network element serving the second network slice, wherein the fourth forwarding information comprises fourth slice control information, and the fourth slice control information is used for updating information used for controlling the second UE to use the second network slice.

In a possible implementation manner of the sixth aspect, the first information further includes at least one of the following items; a second identity of the first UE, AAA server identity; wherein the second identifier is an identifier of the first UE in the first network slice; the first forwarding information further includes: a second identity of the first UE.

In a possible implementation manner of the sixth aspect, the first information is carried in an authorization request message of the first network slice, and the second information sent to the AMF network element is carried in an authorization response message of the first network slice.

In a seventh aspect, a communication apparatus is provided, which is an access and mobility management function AMF network element or a chip built in the AMF network element, and includes a processor and a communication interface, where the processor is configured to execute a computer program or instructions to enable the apparatus to implement the network slice control method as provided in the first aspect or any possible implementation manner of the first aspect.

In an eighth aspect, a communication apparatus is provided, which is an authentication, authorization and accounting AAA server or a chip built in the AAA server, and includes a processor and a communication interface, where the processor is configured to execute a computer program or instructions to enable the apparatus to implement the network slice control method as provided in the second aspect or any one of the possible implementations of the second aspect.

A ninth aspect provides a communication apparatus, which is an authentication and authorization network element or a chip built in the authentication and authorization network element, where the authentication and authorization network element may be an AUSF network element, an NEF network element, a NAASSF network element, or other network elements used for authentication and authorization processes, and includes a processor and a communication interface, where the processor is configured to execute a computer program or instructions to enable the apparatus to implement the network slice control method provided in the third aspect or any possible implementation manner of the third aspect.

In a tenth aspect, there is provided a communication system comprising: the access and mobile management function AMF network element, the authentication and authorization network element, and the authentication, authorization and accounting AAA server; the AMF network element is any one of the fourth aspect, any possible implementation manner of the fourth aspect, or the AMF network element provided in the seventh aspect, the AAA server is any one of the fifth aspect, any possible implementation manner of the fifth aspect, or the AAA server provided in the eighth aspect, and the authentication and authorization network element is any one of the sixth aspect, any possible implementation manner of the sixth aspect, or the authentication and authorization network element provided in the ninth aspect.

In an eleventh aspect, a network slice control method is provided, and is applied to an access and mobility management function AMF network element or a session management function SMF network element, and the method includes: determining the number of User Equipment (UE) accessed on a network slice and/or the number of Protocol Data Unit (PDU) sessions; and when the first reporting condition is met, sending first information, wherein the first information comprises the UE number and/or the PDU session number.

In the above technical solution, the AMF network element or the SMF network element may send first information, where the first information includes a UE number and/or a PDU session number accessed by a network slice, and the AAA-S may receive the first information, so that the AAA-S may sense a resource usage condition of the network slice, and control a resource of the network slice based on the UE number and/or the PDU session number included in the first information, thereby implementing control of the network slice, and improving flexibility of network slice control and user experience.

In a possible implementation manner of the eleventh aspect, before determining the number of UEs and/or PDU sessions accessed on the network slice, the method further includes: acquiring first configuration information, wherein the first configuration information comprises single network slice selection auxiliary information S-NSSAI of the network slice and authorization indication information, and the authorization indication information is used for indicating whether slice resource control needs to be executed or not. In the possible implementation manner, the AMF network element or the SMF network element may dynamically report the first information in the authorization process of the network slice, and the AAA server may dynamically adjust the configuration information of the network slice, so as to improve flexibility of network slice control and user experience.

In a possible implementation manner of the eleventh aspect, the first configuration information further includes a first reporting condition, and the first reporting condition includes at least one of the following conditions: the UE number reaches a first preset value, the PDU session number reaches a second preset value, the increment of the UE number reaches a third preset value, the increment of the PDU session number reaches a fourth preset value, and the increment of the UE number in a reporting period and a time window reaches a fifth preset value or the increment of the PDU session number in the time window reaches a sixth preset value. In the possible implementation manner, the AMF network element or the SMF network element may be enabled to dynamically report the first information according to the first reporting condition.

In one possible implementation manner of the eleventh aspect, the method further includes: second configuration information is received, the second configuration information being used to control resources of the network slice. In the possible implementation manner, the AAA server may dynamically adjust the configuration information of the network slice through the second configuration information, so as to improve flexibility of network slice control and user experience.

In one possible implementation manner of the eleventh aspect, the second configuration information includes at least one of: a second reporting condition, wherein the number of the remaining UEs accessible to the network slice, the number of the remaining PDU sessions accessible to the network slice, an increase of the number of the UEs reaches a seventh preset value, an increase of the number of the PDU sessions reaches an eighth preset value, and the number of the UEs in the time window reaches a ninth preset value or the increase of the number of the PDU sessions in the time window reaches a tenth preset value; the second reporting condition is used for indicating a condition for reporting the first information of the network slice next time. In the possible implementation manner, the AAA server may dynamically adjust the reporting condition of the first information through the second configuration information.

In a possible implementation manner of the eleventh aspect, when the method is applied to an AMF network element, the sending the first information includes: sending an authorization request message to an authentication authorization network element, wherein the authorization request message comprises first information; correspondingly, receiving second configuration information, including: and receiving an authorization response message sent by the authentication and authorization network element, wherein the authorization response message comprises second configuration information. In the possible implementation manner, the AMF network element may dynamically report the first information in the authorization process of the network slice, and the AAA server dynamically adjusts and controls the network slice, so that flexibility of controlling the network slice and user experience are improved.

In a possible implementation manner of the eleventh aspect, when the method is applied to an SMF network element, the sending the first information includes: sending first information to an AAA server through a UPF network element; correspondingly, receiving second configuration information, including: and receiving the second configuration information from the AAA server through the UPF network element. In the possible implementation manner, the SMF network element may dynamically report the first information, and the AAA server dynamically adjusts and controls the network slice, thereby improving flexibility of controlling the network slice and user experience.

In a twelfth aspect, a network slice control method is provided, which is applied in an authentication, authorization and accounting AAA server, and the method includes: receiving first information, wherein the first information comprises the number of User Equipment (UE) accessed on a network slice and/or the number of Protocol Data Unit (PDU) sessions.

In a possible implementation manner of the twelfth aspect, before receiving the first information, the method further includes: and sending first configuration information, wherein the first configuration information is used for configuring resources of the network slice, and the first configuration information comprises single network slice selection auxiliary information S-NSSAI and authorization indication information of the network slice.

In a possible implementation manner of the twelfth aspect, the first configuration information further includes a first reporting condition of the first information, and the first reporting condition includes at least one of the following conditions: the UE number reaches a first preset value, the PDU session number reaches a second preset value, the increment of the UE number reaches a third preset value, the increment of the PDU session number reaches a fourth preset value, and the increment of the UE number in a reporting period and a time window reaches a fifth preset value or the increment of the PDU session number in the time window reaches a sixth preset value.

In a possible implementation manner of the twelfth aspect, the method further includes: and determining to send second configuration information according to the UE number and/or the PDU session number, wherein the second configuration information is used for controlling the resource of the network slice.

In one possible implementation manner of the twelfth aspect, the second configuration information includes at least one of: a second reporting condition, wherein the number of the remaining UEs accessible to the network slice, the number of the remaining PDU sessions accessible to the network slice, an increase of the number of the UEs reaches a seventh preset value, an increase of the number of the PDU sessions reaches an eighth preset value, and the number of the UEs in the time window reaches a ninth preset value or the increase of the number of the PDU sessions in the time window reaches a tenth preset value; the second reporting condition is used for indicating a condition for reporting the first information of the network slice next time.

In a possible implementation manner of the twelfth aspect, the receiving the first information includes: receiving a first message from an authentication and authorization network element, wherein the first message comprises first information, and the first information is sent to the authentication and authorization network element by an AMF network element through an authorization request message; correspondingly, the sending of the second configuration information includes: and sending a second message to the authentication and authorization network element, wherein the second message comprises second configuration information, so that the authentication and authorization network element sends the second configuration information to the AMF network element through an authorization response message.

In a possible implementation manner of the twelfth aspect, the receiving the first information includes: receiving first information from the SMF through a UPF network element; correspondingly, the sending of the second configuration information includes: and sending the second configuration information to the SMF through the UPF network element.

In a thirteenth aspect, a communication apparatus is provided, where the apparatus is an AMF network element, a chip built in the AMF network element, an SMF network element, or a chip built in the SMF network element, and the apparatus includes: the processing unit is used for determining the number of User Equipment (UE) accessed on a network slice and/or the number of Protocol Data Unit (PDU) sessions; and the sending unit is used for sending first information when the first reporting condition is met, wherein the first information comprises the UE number and/or the PDU session number.

In a possible implementation manner of the thirteenth aspect, the apparatus further includes: a receiving unit, configured to obtain first configuration information, where the first configuration information includes single network slice selection assistance information S-NSSAI of the network slice and authorization indication information, and the authorization indication information is used to indicate whether slice resource control needs to be performed.

In a possible implementation manner of the thirteenth aspect, the first configuration information further includes a first reporting condition, and the first reporting condition includes at least one of the following conditions: the UE number reaches a first preset value, the PDU session number reaches a second preset value, the increment of the UE number reaches a third preset value, the increment of the PDU session number reaches a fourth preset value, and the increment of the UE number in a reporting period and a time window reaches a fifth preset value or the increment of the PDU session number in the time window reaches a sixth preset value.

In a possible implementation manner of the thirteenth aspect, the apparatus further includes: and the receiving unit is used for receiving second configuration information, and the second configuration information is used for controlling the resources of the network slice.

In one possible implementation manner of the thirteenth aspect, the second configuration information includes at least one of: a second reporting condition, wherein the number of the remaining UEs accessible to the network slice, the number of the remaining PDU sessions accessible to the network slice, an increase of the number of the UEs reaches a seventh preset value, an increase of the number of the PDU sessions reaches an eighth preset value, and the number of the UEs in the time window reaches a ninth preset value or the increase of the number of the PDU sessions in the time window reaches a tenth preset value; the second reporting condition is used for indicating a condition for reporting the first information of the network slice next time.

