CN113746649B

CN113746649B - Network slice control method and communication device

Info

Publication number: CN113746649B
Application number: CN202010406046.9A
Authority: CN
Inventors: 吴义壮
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2020-05-14
Filing date: 2020-05-14
Publication date: 2022-12-06
Anticipated expiration: 2040-05-14
Also published as: WO2021227600A1; CN113746649A

Abstract

The application provides a network slice control method and a communication device, relates to the technical field of communication, and is used for improving the flexibility of network slice control and user experience. The method comprises the following steps: the AMF network element sends, to the AAA server through the authentication and authorization network element, first information that includes slice information of a first network slice and a first identifier of the first user equipment UE, for example, the slice information is S-NSSAI or identifier information after mapping of the S-NSSAI, the first identifier is GPSI, and the network slices that allow or are to be allowed to access the first UE include the first network slice; for example, the AAA server sends the second information to the AMF network element through the authentication and authorization network element, where the second information includes first slice control information, and the first slice control information is information for controlling the first UE to use the first network slice.

Description

Network slice control method and communication device

Technical Field

The present application relates to the field of communications technologies, and in particular, to a network slice control method and a communications apparatus.

Background

Network Slice (NS) refers to customizing different logical networks according to service requirements of services of different tenants (tenants) on a physical or virtual network infrastructure. The network slice may be end-to-end (E2E) including the entire network, or part of the network functions may be shared among multiple network slices, which is a key technology for meeting the requirements of the fifth-generation (5 rd generation, 5g) mobile communication technology for network differentiation proposed by the third generation partnership project (3 rd generation partnership project,3 gpp). The multiple network slices may share a group of access and mobility management function (AMF) network elements, and a User Equipment (UE) may simultaneously access multiple network slices sharing the same group of AMF network elements.

Currently, slice control information of a network slice is stored in a Unified Data Management (UDM) network element in a subscription manner, and in a process that a UE registers in a network slice, an AMF network element serving the UE acquires subscription information including the slice control information from the UDM and sends the slice control information to an access network device, so that the access network device performs corresponding network slice control based on the slice control information.

However, when a new network slice is deployed in the network or the network slice is provided by a third party, if a provider of the network slice wants to modify slice control information of the network slice, subscription information update of the UE needs to be initiated, and the UDM updates the subscription information, so that the provider of the network slice cannot dynamically realize control of the network slice. Therefore, the conventional scheme for acquiring and modifying slice control information is not flexible enough, and the user experience is poor.

Disclosure of Invention

The application provides a network slice control method and device, which are used for improving the flexibility of network slice control and user experience.

In order to achieve the purpose, the following technical scheme is adopted in the application:

in a first aspect, a network slice control method is provided, where the method is applied to an access and mobility management function, AMF, network element, and the method includes: sending first information, for example, the AMF network element may send, to the AAA server through the AUSF network element, the first information including slice information of a first network slice and a first identity of the first user equipment UE, where the slice information may be used to determine the first network slice, for example, the slice information may be S-NSSAI or identity information after mapping of the S-NSSAI, and the first identity may be GPSI, where a network slice to which the first UE is allowed or is to be allowed to access includes the first network slice, that is, an allowed NSSAI or a pendingnssai (the first UE is allowed to access after authentication and authorization is required) includes the S-NSSAI of the first network slice; and receiving second information from the AAA server, where the second information is sent by the AAA server, for example, the AAA server may send the second information to the AMF network element through authentication authorization, where the second information includes first slice control information, and the first slice control information is information for controlling the first UE to use the first network slice.

In the above technical solution, the AMF network element reports the first information to the AAA server, and the AAA server issues the first slice control information according to the first information, where the first slice control information is information for controlling the first UE to use the first network slice, so that the AAA server can reasonably allocate the slice control information to the first UE, and the AMF network element can dynamically acquire the slice control information of the first UE, thereby improving flexibility of network slice control and user experience.

In a possible implementation manner of the first aspect, the method further includes: sending the first slice control information to the unified data management, UDM, network element, so that the first slice control information can be stored locally when the UDM network element receives the first slice control information. In the possible implementation manner, the UDM network element may obtain, in real time, information for controlling the first UE to use the first network slice, and further, in a dual registration scenario, the UDM network element may provide the first slice control information to another AMF network element used by the first UE, so that the another AMF network element does not need to initiate a new procedure to obtain the first slice control information.

In a possible implementation manner of the first aspect, the method further includes: sending first slice control information to a policy control function PCF network element; and receiving authorization slice control information from the PCF network element, wherein the authorization slice control information can be the same as or different from the first slice control information. In the possible implementation manner, the validity and reasonableness of the slice control information of the first UE for the first network slice may be ensured.

In a possible implementation manner of the first aspect, the method further includes: and sending authorization slice control information to a Unified Data Management (UDM) network element. In the possible implementation manner, the UDM network element may acquire, in real time, information used by the first UE for the first network slice, and further, in a dual registration scenario, the UDM network element may provide the first slice control information to another AMF network element used by the first UE, so that the another AMF network element does not need to initiate a new procedure to acquire the first slice control information.

In a possible implementation manner of the first aspect, the method further includes: and receiving third information, wherein the third information comprises second slice control information, and the second slice control information is used for updating information for controlling the first UE to use the first network slice. Optionally, the network slice allowed or to be allowed to be accessed by the second UE includes the first network slice, and the third information further includes third slice control information, where the third slice control information is used to update information for controlling the second UE to use the first network slice. In the possible implementation manner, the AAA server may reasonably and dynamically adjust the slice control information of the first UE, thereby improving the flexibility of network slice control and the user experience. When the slice control information of a plurality of UEs is changed, the slice control information of the plurality of UEs is contained in the same message, so that the overhead of network signaling can be saved.

In a possible implementation manner of the first aspect, the method further includes: information for controlling use of the first network slice by the first UE is stored in a context of the first UE. In the possible implementation manner, when the AMF network element serving the first UE is switched, the target AMF network element after switching can accurately acquire the information of the first UE, and the authorization procedure is prevented from being executed again on the network slice executing the authorization procedure.

In a possible implementation manner of the first aspect, before sending the first information, the method further includes: obtaining authorization indication information of a network slice which is allowed or is to be allowed to be accessed by the first UE; and determining that the first network slice needs authorization according to the authorization indication information. Optionally, the obtaining authorization indication information of the network slice to which the first UE is allowed to access includes: acquiring authorization indication information from local; or acquiring subscription information of the first UE from the unified data management UDM network element, wherein the subscription information comprises authorization indication information; or, obtaining authorization indication information from a network slice selection function NSSF network element. In the possible implementation manner, the AMF network element may dynamically acquire slice control information of the first UE in an authorization procedure of the first network slice, so as to improve flexibility of network slice control and user experience.

In a possible implementation manner of the first aspect, the first information further includes a second identifier of the first UE, where the second identifier is an identifier of the first UE in the first network slice. In the above possible implementation, the second identifier may be used to identify the first UE in the first network slice, which may cause the AAA server to perform slice authentication and/or authorization for the first UE.

In one possible implementation manner of the first aspect, the network slice allowing or to be allowed for access by the first UE includes at least one network slice, and the at least one network slice includes the first network slice, and the method further includes: a second identification of the first UE in each of the at least one network slice is obtained from the first UE. In the foregoing possible implementation manner, when the at least one network slice includes multiple network slices, the signaling overhead of the AMF network element for acquiring the second identifier of the first UE in the multiple network slices may be reduced.

In a possible implementation manner of the first aspect, the first information is carried in an authorization request message of the first network slice, and the second information is carried in an authorization response message of the first network slice; or, the first information is carried in the authentication and authorization request message of the first network slice, and the second information is carried in the authentication and authorization response message of the first network slice. In the possible implementation manner, the AAA server may dynamically adjust the slice control information of the first UE in the authorization process of the first network slice, and the AMF network element may dynamically acquire the slice control information of the first UE, thereby improving flexibility of network slice control and user experience.

In a second aspect, a network slice control method is provided, where the method is applied in an authentication, authorization, and accounting AAA server, and the method includes: receiving first information, where the first information includes slice information of a first network slice and a first identity of a first user equipment UE, where the slice information may be used to determine the first network slice, for example, the slice information may be an S-NSSAI or identity information after mapping of the S-NSSAI, and the first identity may be a GPSI, where a network slice to which the first UE is allowed or to be allowed to access includes the first network slice, that is, an allowed NSSAI or a pending NSSAI of the first UE (the first UE may be allowed to access after authentication and authorization is required) includes the S-NSSAI of the first network slice; and sending second information to an access and mobility management function (AMF) network element, wherein the second information comprises first slice control information, and the first slice control information is used for controlling the first UE to use the first network slice.

In one possible implementation manner of the second aspect, the method further includes: and when the first slice control information is determined to be changed, sending third information to the AMF network element, wherein the third information comprises second slice control information, and the second slice control information is used for updating information used for controlling the first UE to use the first network slice.

In a possible implementation manner of the second aspect, the network slice that the second UE is allowed or is to be allowed to access includes a first network slice, and when it is determined that the slice control information of the second UE in the first network slice is changed, the third information further includes third slice control information, where the third slice control information is used to update information for controlling the second UE to use the first network slice. In the possible implementation manner, when the slice control information of multiple UEs is changed, the AAA server may interactively adjust the slice control information of multiple UEs through signaling at a time, thereby reducing the signaling overhead of the AAA server.

In a possible implementation manner of the second aspect, the network slice that the second UE is allowed or is to be allowed to access includes a second network slice, and when it is determined that the slice control information of the second UE in the second network slice is changed, the third information further includes fourth slice control information, and the fourth slice control information is used to update information for controlling the second UE to use the second network slice. In the possible implementation manner, when the slice control information of multiple UEs is changed, the AAA server may interactively adjust the slice control information of multiple UEs through signaling at a time, thereby reducing the signaling overhead of the AAA server.

In a possible implementation manner of the second aspect, the first information further includes a second identity of the first UE, where the second identity is an identity of the first UE in the first network slice.

In a possible implementation manner of the second aspect, the first information is carried in an authorization request message of the first network slice, and the second information is carried in an authorization response message of the first network slice; or, the first information is carried in the authentication and authorization request message of the first network slice, and the second information is carried in the authentication and authorization response message of the first network slice.

In a third aspect, a network slice control method is provided, which is applied to an authentication and authorization network element, where the authentication and authorization network element may be an AUSF network element, an NEF network element, an NSSAAF network element, or another network element used for authentication and authorization procedures, and the method includes: receiving first information from an access and mobility management function (AMF) network element, wherein the first information includes slice information of a first network slice and a first identity of a first User Equipment (UE), the slice information may be used to determine the first network slice, for example, the slice information may be S-NSSAI or identity information after mapping of the S-NSSAI, the first identity may be GPSI, and a network slice allowing or to be allowed to be accessed by the first UE includes the first network slice, that is, an allowed NSSAI or a pending NSSAI of the first UE (the first UE may be allowed to be accessed after authentication and authorization is required) includes the S-NSSAI of the first network slice; sending first forwarding information to an authentication, authorization, and accounting AAA server, where the first forwarding information includes a first identifier of the first UE and the slice information or conversion information of the slice information, for example, the slice information is S-NSSAI, the first forwarding information includes conversion information of the slice information (i.e., identification information after obtaining S-NSSAI mapping according to S-NSSAI), or the slice information is S-NSSAI, the first forwarding information includes the slice information (i.e., S-NSSAI), or the slice information is identification information after S-NSSAI mapping, and the first forwarding information includes the slice information (identification information after S-NSSAI mapping); receiving second information from the AAA server, wherein the second information comprises first slice control information, and the first slice control information is information for controlling the first UE to use the first network slice; and sending the second information to the AMF network element.

In a possible implementation manner of the third aspect, the method further includes: receiving third information from the AAA server, wherein the third information comprises second slice control information, and the second slice control information is used for updating the use information of the first UE on the first network slice; and sending third forwarding information to the AMF network element, wherein the third forwarding information comprises second slice control information.

In a possible implementation manner of the third aspect, the network slice that the second UE is allowed or is to be allowed to access includes the first network slice, the third information further includes third slice control information, and the third forwarding information further includes third slice control information, where the third slice control information is used to update information for controlling the second UE to use the first network slice.

In a possible implementation manner of the third aspect, the network slice that the second UE is allowed or is to be allowed to access includes a second network slice, the third information further includes fourth slice control information, and the method further includes: and sending fourth forwarding information to the AMF network element serving the second network slice, wherein the fourth forwarding information comprises fourth slice control information, and the fourth slice control information is used for updating information used for controlling the second UE to use the second network slice.

