WO2021227600A1 - Network slice control method and communication apparatus - Google Patents

Network slice control method and communication apparatus Download PDF

Info

Publication number
WO2021227600A1
WO2021227600A1 PCT/CN2021/077861 CN2021077861W WO2021227600A1 WO 2021227600 A1 WO2021227600 A1 WO 2021227600A1 CN 2021077861 W CN2021077861 W CN 2021077861W WO 2021227600 A1 WO2021227600 A1 WO 2021227600A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
slice
network
network element
authorization
Prior art date
Application number
PCT/CN2021/077861
Other languages
French (fr)
Chinese (zh)
Inventor
吴义壮
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2021227600A1 publication Critical patent/WO2021227600A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0894Policy-based network configuration management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/02Arrangements for optimising operational condition

Definitions

  • This application relates to the field of communication technology, and in particular to a network slicing control method and communication device.
  • Network slicing refers to customizing different logical networks on a physical or virtual network infrastructure according to the service requirements of different tenants (tenant) business.
  • Network slicing can be end-to-end (E2E) including the entire network, or part of the network functions can be shared among multiple network slices.
  • E2E end-to-end
  • 3GPP third generation partnership project
  • 5G 5th generation
  • multiple network slices can share a set of access and mobility management function (AMF) network elements, and user equipment (UE) can simultaneously access multiple network elements that share the same group of AMF network elements.
  • AMF access and mobility management function
  • UE user equipment
  • slice control information for network slicing is stored in a unified data management (UDM) network element through a contract.
  • UDM unified data management
  • the AMF network element serving the UE obtains it from UDM.
  • the subscription information of the slice control information is sent, and the slice control information is sent to the access network device, so that the access network device performs corresponding network slice control based on the slice control information.
  • the present application provides a network slicing control method and device, which are used to improve the flexibility of network slicing control and user experience.
  • a network slicing control method is provided.
  • the method is applied to an access and mobility management function AMF network element.
  • the method includes: sending first information.
  • the AMF network element can send the first information to the AAA server through the AUSF network element.
  • the first information includes slice information of the first network slice and a first identifier of the first user equipment UE.
  • the slice information may be used to determine the first network slice.
  • the slice information may be S-NSSAI or S-NSSAI.
  • the identification information after NSSAI mapping.
  • the first identification can be GPSI, where the network slice that is allowed or to be allowed to be accessed by the first UE includes the first network slice, that is, allowed NSSAI or pending NSSAI (the first UE can be allowed after authentication and authorization is required. Access) S-NSSAI including the first network slice; receiving the second information from the AAA server, that is, the second information is sent by the AAA server, for example, the AAA server can send the second information to the AMF network element through authentication and authorization,
  • the second information includes first slice control information, and the first slice control information is information used to control the use of the first network slice by the first UE.
  • the AMF network element reports the first information to the AAA server, and the AAA server issues the first slice control information according to the first information.
  • the first slice control information is used to control the first UE to the first network.
  • Information used for slicing so that the AAA server can reasonably allocate slicing control information to the first UE.
  • the AMF network element can dynamically obtain the slicing control information of the first UE, thereby improving the flexibility of network slicing control and user experience .
  • the method further includes: sending the first slice control information to the unified data management UDM network element, so that when the UDM network element receives the first slice control information, it can be locally Store the first slice control information.
  • the UDM network element can learn in real time the information that controls the first UE to use the first network slice. Further, in the dual registration scenario, the UDM network element can provide the first slice control information to The other AMF network element used by the first UE eliminates the need for another AMF network element to initiate a new process to obtain the first slice control information.
  • the method further includes: sending first slice control information to the policy control function PCF network element; receiving authorized slice control information from the PCF network element, where the authorized slice control information may It is the same as or different from the first slice control information.
  • the legality and rationality of the slice control information for the first network slice by the first UE can be guaranteed.
  • the method further includes: sending authorized slice control information to a unified data management UDM network element.
  • the UDM network element can learn the information used by the first UE for the first network slice in real time. Further, in the dual registration scenario, the UDM network element can provide the first slice control information to the first network slice. Another AMF network element used by a UE makes it unnecessary for another AMF network element to initiate a new process to obtain the first slice control information.
  • the method further includes: receiving third information, where the third information includes second slice control information, and the second slice control information is used to update the control of the first UE to the first Information used by network slicing.
  • the network slice that the second UE is allowed or to be allowed to access includes the first network slice
  • the third information also includes third slice control information
  • the third slice control information is used to update the control information used to control the second UE to the first network slice.