In a possible implementation manner of the thirteenth aspect, when the apparatus is an AMF network element or a chip built in the AMF network element, the sending unit is further configured to: sending an authorization request message to an authentication authorization network element, wherein the authorization request message comprises first information; correspondingly, the receiving unit is further configured to receive an authorization response message sent by the authentication and authorization network element, where the authorization response message includes the second configuration information.

In a possible implementation manner of the thirteenth aspect, when the apparatus is applied to an SMF network element or a chip built in the SMF network element, the sending unit is further configured to send the first information to the AAA server through the UPF network element; correspondingly, the receiving unit is further configured to receive the second configuration information from the AAA server through the UPF network element.

In a fourteenth aspect, a communication apparatus is provided, where the apparatus is an authentication, authorization and accounting AAA server or a chip built in the AAA server, and the apparatus includes: a receiving unit, configured to receive first information, where the first information includes a number of User Equipments (UEs) accessed on a network slice and/or a number of Protocol Data Unit (PDU) sessions.

In a possible implementation manner of the fourteenth aspect, the apparatus further includes: the device comprises a sending unit, a receiving unit and a sending unit, wherein the sending unit is used for sending first configuration information, the first configuration information is used for configuring resources of a network slice, and the first configuration information comprises single network slice selection auxiliary information S-NSSAI and authorization indication information of the network slice.

In a possible implementation manner of the fourteenth aspect, the first configuration information further includes a first reporting condition of the first information, and the first reporting condition includes at least one of the following conditions: the UE number reaches a first preset value, the PDU session number reaches a second preset value, the increment of the UE number reaches a third preset value, the increment of the PDU session number reaches a fourth preset value, and the increment of the UE number in a reporting period and a time window reaches a fifth preset value or the increment of the PDU session number in the time window reaches a sixth preset value.

In a possible implementation manner of the fourteenth aspect, the apparatus further includes: and a sending unit, configured to determine to send second configuration information according to the number of UEs and/or the number of PDU sessions, where the second configuration information is used to control resources of a network slice.

In one possible implementation manner of the fourteenth aspect, the second configuration information includes at least one of: a second reporting condition, wherein the number of the remaining UEs accessible to the network slice, the number of the remaining PDU sessions accessible to the network slice, an increase of the number of the UEs reaches a seventh preset value, an increase of the number of the PDU sessions reaches an eighth preset value, and the number of the UEs in the time window reaches a ninth preset value or the increase of the number of the PDU sessions in the time window reaches a tenth preset value; the second reporting condition is used for indicating a condition for reporting the first information of the network slice next time.

In a possible implementation manner of the fourteenth aspect, the receiving unit is further configured to: receiving a first message from an authentication and authorization network element, wherein the first message comprises first information, and the first information is sent to the authentication and authorization network element by an AMF network element through an authorization request message; correspondingly, the sending unit is further configured to: and sending a second message to the authentication and authorization network element, wherein the second message comprises second configuration information, so that the authentication and authorization network element sends the second configuration information to the AMF network element through an authorization response message.

In a possible implementation manner of the fourteenth aspect, the receiving unit is further configured to: receiving first information from the SMF through a UPF network element; correspondingly, the sending unit is further configured to: and sending the second configuration information to the SMF through the UPF network element.

A fifteenth aspect provides a communications apparatus, which, as an access and mobility management function, AMF, network element, a chip built in an AMF, session management function, SMF, network element, or a chip built in an SMF, network element, comprising a processor and a communications interface, the processor being configured to execute a computer program or instructions to cause the apparatus to implement the network slice control method as provided in the eleventh aspect or any one of the possible implementations of the eleventh aspect.

In a sixteenth aspect, a communication apparatus is provided, which includes a processor and a communication interface as an authentication, authorization and accounting AAA server or a chip built in the AAA server, the processor being configured to execute a computer program or instructions to cause the apparatus to implement the network slice control method as provided in the twelfth aspect or any one of the possible implementations of the twelfth aspect.

In a seventeenth aspect, a communication system is provided, which includes: access and mobility management function AMF network element/session management function SMF network element, authentication, authorization and accounting AAA server; wherein, the AMF network element/SMF network element is any one of the thirteenth aspect, any one of the possible implementations of the thirteenth aspect, or the communication apparatus provided by the fifteenth aspect; the AAA server is the communication device provided in the fourteenth aspect, any possible implementation manner of the fourteenth aspect, or the sixteenth aspect.

In another aspect of the present application, a readable storage medium is provided, which has instructions stored therein, and when the readable storage medium is executed on a device, the readable storage medium causes the device to execute the network slice control method as provided in the first aspect or any one of the possible implementations of the first aspect.

In another aspect of the present application, a readable storage medium is provided, which has instructions stored therein, and when the readable storage medium is run on a device, the readable storage medium causes the device to execute the network slice control method as provided by the second aspect, or any one of the possible implementations of the second aspect.

In another aspect of the present application, a readable storage medium is provided, which has instructions stored therein, and when the readable storage medium is run on a device, the readable storage medium causes the device to execute the network slice control method as provided in the third aspect or any one of the possible implementations of the third aspect.

In another aspect of the present application, there is provided a computer program product comprising instructions that, when run on a device, cause the device to perform the network slice control method as provided by the first aspect, or any one of its possible implementations.

In another aspect of the present application, there is provided a computer program product comprising instructions that, when run on a device, cause the device to perform the network slice control method as provided by the second aspect, or any one of the possible implementations of the second aspect.

In another aspect of the present application, there is provided a computer program product comprising instructions that, when run on a device, cause the device to perform the network slice control method as provided in the third aspect, or any one of the possible implementations of the third aspect.

In another aspect of the present application, a readable storage medium is provided, which has instructions stored therein, and when the readable storage medium is run on a device, the readable storage medium causes the device to execute the network slice control method as provided in the eleventh aspect or any one of the possible implementations of the eleventh aspect.

In another aspect of the present application, a readable storage medium is provided, which has stored therein instructions, which when run on a device, cause the device to execute a network slice control method as provided by the twelfth aspect, or any one of its possible implementations.

In another aspect of the present application, there is provided a computer program product comprising instructions that, when run on a device, cause the device to perform the network slice control method as provided in the eleventh aspect, or any one of the possible implementations of the eleventh aspect.

In another aspect of the present application, there is provided a computer program product comprising instructions that, when run on a device, cause the device to perform the network slice control method as provided by the twelfth aspect, or any one of the possible implementations of the twelfth aspect.

It should be noted that, for the beneficial effects of the second aspect to the tenth aspect and various possible implementation manners of the second aspect in the present application, reference may be made to analysis of the beneficial effects of the first aspect and various possible implementation manners of the first aspect, and for the beneficial effects of the twelfth aspect to the seventeenth aspect and various possible implementation manners of the second aspect in the present application, reference may be made to analysis of the beneficial effects of the eleventh aspect and various possible implementation manners of the eleventh aspect, which is not described herein again.

Drawings

Fig. 1 is a schematic structural diagram of a communication system according to an embodiment of the present application;

fig. 2 is a schematic flowchart of a first network slice control method according to an embodiment of the present application;

fig. 3 is a schematic flowchart of a second network slice control method according to an embodiment of the present application;

fig. 4 is a diagram illustrating a third information transmission according to an embodiment of the present application;

fig. 5 is a flowchart illustrating a third network slice control method according to an embodiment of the present application;

fig. 6 is a schematic flowchart of a fourth network slice control method according to an embodiment of the present application;

fig. 7 is a schematic flowchart of a fifth network slice control method according to an embodiment of the present application;

fig. 8 is a flowchart illustrating a sixth network slice control method according to an embodiment of the present application;

fig. 9 is a schematic structural diagram of an AMF network element according to an embodiment of the present application;

fig. 10 is a schematic structural diagram of another AMF network element according to an embodiment of the present application;

fig. 11 is a schematic structural diagram of an authentication and authorization network element according to an embodiment of the present application;

fig. 12 is a schematic structural diagram of another authentication and authorization network element provided in an embodiment of the present application;

fig. 13 is a schematic structural diagram of an AAA-S network element according to an embodiment of the present application;

fig. 14 is a schematic structural diagram of another AAA-S provided in the embodiment of the present application.

Detailed Description

In the present application, "at least one" means one or more, "a plurality" means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone, wherein A and B can be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of the singular or plural items. For example, at least one (one) of a, b, or c, may represent: a. b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c can be single or multiple. In addition, in the embodiments of the present application, the words "first", "second", and the like do not limit the number and the execution order.

It is noted that, in the present application, words such as "exemplary" or "for example" are used to mean exemplary, illustrative, or descriptive. Any embodiment or design described herein as "exemplary" or "e.g.," is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word "exemplary" or "such as" is intended to present concepts related in a concrete fashion.

In order to facilitate understanding of the technical solutions of the embodiments of the present application, a brief description of the related art of the present application is first given as follows:

network Slice (NS), which may also be referred to as a slice network or simply as a slice, refers to customizing different logical networks according to service requirements of services of different tenants (tenants) on a physical or virtual network infrastructure. The network slice may be a complete end-to-end network including a User Equipment (UE), an access network, a transmission network, a core network, and a service server, or a complete end-to-end network including only a core network but supplemented with a UE, an access network, a transmission network, and a service server, which can provide a complete communication service and has a certain network capability, and may be a communication resource that ensures that a bearer service or a service can meet a service level agreement, or may be considered as a combination of a network function and a communication resource that is required to complete a certain communication service or certain communication services. A network slice may be identified by single network slice selection assistance information (S-NSSAI). The S-NSSAI is composed of a slice/service type (SST) and a slice differentiation identifier (SD). Wherein SST and SD may be defined by a standard or customized by an operator; SD is optional information that supplements SST to distinguish multiple network slices of the same SST, such as may be used to characterize the affiliation of a network slice. 23.501 the types and roles of NSSAI as defined in the Standard are shown in Table 1 below.