In a possible implementation manner of the third aspect, the first information further includes at least one of the following items; a second identity of the first UE, AAA server identity; wherein the second identifier is an identifier of the first UE in the first network slice; the first forwarding information may further include: a second identity of the first UE.

In a possible implementation manner of the third aspect, the first information is carried in an authorization request message of the first network slice, and the second information sent to the AMF network element is carried in an authorization response message of the first network slice.

In a fourth aspect, a communication apparatus is provided, which is an access and mobility management function AMF network element or a chip built in the AMF network element, and includes: a sending unit, configured to send first information, where the first information includes slice information of a first network slice and a first identifier of a first user equipment UE, and a network slice allowing or to be allowed to be accessed by the first UE includes the first network slice; and the receiving unit is used for receiving second information from the authentication, authorization and accounting AAA server, wherein the second information comprises first slice control information, and the first slice control information is used for controlling the first UE to use the first network slice.

In a possible implementation manner of the fourth aspect, the sending unit is further configured to: and sending the first slice control information to a Unified Data Management (UDM) network element.

In a possible implementation manner of the fourth aspect, the sending unit is further configured to send the first slice control information to a policy control function PCF network element; the receiving unit is further configured to receive authorization slice control information from the PCF network element.

In a possible implementation manner of the fourth aspect, the sending unit is further configured to: and sending the authorization slice control information to the unified data management UDM network element.

In a possible implementation manner of the fourth aspect, the receiving unit is further configured to: third information is received, the third information including second slicing control information for updating information for controlling the first UE to use the first network slicing.

In a possible implementation manner of the fourth aspect, the network slice that the second UE is allowed or is to be allowed to access includes the first network slice, and the third information further includes third slice control information, where the third slice control information is used to update information for controlling the second UE to use the first network slice.

In a possible implementation manner of the fourth aspect, the apparatus further includes: a processing unit to store information for controlling use of the first network slice by the first UE in a context of the first UE.

In a possible implementation manner of the fourth aspect, the receiving unit is further configured to acquire authorization indication information of a network slice to which the first UE is allowed to access; the processing unit is further configured to determine that the first network slice requires authorization according to the authorization indication information.

In a possible implementation manner of the fourth aspect, the receiving unit is further configured to: acquiring authorization indication information from local; or acquiring subscription information of the first UE from the unified data management UDM network element, wherein the subscription information comprises authorization indication information; or, obtaining authorization indication information from a network slice selection function NSSF network element.

In a possible implementation manner of the fourth aspect, the first information further includes a second identifier of the first UE, where the second identifier is an identifier of the first UE in the first network slice.

In a possible implementation manner of the fourth aspect, the network slice that the first UE is allowed or is to be allowed to access includes at least one network slice, the at least one network slice includes a first network slice, and the receiving unit is further configured to: a second identification of the first UE in each of the at least one network slice is obtained from the first UE.

In a fifth aspect, there is provided a communication apparatus as an authentication, authorization and accounting AAA server or a chip built in the AAA server, the apparatus comprising: a receiving unit, configured to receive first information, where the first information includes slice information of a first network slice and a first identifier of a first user equipment UE, and a network slice allowing or to be allowed to be accessed by the first UE includes the first network slice; a sending unit, configured to send second information to an access and mobility management function (AMF) network element, where the second information includes first slice control information, and the first slice control information is information used to control the first UE to use the first network slice.

In a possible implementation manner of the fifth aspect, the sending unit is further configured to: and when it is determined that the first slice control information is changed, sending third information to the AMF network element, where the third information includes second slice control information, and the second slice control information is used to update information for controlling the first UE to use the first network slice.

In a possible implementation manner of the fifth aspect, the network slice to which the second UE is allowed or is to be allowed to access includes a first network slice, and when it is determined that the slice control information of the second UE in the first network slice is changed, the third information further includes third slice control information, where the third slice control information is used to update information for controlling the second UE to use the first network slice.

In a possible implementation manner of the fifth aspect, the network slice that the second UE is allowed or is to be allowed to access includes a second network slice, and when it is determined that the slice control information of the second UE in the second network slice is changed, the third information further includes fourth slice control information, and the fourth slice control information is used to update information for controlling the second UE to use the second network slice.

In a possible implementation manner of the fifth aspect, the first information further includes a second identifier of the first UE, where the second identifier is an identifier of the first UE in the first network slice.

In one possible implementation manner of the fifth aspect, the slice information includes: the single network slice of the first network slice selects the side information S-NSSAI.

In one possible implementation manner of the fifth aspect, the first identifier includes: the generic public user identity GPSI.

In a possible implementation manner of the fifth aspect, the first information is carried in an authorization request message of the first network slice, and the second information is carried in an authorization response message of the first network slice; or, the first information is carried in the authentication and authorization request message of the first network slice, and the second information is carried in the authentication and authorization response message of the first network slice.

In a sixth aspect, a communication apparatus is provided, where the apparatus is used as an authentication and authorization network element or a chip built in the authentication and authorization network element, and the authentication and authorization network element may be an AUSF network element, an NEF network element, a NAASSF network element, or another network element used for authentication and authorization procedures, and the apparatus includes: a receiving unit, configured to receive first information from an access and mobility management function (AMF) network element, where the first information includes slice information of a first network slice and a first identifier of a first User Equipment (UE), and a network slice allowed or to be allowed to be accessed by the first UE includes the first network slice; a sending unit, configured to send first forwarding information to an authentication, authorization, and accounting AAA server, where the first forwarding information includes a first identifier of a first UE and the slice information or conversion information of the slice information; a receiving unit, further configured to receive second information from the AAA server, where the second information includes first slice control information, and the first slice control information is information for controlling the first UE to use the first network slice; and the sending unit is further configured to send the second information to the AMF network element.

In one possible implementation manner of the sixth aspect, the slice information includes: the single network slice of the first network slice selects the side information S-NSSAI.

In a possible implementation manner of the sixth aspect, the first identifier includes: the generic public user identity GPSI.

In a possible implementation manner of the sixth aspect, the receiving unit is further configured to receive third information from the AAA server, where the third information includes second slice control information, and the second slice control information is used to update the usage information of the first network slice by the first UE; the sending unit is further configured to send third forwarding information to the AMF network element, where the third forwarding information includes second slice control information.

In a possible implementation manner of the sixth aspect, the network slice that the second UE is allowed or is to be allowed to access includes the first network slice, the third information further includes third slice control information, and the third forwarding information further includes third slice control information, where the third slice control information is used to update information for controlling the second UE to use the first network slice.

In a possible implementation manner of the sixth aspect, the network slice that the second UE is allowed or is to be allowed to access includes a second network slice, the third information further includes fourth slice control information, and the sending unit is further configured to: and sending fourth forwarding information to an AMF network element serving the second network slice, wherein the fourth forwarding information comprises fourth slice control information, and the fourth slice control information is used for updating information used for controlling the second UE to use the second network slice.

In one possible implementation manner of the sixth aspect, the slice information includes: the single network slice selection assistance information S-NSSAI for the first network slice.

In a possible implementation manner of the sixth aspect, the first information further includes at least one of the following items; a second identity of the first UE, AAA server identity; wherein the second identifier is an identifier of the first UE in the first network slice; the first forwarding information further includes: a second identity of the first UE.

In a possible implementation manner of the sixth aspect, the first information is carried in an authorization request message of the first network slice, and the second information sent to the AMF network element is carried in an authorization response message of the first network slice.

In a seventh aspect, a communication apparatus is provided, which is an access and mobility management function AMF network element or a chip built in the AMF network element, and includes a processor and a communication interface, where the processor is configured to execute a computer program or instructions to enable the apparatus to implement the network slice control method as provided in the first aspect or any possible implementation manner of the first aspect.

In an eighth aspect, a communication apparatus is provided, which is an authentication, authorization and accounting AAA server or a chip built in the AAA server, and includes a processor and a communication interface, wherein the processor is configured to execute a computer program or instructions to cause the apparatus to implement the network slice control method as provided in the second aspect or any one of the possible implementations of the second aspect.

A ninth aspect provides a communication apparatus, which is an authentication and authorization network element or a chip built in the authentication and authorization network element, where the authentication and authorization network element may be an AUSF network element, an NEF network element, a NAASSF network element, or other network elements used for authentication and authorization processes, and includes a processor and a communication interface, where the processor is configured to execute a computer program or instructions to enable the apparatus to implement the network slice control method provided in the third aspect or any possible implementation manner of the third aspect.

In a tenth aspect, there is provided a communication system comprising: an access and mobility management function AMF network element, an authentication and authorization network element and an authentication, authorization and accounting AAA server; the AMF network element is any one of the possible implementation manners of the fourth aspect, or the AMF network element provided in the seventh aspect, the AAA server is any one of the possible implementation manners of the fifth aspect, or the AAA server provided in the eighth aspect, and the authentication and authorization network element is the authentication and authorization network element provided in the sixth aspect, any one of the possible implementation manners of the sixth aspect, or the ninth aspect.

In an eleventh aspect, a network slice control method is provided, and is applied to an access and mobility management function AMF network element or a session management function SMF network element, and the method includes: determining the number of User Equipment (UE) accessed on a network slice and/or the number of Protocol Data Unit (PDU) sessions; and when the first reporting condition is met, sending first information, wherein the first information comprises the UE number and/or the PDU session number.

In the above technical solution, the AMF network element or the SMF network element may send first information, where the first information includes the number of UEs accessed to a network slice and/or the number of PDU sessions, and the AAA-S may receive the first information, so that the AAA-S may sense the resource usage condition of the network slice, and control the resource of the network slice based on the number of UEs and/or the number of PDU sessions included in the first information, thereby implementing control of the network slice, and improving flexibility of network slice control and user experience.

In a possible implementation manner of the eleventh aspect, before determining the number of UEs and/or PDU sessions accessed on the network slice, the method further includes: acquiring first configuration information, wherein the first configuration information comprises single network slice selection auxiliary information S-NSSAI of the network slice and authorization indication information, and the authorization indication information is used for indicating whether slice resource control needs to be executed or not. In the possible implementation manner, the AMF element or the SMF element may dynamically report the first information in the authorization process of the network slice, and the AAA server may dynamically adjust the configuration information of the network slice, so as to improve flexibility of network slice control and user experience.

In a possible implementation manner of the eleventh aspect, the first configuration information further includes a first reporting condition, and the first reporting condition includes at least one of the following conditions: the UE number reaches a first preset value, the PDU session number reaches a second preset value, the increment of the UE number reaches a third preset value, the increment of the PDU session number reaches a fourth preset value, and the increment of the UE number in a reporting period and a time window reaches a fifth preset value or the increment of the PDU session number in the time window reaches a sixth preset value. In the possible implementation manner, the AMF network element or the SMF network element may be enabled to dynamically report the first information according to the first reporting condition.

In one possible implementation manner of the eleventh aspect, the method further includes: second configuration information is received, the second configuration information being used to control resources of the network slice. In the possible implementation manner, the AAA server may dynamically adjust the configuration information of the network slice through the second configuration information, thereby improving the flexibility of network slice control and the user experience.

In one possible implementation manner of the eleventh aspect, the second configuration information includes at least one of: a second reporting condition, wherein the number of the remaining UEs that the network slice can access, the number of the remaining PDU sessions that the network slice can access, the increment of the number of the UEs reaches a seventh preset value, the increment of the number of the PDU sessions reaches an eighth preset value, the number of the UEs in the time window reaches a ninth preset value, or the increment of the number of the PDU sessions in the time window reaches a tenth preset value; the second reporting condition is used for indicating a condition for reporting the first information of the network slice next time. In the possible implementation manner, the AAA server may dynamically adjust the reporting condition of the first information through the second configuration information.

In a possible implementation manner of the eleventh aspect, when the method is applied to an AMF network element, the sending the first information includes: sending an authorization request message to an authentication authorization network element, wherein the authorization request message comprises first information; correspondingly, receiving second configuration information, including: and receiving an authorization response message sent by the authentication and authorization network element, wherein the authorization response message comprises second configuration information. In the possible implementation manner, the AMF network element may dynamically report the first information in the authorization process of the network slice, and the AAA server dynamically adjusts and controls the network slice, thereby improving flexibility of controlling the network slice and user experience.