  • the AAA server can reasonably and dynamically adjust the slice control information of the first UE, thereby improving the flexibility of network slice control and user experience.
  • the method further includes: storing information used to control the use of the first network slice by the first UE in the context of the first UE.
  • the target AMF network element after the handover can accurately obtain the information of the first UE, and avoid performing the authorization process again on the network slice that performs the authorization process. .
  • the method before sending the first information, further includes: obtaining authorization indication information of a network slice that is allowed or to be allowed to be accessed by the first UE; and determining the first UE according to the authorization indication information.
  • a network slice requires authorization.
  • obtaining the authorization indication information of the network slice that the first UE is allowed to access includes: obtaining authorization indication information locally; or obtaining the subscription information of the first UE from the unified data management UDM network element, where the subscription information includes authorization Indication information; or, obtain authorization indication information from the network element of the network slice selection function NSSF.
  • the AMF network element can dynamically obtain the slice control information of the first UE in the authorization process of the first network slice, thereby improving the flexibility of network slice control and user experience.
  • the first information further includes a second identifier of the first UE, where the second identifier is an identifier of the first UE in the first network slice.
  • the second identifier may be used to identify the first UE in the first network slice, so that the AAA server may perform slice authentication and/or authorization for the first UE.
  • the network slice that is allowed or to be allowed to be accessed by the first UE includes at least one network slice, and the at least one network slice includes the first network slice, and the method further includes: Acquire the second identifier of the first UE in each network slice of the at least one network slice.
  • the signaling overhead for the AMF network element to obtain the second identifier of the first UE in the multiple network slices can be reduced.
  • the first information is carried in the authorization request message of the first network slice, and the second information is carried in the authorization response message of the first network slice; or, the first information is carried in In the authentication and authorization request message of the first network slice, the second information is carried in the authentication and authorization response message of the first network slice.
  • the AAA server can dynamically adjust the slice control information of the first UE in the authorization process of the first network slice, and the AMF network element can dynamically obtain the slice control information of the first UE, thereby improving The flexibility and user experience of network slicing control.
  • a network slicing control method is provided.
  • the method is applied to an AAA server for authentication, authorization, and accounting.
  • the method includes: receiving first information, where the first information includes slice information of a first network slice and a first user The first identifier of the device UE.
  • the slice information can be used to determine the first network slice.
  • the slice information can be S-NSSAI or the identification information after the S-NSSAI mapping.
  • the first identifier can be GPSI, where either allows or
  • the network slice that the first UE is to be allowed to access includes the first network slice, that is, the allowed NSSAI or pending NSSAI of the first UE (the first UE can be allowed to access after authentication and authorization) includes the S-NSSAI of the first network slice;
  • the access and mobility management function AMF network element sends second information, the second information includes first slice control information, and the first slice control information is information used to control the use of the first network slice by the first UE.
  • the method further includes: when it is determined that the first slice control information is changed, sending third information to the AMF network element, the third information includes the second slice control information, and the first slice control information is changed.
  • the second slice control information is used to update information used to control the use of the first network slice by the first UE.
  • the network slice that the second UE is allowed or to be allowed to access includes the first network slice, and when it is determined that the slice control information of the second UE in the first network slice is changed, The third information further includes third slice control information, and the third slice control information is used to update information used for controlling the second UE to use the first network slice.
  • the AAA server can adjust the slice control information of multiple UEs in one signaling exchange, thereby reducing the signaling overhead of the AAA server.
  • the network slice that the second UE is allowed or to be allowed to access includes the second network slice, and when it is determined that the slice control information of the second UE in the second network slice is changed, The third information further includes fourth slice control information, and the fourth slice control information is used to update information for controlling the second UE to use the second network slice.
  • the AAA server can adjust the slice control information of multiple UEs in one signaling exchange, thereby reducing the signaling overhead of the AAA server.
  • the first information further includes a second identifier of the first UE, where the second identifier is an identifier of the first UE in the first network slice.
  • the first information is carried in the authorization request message of the first network slice, and the second information is carried in the authorization response message of the first network slice; or, the first information is carried in In the authentication and authorization request message of the first network slice, the second information is carried in the authentication and authorization response message of the first network slice.