TABLE 1

In addition, after the introduction of slice authentication and authorization, there is also a type of NSSAI to be allowed (which may be referred to as a pending NSSAI), which may also be referred to as an NSSAI requiring authentication and authorization or an NSSAI to be processed. The pending NSSAI may be included in an allowed NSSAI after the pending NSSAI is authorized by the authentication, i.e., the UE may be allowed to access the pending NSSAI after the pending NSSAI is authorized by the authentication.

Protocol Data Unit (PDU) session (session): an association between the UE and a data network provides a PDU connect service. Within a communication system, such as a 5G network or a 5G communication system, a PDU session may contain one or more quality of service (QoS) flows. A QoS flow refers to a data transmission channel of a UE in the communication system (e.g., in a 5G network or a 5G communication system) that meets a specific QoS quality requirement, and may be identified by a QoS Flow Identity (QFI). On the UE and network side, a PDU session may contain the following attribute information: a Data Network Name (DNN), address information (e.g., an Internet Protocol (IP) address, a Media Access Control (MAC) address, etc.), S-NSSAI, a Service and Session Continuity (SSC) pattern, etc. A PDU session is typically identified by a PDU session identity, which may be assigned by the UE.

The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.

Fig. 1 is a schematic diagram of a communication system architecture according to an embodiment of the present application. As shown in fig. 1, the communication system includes: UE, radio access network (RAN/AN) and core network. Further, the communication system may further include a Data Network (DN), where the DN may refer to a service network providing data transmission service for the user, such as an IP Multimedia Service (IMS), an internet (internet), and the like.

The UE may be a Terminal Equipment (TE), a handheld terminal, a notebook, a subscriber unit (subscriber unit), a cellular phone (cellular phone), a smart phone (smart phone), a wireless data card, a Personal Digital Assistant (PDA) computer, a tablet computer, a vehicle terminal, a wearable device, a wireless modem (modem), a handheld device (hand held), a laptop computer (laptop computer), a cordless phone (cordless phone), a Wireless Local Loop (WLL) station, a Machine Type Communication (MTC) terminal, or other devices that can access a network. The UE and the access network equipment adopt a certain air interface technology to communicate with each other.

In addition, the access network is used to implement radio access related functions, and may include a 3rd generation partnership project (3 GPP) access network and a non-3GPP access network. The access network device may refer to a device providing access service for the UE, and includes a RAN device and AN device. The RAN device is mainly a wireless network device in a 3GPP network, and the AN may be AN access network device defined by non-3 GPP. The RAN device is mainly responsible for functions of radio resource management, quality of service (QoS) management, data compression and encryption, and the like on the air interface side. The RAN equipment may include various forms of base stations, such as: macro base stations, micro base stations (also referred to as small stations), relay stations, access points, etc. In systems using different radio access technologies, the names of devices with base station functionality may be different, for example, in a fifth generation (5G) system, referred to as RAN or gNB (5G NodeB); in an LTE system, referred to as an evolved node B (eNB or eNodeB); in the third generation (3G) system, the node b is called node b (node b). The AN device allows interworking between the UE and the 3GPP core network using non-3GPP technologies, such as: wireless fidelity (Wi-Fi), Worldwide Interoperability for Microwave Access (WiMAX), Code Division Multiple Access (CDMA) networks, and the like.

Furthermore, the core network may include the following logical network elements: a Session Management Function (SMF) network element, an access and mobility management Function (AMF) network element, an authentication server Function (AUSF) network element, a User Plane Function (UPF) network element, an Application Function (AF) network element, a Unified Data Management (UDM) network element, a Policy Control Function (PCF) network element, a network storage Function (NRF) network element, a network open Function (NEF) network element, and a Network Slice Selection Function (NSSF) network element, etc. The functions of different core network elements are described below, and specifically shown below.

SMF network element: a core network control plane network element, which is mainly responsible for session management in the mobile network, such as session establishment, modification and release; the specific functions include allocating an IP address to a user, selecting a UPF providing a message forwarding function, and the like.

AMF network element: the core network control plane network element is mainly responsible for mobility management in a mobile network, such as user location update, user registration network, user handover, and the like.

AUSF network element: the core network control plane network element is a control plane network element provided by an operator, and is used for performing authentication, for example, for performing authentication of a subscriber of the 3GPP network.

UPF network element: the core network user plane network element is used for forwarding and receiving user data in the UE, receiving the user data from the DN and transmitting the user data to the UE through the access network equipment; the UPF network element may also receive user data from the UE via the access network device and forward the user data to the DN.

AF network element: mainly supports the interaction with the 3GPP core network to provide services, such as influencing data routing decision, strategy control function or providing some services of a third party to the network side.

UDM network element: the core network control plane network element is used for storing user subscription data, generating an authentication trust shape, processing a user identifier (for example, storing and managing a user permanent identity, and the like), accessing authorization control, subscription data management, and the like.

PCF network element: the core network control plane network element mainly supports providing a unified strategy framework to control network behaviors, provides strategy rules for a control layer network function, and is responsible for acquiring user subscription information related to strategy decision.

NRF network element: and the core network control plane network element is used for supporting the service discovery function and also used for maintaining the information of the available network function network elements and the services supported by the network function network elements.

NEF network element: and the core network control plane network element is mainly used for being responsible for the external opening of the mobile network capability.

NSSF network element: the core network control plane network element is mainly used for a slicing service of 5G, for example, is responsible for selecting a target Network Slice Instance (NSI). Optionally, the NSSF network element may also be replaced with a Network Slice Specific Authentication and Authorization Function (NSSAAF) network element.

Optionally, in order to implement the functions related to authentication and authorization for the slice, a network slice-specific authentication and authorization function (nsaaf) network element may be introduced.

In the communication system shown in fig. 1, the UE may communicate with the AMF network element through an N1 interface, the r (an) device may communicate with the AMF network element through an N2 interface, the r (an) device may communicate with the UPF network element through an N3 interface, and the UPF network element may communicate with the DN through an N4 interface. In addition, the network elements in the core network may communicate through a service interface, for example, the service interface may include: n is a radical of_NSSFInterface, N_nefInterface, N_nrfInterface, N_pcfInterface, N_udmInterface, N_afInterface, N_ausfInterface, N_AMFInterface and N_nsmInterfaces, etc. It will be appreciated that in the communication system shown in fig. 1 described above, the functions and interfaces of the network elements are only exemplary,not all of the functionality of the various network elements is necessary when applied to embodiments of the present application.

Further, in the present application, the communication system may further include: an Authentication Authorization and Accounting (AAA) server, which may also be referred to as AAA-S. The AAA-S may communicate with the AMF network element through an intermediate network element supporting the AAA-S to communicate with the AMF network element, where the intermediate network element may be an AUSF network element, a NEF network element, an NSSAAF network element, or other network elements used for authentication and authorization procedures, etc. Optionally, the communication system may further include: authentication authorization and accounting proxy (AAA-P). When the AAA-S communicates with the AMF network element, the AAA-S can communicate with the AAA-P first, and the AAA-P sends the communication information of the AAA-S to the AMF network element through an AUSF network element, an NEF network element or an NSSAAF network element and other intermediate network elements; similarly, the AMF network element sends the communication information to the AAA-P through an intermediate network element such as an AUSF network element, an NEF network element, or an NSSAAF network element, and the AAA-P sends the communication information to the AAA-S.

Fig. 2 is a flowchart illustrating a network slice control method according to an embodiment of the present application, where the method is applicable to the communication system described in fig. 1, and the method includes the following steps.

S201: the AMF network element sends first information so that the AAA-S receives the first information, wherein the first information comprises slice information of a first network slice and a first identifier of a first UE, and the network slice which is allowed or to be allowed to be accessed by the first UE comprises the first network slice.

The slice information of the first network slice may be used to identify, select or determine the first network slice, for example, the slice information may be S-NSSAI of the first network slice, or the slice information may be S-NSSAI mapped identification information of the first network slice, and the mapped identification may be referred to as a mapping identification used for identifying the network slice by an external network or a third-party network, and may also be referred to as a slice external identification. The first identity of the first UE may be used to identify the first UE in the entire communication system, for example, the first identity of the first UE may be a general public user identity (GPSI) of the first UE.

In addition, the network slice (allowed NSSAI) to which the first UE is allowed to access may include at least one network slice, i.e., the allowed NSSAI may include one or more S-NSSAIs. The at least one network may include a first network slice, and the first network slice may be a network slice of the at least one network that requires authorization. Alternatively, the network slice (pending NSSAI may also be referred to as an NSSAI requiring authentication and authorization or an NSSAI to be processed) to which the first UE is to be allowed to access may include at least one network slice, i.e., the pending NSSAI may include one or more S-NSSAIs. The at least one network slice may include a first network slice. The pending NSSAI may be included in an allowed NSSAI after the pending NSSAI is authorized by the authentication, i.e., the UE may be allowed to access the pending NSSAI after the pending NSSAI is authorized by the authentication. The allowed and to-be-allowed NSSAI is a network slice temporarily allowing the first UE to access, wherein if the network slice contained in the allowed and to-be-allowed NSSAI needs authentication and authorization, the network slice is a slice waiting for processing, and the network slice can allow the UE to access only after the authentication and authorization passes; otherwise, the UE is not allowed to access.

Further, the AMF network element may be an AMF network element serving the first UE. In this embodiment of the present application, the AMF network element may also be replaced by another network element capable of initiating a network slice control procedure, which is not specifically limited in this embodiment of the present application.