In a possible implementation manner of the eleventh aspect, when the method is applied to an SMF network element, the sending the first information includes: sending first information to an AAA server through a UPF network element; correspondingly, receiving second configuration information, including: and receiving the second configuration information from the AAA server through the UPF network element. In the possible implementation manner, the SMF network element may dynamically report the first information, and the AAA server dynamically adjusts and controls the network slice, thereby improving flexibility of controlling the network slice and user experience.

In a twelfth aspect, a network slice control method is provided, which is applied in an authentication, authorization and accounting AAA server, and the method includes: receiving first information, wherein the first information comprises the number of User Equipment (UE) accessed on a network slice and/or the number of Protocol Data Unit (PDU) sessions.

In a possible implementation manner of the twelfth aspect, before receiving the first information, the method further includes: and sending first configuration information, wherein the first configuration information is used for configuring resources of the network slice, and the first configuration information comprises single network slice selection auxiliary information S-NSSAI and authorization indication information of the network slice.

In a possible implementation manner of the twelfth aspect, the first configuration information further includes a first reporting condition of the first information, and the first reporting condition includes at least one of the following conditions: the UE number reaches a first preset value, the PDU session number reaches a second preset value, the increment of the UE number reaches a third preset value, the increment of the PDU session number reaches a fourth preset value, and the increment of the UE number in a reporting period and a time window reaches a fifth preset value or the increment of the PDU session number in the time window reaches a sixth preset value.

In a possible implementation manner of the twelfth aspect, the method further includes: and determining to send second configuration information according to the UE number and/or the PDU session number, wherein the second configuration information is used for controlling the resource of the network slice.

In one possible implementation manner of the twelfth aspect, the second configuration information includes at least one of: a second reporting condition, wherein the number of the remaining UEs accessible to the network slice, the number of the remaining PDU sessions accessible to the network slice, an increase of the number of the UEs reaches a seventh preset value, an increase of the number of the PDU sessions reaches an eighth preset value, and the number of the UEs in the time window reaches a ninth preset value or the increase of the number of the PDU sessions in the time window reaches a tenth preset value; the second reporting condition is used for indicating a condition for reporting the first information of the network slice next time.

In a possible implementation manner of the twelfth aspect, the receiving the first information includes: receiving a first message from an authentication and authorization network element, wherein the first message comprises first information, and the first information is sent to the authentication and authorization network element by an AMF network element through an authorization request message; correspondingly, the sending of the second configuration information includes: and sending a second message to the authentication and authorization network element, wherein the second message comprises second configuration information, so that the authentication and authorization network element sends the second configuration information to the AMF network element through an authorization response message.

In a possible implementation manner of the twelfth aspect, the receiving the first information includes: receiving first information from the SMF through a UPF network element; correspondingly, the sending of the second configuration information includes: and sending the second configuration information to the SMF through the UPF network element.

In a thirteenth aspect, a communication device is provided, where the device is an AMF network element, a chip built in the AMF network element, a session management function SMF network element, or a chip built in the SMF network element, and the device includes: the processing unit is used for determining the number of User Equipment (UE) accessed on a network slice and/or the number of Protocol Data Unit (PDU) sessions; and the sending unit is used for sending first information when the first reporting condition is met, wherein the first information comprises the UE number and/or the PDU session number.

In a possible implementation manner of the thirteenth aspect, the apparatus further includes: a receiving unit, configured to obtain first configuration information, where the first configuration information includes single network slice selection assistance information S-NSSAI of the network slice and authorization indication information, and the authorization indication information is used to indicate whether slice resource control needs to be performed.

In a possible implementation manner of the thirteenth aspect, the first configuration information further includes a first reporting condition, and the first reporting condition includes at least one of the following conditions: the UE number reaches a first preset value, the PDU session number reaches a second preset value, the increment of the UE number reaches a third preset value, the increment of the PDU session number reaches a fourth preset value, and the increment of the UE number in a reporting period and a time window reaches a fifth preset value or the increment of the PDU session number in the time window reaches a sixth preset value.

In a possible implementation manner of the thirteenth aspect, the apparatus further includes: and the receiving unit is used for receiving second configuration information, and the second configuration information is used for controlling the resources of the network slice.

In one possible implementation manner of the thirteenth aspect, the second configuration information includes at least one of: a second reporting condition, wherein the number of the remaining UEs accessible to the network slice, the number of the remaining PDU sessions accessible to the network slice, an increase of the number of the UEs reaches a seventh preset value, an increase of the number of the PDU sessions reaches an eighth preset value, and the number of the UEs in the time window reaches a ninth preset value or the increase of the number of the PDU sessions in the time window reaches a tenth preset value; the second reporting condition is used for indicating a condition for reporting the first information of the network slice next time.

In a possible implementation manner of the thirteenth aspect, when the apparatus is an AMF network element or a chip built in the AMF network element, the sending unit is further configured to: sending an authorization request message to an authentication authorization network element, wherein the authorization request message comprises first information; correspondingly, the receiving unit is further configured to receive an authorization response message sent by the authentication and authorization network element, where the authorization response message includes the second configuration information.

In a possible implementation manner of the thirteenth aspect, when the apparatus is applied to an SMF network element or a chip built in the SMF network element, the sending unit is further configured to send the first information to the AAA server through the UPF network element; correspondingly, the receiving unit is further configured to receive the second configuration information from the AAA server through the UPF network element.

In a fourteenth aspect, a communication apparatus is provided, where the apparatus is an AAA server or a chip built in the AAA server for authentication, authorization, and accounting, and the apparatus includes: a receiving unit, configured to receive first information, where the first information includes a number of User Equipments (UEs) accessed on a network slice and/or a number of Protocol Data Unit (PDU) sessions.

In a possible implementation manner of the fourteenth aspect, the apparatus further includes: a sending unit, configured to send first configuration information, where the first configuration information is used to configure a resource of a network slice, and the first configuration information includes single network slice selection assistance information S-NSSAI of the network slice and authorization indication information.

In a possible implementation manner of the fourteenth aspect, the first configuration information further includes a first reporting condition of the first information, and the first reporting condition includes at least one of the following conditions: the UE number reaches a first preset value, the PDU session number reaches a second preset value, the increment of the UE number reaches a third preset value, the increment of the PDU session number reaches a fourth preset value, and the increment of the UE number in a reporting period and a time window reaches a fifth preset value or the increment of the PDU session number in the time window reaches a sixth preset value.

In a possible implementation manner of the fourteenth aspect, the apparatus further includes: and a sending unit, configured to determine to send second configuration information according to the number of UEs and/or the number of PDU sessions, where the second configuration information is used to control resources of a network slice.

In one possible implementation manner of the fourteenth aspect, the second configuration information includes at least one of: a second reporting condition, wherein the number of the remaining UEs accessible to the network slice, the number of the remaining PDU sessions accessible to the network slice, an increase of the number of the UEs reaches a seventh preset value, an increase of the number of the PDU sessions reaches an eighth preset value, and the number of the UEs in the time window reaches a ninth preset value or the increase of the number of the PDU sessions in the time window reaches a tenth preset value; the second reporting condition is used for indicating a condition for reporting the first information of the network slice next time.

In a possible implementation manner of the fourteenth aspect, the receiving unit is further configured to: receiving a first message from an authentication and authorization network element, wherein the first message comprises first information, and the first information is sent to the authentication and authorization network element by an AMF network element through an authorization request message; correspondingly, the sending unit is further configured to: and sending a second message to the authentication and authorization network element, wherein the second message comprises second configuration information, so that the authentication and authorization network element sends the second configuration information to the AMF network element through an authorization response message.

In a possible implementation manner of the fourteenth aspect, the receiving unit is further configured to: receiving first information from the SMF through a UPF network element; correspondingly, the sending unit is further configured to: and sending the second configuration information to the SMF through the UPF network element.

A fifteenth aspect provides a communications apparatus, which, as an access and mobility management function, AMF, network element, a chip built in an AMF, session management function, SMF, network element, or a chip built in an SMF, network element, comprising a processor and a communications interface, the processor being configured to execute a computer program or instructions to cause the apparatus to implement the network slice control method as provided in the eleventh aspect or any one of the possible implementations of the eleventh aspect.

A sixteenth aspect provides a communication apparatus, which is an authentication, authorization and accounting AAA server or a chip built in an AAA server, comprising a processor and a communication interface, the processor being configured to execute a computer program or instructions to cause the apparatus to implement the network slice control method as provided by the twelfth aspect or any one of the possible implementations of the twelfth aspect.

In a seventeenth aspect, a communication system is provided, which includes: access and mobility management function AMF network element/session management function SMF network element, authentication, authorization and accounting AAA server; wherein, the AMF network element/SMF network element is the communication apparatus provided in any one of the thirteenth aspect, the thirteenth implementation manner, or the fifteenth aspect; the AAA server is the communication device provided in the fourteenth aspect, any possible implementation manner of the fourteenth aspect, or the sixteenth aspect.

In another aspect of the present application, a readable storage medium is provided, which has instructions stored therein, and when the readable storage medium is executed on a device, the readable storage medium causes the device to execute the network slice control method as provided in the first aspect or any one of the possible implementations of the first aspect.

In another aspect of the present application, a readable storage medium is provided, which has instructions stored therein, and when the readable storage medium is run on a device, the readable storage medium causes the device to execute the network slice control method as provided by the second aspect, or any one of the possible implementations of the second aspect.

In another aspect of the present application, a readable storage medium is provided, which has instructions stored therein, and when the readable storage medium is run on a device, the readable storage medium causes the device to execute the network slice control method as provided in the third aspect or any one of the possible implementations of the third aspect.

In another aspect of the present application, there is provided a computer program product comprising instructions that, when run on a device, cause the device to perform the network slice control method as provided by the first aspect, or any one of its possible implementations.

In another aspect of the present application, there is provided a computer program product comprising instructions which, when run on an apparatus, cause the apparatus to perform the network slice control method as provided by the second aspect, or any one of the possible implementations of the second aspect.

In another aspect of the present application, there is provided a computer program product comprising instructions that, when run on a device, cause the device to perform the network slice control method as provided in the third aspect, or any one of the possible implementations of the third aspect.

In another aspect of the present application, a readable storage medium is provided, which has instructions stored therein, and when the readable storage medium is run on a device, the readable storage medium causes the device to execute the network slice control method as provided in the eleventh aspect or any one of the possible implementations of the eleventh aspect.

In another aspect of the present application, a readable storage medium is provided, which has stored therein instructions, which when run on a device, cause the device to execute a network slice control method as provided by the twelfth aspect, or any one of its possible implementations.

In another aspect of the present application, there is provided a computer program product comprising instructions which, when run on an apparatus, cause the apparatus to perform the network slice control method as provided by the eleventh aspect or any one of the possible implementations of the eleventh aspect.

In another aspect of the present application, there is provided a computer program product comprising instructions that, when run on an apparatus, cause the apparatus to perform the network slice control method as provided by the twelfth aspect or any one of the possible implementations of the twelfth aspect.

It should be noted that, for the beneficial effects of the second aspect to the tenth aspect and various possible implementation manners of the second aspect in the present application, reference may be made to analysis of the beneficial effects of the first aspect and various possible implementation manners of the first aspect, and for the beneficial effects of the twelfth aspect to the seventeenth aspect and various possible implementation manners of the second aspect in the present application, reference may be made to analysis of the beneficial effects of the eleventh aspect and various possible implementation manners of the eleventh aspect, which is not described herein again.

Drawings

Fig. 1 is a schematic structural diagram of a communication system according to an embodiment of the present application;

fig. 2 is a schematic flowchart of a first network slice control method according to an embodiment of the present application;

fig. 3 is a flowchart illustrating a second network slice control method according to an embodiment of the present application;

fig. 4 is a diagram illustrating a third information transmission according to an embodiment of the present application;

fig. 5 is a flowchart illustrating a third network slice control method according to an embodiment of the present application;

fig. 6 is a schematic flowchart of a fourth network slice control method according to an embodiment of the present application;

fig. 7 is a schematic flowchart of a fifth network slice control method according to an embodiment of the present application;

fig. 8 is a flowchart illustrating a sixth network slice control method according to an embodiment of the present application;

fig. 9 is a schematic structural diagram of an AMF network element according to an embodiment of the present application;

fig. 10 is a schematic structural diagram of another AMF network element according to an embodiment of the present application;

fig. 11 is a schematic structural diagram of an authentication and authorization network element according to an embodiment of the present application;

fig. 12 is a schematic structural diagram of another authentication and authorization network element provided in an embodiment of the present application;

fig. 13 is a schematic structural diagram of an AAA-S network element according to an embodiment of the present application;

fig. 14 is a schematic structural diagram of another AAA-S provided in the embodiment of the present application.