  • a network slicing control method which is applied to an authentication and authorization network element, and the authentication and authorization network element may be an AUSF network element, a NEF network element, an NSSAAF network element, or other network elements used for authentication and authorization processes,
  • the method includes: receiving first information from an AMF network element of an access and mobility management function, the first information including slice information of a first network slice and a first identifier of a first user equipment UE, and the slice information can be used to determine the first Network slice, for example, the slice information may be S-NSSAI or identification information after the S-NSSAI mapping, the first identifier may be GPSI, and the network slice that is allowed or to be allowed to be accessed by the first UE includes the first network slice, that is The allowed NSSAI or pending NSSAI of the first UE (the first UE can be allowed to access after authentication and authorization) includes the S-NSSAI of the first network slice; the first forwarding information is sent to the authentication, authorization, and accounting
  • the slice information is S-NSSAI
  • the first forwarding information includes the conversion information of the slice information (that is, according to S-NSSAI).
  • NSSAI obtains the identification information after S-NSSAI mapping), or the slice information is S-NSSAI, the first forwarding information contains the slice information (ie S-NSSAI), or the slice information is the identifier after S-NSSAI mapping Information, the first forwarding information contains the slice information (identification information after S-NSSAI mapping);
  • the second information is received from the AAA server, the second information includes the first slice control information, and the first slice control information is Information used to control the use of the first network slice by the first UE; sending second information to the AMF network element.
  • the method further includes: receiving third information from the AAA server, the third information includes second slice control information, and the second slice control information is used to update the first UE to the second slice control information.
  • the third information includes second slice control information
  • the second slice control information is used to update the first UE to the second slice control information. 1.
  • Use information of a network slice send third forwarding information to the AMF network element, and the third forwarding information includes second slice control information.
  • the network slice to which the second UE is allowed or to be allowed to access includes the first network slice
  • the third information further includes third slice control information
  • the third forwarding information further includes the third network slice.
  • the slice control information, and the third slice control information is used to update information used to control the use of the first network slice by the second UE.
  • the network slice that the second UE is allowed or to be allowed to access includes the second network slice
  • the third information further includes fourth slice control information
  • the method further includes: The AMF network element of the second network slice sends fourth forwarding information, where the fourth forwarding information includes fourth slice control information, and the fourth slice control information is used to update information used for controlling the second UE to use the second network slice.
  • the first information further includes at least one of the following; the second identifier of the first UE, the AAA server identifier; wherein, the second identifier means that the first UE is in the first network slice
  • the first forwarding information may also include: the second identifier of the first UE.
  • the first information is carried in the authorization request message of the first network slice
  • the second information sent to the AMF network element is carried in the authorization response message of the first network slice.
  • a communication device which serves as an access and mobility management function AMF network element or a built-in chip of the AMF network element.
  • the device includes: a sending unit configured to send first information, the first information including the first The slice information of the network slice and the first identifier of the first user equipment UE, where the network slice that the first UE is allowed or to be allowed to access includes the first network slice; the receiving unit is configured to receive authentication, authorization, and accounting AAA
  • the second information of the server, the second information includes first slice control information, and the first slice control information is information used to control the use of the first network slice by the first UE.
  • the sending unit is further configured to send the first slice control information to the unified data management UDM network element.
  • the sending unit is further configured to send the first slice control information to the policy control function PCF network element; the receiving unit is further configured to receive authorized slice control information from the PCF network element.
  • the sending unit is further configured to send authorized slice control information to the unified data management UDM network element.
  • the receiving unit is further configured to: receive third information, where the third information includes second slice control information, and the second slice control information is used to update the second slice control information used to control the first UE to Information used by a network slice.
  • the network slice to which the second UE is allowed or to be allowed to access includes the first network slice
  • the third information further includes third slice control information
  • the third slice control information is used for updating Information used to control the use of the first network slice by the second UE.
  • the apparatus further includes: a processing unit, configured to store information used to control the use of the first network slice by the first UE in the context of the first UE.
  • the receiving unit is further configured to obtain authorization indication information of the network slice that the first UE is allowed to access; the processing unit is further configured to determine that the first network slice requires authorization according to the authorization indication information .
  • the receiving unit is further configured to: obtain authorization indication information locally; or obtain the subscription information of the first UE from the unified data management UDM network element, where the subscription information includes authorization indication information ; Or, obtain authorization indication information from the network element of the network slice selection function NSSF.
  • the first information further includes a second identifier of the first UE, where the second identifier is an identifier of the first UE in the first network slice.
  • the network slice allowed or to be allowed to be accessed by the first UE includes at least one network slice, at least one network slice includes the first network slice, and the receiving unit is further configured to: The UE obtains the second identifier of the first UE in each network slice of the at least one network slice.