Specifically, when the AMF network element determines that the first network slice needs authorization, the AMF network element may send first information to the authentication and authorization network element in an authorization procedure of the first network slice (that is, the first information may be carried in an authorization request message), or send first information to the authentication and authorization network element in an authentication and authorization procedure of the first network slice (that is, the first information may be carried in an authentication and authorization request message), where the first information may include the S-nsai of the first network slice and the GPSI of the first UE. When the authentication and authorization network element receives the first information, the authentication and authorization network element may send first forwarding information to the AAA-S, where the first forwarding information may include the S-NSSAI of the first network slice and the GPSI of the first UE, or the first forwarding information includes the mapping identifier of the first network slice and the GPSI of the first UE, and the first forwarding information may be information equivalent to the first information, so that the first forwarding information may also be replaced with or referred to as the first information. Optionally, when the authentication and authorization network element cannot directly communicate with the AAA-S, the authentication and authorization network element may send the first forwarding information to the AAA-P, and when the AAA-P receives the first forwarding information, the AAA-P may send the first forwarding information to the AAA-S. Optionally, if the AAA-S manages only one network slice, the first information or the first forwarding information received by the AAA-S may also not include slice information of the first network slice, for example, the first information does not include S-NSSAI of the first network slice.

It should be noted that, the authentication and authorization network element in the embodiment of the present application may be any network element having an authentication and authorization function and capable of supporting the communication between the AMF network element and the AAA-S, for example, the authentication and authorization network element may be an AUSF network element, an NEF network element, or an NSSAAF network element, and the embodiment of the present application does not specifically limit this.

In a possible embodiment, the first information may further include a second identity of the first UE in the first network slice, and the second identity may be used to identify the first UE in the first network slice, for example, the second identity of the first UE may be a slice-specific identity (slice-specific ID) of the first UE in the first network slice. The second identifier of the first UE may be obtained by the AMF network element from the first UE, and when there are multiple network slices that need authorization in at least one network slice that the first UE is allowed to access, the AMF network element may obtain the second identifier of the first UE in the multiple network slices that need authorization from the first UE at one time, or obtain one or more second identifiers from the first UE at each time, and obtain the second identifier of the first UE in the multiple network slices that need authorization through multiple obtaining processes.

In another possible embodiment, the first information sent by the AMF network element to the authentication and authorization network element may further include an identifier of AAA-S, where the identifier of AAA-S may be used for the authentication and authorization network element to address AAA-S; when the authentication and authorization network element cannot directly communicate with the AAA-S, the first forwarding information sent by the authentication and authorization network element to the AAA-P may also include an identifier of the AAA-S, and the identifier of the AAA-S may be used for the AAA-P to address the AAA-S. The first information or first forwarding information received by the AAA-S may not include the identity of the AAA-S.

Specifically, when the AAA-S receives the first information, the AAA-S may perform an authorization check based on the first information and determine the first slice control information. Specifically, when the first information includes slice information of the first network slice and a first identity of the first UE, the AAA-S may determine the first network slice according to the slice information of the first network slice, so as to perform an authorization check on the first network slice according to the first identity of the first UE; when the first information further includes the second identity of the first UE, the AAA-S may further perform an authorization check on the first network slice according to the second identity of the first UE.

Further, the determining, by the AMF network element, that the first network slice requires authorization may include: the AMF network element obtains authorization indication information of a network slice allowing the first UE to access, where the authorization indication information may be used to indicate whether at least one network slice allowing the first UE to access needs authorization, so that the AMF network element may determine that the first network slice needs authorization according to the authorization indication information, that is, the first network slice is a network slice that needs authorization. Wherein, the AMF network element may obtain the authorization indication information locally; or, the AMF network element obtains the authorization indication information when obtaining the subscription information of the first UE, for example, the AMF network element obtains the subscription information of the first UE from the UDM network element, where the subscription information includes the authorization indication information; or, when the authorization indication information is stored in the NSSF network element, the AMF network element may further obtain the authorization indication information from the NSSF network element.

S202: and the AAA-S sends second information so that the AMF network element receives the second information, wherein the second information comprises first slice control information, and the first slice control information is used for controlling the first UE to use the first network slice.

Here, the first slice control information may also be referred to as UE-granular slice control information. For example, the first slice control information may include at least one of: slice aggregation maximum bit rate (slice-AMBR), slice maximum flow bit rate (slice-MFBR), slice guaranteed flow bit rate (slice-GFBR), AMBR (slice-UE-AMBR) of a first UE on a slice, and maximum PDU session number of the first UE on a slice. Wherein. slice-AMBR for controlling a maximum aggregated bit rate of non-GBR QoS flow on a slice of the UE. Slice maximum traffic bit rate (slice-MFBR) for controlling the maximum aggregate bit rate of the GBR QoS flow. An AMBR (slice-UE-AMBR) of a first UE on a slice, for controlling a maximum aggregated bit rate of non-GBR QoS flow and GBR QoS flow on the slice of the UE. GBR is an abbreviation for guaranteed bit rate, english guaranteed bit rate.

Specifically, the AAA-S may send the second information to the authentication and authorization network element, or the AAA-S sends the second information to the authentication and authorization network element through AAA-P, where the second information may include the first slice control information; optionally, the second information may further include an S-NSSAI of the first network slice or an external identification of the first network slice. When the authentication and authorization network element receives the second information, the authentication and authorization network element may send second forwarding information to the AMF network element, where the second forwarding information may include the first slice control information; optionally, if the second information includes the S-NSSAI of the first network slice, the second forwarding information may further include the S-NSSAI of the first network slice. If the second information includes the external identifier of the first network slice, the second forwarding information may further include the external identifier of the first network slice or the S-NSSAI of the first network slice, the S-NSSAI being determined according to the external identifier. The second forwarding information may be information equivalent to the second information, and thus the second forwarding information may also be replaced with or referred to as the second information. For example, in the authorization flow of the first network slice, the authentication and authorization network element may send an authorization response message to the AMF network element, where the authorization response message includes the second forwarding information; or, for example, in the authentication and authorization flow of the first network slice, the authentication and authorization network element may send an authentication and authorization response message to the AMF network element, where the authentication and authorization response message includes the second forwarding information.

In one possible embodiment, when the AMF network element receives the second information, the AMF network element may store the first slice control information included in the second information in a context of the first UE. In another possible embodiment, the AMF network element may send the first slice control information to the UDM network element, and when the UDM network element receives the first slice control information, the UDM network element may store the first slice control information, for example, the UDM stores the first slice control information in context information of the first UE. Optionally, the AMF network element may further send the second slice control information to the RAN device or the AN device.

In yet another possible embodiment, the AMF network element sends the first slice control information to the PCF network element, and the PCF network element may send authorization slice control information to the AMF network element, where the authorization slice control information is authorized information for controlling the first UE to use the first network slice, and the authorization slice control information may be the same as the first slice control information or different from the first slice control information. Further, when the AMF network element receives the authorization slice control information, the AMF network element stores the authorization slice control information in context information of the first UE. In addition, the AMF network element may further send the authorization slice control information to the UDM network element, so that the UDM network element stores the authorization slice control information.

In the embodiment of the application, the AMF network element reports the first information to the AAA-S, and the AAA-S issues the first slice control information according to the first information, where the first slice control information is information for controlling the first UE to use the first network slice, so that the AAA-S can reasonably allocate the slice control information to the first UE, and the AMF network element can dynamically acquire the slice control information of the first UE, thereby improving flexibility of network slice control and user experience.

Further, as shown in fig. 3, the method further includes: and S203.

S203: and when the AAA-S determines that the first slice control information is changed, the AAA-S sends third information so that the AMF network element receives the third information, wherein the third information comprises second slice control information, and the second slice control information is used for updating information used for controlling the first UE to use the first network slice.

The AAA-S may send the third information to the authentication and authorization network element, or the AAA-S sends the third information to the authentication and authorization network element through AAA-P, where the third information may include second slice control information; optionally, the third information may further include a first identity of the first UE (e.g., GPSI), and/or slice information of the first network slice (e.g., S-NSSAI, or slice external identity). When the authentication and authorization network element receives the third information, the authentication and authorization network element may send third forwarding information to the AMF network element, where the third forwarding information may include second slice control information, and the third forwarding information may be information equivalent to the third information, and thus the third forwarding information may also be replaced with or referred to as third information. For example, the authentication and authorization network element may send an authorization notification message to the AMF network element, where the authorization notification message includes the third forwarding information.

Optionally, the network slice allowed or to be allowed to be accessed by the second UE includes the first network slice, and when the AAA-S determines that the slice control information of the second UE in the first network slice is changed, the third information further includes third slice control information, where the third slice control information is used to update information for controlling the second UE to use the first network slice.

Optionally, the network slice that the second UE is allowed or is to be allowed to access includes a second network slice, and when the AAA-S determines that the slice control information of the second UE in the second network slice is changed, the third information further includes fourth slice control information, and the fourth slice control information is used to update information for controlling the second UE to use the second network slice. At this time, if the AMF network element serving the first UE is the same as the AMF network element serving the second UE, the third forwarding information sent by the authentication and authorization network element to the AMF network element may further include fourth slice control information; if the AMF network element serving the first UE is different from the AMF network element serving the second UE, the authentication authorization network element may send the fourth slice control information to the AMF network element serving the second UE, and the third forwarding information sent to the AMF network element serving the first UE does not include the fourth slice control information.

Illustratively, as shown in fig. 4, the method includes: S1-S3 b.

S1, AAA-S determines that slice control information of a plurality of UEs is changed, and in FIG. 4, the plurality of UEs including UE1, UE2, UE3 and UE4, AMF network elements serving UE1 and UE2 are AMF1 network elements, AMF2 network elements serving UE3 and UE4 are AMF2 network elements, and AAA-S directly communicates with an authentication authorization network element for example;

s2, the AAA-S sends a first AAA protocol message to an authentication and authorization network element, wherein the first AAA protocol message comprises third information, and the third information comprises a slice control information list of a plurality of UEs, for example, the slice control information list comprises { GPSI _1, S-NSSAI _1, slice control information 1} corresponding to UE1, { GPSI _2, S-NSSAI _2, slice control information 2} corresponding to UE2, { GPSI _3, S-NSSAI _3, slice control information 3} corresponding to UE3, and { GPSI _4, S-NSSAI _4, slice control information 4} corresponding to UE 4;

the authentication and authorization network element sends a first authorization notification message to an AMF1 network element, wherein the first authorization notification message comprises { GPSI _1, S-NSSAI _1, slice control information 1} and { GPSI _2, S-NSSAI _2, slice control information 2 };

and S3b, the authentication and authorization network element sends a second authorization notification message to the AMF2 network element, wherein the second authorization notification message comprises { GPSI _3, S-NSSAI _3, slice control information 3} and { GPSI _4, S-NSSAI _4, slice control information 4 }.