Detailed Description

In this application, "at least one" means one or more, "a plurality" means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone, wherein A and B can be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of the singular or plural items. For example, at least one (one) of a, b, or c, may represent: a. b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c can be single or multiple. In addition, in the embodiments of the present application, the words "first", "second", and the like do not limit the number and the execution order.

It is noted that, in the present application, words such as "exemplary" or "for example" are used to mean exemplary, illustrative, or descriptive. Any embodiment or design described herein as "exemplary" or "e.g.," is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word "exemplary" or "such as" is intended to present concepts related in a concrete fashion.

In order to facilitate understanding of the technical solutions of the embodiments of the present application, a brief description of the related art of the present application is first given as follows:

network Slice (NS), which may also be referred to as a slice network or simply as a slice, refers to customizing different logical networks according to service requirements of services of different tenants (tenants) on a physical or virtual network infrastructure. The network slice may be a complete end-to-end network including a User Equipment (UE), an access network, a transmission network, a core network, and a service server, or a complete end-to-end network including only a core network but supplemented with a UE, an access network, a transmission network, and a service server, which can provide a complete communication service and has a certain network capability, and may be a communication resource that ensures that a bearer service or a service can meet a service level agreement, or may be considered as a combination of a network function and a communication resource that is required to complete a certain communication service or certain communication services. A network slice may be identified by single network slice selection assistance information (S-NSSAI). The S-NSSAI is composed of a slice/service type (SST) and a slice differentiation identifier (SD). Wherein SST and SD may be defined by a standard or customized by an operator; SD is optional information to supplement SST to distinguish multiple network slices of the same SST, such as may be used to characterize the affiliation of a network slice. The type and effect of NSSAI as defined in the 23.501 standard is shown in table 1 below.

TABLE 1

In addition, after the introduction of slice authentication and authorization, there is also a type of NSSAI to be allowed (which may be referred to as a pending NSSAI), which may also be referred to as an NSSAI requiring authentication and authorization or an NSSAI to be processed. The pending NSSAI may be included in the allowed NSSAI after the pending NSSAI is authorized by the authentication, that is, the UE may be allowed to access the pending NSSAI after the pending NSSAI is authorized by the authentication.

Protocol Data Unit (PDU) session (session): an association between a UE and a data network provides a PDU connect service. Within a communication system, such as a 5G network or a 5G communication system, a PDU session may contain one or more quality of service (QoS) flows. A QoS flow refers to a data transmission channel of a UE in the communication system (e.g., in a 5G network or a 5G communication system) that meets a specific QoS quality requirement, and may be identified by a QoS Flow Identity (QFI). On the UE and network side, a PDU session may contain the following attribute information: a Data Network Name (DNN), address information (e.g., an Internet Protocol (IP) address, a Media Access Control (MAC) address, etc.), S-NSSAI, a Service and Session Continuity (SSC) pattern, etc. A PDU session is typically identified by a PDU session identity, which may be assigned by the UE.

The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.

Fig. 1 is a schematic diagram of a communication system architecture according to an embodiment of the present application. As shown in fig. 1, the communication system includes: UE, radio access network (RAN/AN) and core network. Further, the communication system may further include a Data Network (DN), where the DN may refer to a service network providing data transmission service for the user, such as an IP Multimedia Service (IMS), an internet (internet), and the like.

The UE may be a Terminal Equipment (TE), a handheld terminal, a notebook, a subscriber unit (subscriber unit), a cellular phone (cellular phone), a smart phone (smart phone), a wireless data card, a Personal Digital Assistant (PDA) computer, a tablet computer, a vehicle terminal, a wearable device, a wireless modem (modem), a handheld device (hand-held), a laptop computer (laptop computer), a cordless phone (cordless phone), a Wireless Local Loop (WLL) station, a Machine Type Communication (MTC) terminal, or other devices that can access a network. The UE and the access network equipment adopt a certain air interface technology to communicate with each other.

In addition, the access network is used to implement wireless access-related functions, and may include a third generation partnership project (3 GPP) access network and a non-3GPP access network. The access network device may refer to a device providing access service for the UE, and includes a RAN device and AN device. The RAN device is mainly a wireless network device in a 3GPP network, and the AN may be AN access network device defined by non-3 GPP. The RAN device is mainly responsible for functions of radio resource management, quality of service (QoS) management, data compression and encryption, etc. on the air interface side. The RAN equipment may include various forms of base stations, such as: macro base stations, micro base stations (also known as small stations), relay stations, access points, etc. In systems using different radio access technologies, the names of devices having a base station function may be different, for example, in the fifth generation (5G) system, referred to as RAN or gNB (5G NodeB); in an LTE system, referred to as an evolved node B (eNB or eNodeB); in third generation (3 rd generation, 3G) systems, they are referred to as Node Bs, etc. The AN device allows interworking between the UE and the 3GPP core network using non-3GPP technologies, such as: wireless fidelity (Wi-Fi), worldwide Interoperability for Microwave Access (WiMAX), code Division Multiple Access (CDMA) networks, and the like.

Furthermore, the core network may include the following logical network elements: a Session Management Function (SMF) network element, an access and mobility management Function (AMF) network element, an authentication server Function (AUSF) network element, a User Plane Function (UPF) network element, an Application Function (AF) network element, a Unified Data Management (UDM) network element, a Policy Control Function (PCF) network element, a network storage Function (NRF) network element, a network open Function (NEF) network element, and a Network Slice Selection Function (NSSF) network element, etc. The functions of different core network elements are described below, and specifically shown below.

The SMF network element: a core network control plane network element, which is mainly responsible for session management in the mobile network, such as session establishment, modification and release; the specific functions include allocating an IP address to a user, selecting a UPF providing a message forwarding function, and the like.

AMF network element: the core network control plane network element is mainly responsible for mobility management in a mobile network, such as user location update, user registration network, user handover, and the like.

AUSF network element: the core network control plane network element is a control plane network element provided by an operator, and is used for performing authentication, for example, for performing authentication of a subscriber of the 3GPP network.

UPF network element: the core network user plane network element is used for forwarding and receiving user data in the UE, receiving the user data from the DN and transmitting the user data to the UE through the access network equipment; the UPF network element can also receive user data from the UE through the access network equipment and forward the user data to the DN.

AF network element: mainly supports the interaction with the 3GPP core network to provide services, such as influencing data routing decision, strategy control function or providing some services of a third party to the network side.

UDM network element: the core network control plane network element is used for storing user subscription data, generating an authentication trust shape, processing a user identifier (for example, storing and managing a user permanent identity, and the like), accessing authorization control, subscription data management, and the like.

PCF network element: the core network control plane network element mainly supports providing a unified strategy framework to control network behaviors, provides strategy rules for a control layer network function, and is responsible for acquiring user subscription information related to strategy decision.

NRF network element: and the core network control plane network element is used for supporting the service discovery function and also can be used for maintaining the information of the network functional network elements which can be used and the services which are respectively supported.

NEF network element: and the core network control plane network element is mainly used for being responsible for the external opening of the mobile network capability.

NSSF network element: the core network control plane network element is mainly used for a slicing service of 5G, for example, is responsible for selecting a target Network Slice Instance (NSI). Optionally, the NSSF network element may also be replaced with a Network Slice Specific Authentication and Authorization Function (NSSAAF) network element.

Optionally, in order to implement the functions related to authentication and authorization for the slice, a network slice-specific authentication and authorization function (nsaaf) network element may be introduced.

In the communication system shown in fig. 1, a UE may communicate with AN AMF network element through AN N1 interface, AN R (AN) device may communicate with the AMF network element through AN N2 interface, AN R (AN) device may communicate with a UPF network element through AN N3 interface, and a UPF network element may communicate with a DN through AN N4 interface. In addition, the network elements in the core network may communicate through a service interface, for example, the service interface may include: n is a radical of hydrogen _NSSF Interface, N _nef Interface, N _nrf Interface, N _pcf Interface, N _udm Interface, N _af Interface, N _ausf Interface, N _AMF Interface and N _nsm Interfaces, etc. It is to be understood that in the communication system shown in fig. 1 described above, the functions and interfaces of the network elements are only exemplary, and not all the functions of the network elements are necessary when the network elements are applied to the embodiments of the present application.

Further, in the present application, the communication system may further include: an Authentication Authorization and Accounting (AAA) server, which may also be referred to as AAA-S. The AAA-S may communicate with the AMF network element through an intermediate network element supporting the AAA-S to communicate with the AMF network element, where the intermediate network element may be an AUSF network element, a NEF network element, an NSSAAF network element, or other network elements used for authentication and authorization procedures. Optionally, the communication system may further include: authentication authorization and accounting proxy (AAA-P). When the AAA-S communicates with the AMF network element, the AAA-S can communicate with the AAA-P first, and the AAA-P sends the communication information of the AAA-S to the AMF network element through an AUSF network element, an NEF network element or an NSSAAF network element and other intermediate network elements; similarly, the AMF network element sends the communication information to the AAA-P through an intermediate network element such as an AUSF network element, an NEF network element, or an NSSAAF network element, and the AAA-P sends the communication information to the AAA-S.

Fig. 2 is a flowchart illustrating a network slice control method according to an embodiment of the present application, where the method is applicable to the communication system described in fig. 1, and the method includes the following steps.

S201: the AMF network element sends first information so that the AAA-S receives the first information, wherein the first information comprises slice information of a first network slice and a first identifier of a first UE, and the network slice which is allowed or to be allowed to be accessed by the first UE comprises the first network slice.

The slice information of the first network slice may be used to identify, select, or determine the first network slice, for example, the slice information may be S-NSSAI of the first network slice, or the slice information may be S-NSSAI mapped identification information of the first network slice, and the mapped identification may be referred to as a mapped identification hereinafter, and the mapped identification is used for an external network or a third-party network to identify the network slice, and may also be referred to as a slice external identification. The first identity of the first UE may be used to identify the first UE in the entire communication system, for example, the first identity of the first UE may be a general public user identity (GPSI) of the first UE.

In addition, the network slice (allowed NSSAI) to which the first UE is allowed to access may include at least one network slice, i.e., the allowed NSSAI may include one or more S-NSSAIs. The at least one network may include a first network slice, and the first network slice may be a network slice of the at least one network that requires authorization. Alternatively, the network slice (pending NSSAI may also be referred to as an NSSAI requiring authentication and authorization or an NSSAI to be processed) to which the first UE is to be allowed to access may include at least one network slice, i.e., the pending NSSAI may include one or more S-NSSAIs. The at least one network slice may include a first network slice. The pending NSSAI may be included in an allowed NSSAI after the pending NSSAI is authorized by the authentication, i.e., the UE may be allowed to access the pending NSSAI after the pending NSSAI is authorized by the authentication. The allowed and to-be-allowed NSSAI is a network slice temporarily allowing the first UE to access, wherein if the network slice contained in the allowed and to-be-allowed NSSAI needs authentication and authorization, the network slice is a slice waiting for processing, and the network slice can allow the UE to access only after the authentication and authorization passes; otherwise, the UE is not allowed to access.

Further, the AMF network element may be an AMF network element serving the first UE. In this embodiment of the present application, the AMF network element may also be replaced with other network elements capable of initiating a network slice control procedure, which is not specifically limited in this embodiment of the present application.

Specifically, when the AMF network element determines that the first network slice needs authorization, the AMF network element may send first information to the authentication and authorization network element in an authorization procedure of the first network slice (that is, the first information may be carried in an authorization request message), or send first information to the authentication and authorization network element in an authentication and authorization procedure of the first network slice (that is, the first information may be carried in an authentication and authorization request message), where the first information may include the S-nsai of the first network slice and the GPSI of the first UE. When the authentication and authorization network element receives the first information, the authentication and authorization network element may send first forwarding information to the AAA-S, where the first forwarding information may include the S-NSSAI of the first network slice and the GPSI of the first UE, or the first forwarding information includes the mapping identifier of the first network slice and the GPSI of the first UE, and the first forwarding information may be information equivalent to the first information, so that the first forwarding information may also be replaced with or referred to as the first information. Optionally, when the authentication and authorization network element cannot directly communicate with the AAA-S, the authentication and authorization network element may send the first forwarding information to the AAA-P, and when the AAA-P receives the first forwarding information, the AAA-P may send the first forwarding information to the AAA-S. Optionally, if the AAA-S manages only one network slice, the first information or the first forwarding information received by the AAA-S may also not include slice information of the first network slice, for example, the first information does not include S-NSSAI of the first network slice.