  • a communication device which serves as an authentication, authorization, and accounting AAA server or a built-in chip of the AAA server.
  • the device includes: a receiving unit for receiving first information, where the first information includes the first The slice information of the network slice and the first identifier of the first user equipment UE, where the network slice to which the first UE is allowed or to be allowed to access includes the first network slice; the sending unit is configured to provide access and mobility management functions
  • the AMF network element sends second information, where the second information includes first slice control information, and the first slice control information is information used to control the use of the first network slice by the first UE.
  • the sending unit is further configured to: when it is determined that the first slice control information is changed, send third information to the AMF network element, and the third The information includes second slice control information, and the second slice control information is used to update information used to control the use of the first network slice by the first UE.
  • the network slice that the second UE is allowed or to be allowed to access includes the first network slice, and when it is determined that the slice control information of the second UE in the first network slice is changed,
  • the third information further includes third slice control information, and the third slice control information is used to update information used for controlling the second UE to use the first network slice.
  • the network slice that the second UE is allowed or to be allowed to access includes the second network slice, and when it is determined that the slice control information of the second UE in the second network slice is changed,
  • the third information further includes fourth slice control information, and the fourth slice control information is used to update information for controlling the second UE to use the second network slice.
  • the first information further includes a second identifier of the first UE, where the second identifier is an identifier of the first UE in the first network slice.
  • the slice information includes: single network slice selection auxiliary information S-NSSAI of the first network slice.
  • the first identifier includes: a general public user identifier GPSI.
  • the first information is carried in the authorization request message of the first network slice, and the second information is carried in the authorization response message of the first network slice; or, the first information is carried in In the authentication and authorization request message of the first network slice, the second information is carried in the authentication and authorization response message of the first network slice.
  • a communication device which is used as an authentication and authorization network element or a built-in chip for the authentication and authorization network element.
  • the authentication and authorization network element may be an AUSF network element, a NEF network element, a NAASSF network element, or other network elements used for authentication and authorization.
  • the network element of the authorization process includes: a receiving unit for receiving first information from the access and mobility management function AMF network element, the first information includes the slice information of the first network slice and the first user equipment UE An identifier, the network slice that the first UE is allowed or to be allowed to access includes the first network slice; the sending unit is configured to send the first forwarding information to the authentication, authorization, and accounting AAA server, and the first forwarding information includes the first UE’s The first identifier, and the slice information or the conversion information of the slice information; the receiving unit is further configured to receive the second information from the AAA server, the second information includes the first slice control information, and the first slice control information is used for To control the information used by the first UE on the first network slice; the sending unit is also used to send second information to the AMF network element.
  • the slice information includes: single network slice selection auxiliary information S-NSSAI of the first network slice.
  • the first identifier includes: a general public user identifier GPSI.
  • the receiving unit is further configured to receive third information from the AAA server, the third information includes second slice control information, and the second slice control information is used to update the first UE to the second slice control information.
  • a network slice usage information; the sending unit is further configured to send third forwarding information to the AMF network element, where the third forwarding information includes second slice control information.
  • the network slice that the second UE is allowed or to be allowed to access includes the first network slice
  • the third information further includes third slice control information
  • the third forwarding information further includes the third network slice.
  • the slice control information, and the third slice control information is used to update information used to control the use of the first network slice by the second UE.
  • the network slice to which the second UE is allowed or to be allowed to access includes the second network slice
  • the third information further includes fourth slice control information
  • the sending unit is further configured to:
  • the AMF network element of the second network slice sends fourth forwarding information, where the fourth forwarding information includes fourth slice control information, and the fourth slice control information is used to update information used for controlling the second UE to use the second network slice.
  • the slice information includes: single network slice selection auxiliary information S-NSSAI of the first network slice.
  • the first identifier includes: a general public user identifier GPSI.
  • the first information further includes at least one of the following; the second identifier of the first UE, the AAA server identifier; wherein, the second identifier means that the first UE is in the first network slice
  • the first forwarding information also includes: the second identifier of the first UE.
  • the first information is carried in the authorization request message of the first network slice
  • the second information sent to the AMF network element is carried in the authorization response message of the first network slice.
  • a communication device serves as an access and mobility management function AMF network element or a built-in chip of the AMF network element, and includes a processor and a communication interface.
  • the processor is used to run a computer program or instruction to enable the The apparatus implements the network slicing control method as provided in the first aspect or any possible implementation manner of the first aspect.
  • a communication device is provided.