When the AMF1 network element receives the first grant notification message and the AMF2 network element receives the first grant notification message, the AMF1 network element and the AMF2 network element may update the slice control information of the UE, respectively, and perform subsequent actions.

It should be noted that the slice control information list sent by the AAA-S may also be in other formats, for example, the slice control information of different UEs in the same network slice may be located in one piece of information in the slice control information list, or the slice control information of the same UE in different network slices may be located in one piece of information in the slice control information list, or the arrangement order of different pieces of information of the same UE may also be different, and the like, which is not limited in this embodiment of the present application. For example, the slice control information of the UE1 and the UE2 on the same network slice may be represented as S-NSSAI _ 1: GPSI1, slice control information 1; GPSI2, slice control information 2 }; alternatively, the slice control information for the UE1 on different network slices may be represented as { GPSI 1: S-NSSAI _1, slice control information 1; S-NSSAI _2, slice control information 2 }.

In one possible implementation, when the AMF network element receives the third information, the AMF network element updates the previously stored first slice control information or authorized slice control information using the second slice control information in the third information, e.g., the AMF network element deletes the first slice control information or authorized slice control information in the context of the first UE and stores the second slice control information in the context of the first UE. Optionally, when the third information further includes third slice control information, the AMF network element may further store the third slice control information in the context of the second UE, or update the previously stored slice control information of the second UE in the context of the second UE using the third slice control information.

In another possible implementation, the AMF network element may further send the second slice control information to the UDM network element, so that the UDM network element updates the first slice control information of the subscription information of the first UE. In yet another possible embodiment, the AMF network element sends the second slice control information to the PCF network element, so that the PCF network element performs an authorization check on the second slice control information. Optionally, the AMF network element may further send the second slice control information to the RAN device or the AN device.

Further, the network slice control method provided in the embodiment of the present application may also be applied to a scenario where an AMF network element serving the first UE is switched, that is, the AMF network element serving the first UE is switched from a source AMF network element to a target AMF network element. Specifically, when the AMF network element serving the first UE is handed over, the source AMF network element may send the context of the first UE to the target AMF network element, and the target AMF network element performs the steps of the AMF network element in this embodiment.

In the above flow, the slice identifier may be mapped to a new identifier by the intermediate network element in the transmission process or the received identifier may be directly used, which is not specifically limited in the embodiment of the present application.

For ease of understanding, the following takes implementation of network slice control in an authorization flow of a first network slice and an authentication authorization flow of the first network slice as an example, and the scheme provided by the embodiment of the present application is specifically illustrated in fig. 5 and fig. 6 as follows. The following example illustrates an example where the authentication and authorization network element communicates with the AAA-S via the AAA-P.

Fig. 5 is a schematic diagram illustrating an implementation of network slice control in an authorization process of a first network slice according to an embodiment of the present application. Specifically, the method comprises the following steps: S01-S11.

S01, the first UE sends a registration request (registration request) message to an AMF network element;

s02, when the AMF network element receives a registration request message, the AMF network element acquires authorization indication information of a network slice allowing the first UE to access from a local network, a UDM network element or a NSSF network element;

s03, the AMF network element determines that the first network slice needs to be authorized according to the authorization indication information;

s04 (this step is an optional step), the AMF network element obtains, from the first UE, a second identifier of the first UE in the first network slice;

s05, the AMF network element sends an authorization request (authorization request) message to an authentication authorization network element, where the authorization request message includes first information, where the first information may include a GPSI of the first UE and an S-NSSAI of the first network slice, and optionally, the first information further includes a second identifier of the first UE;

s06, when the authentication and authorization network element receives the authorization request message, the authentication and authorization network element sends a first AAA protocol message to AAA-P, wherein the first AAA protocol message comprises first information;

s07, when the AAA-P receives the first AAA protocol message, the AAA-P sends a second AAA protocol message to the AAA-S, wherein the second AAA protocol message comprises first information;

s08, when the AAA-S receives a second AAA protocol message, the AAA-S sends a third AAA protocol message to the AAA-P, wherein the third AAA protocol message comprises second information, and the second information comprises first slice control information;

s09, when the AAA-P receives a third AAA protocol message, the AAA-P sends a fourth AAA protocol message to the authentication and authorization network element, wherein the fourth AAA protocol message comprises second information;

s10, when the authentication and authorization network element receives the fourth AAA protocol message, the authentication and authorization network element sends an authorization response (authorization response) message to the AMF network element, wherein the authorization response message comprises second information;

and S11, when the AMF network element receives the authorization response message, the AMF network element can store the first slice control information included in the second information and execute subsequent actions.

Further, the method may further include: S12-S15.

S12, when the AAA-S determines that the first slice control information is changed, the AAA-S sends a fifth AAA protocol message to the AAA-P, wherein the fifth AAA protocol message comprises third information, and the third information comprises second slice control information;

s13, the AAA-P sends a sixth AAA protocol message to the authentication and authorization network element, wherein the sixth AAA protocol message comprises third information;

s14, when the authentication and authorization network element receives the sixth AAA protocol message, the authentication and authorization network element sends an authorization notification (authorization notification) message to the AMF network element, wherein the authorization notification message comprises third information;

and S15, when the AMF network element receives the authorization notification message, the AMF network element can store third information, namely update the first slice control information by using second slice control information included in the third information, and execute subsequent actions.

Fig. 6 is a schematic diagram illustrating an implementation of network slice control in an authentication and authorization process of a first network slice according to an embodiment of the present application. Specifically, the method comprises the following steps:

s20, the AMF network element determines that the first network slice needs to execute an authentication and authorization process;

s21, the AMF network element sends a first non-access stratum (NAS) Mobile Management (MM) transmission message to the first UE, wherein the first NAS MM transmission message comprises an Extended Authentication Protocol (EAP) ID request (namely information for requesting EAP ID) and S-NSSAI of a first network slice;

s22, when the first UE receives the first NAS MM transmission message, the first UE sends a second NAS MM transmission message to the AMF network element, wherein the second NAS MM transmission message comprises an EAP ID response (namely information for responding to the EAP ID request) and S-NSSAI of the first network slice;

s23, the AMF network element sends a first authentication request message to an authentication authorization network element, wherein the first authentication request message comprises information A, and the information A comprises an EAP ID response, a GPSI of the first UE and an S-NSSAI of the first network slice;

s24, when the authentication and authorization network element receives a first authentication request message, the authentication and authorization network element sends a first AAA protocol message to AAA-P, wherein the first AAA protocol message comprises an EAP ID response, a GPSI and an S-NSSAI;

s25, when the AAA-P receives the first AAA protocol message, the AAA-P sends a second AAA protocol message to the AAA-S, wherein the second AAA protocol message comprises an EAP ID response, a GPSI and an S-NSSAI;

s26, when the AAA-S receives a second AAA protocol message, the AAA-S sends a third AAA protocol message to the AAA-P, wherein the third AAA protocol message comprises information B, and the information B comprises S-NSSAI, GPSI and EAP information;

s27, when the AAA-P receives a third AAA protocol message, the AAA-P sends a fourth AAA protocol message to the authentication and authorization network element, wherein the fourth AAA protocol message comprises S-NSSAI, GPSI and EAP information;

s28, when the authentication and authorization network element receives the fourth AAA protocol message, the authentication and authorization network element sends a first authentication response message to the AMF network element, wherein the first authentication response message comprises S-NSSAI, GPSI and EAP information;

s29, when the AMF network element receives the first authentication response message, the AMF network element sends a third NAS MM transmission message to the first UE, wherein the third NAS MM transmission message comprises S-NSSAI and EAP information;

s30, the first UE sends a fourth NAS MM transmission message to the AMF network element, wherein the fourth NAS MM transmission message comprises S-NSSAI and EAP information;

s31, the AMF network element sends a second authentication request message to an authentication authorization network element, wherein the second authentication request message comprises first information, and the first information comprises EAP ID information, GPSI and S-NSSAI;

s32, when the authentication and authorization network element receives the second authentication request message, the authentication and authorization network element sends a fifth AAA protocol message to the AAA-P, wherein the fifth AAA protocol message comprises the first information;

s33, when the AAA-P receives the fifth AAA protocol message, the AAA-P sends a sixth AAA protocol message to the AAA-S, wherein the sixth AAA protocol message comprises the first information;

s34, when the AAA-S receives a six AAA protocol message, the AAA-S sends a seventh AAA protocol message to the AAA-P, wherein the seventh AAA protocol message comprises second information, the second information comprises EAP success (success) information and first slice control information, and optionally, the second information also comprises S-NSSAI and/or GPSI;

s35, when the AAA-P receives the seventh AAA protocol message, the AAA-P sends an eighth AAA protocol message to the authentication and authorization network element, wherein the eighth AAA protocol message comprises second information;

s36, when the authentication and authorization network element receives the eighth AAA protocol message, the authentication and authorization network element sends a second authentication response message to the AMF network element, wherein the second authentication response message comprises second information;

and S37, the AMF network element stores the first slice control information and executes subsequent actions.

Alternatively, the following steps S38 to S42 may also be performed, S38 to S42 not shown in fig. 6.