It should be noted that, the authentication and authorization network element in the embodiment of the present application may be any network element that can support the communication between the AMF network element and the AAA-S and has an authentication and authorization function, for example, the authentication and authorization network element may be an AUSF network element, an NEF network element, or an NSSAAF network element, and the embodiment of the present application does not specifically limit this.

In a possible embodiment, the first information may further include a second identity of the first UE in the first network slice, and the second identity may be used to identify the first UE in the first network slice, for example, the second identity of the first UE may be a slice-specific identity (slice-specific ID) of the first UE in the first network slice. The second identifier of the first UE may be obtained by the AMF network element from the first UE, and when there are multiple network slices that need authorization in at least one network slice that the first UE is allowed to access, the AMF network element may obtain the second identifier of the first UE in the multiple network slices that need authorization from the first UE at one time, or obtain one or more second identifiers from the first UE at each time, and obtain the second identifier of the first UE in the multiple network slices that need authorization through multiple obtaining processes.

In another possible embodiment, the first information sent by the AMF network element to the authentication and authorization network element may further include an identifier of AAA-S, where the identifier of AAA-S may be used for the authentication and authorization network element to address AAA-S; when the authentication and authorization network element cannot directly communicate with the AAA-S, the first forwarding information sent by the authentication and authorization network element to the AAA-P may also include an identifier of the AAA-S, and the identifier of the AAA-S may be used for the AAA-P to address the AAA-S. The first information or first forwarding information received by the AAA-S may not include the identity of the AAA-S.

Specifically, when the AAA-S receives the first information, the AAA-S may perform an authorization check based on the first information and determine the first slice control information. Specifically, when the first information includes slice information of the first network slice and a first identity of the first UE, the AAA-S may determine the first network slice according to the slice information of the first network slice, so as to perform an authorization check on the first network slice according to the first identity of the first UE; when the first information further includes the second identity of the first UE, the AAA-S may further perform an authorization check on the first network slice according to the second identity of the first UE.

Further, the determining, by the AMF network element, that the first network slice requires authorization may include: the AMF network element obtains authorization indication information of a network slice allowing the first UE to access, where the authorization indication information may be used to indicate whether at least one network slice allowing the first UE to access needs authorization, so that the AMF network element may determine that the first network slice needs authorization according to the authorization indication information, that is, the first network slice is a network slice that needs authorization. Wherein, the AMF network element may obtain the authorization indication information locally; or, the AMF network element obtains the authorization indication information when obtaining the subscription information of the first UE, for example, the AMF network element obtains the subscription information of the first UE from the UDM network element, where the subscription information includes the authorization indication information; or, when the authorization indication information is stored in the NSSF network element, the AMF network element may further obtain the authorization indication information from the NSSF network element.

S202: and the AAA-S sends second information so that the AMF network element receives the second information, wherein the second information comprises first slice control information, and the first slice control information is used for controlling the first UE to use the first network slice.

Here, the first slice control information may also be referred to as UE-granular slice control information. For example, the first slice control information may include at least one of: slice aggregation maximum bit rate (slice-AMBR), slice maximum flow bit rate (slice-MFBR), slice guaranteed flow bit rate (slice-GFBR), AMBR (slice-UE-AMBR) of a first UE on a slice, and maximum PDU session number of the first UE on a slice. Wherein. slice-AMBR for controlling a maximum aggregated bit rate of non-GBR QoS flow on a slice of the UE. Slice maximum traffic bit rate (slice-MFBR) for controlling the maximum aggregate bit rate of the GBR QoS flow. An AMBR (slice-UE-AMBR) of a first UE on a slice, for controlling a maximum aggregated bit rate of non-GBR QoS flow and GBR QoS flow on the slice of the UE. GBR is an abbreviation for guaranteed bit rate, english guaranteed bit rate.

Specifically, the AAA-S may send second information to the authentication and authorization network element, or the AAA-S sends the second information to the authentication and authorization network element through AAA-P, where the second information may include the first slice control information; optionally, the second information may further include an S-NSSAI of the first network slice or an external identification of the first network slice. When the authentication and authorization network element receives the second information, the authentication and authorization network element may send second forwarding information to the AMF network element, where the second forwarding information may include the first slice control information; optionally, if the second information includes the S-NSSAI of the first network slice, the second forwarding information may further include the S-NSSAI of the first network slice. If the second information includes the external identifier of the first network slice, the second forwarding information may further include the external identifier of the first network slice or the S-NSSAI of the first network slice, the S-NSSAI being determined according to the external identifier. The second forwarding information may be information equivalent to the second information, and thus the second forwarding information may also be replaced with or referred to as the second information. For example, in the authorization flow of the first network slice, the authentication and authorization network element may send an authorization response message to the AMF network element, where the authorization response message includes the second forwarding information; or, for example, in the authentication and authorization flow of the first network slice, the authentication and authorization network element may send an authentication and authorization response message to the AMF network element, where the authentication and authorization response message includes the second forwarding information.

In one possible embodiment, when the AMF network element receives the second information, the AMF network element may store the first slice control information included in the second information in a context of the first UE. In another possible embodiment, the AMF network element may send the first slice control information to the UDM network element, and when the UDM network element receives the first slice control information, the UDM network element may store the first slice control information, for example, the UDM stores the first slice control information in context information of the first UE. Optionally, the AMF network element may further send the second slice control information to the RAN device or the AN device.

In yet another possible embodiment, the AMF network element sends the first slice control information to the PCF network element, and the PCF network element may send authorization slice control information to the AMF network element, where the authorization slice control information is authorized information for controlling the first UE to use the first network slice, and the authorization slice control information may be the same as the first slice control information or different from the first slice control information. Further, when the AMF network element receives the authorization slice control information, the AMF network element stores the authorization slice control information in context information of the first UE. In addition, the AMF network element may further send the authorization slice control information to the UDM network element, so that the UDM network element stores the authorization slice control information.

In the embodiment of the application, the first information is reported to the AAA-S through the AMF element, the AAA-S issues the first slice control information according to the first information, and the first slice control information is information for controlling the first UE to use the first network slice, so that the AAA-S can reasonably allocate the slice control information to the first UE, and the AMF element can dynamically acquire the slice control information of the first UE, thereby improving flexibility of network slice control and user experience.

Further, as shown in fig. 3, the method further includes: and S203.

S203: and when the AAA-S determines that the first slice control information is changed, the AAA-S sends third information so that the AMF network element receives the third information, wherein the third information comprises second slice control information, and the second slice control information is used for updating information used for controlling the first UE to use the first network slice.

Wherein, the AAA-S may send third information to the authentication and authorization network element, or the AAA-S sends the third information to the authentication and authorization network element through AAA-P, and the third information may include second slice control information; optionally, the third information may further include a first identity of the first UE (e.g., GPSI), and/or slice information of the first network slice (e.g., S-NSSAI, or slice external identity). When the authentication and authorization network element receives the third information, the authentication and authorization network element may send third forwarding information to the AMF network element, where the third forwarding information may include second slice control information, and the third forwarding information may be information equivalent to the third information, and thus the third forwarding information may also be replaced with or referred to as the third information. For example, the authentication and authorization network element may send an authorization notification message to the AMF network element, where the authorization notification message includes the third forwarding information.

Optionally, the network slice allowed or to be allowed to be accessed by the second UE includes the first network slice, and when the AAA-S determines that the slice control information of the second UE in the first network slice is changed, the third information further includes third slice control information, where the third slice control information is used to update information for controlling the second UE to use the first network slice.

Optionally, the network slice that the second UE is allowed or is to be allowed to access includes a second network slice, and when the AAA-S determines that the slice control information of the second UE in the second network slice is changed, the third information further includes fourth slice control information, and the fourth slice control information is used to update information for controlling the second UE to use the second network slice. At this time, if the AMF network element serving the first UE is the same as the AMF network element serving the second UE, the third forwarding information sent by the authentication and authorization network element to the AMF network element may further include fourth slice control information; if the AMF network element serving the first UE is different from the AMF network element serving the second UE, the authentication authorization network element may send the fourth slice control information to the AMF network element serving the second UE, and the third forwarding information sent to the AMF network element serving the first UE does not include the fourth slice control information.

Illustratively, as shown in fig. 4, the method includes: S1-S3b.

S1.AAA-S determines that slice control information of a plurality of UEs is changed, and the description is given by taking an example that the plurality of UEs comprise UE1, UE2, UE3 and UE4, AMF network elements serving the UE1 and the UE2 are AMF1 network elements, AMF network elements serving the UE3 and the UE4 are AMF2 network elements, and AAA-S is in direct communication with an authentication and authorization network element in fig. 4;

s2, the AAA-S sends a first AAA protocol message to an authentication and authorization network element, wherein the first AAA protocol message comprises third information, and the third information comprises a slice control information list of a plurality of UE (user equipment), for example, the slice control information list comprises { GPSI _1, S-NSSAI _1, slice control information 1} corresponding to UE1, { GPSI _2, S-NSSAI _2, slice control information 2} corresponding to UE2, { GPSI _3, S-NSSAI _3, slice control information 3} corresponding to UE3, and { GPSI _4, S-NSSAI _4, slice control information 4} corresponding to UE 4;

s3a, the authentication authorization network element sends a first authorization notification message to an AMF1 network element, wherein the first authorization notification message comprises { GPSI _1, S-NSSAI _1, slice control information 1} and { GPSI _2, S-NSSAI _2, slice control information 2};

and S3b, the authentication and authorization network element sends a second authorization notification message to the AMF2 network element, wherein the second authorization notification message comprises { GPSI _3, S-NSSAI _3, slice control information 3} and { GPSI _4, S-NSSAI _4, slice control information 4}.

When the AMF1 network element receives the first authorization notification message and the AMF2 network element receives the first authorization notification message, the AMF1 network element and the AMF2 network element may update slice control information of the UE respectively and perform subsequent actions.

It should be noted that the slice control information list sent by the AAA-S may also be in other formats, for example, the slice control information of different UEs in the same network slice may be located in one piece of information in the slice control information list, or the slice control information of the same UE in different network slices may be located in one piece of information in the slice control information list, or the arrangement order of different pieces of information of the same UE may also be different, and the like, which is not limited in this embodiment of the present application. For example, the slice control information of UE1 and UE2 on the same network slice may be represented as S-NSSAI _1: GPSI1, slice control information 1; GPSI2, slice control information 2}; alternatively, the slice control information of UE1 on different network slices may be represented as { GPSI1: S-NSSAI _1, slice control information 1; S-NSSAI _2, slice control information 2}.

In one possible implementation, when the AMF network element receives the third information, the AMF network element updates the previously stored first slice control information or authorized slice control information using the second slice control information in the third information, e.g., the AMF network element deletes the first slice control information or authorized slice control information in the context of the first UE and stores the second slice control information in the context of the first UE. Optionally, when the third information further includes third slice control information, the AMF network element may further store the third slice control information in the context of the second UE, or update the previously stored slice control information of the second UE in the context of the second UE using the third slice control information.

In another possible implementation, the AMF network element may further send the second slice control information to the UDM network element, so that the UDM network element updates the first slice control information of the subscription information of the first UE. In yet another possible embodiment, the AMF network element sends the second slice control information to the PCF network element, so that the PCF network element performs an authorization check on the second slice control information. Optionally, the AMF network element may further send the second slice control information to the RAN device or the AN device.

Further, the network slice control method provided in the embodiment of the present application may also be applied to a scenario where an AMF network element serving the first UE is switched, that is, the AMF network element serving the first UE is switched from a source AMF network element to a target AMF network element. Specifically, when the AMF network element serving the first UE is handed over, the source AMF network element may send the context of the first UE to the target AMF network element, and the target AMF network element performs the steps of the AMF network element in this embodiment.

In the above flow, the slice identifier may be mapped to a new identifier by the intermediate network element in the transmission process or the received identifier may be directly used, which is not specifically limited in the embodiment of the present application.

For ease of understanding, the following takes implementation of network slice control in an authorization flow of a first network slice and an authentication authorization flow of the first network slice as an example, and the scheme provided by the embodiment of the present application is specifically illustrated in fig. 5 and fig. 6 as follows. The following example illustrates an example where the authentication and authorization network element communicates with the AAA-S via the AAA-P.

Fig. 5 is a schematic diagram illustrating an implementation of network slice control in an authorization process of a first network slice according to an embodiment of the present application. Specifically, the method comprises the following steps: S01-S11.