  • the device is used as an authentication, authorization, and accounting AAA server or a built-in chip of the AAA server, and includes a processor and a communication interface.
  • the processor is used to run computer programs or instructions to enable the device to implement A network slicing control method as provided in the second aspect or any possible implementation manner of the second aspect.
  • a communication device which serves as an authentication and authorization network element or a built-in chip of the authentication and authorization network element.
  • the authentication and authorization network element may be an AUSF network element, a NEF network element, a NAASSF network element, or other network elements used for authentication and authorization.
  • the network element of the authorization process includes a processor and a communication interface.
  • the processor is used to run computer programs or instructions to enable the device to implement the network slicing provided by the third aspect or any one of the possible implementation manners of the third aspect. Control Method.
  • a communication system includes: access and mobility management function AMF network element, authentication and authorization network element, authentication, authorization and accounting AAA server; wherein, the AMF network element is the fourth aspect and the first Any possible implementation of the fourth aspect, or the AMF network element provided by the seventh aspect, and the AAA server is any of the fifth aspect, any possible implementation of the fifth aspect, or the AAA server provided by the eighth aspect ,
  • the authentication and authorization network element is the sixth aspect, any possible implementation manner of the sixth aspect, or the authentication and authorization network element provided by the ninth aspect.
  • a network slicing control method is provided, which is applied to an access and mobility management function AMF network element or a session management function SMF network element.
  • the method includes: determining the number of user equipment UEs accessed on the network slice and/ Or the number of protocol data unit PDU sessions; when the first reporting condition is met, the first information is sent, and the first information includes the number of UEs and/or the number of PDU sessions.
  • the AMF network element or the SMF network element may send first information, the first information includes the number of UEs accessed by the network slice and/or the number of PDU sessions, and the AAA-S may receive the first information, such that AAA- S can perceive the resource usage of the network slice, and control the resources of the network slice based on the number of UEs and/or the number of PDU sessions included in the first information, thereby realizing the control of the network slice and improving the flexibility of network slice control And user experience.
  • the method before determining the number of UEs and/or the number of PDU sessions accessed on the network slice, the method further includes: acquiring first configuration information, where the first configuration information includes the network slice
  • the single network slice selection auxiliary information S-NSSAI and authorization indication information are used to indicate whether slice resource control needs to be performed.
  • the AMF network element or the SMF network element can dynamically report the first information in the authorization process of the network slicing, and the AAA server can dynamically adjust the configuration information of the network slicing, thereby improving the network The flexibility and user experience of slice control.
  • the first configuration information further includes a first report condition
  • the first report condition includes at least one of the following conditions: the number of UEs reaches the first preset value, and the PDU The number of sessions reaches the second preset value, the increase in the number of UEs reaches the third preset value, the increase in the number of PDU sessions reaches the fourth preset value, the reporting period, and the increase in the number of UEs in the time window reaches the first
  • the fifth preset value, or the increase in the number of PDU sessions within the time window reaches the sixth preset value.
  • the AMF network element or the SMF network element may be caused to dynamically report the first information according to the first report condition.
  • the method further includes: receiving second configuration information, where the second configuration information is used to control resources of the network slice.
  • the AAA server can dynamically adjust the configuration information of the network slice through the second configuration information, thereby improving the flexibility of network slice control and user experience.
  • the second configuration information includes at least one of the following: a second reporting condition, the number of remaining UEs accessible by the network slice, and the remaining PDU sessions accessible by the network slice
  • the number of UEs reaches the seventh preset value
  • the increase of the number of PDU sessions reaches the eighth preset value
  • the number of UEs in the time window reaches the ninth preset value, or the number of PDU sessions in the time window
  • the increase reaches the tenth preset value
  • the second reporting condition is used to indicate a condition for reporting the first information of the network slice next time.
  • the AAA server can dynamically adjust the reporting condition of the first information through the second configuration information.
  • sending the first information includes: sending an authorization request message to the authentication and authorization network element, where the authorization request message includes the first information; correspondingly Yes, receiving the second configuration information includes: receiving an authorization response message sent by an authentication and authorization network element, where the authorization response message includes the second configuration information.
  • the AMF network element can dynamically report the first information in the authorization process of the network slicing, and the AAA server can dynamically adjust and control the network slicing, thereby improving the flexibility of network slicing control and user experience.
  • sending the first information includes: sending the first information to the AAA server through the UPF network element; correspondingly, receiving the second configuration
  • the information includes: receiving the second configuration information from the AAA server through the UPF network element.