S38, the AMF network element sends a fifth NAS MM transmission message to the first UE, wherein the fifth NAS MM transmission message comprises EAP success (success) information and S-NSSAI;

s39, when the AAA-S determines that the first slice control information is changed, the AAA-S sends a ninth AAA protocol message to the AAA-P, wherein the ninth AAA protocol message comprises third information, and the third information comprises second slice control information;

s40, the AAA-P sends a tenth AAA protocol message to the authentication and authorization network element, wherein the tenth AAA protocol message comprises third information;

s41, when the authentication and authorization network element receives the tenth AAA protocol message, the authentication and authorization network element sends an authorization notification (authorization notification) message to the AMF network element, wherein the authorization notification message comprises third information;

and S42, when the AMF network element receives the authorization notification message, the AMF network element can update the first slice control information by using the second slice control information included in the third information, and execute subsequent actions.

In this embodiment of the application, after the UE registers to the network side, the AMF network element may trigger an authorization flow of the first network slice, and dynamically acquire slice control information of the first UE in the authorization flow of the first network slice, or the AMF network element triggers an authentication authorization flow of the first network slice, and dynamically acquires slice control information of the first UE in the authentication authorization flow of the first network slice; in addition, the AAA-S may also dynamically adjust the slice control information of the first UE as needed, thereby improving the flexibility of network slice control and user experience.

Fig. 7 is a flowchart illustrating another network slice control method according to an embodiment of the present application, which can be applied to the communication system described in fig. 1, and the method includes the following steps.

S301: the AMF network element determines the number of the accessed UE and/or the number of the PDU sessions on the network slice.

The AMF element may count the number of UEs accessed on the network slice, for example, the AMF element may count the number of UEs accessed on the network slice by using a UE counter, when a UE is newly accessed on the network slice, the UE counter counts the number of UEs added by 1, and when a UE accessed on the network slice exits the network slice, the UE counter counts the number of UEs added by 1. Similarly, one or more PDU sessions may also be established on the network slice, and the AMF network element may count the number of PDU sessions established on the network slice, for example, the AMF network element may count the number of PDU sessions established on the network slice through a PDU session counter, when a PDU session is newly established on the network slice, the number of PDU sessions counted by the PDU session counter is increased by 1, and when an established PDU session on the network slice is cancelled, the number of PDU sessions counted by the PDU session counter is decreased by 1.

Specifically, the network slice may be a network slice that needs to perform slice resource control, and when the AMF network element determines that the network slice needs to perform slice resource control, the AMF network element may start a UE counter to count the number of UEs accessed on the network slice, or start a PDU session counter to count PDU sessions established on the network slice, or start a UE counter and a PDU session counter to count the number of UEs accessed on the network slice and the number of PDU sessions.

Optionally, before S301, the method may further include S300: the AMF network element acquires first configuration information, wherein the first configuration information comprises S-NSSAI of the network slice and authorization indication information, and the authorization indication information is used for indicating whether slice resource control needs to be executed or not. Accordingly, the AMF network element may determine that the network slice needs to perform slice resource control according to the authorization indication information. The first configuration information may be sent by the AAA-S, for example, the AAA-S sends the first configuration information to the authentication and authorization network element, and the authentication and authorization network element sends the first configuration information to the AMF network element, so that the AMF network element obtains the first configuration information.

S302: and when the first reporting condition is met, the AMF network element sends first information so that the AAA-S receives the first information, wherein the first information comprises the UE number and/or the PDU session number.

The first reporting condition may include at least one of the following conditions: the UE number reaches a first preset value, the PDU session number reaches a second preset value, the increment of the UE number reaches a third preset value, the increment of the PDU session number reaches a fourth preset value, and the increment of the UE number in a reporting period and a time window reaches a fifth preset value or the increment of the PDU session number in the time window reaches a sixth preset value. The increasing amount of the UE number to the third preset value may be that a difference between the UE number determined this time and the UE number determined last time reaches the third preset value, and the increasing amount of the PDU session number to the fourth preset value may be that a difference between the PDU session number determined this time and the PDU session number determined last time reaches the fourth preset value. Optionally, the first reporting condition may be obtained by the AMF network element, for example, the first configuration information further includes the first reporting condition, and the AMF network element may obtain the first reporting condition by obtaining the first configuration information.

In addition, when the first reporting condition includes one of the above conditions, the first reporting condition being satisfied may be that the condition is satisfied, for example, the first preset value is 30, and the first reporting condition being that the number of the UEs reaches the first preset value, the first reporting condition being satisfied is that the number of the UEs reaches 30; when the first reporting condition includes at least two of the above conditions, the first reporting condition being satisfied may mean that any one of the at least two conditions is satisfied, for example, the first preset value is 50, the third preset value is 10, the first reporting condition includes that the number of the UEs reaches the first preset value and that the increase of the number of the UEs reaches the third preset value, and the first reporting condition being satisfied may mean that the number of the UEs reaches 30 or that the increase of the number of the UEs reaches 10.

It should be noted that the first preset value, the second preset value, the third preset value, the fourth preset value, the reporting period, the fifth preset value, and the sixth preset value may be preset, for example, the first preset value and the second preset value may be 50 or 100, the third preset value and the fourth preset value may be 10 or 20, the reporting period may be 10 minutes, 30 minutes, or 1 hour, the time window may be 20 minutes, the fifth preset value and the sixth preset value may be 40, and the embodiment of the present application does not specifically limit this.

Specifically, when the AMF network element determines that the UE number is greater than the first reporting condition, the AMF network element may send first information to the authentication and authorization network element when the first reporting condition is satisfied, where the first information includes the UE number; when the AMF network element determines that the PDU session number is present, the AMF network element may send first information to an authentication and authorization network element when a first reporting condition is satisfied, where the first information includes the PDU session number; and when the AMF network element determines that the UE number and the PDU session number exist, sending first information to an authentication authorization network element, wherein the first information comprises the UE number and the PDU session number. Optionally, the first information may be carried in an authorization request message, that is, the AMF network element may send an authorization request message to the authentication and authorization network element, where the authorization request message includes the first information; further, the first information may also include the S-NSSAI of the network slice.

Then, when the authentication and authorization network element receives the first information, the authentication and authorization network element may send the first information to the AAA-S; or, when the authentication and authorization network element cannot directly communicate with the AAA-S, the authentication and authorization network element may send the first information to the AAA-P, so that the AAA-P sends the first information to the AAA-S. Optionally, the authentication and authorization network element may further allocate an association identifier to the AMF network element, where the association identifier is used to associate the first information reported by the AMF network element, the authentication and authorization network element may further locally store the AMF network element identifier and the association identifier, and the first information sent by the authentication and authorization network element may also include the association identifier.

It should be noted that, the authentication authorization network element in the embodiment of the present application may be any network element having an authentication authorization function and capable of supporting the communication between the AMF network element and the AAA-S, for example, the authentication authorization may be an AUSF network element, an NEF network element, or an NSSAAF network element, and the embodiment of the present application does not specifically limit this.

When the AAA-S receives the first information, the AAA-S may locally store the first information, for example, the first information includes the number of UEs and/or the number of PDU sessions, the S-NSSAI of the network slice, the association identifier, and the AAA-S may locally store the number of UEs and/or the number of PDU sessions, the S-NSSAI of the network slice, and the association identifier. Optionally, the AAA-S may also determine whether to issue new configuration information according to the number of UEs and/or the number of PDU sessions, and if the new configuration information needs to be issued, the method further includes S304.

S303: and the AAA-S sends second configuration information so that the AMF network element receives the second configuration information, and the second configuration information is used for controlling the resources of the network slice.

Wherein the second configuration information may include at least one of: and a second reporting condition, wherein the number of the remaining UEs accessible to the network slice, the number of the remaining PDUs accessible to the network slice, the increment of the number of the UEs reaches a seventh preset value, the increment of the number of the PDUs sessions reaches an eighth preset value, and the number of the UEs in the time window reaches a ninth preset value or the increment of the number of the PDUs sessions in the time window reaches a tenth preset value. The second reporting condition may be used to indicate a condition for reporting the first information of the network slice next time, where the second reporting condition may be similar to the first reporting condition, and a preset value or a reporting period of a specific condition in the second reporting condition may be different from a preset value or a reporting period of a specific condition in the first reporting condition, for example, a reporting period in the first reporting condition is 30 minutes, and a last cycle in the second reporting condition is 10 minutes, which is not described herein again in this embodiment of the present application.

Specifically, the AAA-S may send the second configuration information to the authentication and authorization network element, and the authentication and authorization network element sends the second configuration information to the AMF network element; or, when the AAA-S and the authentication and authorization network element cannot communicate directly, the AAA-S may send the second configuration information to the AAA-P, so that the AAA-P forwards the second configuration information to the authentication and authorization network element, and then the authentication and authorization network element sends the second configuration information to the AMF network element. Optionally, when the authentication and authorization network element sends the second configuration information to the AMF network element, the authentication and authorization network element may send an authorization response message to the AMF network element, where the authorization response message includes the second configuration information; further, the second configuration information may also include the S-NSSAI of the network slice. When the AMF network element receives the second configuration information, the AMF network element may perform resource control of the network slice according to the second configuration.

Further, the process that the AMF network element reports the first information to the AAA-S and the AAA-S sends the second configuration information to the AMF network element provided in the foregoing embodiment may also be replaced with the process that the SMF network element reports the first information to the AAA-S and the process that the AAA-S sends the second configuration information to the SMF network element, and the specific process is shown in fig. 8.

As shown in fig. 8, the method may include: S41-S43.

S41, the SMF network element determines the number of UE and/or PDU session accessed on the network slice;

s42, when the first reporting condition is met, the SMF network element sends first information to the AAA-S through the UPF network element so that the AAA-S receives the first information, wherein the first information comprises the UE number and/or the PDU session number, namely the SMF network element sends the first information to the UPF network element, and the UPF network element forwards the first information to the AAA-S;

s43, the AAA-S sends second configuration information to the SMF network element through the UPF network element so that the SMF network element receives the second configuration information, and the second configuration information is used for controlling the resource of the network slice.

Optionally, as shown in fig. 8, before S41, the method further includes: and S40, the SMF network element acquires first configuration information, wherein the first configuration information comprises S-NSSAI and authorization indication information of the network slice, and the authorization indication information is used for indicating whether slice resource control needs to be executed or not, so that the AMF network element can determine that the network slice needs to execute the slice resource control according to the authorization indication information.