S01, the first UE sends a registration request (registration request) message to an AMF network element;

s02, when the AMF network element receives a registration request message, the AMF network element acquires authorization indication information of a network slice allowing the first UE to access from a local network, a UDM network element or a NSSF network element;

s03, the AMF network element determines that a first network slice needs to be authorized according to the authorization indication information;

s04 (the step is an optional step), the AMF network element acquires a second identifier of the first UE in the first network slice from the first UE;

s05, the AMF network element sends an authorization request (authorization request) message to an authentication authorization network element, where the authorization request message includes first information, where the first information may include a GPSI of the first UE and an S-NSSAI of the first network slice, and optionally, the first information further includes a second identifier of the first UE;

s06, when the authentication and authorization network element receives the authorization request message, the authentication and authorization network element sends a first AAA protocol message to AAA-P, wherein the first AAA protocol message comprises first information;

s07, when the AAA-P receives the first AAA protocol message, the AAA-P sends a second AAA protocol message to the AAA-S, wherein the second AAA protocol message comprises first information;

s08, when the AAA-S receives a second AAA protocol message, the AAA-S sends a third AAA protocol message to the AAA-P, wherein the third AAA protocol message comprises second information, and the second information comprises first slice control information;

s09, when the AAA-P receives a third AAA protocol message, the AAA-P sends a fourth AAA protocol message to the authentication and authorization network element, wherein the fourth AAA protocol message comprises second information;

s10, when the authentication and authorization network element receives a fourth AAA protocol message, the authentication and authorization network element sends an authorization response (authorization response) message to the AMF network element, wherein the authorization response message comprises second information;

and S11, when the AMF network element receives the authorization response message, the AMF network element can store the first slice control information included in the second information and execute subsequent actions.

Further, the method may further include: S12-S15.

S12, when the AAA-S determines that the first slice control information is changed, the AAA-S sends a fifth AAA protocol message to the AAA-P, wherein the fifth AAA protocol message comprises third information, and the third information comprises second slice control information;

s13, the AAA-P sends a sixth AAA protocol message to the authentication and authorization network element, wherein the sixth AAA protocol message comprises third information;

s14, when the authentication and authorization network element receives the sixth AAA protocol message, the authentication and authorization network element sends an authorization notification (authorization notification) message to the AMF network element, wherein the authorization notification message comprises third information;

and S15, when the AMF network element receives the authorization notification message, the AMF network element can store third information, namely update the first slice control information by using second slice control information included in the third information, and execute subsequent actions.

Fig. 6 is a schematic diagram illustrating an implementation of network slice control in an authentication and authorization process of a first network slice according to an embodiment of the present application. Specifically, the method comprises the following steps:

s20, the AMF network element determines that the first network slice needs to execute an authentication authorization process;

s21, the AMF network element sends a first non-access stratum (NAS) Mobility Management (MM) transmission message to the first UE, wherein the first NAS MM transmission message comprises an Extended Authentication Protocol (EAP) ID request (namely information for requesting EAP ID) and S-NSSAI of a first network slice;

s22, when the first UE receives the first NAS MM transmission message, the first UE sends a second NAS MM transmission message to the AMF network element, wherein the second NAS MM transmission message comprises an EAP ID response (namely information for responding to an EAP ID request) and S-NSSAI of the first network slice;

s23, the AMF network element sends a first authentication request message to an authentication authorization network element, wherein the first authentication request message comprises information A, and the information A comprises an EAP ID response, a GPSI of the first UE and an S-NSSAI of the first network slice;

s24, when the authentication and authorization network element receives a first authentication request message, the authentication and authorization network element sends a first AAA protocol message to AAA-P, wherein the first AAA protocol message comprises an EAP ID response, a GPSI and an S-NSSAI;

s25, when the AAA-P receives the first AAA protocol message, the AAA-P sends a second AAA protocol message to the AAA-S, wherein the second AAA protocol message comprises an EAP ID response, a GPSI and an S-NSSAI;

s26, when the AAA-S receives a second AAA protocol message, the AAA-S sends a third AAA protocol message to the AAA-P, wherein the third AAA protocol message comprises information B, and the information B comprises S-NSSAI, GPSI and EAP information;

s27, when the AAA-P receives a third AAA protocol message, the AAA-P sends a fourth AAA protocol message to the authentication and authorization network element, wherein the fourth AAA protocol message comprises S-NSSAI, GPSI and EAP information;

s28, when the authentication and authorization network element receives the fourth AAA protocol message, the authentication and authorization network element sends a first authentication response message to the AMF network element, wherein the first authentication response message comprises S-NSSAI, GPSI and EAP information;

s29, when the AMF network element receives the first authentication response message, the AMF network element sends a third NAS MM transmission message to the first UE, wherein the third NAS MM transmission message comprises S-NSSAI and EAP information;

s30, the first UE sends a fourth NAS MM transmission message to the AMF network element, wherein the fourth NAS MM transmission message comprises S-NSSAI and EAP information;

s31, the AMF network element sends a second authentication request message to an authentication authorization network element, wherein the second authentication request message comprises first information, and the first information comprises EAP ID information, GPSI and S-NSSAI;

s32, when the authentication and authorization network element receives the second authentication request message, the authentication and authorization network element sends a fifth AAA protocol message to the AAA-P, wherein the fifth AAA protocol message comprises the first information;

s33, when the AAA-P receives a fifth AAA protocol message, the AAA-P sends a sixth AAA protocol message to the AAA-S, wherein the sixth AAA protocol message comprises the first information;

s34, when the AAA-S receives the six AAA protocol messages, the AAA-S sends a seventh AAA protocol message to the AAA-P, wherein the seventh AAA protocol message comprises second information, the second information comprises EAP success (success) information and first slice control information, and optionally, the second information also comprises S-NSSAI and/or GPSI;

s35, when the AAA-P receives the seventh AAA protocol message, the AAA-P sends an eighth AAA protocol message to the authentication and authorization network element, wherein the eighth AAA protocol message comprises second information;

s36, when the authentication and authorization network element receives the eighth AAA protocol message, the authentication and authorization network element sends a second authentication response message to the AMF network element, wherein the second authentication response message comprises second information;

and S37, the AMF network element stores the first slice control information and executes subsequent actions.

Alternatively, the following steps S38 to S42 may be performed, and S38 to S42 are not shown in fig. 6.

S38, the AMF network element sends a fifth NAS MM transmission message to the first UE, wherein the fifth NAS MM transmission message comprises EAP success (success) information and S-NSSAI;

s39, when the AAA-S determines that the first slice control information is changed, the AAA-S sends a ninth AAA protocol message to the AAA-P, wherein the ninth AAA protocol message comprises third information, and the third information comprises second slice control information;

s40, the AAA-P sends a tenth AAA protocol message to the authentication and authorization network element, wherein the tenth AAA protocol message comprises third information;

s41, when the authentication and authorization network element receives the tenth AAA protocol message, the authentication and authorization network element sends an authorization notification (authorization notification) message to the AMF network element, wherein the authorization notification message comprises third information;

and S42, when the AMF network element receives the authorization notification message, the AMF network element can update the first slice control information by using the second slice control information included in the third information, and execute subsequent actions.

In this embodiment of the application, after the UE registers to the network side, the AMF network element may trigger an authorization flow of the first network slice, and dynamically acquire slice control information of the first UE in the authorization flow of the first network slice, or the AMF network element triggers an authentication authorization flow of the first network slice, and dynamically acquires slice control information of the first UE in the authentication authorization flow of the first network slice; in addition, the AAA-S may also dynamically adjust the slice control information of the first UE as needed, thereby improving the flexibility of network slice control and user experience.

Fig. 7 is a flowchart of another network slice control method according to an embodiment of the present application, where the method may be applied to the communication system depicted in fig. 1, and the method includes the following steps.

S301: the AMF network element determines the number of the accessed UE and/or the number of the PDU sessions on the network slice.

The AMF element may count the number of UEs accessed on the network slice, for example, the AMF element may count the number of UEs accessed on the network slice by using a UE counter, when a UE is newly accessed on the network slice, the UE counter counts the number of UEs added by 1, and when a UE accessed on the network slice exits the network slice, the UE counter counts the number of UEs added by 1. Similarly, one or more PDU sessions may also be established on the network slice, and the AMF element may count the number of PDU sessions established on the network slice, for example, the AMF element may count the number of PDU sessions established on the network slice through a PDU session counter, when a PDU session is newly established on the network slice, the number of PDU sessions counted by the PDU session counter is increased by 1, and when the PDU session established on the network slice is cancelled, the number of PDU sessions counted by the PDU session counter is decreased by 1.

Specifically, the network slice may be a network slice that needs to perform slice resource control, and when the AMF network element determines that the network slice needs to perform slice resource control, the AMF network element may start a UE counter to count the number of UEs accessed on the network slice, or start a PDU session counter to count PDU sessions established on the network slice, or start a UE counter and a PDU session counter to count the number of UEs accessed on the network slice and the number of PDU sessions.

Optionally, before S301, the method may further include S300: the AMF network element obtains first configuration information, wherein the first configuration information comprises S-NSSAI of the network slice and authorization indication information, and the authorization indication information is used for indicating whether slice resource control needs to be executed or not. Accordingly, the AMF network element may determine that the network slice needs to perform slice resource control according to the authorization indication information. The first configuration information may be sent by the AAA-S, for example, the AAA-S sends the first configuration information to the authentication and authorization network element, and the authentication and authorization network element sends the first configuration information to the AMF network element, so that the AMF network element obtains the first configuration information.

S302: and when the first reporting condition is met, the AMF network element sends first information so that the AAA-S receives the first information, wherein the first information comprises the UE number and/or the PDU session number.

The first reporting condition may include at least one of the following conditions: the UE number reaches a first preset value, the PDU session number reaches a second preset value, the increment of the UE number reaches a third preset value, the increment of the PDU session number reaches a fourth preset value, the period is reported, and the increment of the UE number in the time window reaches a fifth preset value or the increment of the PDU session number in the time window reaches a sixth preset value. The increasing amount of the UE number to the third preset value may be that a difference between the UE number determined this time and the UE number determined last time reaches the third preset value, and the increasing amount of the PDU session number to the fourth preset value may be that a difference between the PDU session number determined this time and the PDU session number determined last time reaches the fourth preset value. Optionally, the first reporting condition may be obtained by the AMF network element, for example, the first configuration information further includes the first reporting condition, and the AMF network element may obtain the first reporting condition by obtaining the first configuration information.

In addition, when the first reporting condition includes one of the above conditions, the first reporting condition being satisfied may mean that the condition is satisfied, for example, the first preset value is 30, and the first reporting condition being that the number of the UEs reaches the first preset value, the first reporting condition being satisfied is that the number of the UEs reaches 30; when the first reporting condition includes at least two of the above conditions, the first reporting condition being satisfied may mean that any one of the at least two conditions is satisfied, for example, the first preset value is 50, the third preset value is 10, the first reporting condition includes that the number of the UEs reaches the first preset value and that the increase of the number of the UEs reaches the third preset value, and the first reporting condition being satisfied may mean that the number of the UEs reaches 30 or that the increase of the number of the UEs reaches 10.

It should be noted that the first preset value, the second preset value, the third preset value, the fourth preset value, the reporting period, the fifth preset value, and the sixth preset value may be preset, for example, the first preset value and the second preset value may be 50 or 100, the third preset value and the fourth preset value may be 10 or 20, the reporting period may be 10 minutes, 30 minutes, or 1 hour, the time window may be 20 minutes, the fifth preset value and the sixth preset value may be 40, and the embodiment of the present application does not specifically limit this.

Specifically, when the AMF network element determines that the number of the UEs is the UE number, the AMF network element may send first information to the authentication and authorization network element when a first reporting condition is met, where the first information includes the UE number; when the AMF network element determines that the PDU session number is present, the AMF network element may send first information to the authentication and authorization network element when the first reporting condition is satisfied, where the first information includes the PDU session number; and when the AMF network element determines that the UE number and the PDU session number exist, sending first information to an authentication authorization network element, wherein the first information comprises the UE number and the PDU session number. Optionally, the first information may be carried in an authorization request message, that is, the AMF network element may send an authorization request message to the authentication and authorization network element, where the authorization request message includes the first information; further, the first information may also include the S-NSSAI of the network slice.

Then, when the authentication and authorization network element receives the first information, the authentication and authorization network element may send the first information to the AAA-S; or, when the authentication and authorization network element cannot directly communicate with the AAA-S, the authentication and authorization network element may send the first information to the AAA-P, so that the AAA-P sends the first information to the AAA-S. Optionally, the authentication and authorization network element may further allocate an association identifier to the AMF network element, where the association identifier is used to associate the first information reported by the AMF network element, the authentication and authorization network element may further locally store the AMF network element identifier and the association identifier, and the first information sent by the authentication and authorization network element may also include the association identifier.

It should be noted that, the authentication authorization network element in the embodiment of the present application may be any network element having an authentication authorization function and capable of supporting the communication between the AMF network element and the AAA-S, for example, the authentication authorization may be an AUSF network element, an NEF network element, or an NSSAAF network element, and the embodiment of the present application does not specifically limit this.

When the AAA-S receives the first information, the AAA-S may locally store the first information, for example, the first information includes the number of UEs and/or the number of PDU sessions, the S-NSSAI of the network slice, the association identifier, and the AAA-S may locally store the number of UEs and/or the number of PDU sessions, the S-NSSAI of the network slice, and the association identifier. Optionally, the AAA-S may also determine whether to issue new configuration information according to the number of UEs and/or the number of PDU sessions, and if the new configuration information needs to be issued, the method further includes S304.

S303: and the AAA-S sends second configuration information so that the AMF network element receives the second configuration information, and the second configuration information is used for controlling the resources of the network slice.

Wherein the second configuration information may include at least one of: and a second reporting condition, wherein the number of the remaining UEs accessible to the network slice, the number of the remaining PDUs accessible to the network slice, the increment of the number of the UEs reaches a seventh preset value, the increment of the number of the PDUs sessions reaches an eighth preset value, and the number of the UEs in the time window reaches a ninth preset value, or the increment of the number of the PDUs sessions in the time window reaches a tenth preset value. The second reporting condition may be used to indicate a condition for reporting the first information of the network slice next time, where the second reporting condition may be similar to the first reporting condition, and a preset value or a reporting period of a specific condition in the second reporting condition may be different from a preset value or a reporting period of a specific condition in the first reporting condition, for example, a reporting period in the first reporting condition is 30 minutes, and a last cycle in the second reporting condition is 10 minutes, which is not described herein again in this embodiment of the present application.

Specifically, the AAA-S may send the second configuration information to the authentication and authorization network element, and the authentication and authorization network element sends the second configuration information to the AMF network element; or, when the AAA-S and the authentication and authorization network element cannot communicate directly, the AAA-S may send the second configuration information to the AAA-P, so that the AAA-P forwards the second configuration information to the authentication and authorization network element, and then the authentication and authorization network element sends the second configuration information to the AMF network element. Optionally, when the authentication and authorization network element sends the second configuration information to the AMF network element, the authentication and authorization network element may send an authorization response message to the AMF network element, where the authorization response message includes the second configuration information; further, the second configuration information may also include the S-NSSAI of the network slice. When the AMF network element receives the second configuration information, the AMF network element may perform resource control of the network slice according to the second configuration.

Further, the process that the AMF network element reports the first information to the AAA-S and the AAA-S sends the second configuration information to the AMF network element provided in the foregoing embodiment may also be replaced with the process that the SMF network element reports the first information to the AAA-S and the process that the AAA-S sends the second configuration information to the SMF network element, and the specific process is shown in fig. 8.

As shown in fig. 8, the method may include: S41-S43.

S41, the SMF network element determines the number of UE and/or PDU session accessed on the network slice;

s42, when a first reporting condition is met, the SMF network element sends first information to the AAA-S through the UPF network element so that the AAA-S receives the first information, wherein the first information comprises the UE number and/or the PDU session number, namely the SMF network element sends the first information to the UPF network element, and the UPF network element forwards the first information to the AAA-S;

s43, the AAA-S sends second configuration information to the SMF network element through the UPF network element so that the SMF network element receives the second configuration information, and the second configuration information is used for controlling the resource of the network slice.

Optionally, as shown in fig. 8, before S41, the method further includes: and S40, the SMF network element acquires first configuration information, wherein the first configuration information comprises S-NSSAI and authorization indication information of the network slice, and the authorization indication information is used for indicating whether slice resource control needs to be executed or not, so that the AMF network element can determine that the network slice needs to execute the slice resource control according to the authorization indication information.

It should be noted that, the detailed description about S40 to S43 in fig. 8 may refer to the detailed description about S300 to S303 in fig. 7, and the embodiments of the present application are not repeated herein.

In this embodiment of the present application, the AMF network element or the SMF network element may send first information, where the first information includes a number of UEs and/or a number of PDU sessions accessed by a network slice, and the AAA-S may receive the first information, so that the AAA-S may perceive a resource usage condition of the network slice, and send second configuration information for controlling resources of the network slice to the AMF network element or the SMF network element based on the number of UEs and/or the number of PDU sessions included in the first information, thereby implementing control of the network slice, and improving flexibility of network slice control and user experience.

The above mainly introduces the solutions provided in the embodiments of the present application from the perspective of interaction between network elements. It is understood that the AMF network element, the authentication authorization network element, the AAA-S, and the like contain hardware structures and/or software modules for performing the functions. Those of skill in the art would readily appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is performed as hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

In the embodiment of the present application, functional modules may be divided for the AMF network element, the authentication and authorization network element, and the AAA-S according to the above method example, for example, each functional module may be divided for each function, or two or more functions may be integrated into one processing module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. It should be noted that, in the embodiment of the present application, the division of the module is schematic, and is only one logic function division, and there may be another division manner in actual implementation.

In the case of using an integrated unit, fig. 9 shows a schematic structural diagram of a possible communication device according to an embodiment of the present application, where the device may be an AMF network element or a chip built in the AMF network element, and the device includes: a transmitting unit 401, a receiving unit 402 and a processing unit 403.

In a possible implementation manner, the sending unit 401 may be configured to support the apparatus to perform the step of sending the first information in S201 in the foregoing method embodiment, the receiving unit 402 is configured to perform the steps of receiving the second information in S202 and receiving the third information in S203 in the foregoing method embodiment, and the processing unit 403 is configured to support the apparatus to perform the step of determining that the first slice control information is changed in S203 in the foregoing method embodiment, and/or other technical processes described herein. In another possible implementation manner, the processing unit 403 is configured to support the apparatus to execute S301 in the foregoing method embodiment, the sending unit 401 is configured to support the apparatus to execute the step of sending the first information in S302 in the foregoing method embodiment, and the receiving unit 402 is configured to execute the step of receiving the second configuration information in S303 in the foregoing method embodiment.

It should be noted that all relevant contents of each step related to the above method embodiment may be referred to the functional description of the corresponding functional module, and are not described herein again.

Based on the hardware implementation, the processing unit 403 in this embodiment may be a processor of the apparatus, the sending unit 401 may be a transmitter of the apparatus, the receiving unit 402 may be a receiver of the apparatus, and the transmitter and the receiver may be integrated together to be used as a transceiver, and a specific transceiver may also be referred to as a communication interface or an interface circuit.

As shown in fig. 10, another possible structural schematic diagram of a communication apparatus according to the foregoing embodiment provided in this application is a schematic diagram, where the apparatus may be an AMF network element or a chip built in the AMF network element, and the apparatus includes: the processor 411 may further include a memory 412, a communication interface 413, and a bus 414, and the processor 411, the memory 412, and the communication interface 413 are connected by the bus 414.

The processor 411 is used to control and manage the operation of the apparatus. In one possible implementation, the processor 411 may be used to support the apparatus to perform the step of determining the first slice information transmission change in S203 of the above method embodiment, and/or other processes for the techniques described herein. In another possible implementation, the processor 411 may be used to enable the apparatus to perform S301 in the above-described method embodiment, and/or other processes for the techniques described herein. Communication interface 413 is used to support the apparatus for communication, such as to support the apparatus for communication with an authentication authorization network element.

In the present embodiment, the processor 411 may be a central processing unit, a general purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a transistor logic device, a hardware component, or any combination thereof. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. The processor may also be a combination of computing functions, e.g., comprising one or more microprocessors, a digital signal processor and a microprocessor, or the like. The bus 414 in fig. 10 may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 10, but it is not intended that there be only one bus or one type of bus.

In the case of using an integrated unit, fig. 11 shows a schematic structural diagram of a possible communication apparatus in the embodiment of the present application, which may be used as an authentication and authorization network element or a chip built in the authentication and authorization network element, and the apparatus includes: a receiving unit 501, a processing unit 502 and a transmitting unit 503.

In a possible implementation manner, the receiving unit 501 may be configured to support the step of the apparatus to receive the first information sent by the AMF network element in S201, the step of the AAA-S sent by S202, and/or the step of the AAA-S sent by S203 of the above method embodiment; the sending unit 503 is configured to support the step of sending the first forwarding information to the AAA-S, the step of sending the second forwarding information to the AAA-S, and/or the step of sending the third forwarding information to the AAA-S by the apparatus; the processing unit 502 is configured to support the apparatus to perform the step of mapping the S-NSSAI of the first network slice to other identification information in the above method embodiment. In another possible implementation manner, the receiving unit 501 may be configured to support the step of the apparatus to receive the first information sent by the AMF network element in S301 and the step of the second configuration information sent by the AAA-S in S302 in the foregoing method embodiment; the sending unit 503 may be configured to support the step of forwarding the first information sent by the AMF to the AAA-S by the apparatus, and the step of forwarding the first configuration information and the second configuration information sent by the AAA-S to the AMF.

Based on the hardware implementation, the processing unit 502 in the embodiment of the present application is a processor of the apparatus, the receiving unit 501 may be a receiver of the apparatus, the transmitting unit 503 may be a transmitter of the apparatus, and the transmitter and the receiver may be integrated together to function as a transceiver, and a specific transceiver may also be referred to as a communication interface or an interface circuit.

As shown in fig. 12, another possible structural schematic diagram of a communication apparatus according to the foregoing embodiment provided in this application is shown, where the apparatus may be used as an authentication and authorization network element or a chip built in the authentication and authorization network element, and the apparatus includes: the processor 511 may further include a memory 512, a communication interface 513 and a bus 514, and the processor 511, the memory 512 and the communication interface 513 are connected by the bus 514.

Wherein the processor 511 is configured to control and manage the actions of the apparatus, for example, the processor 511 may be configured to support the apparatus to perform the step of mapping the S-NSSAI of the first network slice to other identification information in the above method embodiments, and/or other processes for the techniques described herein. The communication interface 513 is used to support the apparatus for communication, such as supporting the apparatus to communicate with an AMF network element or an AAA-S.

In the present embodiment, the processor 511 may be a central processing unit, a general purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a transistor logic device, a hardware component, or any combination thereof. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. The processor may also be a combination of computing functions, e.g., comprising one or more microprocessors in combination, a digital signal processor in combination with a microprocessor, and so forth. The bus 514 in fig. 12 may be a PCI bus, an EISA bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 12, but it is not intended that there be only one bus or one type of bus.

In the case of using an integrated unit, fig. 13 shows a schematic diagram of a possible structure of a communication apparatus according to the embodiment of the present application, which may be an AAA-S or an AAA-S built-in chip, and the apparatus includes: a receiving unit 601, a processing unit 602 and a transmitting unit 603.

In a possible implementation manner, the receiving unit 601 may be configured to support the step of receiving, by the apparatus, the first information sent in S201 in the foregoing method embodiment; the sending unit 603 is configured to support the apparatus to perform the step of sending the second information in S202 and the step of sending the third information in S203 of the above method embodiment; the processing unit 602 is configured to support the apparatus to perform the steps of determining that the first slice control information is changed in the above method embodiment, and/or other technical processes described herein. In another possible implementation manner, the receiving unit 601 may be configured to support the step of the apparatus receiving the first information sent in S302 of the foregoing method embodiment; the transmitting unit 603 is configured to perform the step of transmitting the second configuration information in S303 of the above method embodiment, and the step of transmitting the first configuration information; the processing unit 602 is configured to enable the apparatus to perform the steps of determining the first configuration information, the second configuration information, and/or other technical processes described herein in the above method embodiments.

Based on the hardware implementation, the processing unit 602 in the embodiment of the present application may be a processor of the apparatus, the receiving unit 601 may be a receiver of the apparatus, the transmitting unit 603 may be a transmitter of the apparatus, and the transmitter and the receiver may be integrated together to function as a transceiver, and a specific transceiver may also be referred to as a communication interface or an interface circuit.

As shown in fig. 14, another possible structural schematic diagram of the communication apparatus according to the foregoing embodiments provided in the embodiments of the present application, where the apparatus may be used as an AAA-S or a chip built in the AAA-S, and the apparatus includes: the processor 611, and may further include a memory 612, a communication interface 613, and a bus 614, and the processor 611, the memory 612, and the communication interface 613 are connected by the bus 614.