It should be noted that, the detailed descriptions about S40 to S43 in fig. 8 may be referred to the detailed descriptions about S300 to S303 in fig. 7, and the embodiments of the present application are not repeated herein.

In this embodiment of the present application, the AMF network element or the SMF network element may send first information, where the first information includes a number of UEs and/or a number of PDU sessions accessed by a network slice, and the AAA-S may receive the first information, so that the AAA-S may perceive a resource usage condition of the network slice, and send second configuration information for controlling resources of the network slice to the AMF network element or the SMF network element based on the number of UEs and/or the number of PDU sessions included in the first information, thereby implementing control of the network slice, and improving flexibility of network slice control and user experience.

The above-mentioned scheme provided by the embodiment of the present application is introduced mainly from the perspective of interaction between network elements. It is understood that the AMF network element, the authentication authorization network element, the AAA-S, and the like contain hardware structures and/or software modules for performing the functions. Those of skill in the art would readily appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is performed as hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

In the embodiment of the present application, functional modules may be divided for the AMF network element, the authentication and authorization network element, and the AAA-S according to the above method example, for example, each functional module may be divided for each function, or two or more functions may be integrated into one processing module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. It should be noted that, in the embodiment of the present application, the division of the module is schematic, and is only one logic function division, and there may be another division manner in actual implementation.

In the case of using an integrated unit, fig. 9 shows a schematic structural diagram of a possible communication device according to an embodiment of the present application, where the device may be an AMF network element or a chip built in the AMF network element, and the device includes: a transmitting unit 401, a receiving unit 402 and a processing unit 403.

In a possible implementation manner, the sending unit 401 may be configured to support the apparatus to perform the step of sending the first information in S201 in the foregoing method embodiment, the receiving unit 402 is configured to perform the steps of receiving the second information in S202 and receiving the third information in S203 in the foregoing method embodiment, and the processing unit 403 is configured to support the apparatus to perform the step of determining that the first slice control information is changed in S203 in the foregoing method embodiment, and/or other technical processes described herein. In another possible implementation manner, the processing unit 403 is configured to support the apparatus to execute S301 in the foregoing method embodiment, the sending unit 401 is configured to support the apparatus to execute the step of sending the first information in S302 in the foregoing method embodiment, and the receiving unit 402 is configured to execute the step of receiving the second configuration information in S303 in the foregoing method embodiment.

It should be noted that all relevant contents of each step related to the above method embodiment may be referred to the functional description of the corresponding functional module, and are not described herein again.

Based on the hardware implementation, the processing unit 403 in the embodiment of the present application may be a processor of the apparatus, the sending unit 401 may be a transmitter of the apparatus, the receiving unit 402 may be a receiver of the apparatus, and the transmitter and the receiver may be integrated together to be used as a transceiver, and a specific transceiver may also be referred to as a communication interface or an interface circuit.

As shown in fig. 10, another possible structural schematic diagram of a communication apparatus according to the foregoing embodiment provided in this application is a schematic diagram, where the apparatus may be an AMF network element or a chip built in the AMF network element, and the apparatus includes: the processor 411 may further include a memory 412, a communication interface 413, and a bus 414, and the processor 411, the memory 412, and the communication interface 413 are connected by the bus 414.

The processor 411 is used to control and manage the operation of the apparatus. In one possible implementation, the processor 411 may be used to support the apparatus to perform the step of determining the first slice information transmission change in S203 of the above method embodiment, and/or other processes for the techniques described herein. In another possible implementation, the processor 411 may be used to enable the apparatus to perform S301 in the above-described method embodiment, and/or other processes for the techniques described herein. Communication interface 413 is used to support the apparatus for communication, such as to support the apparatus for communication with an authentication authorization network element.

In the present embodiment, the processor 411 may be a central processing unit, a general purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a transistor logic device, a hardware component, or any combination thereof. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. The processor may also be a combination of computing functions, e.g., comprising one or more microprocessors, a digital signal processor and a microprocessor, or the like. The bus 414 in fig. 10 may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 10, but it is not intended that there be only one bus or one type of bus.

In the case of using an integrated unit, fig. 11 shows a schematic structural diagram of a possible communication apparatus in the embodiment of the present application, which may be used as an authentication and authorization network element or a chip built in the authentication and authorization network element, and the apparatus includes: a receiving unit 501, a processing unit 502 and a transmitting unit 503.

In a possible implementation manner, the receiving unit 501 may be configured to support the step of the apparatus to receive the first information sent by the AMF network element in S201, the step of the AAA-S sent by S202, and/or the step of the AAA-S sent by S203 of the above method embodiment; the sending unit 503 is configured to support the step of sending the first forwarding information to the AAA-S, the step of sending the second forwarding information to the AAA-S, and/or the step of sending the third forwarding information to the AAA-S by the apparatus; the processing unit 502 is configured to support the apparatus to perform the step of mapping the S-NSSAI of the first network slice to other identification information in the above method embodiment. In another possible implementation manner, the receiving unit 501 may be configured to support the step of the apparatus to receive the first information sent by the AMF network element in S301 and the step of the second configuration information sent by the AAA-S in S302 in the foregoing method embodiment; the sending unit 503 may be configured to support the step of forwarding the first information sent by the AMF to the AAA-S by the apparatus, and the step of forwarding the first configuration information and the second configuration information sent by the AAA-S to the AMF.

Based on the hardware implementation, the processing unit 502 in the embodiment of the present application is a processor of the apparatus, the receiving unit 501 may be a receiver of the apparatus, the transmitting unit 503 may be a transmitter of the apparatus, and the transmitter and the receiver may be integrated together to function as a transceiver, and a specific transceiver may also be referred to as a communication interface or an interface circuit.

As shown in fig. 12, another possible structural schematic diagram of a communication apparatus according to the foregoing embodiment provided in this application is shown, where the apparatus may be used as an authentication and authorization network element or a chip built in the authentication and authorization network element, and the apparatus includes: the processor 511 may further include a memory 512, a communication interface 513 and a bus 514, and the processor 511, the memory 512 and the communication interface 513 are connected by the bus 514.

Where the processor 511 is configured to control and manage the actions of the apparatus, for example, the processor 511 may be configured to support the apparatus to perform the step of mapping the S-NSSAI of the first network slice to other identification information in the above-described method embodiments, and/or other processes for the techniques described herein. The communication interface 513 is used to support the apparatus for communication, such as supporting the apparatus to communicate with an AMF network element or an AAA-S.

In the present embodiment, the processor 511 may be a central processing unit, a general purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a transistor logic device, a hardware component, or any combination thereof. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. The processor may also be a combination of computing functions, e.g., comprising one or more microprocessors, a digital signal processor and a microprocessor, or the like. The bus 514 in fig. 12 may be a PCI bus, an EISA bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 12, but it is not intended that there be only one bus or one type of bus.

In the case of an integrated unit, fig. 13 shows a schematic diagram of a possible structure of a communication device according to an embodiment of the present application, which may be an AAA-S or an AAA-S built-in chip, and the device includes: a receiving unit 601, a processing unit 602 and a transmitting unit 603.

In a possible implementation manner, the receiving unit 601 may be configured to support the step of the apparatus receiving the first information sent in S201 of the above method embodiment; the transmitting unit 603 is configured to be available for supporting the apparatus to perform the step of transmitting the second information in S202 and the step of transmitting the third information in S203 of the above-mentioned method embodiments; the processing unit 602 is configured to support the apparatus to perform the steps of determining that the first slice control information is changed in the above method embodiment, and/or other technical processes described herein. In another possible implementation manner, the receiving unit 601 may be configured to support the step of the apparatus receiving the first information sent in S302 of the foregoing method embodiment; the transmitting unit 603 is configured to perform the step of transmitting the second configuration information in S303 of the above method embodiment, and the step of transmitting the first configuration information; the processing unit 602 is configured to enable the apparatus to perform the steps of determining the first configuration information, the second configuration information, and/or other technical processes described herein in the above method embodiments.

Based on the hardware implementation, the processing unit 602 in the embodiment of the present application may be a processor of the apparatus, the receiving unit 601 may be a receiver of the apparatus, the transmitting unit 603 may be a transmitter of the apparatus, and the transmitter and the receiver may be integrated together to function as a transceiver, and a specific transceiver may also be referred to as a communication interface or an interface circuit.

As shown in fig. 14, another possible structural schematic diagram of the communication apparatus according to the foregoing embodiments provided in the embodiments of the present application, where the apparatus may be used as an AAA-S or a chip built in the AAA-S, and the apparatus includes: the processor 611, and may further include a memory 612, a communication interface 613, and a bus 614, and the processor 611, the memory 612, and the communication interface 613 are connected by the bus 614.

The processor 611 is configured to control and manage the operation of the apparatus. In one possible implementation, the processor 611 may be configured to enable the apparatus to perform the above-described method embodiment to determine that the first slice control information is changed, and/or other processes for the techniques described herein. In another possible implementation, the processor 611 may be configured to enable the apparatus to perform the steps of determining the first configuration information, the second configuration information in the above method embodiments, and/or other processes for the techniques described herein. The communication interface 613 is used to support the apparatus to communicate, such as to support the apparatus to communicate with an authentication authorization network element.

In the present embodiment, the processor 611 may be a central processing unit, a general purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a transistor logic device, a hardware component, or any combination thereof. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. The processor may also be a combination of computing functions, e.g., comprising one or more microprocessors, a digital signal processor and a microprocessor, or the like. The bus 614 in fig. 14 may be a PCI bus, an EISA bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 14, but it is not intended that there be only one bus or one type of bus.