The processor 611 is configured to control and manage the operation of the apparatus. In one possible implementation, the processor 611 may be configured to enable the apparatus to perform the above-described method embodiment to determine that the first slice control information is changed, and/or other processes for the techniques described herein. In another possible implementation, the processor 611 may be configured to enable the apparatus to perform the steps of determining the first configuration information, the second configuration information in the above method embodiments, and/or other processes for the techniques described herein. The communication interface 613 is used to support the apparatus for communication, such as supporting the apparatus to communicate with an authentication authorization network element.

In the present embodiment, the processor 611 may be a central processing unit, a general purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a transistor logic device, a hardware component, or any combination thereof. Which may implement or execute the various illustrative logical blocks, modules, and circuits described in connection with the disclosure herein. The processor may also be a combination of computing functions, e.g., comprising one or more microprocessors, a digital signal processor and a microprocessor, or the like. The bus 614 in fig. 14 may be a PCI bus or an EISA bus. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 14, but this does not indicate only one bus or one type of bus.

Based on this, the embodiment of the present application further provides a communication system, where the communication system includes an AMF network element, an authentication and authorization network element, and an AAA-S; wherein, the AMF network element is the communication device provided in fig. 9 or fig. 10, and is configured to perform the steps of the AMF network element in the foregoing method embodiment; the authentication and authorization network element is the communication device provided in fig. 11 or fig. 12, and is configured to perform the steps of authenticating the authorization network element in the foregoing method embodiment. AAA-S is the communication apparatus provided in fig. 13 or fig. 14 described above for performing the steps of AAA-S in the above method embodiments.

In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the above-described device embodiments are merely illustrative, and for example, the division of the modules or units is only one logical functional division, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another device, or some features may be omitted, or not executed.

The units described as separate parts may or may not be physically separate, and parts displayed as units may be one physical unit or a plurality of physical units, that is, may be located in one place, or may be distributed in a plurality of different places. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.

The integrated unit, if implemented as a software functional unit and sold or used as a stand-alone product, may be stored in a readable storage medium, which may include: u disk, removable hard disk, read only memory, random access memory, magnetic or optical disk, etc. for storing program codes. Based on such understanding, the technical solutions of the embodiments of the present application may be embodied in the form of software products, in essence, or as a part of the prior art, or all or part of the technical solutions.

In another aspect of the application, a readable storage medium is provided, having stored therein instructions, which, when run on an apparatus, cause the apparatus to perform the steps of the AMF network element in the method embodiment as provided in any one of the diagrams of fig. 2-6.

In another aspect of the present application, a readable storage medium having stored therein instructions, which when run on an apparatus, cause the apparatus to perform the steps of authenticating an authorized network element in a method embodiment as provided in any one of the diagrams of fig. 2-6.

In another aspect of the application, a readable storage medium is provided, having instructions stored therein, which when run on a device, cause the device to perform the steps of the AAA-S in the method embodiment as provided in any one of the figures 2-6.

In another aspect of the application, a computer program product is provided comprising instructions which, when run on an apparatus, cause the apparatus to perform the steps of the AMF network element in the embodiment of the method as provided in any of the figures 2-6.

In another aspect of the present application, a computer program product is provided comprising instructions which, when run on an apparatus, cause the apparatus to perform the steps of authenticating an authorized network element in an embodiment of the method as provided in any of the figures 2-6.

In another aspect of the application, a computer program product is provided comprising instructions which, when run on an apparatus, cause the apparatus to perform the steps of the AAA-S in the embodiment of the method as provided in any of the figures 2-6.

In another aspect of the present application, a readable storage medium is provided, having stored therein instructions, which, when run on an apparatus, cause the apparatus to perform the steps of the AMF network element or the AMF network element in the method embodiment as provided in fig. 7 or fig. 8.

In another aspect of the application, a readable storage medium is provided, having instructions stored therein, which when run on a device, cause the device to perform the steps of the AAA-S in the method embodiment as provided in fig. 7 or fig. 8.

In another aspect of the present application, a computer program product is provided comprising instructions which, when run on an apparatus, cause the apparatus to perform the steps of an AMF network element or an AMF network element as in the method embodiments provided in fig. 7 or fig. 8.

In another aspect of the application, a computer program product is provided comprising instructions which, when run on an apparatus, cause the apparatus to perform the steps of the AAA-S in the method embodiment as provided in fig. 7 or fig. 8.

Finally, it should be noted that: the above description is only an embodiment of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions within the technical scope disclosed in the present application should be covered within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

1.A network slice control method is applied to an access and mobility management function (AMF) network element, and comprises the following steps:

sending first information, wherein the first information comprises slice information of a first network slice and a first identifier of a first User Equipment (UE), and a network slice which is allowed or is to be allowed to be accessed by the first UE comprises the first network slice;

receiving second information from an authentication, authorization, and accounting (AAA) server, wherein the second information comprises first slice control information, the first slice control information is used for controlling the first UE to use the first network slice, and the first slice control information comprises at least one of the following information: an aggregate maximum bit rate, AMBR, of a slice, a maximum traffic bit rate of a slice, a guaranteed stream bit rate of a slice, an AMBR of the first UE on a slice, and a maximum number of PDU sessions of the first UE on a slice.

2. The method of claim 1, further comprising:

sending the first slice control information to a policy control function PCF network element;

and receiving authorization slice control information from the PCF network element.

3. The method of claim 2, further comprising:

and sending the authorization slice control information to a Unified Data Management (UDM) network element.

4. The method of claim 1, further comprising:

receiving third information, the third information including second slice control information for updating information for controlling the first UE to use for the first network slice.

5. The method of claim 4, wherein the network slice to which the second UE is or is to be allowed to access comprises the first network slice, and wherein the third information further comprises third slice control information for updating information for controlling the use of the first network slice by the second UE.

6. The method of claim 1, further comprising:

storing information for controlling use of the first network slice by the first UE in a context of the first UE.

7. The method of claim 1, wherein prior to the sending the first information, the method further comprises:

obtaining authorization indication information of the network slice allowing the first UE to access;

and determining that the first network slice needs authorization according to the authorization indication information.

8. The method of claim 7, wherein the obtaining the authorization indication information of the network slice allowed to be accessed by the first UE comprises:

acquiring the authorization indication information from the local; alternatively, the first and second electrodes may be,

acquiring subscription information of the first UE from a Unified Data Management (UDM) network element, wherein the subscription information comprises the authorization indication information; alternatively, the first and second electrodes may be,

and obtaining the authorization indication information from a network slice selection function NSSF network element.

9. The method of any of claims 1-8, wherein the first information further comprises a second identity of the first UE, and wherein the second identity is an identity of the first UE in the first network slice.

10. The method of claim 9, wherein the network slice allowing or to be allowed access by the first UE comprises at least one network slice including the first network slice, the method further comprising:

obtaining, from the first UE, a second identity of the first UE in each of the at least one network slice.

11. A network slice control method, which is applied in an authentication, authorization and accounting (AAA) server, the method comprising:

receiving first information, wherein the first information comprises slice information of a first network slice and a first identifier of a first User Equipment (UE), and a network slice which is allowed or is to be allowed to be accessed by the first UE comprises the first network slice;

sending second information to an access and mobility management function (AMF) network element, where the second information includes first slice control information, the first slice control information is information for controlling the first UE to use the first network slice, and the first slice control information includes at least one of: an aggregate maximum bit rate, AMBR, of a slice, a maximum traffic bit rate of a slice, a guaranteed stream bit rate of a slice, an AMBR of the first UE on a slice, and a maximum number of PDU sessions of the first UE on a slice.

12. The method of claim 11, further comprising:

and when it is determined that the first slice control information is changed, sending third information to the AMF network element, where the third information includes second slice control information, and the second slice control information is used to update information for controlling the first UE to use the first network slice.

13. The method of claim 12, wherein the network slice to which the second UE is or is to be allowed to access comprises the first network slice, and wherein when it is determined that the slice control information of the second UE in the first network slice is changed, the third information further comprises third slice control information for updating information for controlling the second UE to use the first network slice.

14. The method of claim 12 or 13, wherein the network slice to which the second UE is or is to be allowed to access comprises a second network slice, and wherein when it is determined that the slice control information of the second UE in the second network slice is changed, the third information further comprises fourth slice control information, and wherein the fourth slice control information is used for updating information for controlling the second UE to use the second network slice.

15. A communications device, characterized in that it acts as an access and mobility management function, AMF, network element or a chip built in the AMF network element, said device comprising:

a sending unit, configured to send first information, where the first information includes slice information of a first network slice and a first identifier of a first user equipment UE, and a network slice allowing or to be allowed to be accessed by the first UE includes the first network slice;

a receiving unit, configured to receive second information from an authentication, authorization, and accounting AAA server, where the second information includes first slice control information, and the first slice control information is information used to control use of the first network slice by the first UE, and the first slice control information includes at least one of: an aggregate maximum bit rate of the slices, AMBR, a maximum traffic bit rate of the slices, a guaranteed stream bit rate of the slices, AMBR of the first UE on the slices, and a maximum PDU session number of the first UE on the slices.

16. The apparatus of claim 15,

the sending unit is further configured to send the first slice control information to a policy control function PCF network element;

the receiving unit is further configured to receive authorization slice control information from the PCF network element.

17. The apparatus of claim 16, wherein the sending unit is further configured to:

18. The apparatus of claim 15, wherein the receiving unit is further configured to:

receiving third information, wherein the third information includes second slice control information for updating information for controlling the first UE to use the first network slice.

19. The apparatus of claim 18, wherein a network slice to which a second UE is or is to be allowed access comprises the first network slice, wherein the third information further comprises third slice control information for updating information for controlling use of the first network slice by the second UE.

20. The apparatus of claim 15, further comprising:

a processing unit to store information for controlling use of the first network slice by the first UE in a context of the first UE.

21. The apparatus of any one of claims 15-20, further comprising:

an obtaining unit, configured to obtain authorization indication information of the network slice to which the first UE is allowed to access;

and the processing unit is used for determining that the first network slice needs to be authorized according to the authorization indication information.

22. The apparatus of claim 21, wherein the obtaining unit is further configured to:

acquiring the authorization indication information from the local; alternatively, the first and second liquid crystal display panels may be,

acquiring subscription information of the first UE from a Unified Data Management (UDM) network element, wherein the subscription information comprises the authorization indication information; alternatively, the first and second liquid crystal display panels may be,

23. A communications apparatus that functions as an authentication, authorization and accounting AAA server or a chip built into an AAA server, the apparatus comprising:

a receiving unit, configured to receive first information, where the first information includes slice information of a first network slice and a first identifier of a first User Equipment (UE), and a network slice that the first UE is allowed to access or is to be allowed to access includes the first network slice;

a sending unit, configured to send second information to an access and mobility management function (AMF) network element, where the second information includes first slice control information, and the first slice control information is information used to control the first UE to use the first network slice, and the first slice control information includes at least one of: an aggregate maximum bit rate of the slices, AMBR, a maximum traffic bit rate of the slices, a guaranteed stream bit rate of the slices, AMBR of the first UE on the slices, and a maximum PDU session number of the first UE on the slices.

24. The apparatus of claim 23, wherein the sending unit is further configured to:

25. The apparatus of claim 24, wherein a network slice to which a second UE is or is to be allowed to access comprises the first network slice, and wherein when it is determined that slice control information of the second UE in the first network slice is changed, the third information further comprises third slice control information for updating information for controlling use of the first network slice by the second UE.

26. The apparatus of claim 24 or 25, wherein the network slice to which the second UE is or is to be allowed to access comprises a second network slice, and wherein when it is determined that the slice control information of the second UE in the second network slice is changed, the third information further comprises fourth slice control information, and wherein the fourth slice control information is used for updating information for controlling the second UE to use the second network slice.

27. A communication apparatus, characterized in that the apparatus, as an access and mobility management function, AMF, network element or a chip built in an AMF network element, comprises a processor and a communication interface, the processor being configured to execute a computer program or instructions to cause the apparatus to implement the network slice control method according to any one of claims 1-10.

28. A communication apparatus, being an authentication, authorization and accounting, AAA server or a chip built into an AAA server, comprising a processor and a communication interface, the processor being adapted to execute computer programs or instructions to cause the apparatus to carry out the method according to any of the claims 11-14.

29. A readable storage medium having stored therein instructions that, when run on a device, cause the device to perform the method of any one of claims 1-10.

30. A readable storage medium having stored therein instructions that, when run on a device, cause the device to perform the method of any one of claims 11-14.