Based on this, the embodiment of the present application further provides a communication system, where the communication system includes an AMF network element, an authentication and authorization network element, and an AAA-S; wherein, the AMF network element is the communication device provided in fig. 9 or fig. 10, and is configured to perform the steps of the AMF network element in the foregoing method embodiment; the authentication and authorization network element is the communication device provided in fig. 11 or fig. 12, and is configured to perform the steps of authenticating the authorization network element in the foregoing method embodiment. AAA-S is the communication apparatus provided in fig. 13 or fig. 14 described above for performing the steps of AAA-S in the above-described method embodiments.

In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described device embodiments are merely illustrative, and for example, the division of the modules or units is only one logical functional division, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another device, or some features may be omitted, or not executed.

The units described as separate parts may or may not be physically separate, and parts displayed as units may be one physical unit or a plurality of physical units, that is, may be located in one place, or may be distributed in a plurality of different places. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.

The integrated unit, if implemented as a software functional unit and sold or used as a stand-alone product, may be stored in a readable storage medium, which may include: u disk, removable hard disk, read only memory, random access memory, magnetic or optical disk, etc. for storing program codes. Based on such understanding, the technical solutions of the embodiments of the present application may be embodied in the form of software products, in essence, or as a part of or all of the technical solutions contributing to the prior art.

In another aspect of the application, a readable storage medium is provided, having stored therein instructions, which, when run on an apparatus, cause the apparatus to perform the steps of the AMF network element in the method embodiment as provided in any one of the diagrams of fig. 2-6.

In another aspect of the present application, a readable storage medium having stored therein instructions, which when run on an apparatus, cause the apparatus to perform the steps of authenticating an authorized network element in a method embodiment as provided in any one of the diagrams of fig. 2-6.

In another aspect of the application, a readable storage medium is provided, having stored therein instructions, which, when run on a device, cause the device to perform the steps of the AAA-S in the method embodiment as provided in any one of the diagrams of fig. 2-6.

In another aspect of the application, a computer program product is provided comprising instructions which, when run on an apparatus, cause the apparatus to perform the steps of the AMF network element in the embodiment of the method as provided in any of the figures 2-6.

In another aspect of the present application, a computer program product is provided comprising instructions which, when run on an apparatus, cause the apparatus to perform the steps of authenticating an authorized network element in an embodiment of the method as provided in any of the figures 2-6.

In another aspect of the application, a computer program product is provided comprising instructions which, when run on an apparatus, cause the apparatus to perform the steps of the AAA-S in the embodiment of the method as provided in any of the figures 2-6.

In another aspect of the present application, a readable storage medium is provided, having stored therein instructions, which, when run on an apparatus, cause the apparatus to perform the steps of the AMF network element or the AMF network element in the method embodiment as provided in fig. 7 or fig. 8.

In another aspect of the present application, a readable storage medium is provided, having stored therein instructions, which, when run on a device, cause the device to perform the steps of AAA-S in the method embodiment as provided in fig. 7 or fig. 8.

In another aspect of the present application, a computer program product is provided comprising instructions which, when run on an apparatus, cause the apparatus to perform the steps of an AMF network element or an AMF network element as in the method embodiments provided in fig. 7 or fig. 8.

In another aspect of the application, a computer program product is provided comprising instructions which, when run on an apparatus, cause the apparatus to perform the steps of the AAA-S in the method embodiment as provided in fig. 7 or fig. 8.

Finally, it should be noted that: the above description is only an embodiment of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions within the technical scope of the present disclosure should be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

1.A network slice control method is applied to an access and mobility management function (AMF) network element, and comprises the following steps:

sending first information, wherein the first information comprises slice information of a first network slice and a first identifier of a first User Equipment (UE), and a network slice which is allowed or is to be allowed to be accessed by the first UE comprises the first network slice;

receiving second information from an authentication, authorization and accounting (AAA) server, wherein the second information comprises first slice control information, and the first slice control information is used for controlling the first UE to use the first network slice.

2. The method of claim 1, further comprising:

sending the first slice control information to a policy control function PCF network element;

and receiving authorization slice control information from the PCF network element.

3. The method of claim 2, further comprising:

and sending the authorization slice control information to a Unified Data Management (UDM) network element.

4. The method according to any one of claims 1-3, further comprising:

receiving third information, the third information including second slice control information for updating information for controlling the first UE to use for the first network slice.

5. The method of claim 4, wherein the network slice to which the second UE is or is to be allowed to access comprises the first network slice, and wherein the third information further comprises third slice control information for updating information for controlling use of the first network slice by the second UE.

6. The method according to any one of claims 1-5, further comprising:

storing information for controlling use of the first network slice by the first UE in a context of the first UE.

7. The method of any of claims 1-6, wherein prior to said sending the first information, the method further comprises:

obtaining authorization indication information of the network slice allowing the first UE to access;

and determining that the first network slice needs authorization according to the authorization indication information.

8. The method of claim 7, wherein the obtaining the authorization indication information of the network slice allowed to be accessed by the first UE comprises:

acquiring the authorization indication information from the local; alternatively, the first and second electrodes may be,

acquiring subscription information of the first UE from a Unified Data Management (UDM) network element, wherein the subscription information comprises the authorization indication information; alternatively, the first and second electrodes may be,

and obtaining the authorization indication information from a network slice selection function NSSF network element.

9. The method of any of claims 1-8, wherein the first information further comprises a second identity of the first UE, wherein the second identity is an identity of the first UE in the first network slice.

10. The method of claim 9, wherein the network slice allowing or to be allowed access by the first UE comprises at least one network slice including the first network slice, the method further comprising:

obtaining, from the first UE, a second identity of the first UE in each of the at least one network slice.

11. A network slice control method, which is applied in an authentication, authorization and accounting (AAA) server, the method comprising:

receiving first information, wherein the first information comprises slice information of a first network slice and a first identifier of a first User Equipment (UE), and a network slice which is allowed or is to be allowed to be accessed by the first UE comprises the first network slice;

and sending second information to an access and mobility management function (AMF) network element, wherein the second information comprises first slice control information, and the first slice control information is used for controlling the first UE to use the first network slice.

12. The method of claim 11, further comprising:

and when it is determined that the first slice control information is changed, sending third information to the AMF network element, where the third information includes second slice control information, and the second slice control information is used to update information for controlling the first UE to use the first network slice.

13. The method of claim 12, wherein the network slice to which the second UE is or is to be allowed to access comprises the first network slice, and wherein when it is determined that the slice control information of the second UE in the first network slice is changed, the third information further comprises third slice control information for updating information for controlling the second UE to use the first network slice.

14. The method of claim 12 or 13, wherein the network slice to which the second UE is or is to be allowed to access comprises a second network slice, and wherein when it is determined that the slice control information of the second UE in the second network slice is changed, the third information further comprises fourth slice control information, and wherein the fourth slice control information is used for updating information for controlling the second UE to use the second network slice.

15. A communications device, characterized in that it acts as an access and mobility management function, AMF, network element or a chip built in the AMF network element, said device comprising:

a sending unit, configured to send first information, where the first information includes slice information of a first network slice and a first identifier of a first user equipment UE, and a network slice that the first UE is allowed to access or is to be allowed to access includes the first network slice;

a receiving unit, configured to receive second information from an authentication, authorization, and accounting AAA server, where the second information includes first slice control information, and the first slice control information is information used to control the first UE to use the first network slice.

16. The apparatus of claim 15,

the sending unit is further configured to send the first slice control information to a policy control function PCF network element;

the receiving unit is further configured to receive authorization slice control information from the PCF network element.

17. The apparatus of claim 16, wherein the sending unit is further configured to:

18. The apparatus according to any of claims 15-17, wherein the receiving unit is further configured to:

19. The apparatus of claim 18, wherein a network slice to which a second UE is or is to be allowed access comprises the first network slice, wherein the third information further comprises third slice control information for updating information for controlling use of the first network slice by the second UE.

20. The apparatus of any one of claims 15-19, further comprising:

a processing unit to store information for controlling the first UE's use of the first network slice in a context of the first UE.

21. The apparatus of any one of claims 15-20, further comprising:

an obtaining unit, configured to obtain authorization indication information of the network slice to which the first UE is allowed to access;

and the processing unit is used for determining that the first network slice needs to be authorized according to the authorization indication information.

22. The apparatus of claim 21, wherein the obtaining unit is further configured to:

23. A communications apparatus that functions as an authentication, authorization and accounting AAA server or a chip built into an AAA server, the apparatus comprising:

a receiving unit, configured to receive first information, where the first information includes slice information of a first network slice and a first identifier of a first User Equipment (UE), and a network slice that the first UE is allowed to access or is to be allowed to access includes the first network slice;

a sending unit, configured to send second information to an access and mobility management function (AMF) network element, where the second information includes first slice control information, and the first slice control information is information used to control the first UE to use the first network slice.

24. The apparatus of claim 23, wherein the sending unit is further configured to:

25. The apparatus of claim 24, wherein a network slice to which a second UE is or is to be allowed to access comprises the first network slice, and wherein when it is determined that slice control information of the second UE in the first network slice is changed, the third information further comprises third slice control information for updating information for controlling use of the first network slice by the second UE.

26. The apparatus of claim 24 or 25, wherein the network slice to which the second UE is or is to be allowed to access comprises a second network slice, and wherein when it is determined that the slice control information of the second UE in the second network slice is changed, the third information further comprises fourth slice control information, and wherein the fourth slice control information is used for updating information for controlling the second UE to use the second network slice.

27. A communication apparatus, characterized in that the apparatus, as an access and mobility management function, AMF, network element or a chip built in an AMF network element, comprises a processor and a communication interface, the processor being configured to execute a computer program or instructions to cause the apparatus to implement the network slice control method according to any of claims 1-10.

28. A communication apparatus, being an authentication, authorization and accounting, AAA server or a chip built in an AAA server, comprising a processor and a communication interface, the processor being configured to execute computer programs or instructions to cause the apparatus to carry out the method according to any one of claims 11-14.

29. A readable storage medium having stored therein instructions that, when run on a device, cause the device to perform the method of any one of claims 1-10.

30. A readable storage medium having stored therein instructions that, when run on a device, cause the device to perform the method of any one of claims 11-14.