  • a network slicing control method is provided, which is applied to an AAA server for authentication, authorization, and accounting.
  • the method includes: receiving first information, where the first information includes the number of user equipment UEs accessed on the network slicing and/ Or the number of protocol data unit PDU sessions.
  • the method before receiving the first information, further includes: sending first configuration information, where the first configuration information is used to configure resources of the network slice, and the first configuration information includes the network slice The single network slice selection auxiliary information S-NSSAI and authorization indication information.
  • the first configuration information further includes a first reporting condition of the first information, and the first reporting condition includes at least one of the following conditions: the number of UEs reaches the first preset Value, the number of PDU sessions reaches the second preset value, the increase in the number of UEs reaches the third preset value, the increase in the number of PDU sessions reaches the fourth preset value, the reporting period, the number of UEs in the time window The increase amount reaches the fifth preset value, or the increase amount of the number of PDU sessions within the time window reaches the sixth preset value.
  • the method further includes: determining to send second configuration information according to the number of UEs and/or the number of PDU sessions, where the second configuration information is used to control the resources of the network slice.
  • the second configuration information includes at least one of the following: a second reporting condition, the number of remaining UEs accessible by the network slice, and the remaining PDU sessions accessible by the network slice.
  • the number of UEs reaches the seventh preset value, the increase of the number of PDU sessions reaches the eighth preset value, and the number of UEs in the time window reaches the ninth preset value, or the number of PDU sessions in the time window
  • the increase reaches the tenth preset value
  • the second reporting condition is used to indicate a condition for reporting the first information of the network slice next time.
  • receiving the first information includes: receiving a first message from an authentication and authorization network element, the first message includes the first information, and the first information is an authorization request by the AMF network element
  • the message is sent to the authentication and authorization network element;
  • sending the second configuration information includes: sending a second message to the authentication and authorization network element, the second message includes the second configuration information, so that the authentication and authorization network element sends the authorization response message to the authentication and authorization network element.
  • the second configuration information is sent to the AMF network element.
  • receiving the first information includes: receiving the first information from the SMF through the UPF network element; correspondingly, sending the second configuration information includes: sending the second configuration information to the SMF through the UPF network element Send the second configuration information.
  • a communication device which is an access and mobility management AMF network element, a chip built in an AMF network element, a session management function SMF network element, or a chip built in an SMF network element, the device includes: a processing unit , Used to determine the number of user equipment UEs accessed on the network slice and/or the number of protocol data unit PDU sessions; the sending unit, used to send first information when the first reporting condition is met, the first information including the number of UEs and / Or the number of PDU sessions.
  • the device further includes: a receiving unit configured to obtain first configuration information, the first configuration information including single network slice selection auxiliary information S-NSSAI and authorization of the network slice Indication information, the authorization indication information is used to indicate whether slice resource control needs to be performed.
  • the first configuration information further includes a first report condition
  • the first report condition includes at least one of the following conditions: the number of UEs reaches the first preset value, and the PDU The number of sessions reaches the second preset value, the increase in the number of UEs reaches the third preset value, the increase in the number of PDU sessions reaches the fourth preset value, the reporting period, and the increase in the number of UEs in the time window reaches the first
  • the fifth preset value, or the increase in the number of PDU sessions within the time window reaches the sixth preset value.
  • the device further includes: a receiving unit, configured to receive second configuration information, where the second configuration information is used to control resources of the network slicing.
  • the second configuration information includes at least one of the following: a second reporting condition, the number of remaining UEs accessible by the network slice, and the remaining PDU sessions accessible by the network slice.
  • the number of UEs reaches the seventh preset value, the increase of the number of PDU sessions reaches the eighth preset value, and the number of UEs in the time window reaches the ninth preset value, or the number of PDU sessions in the time window
  • the increase reaches the tenth preset value
  • the second reporting condition is used to indicate a condition for reporting the first information of the network slice next time.
  • the sending unit is further configured to: send an authorization request message to the authentication and authorization network element, and the authorization request message includes First information; correspondingly, the receiving unit is further configured to receive an authorization response message sent by an authentication and authorization network element, where the authorization response message includes the second configuration information.
  • the sending unit when the device is applied to an SMF network element or a chip built into the SMF network element, the sending unit is further configured to send the first information to the AAA server through the UPF network element; correspondingly, the receiving unit is further configured to receive the second configuration information from the AAA server through the UPF network element.
  • a communication device is provided.
  • the device is an authentication, authorization, and accounting AAA server or a chip built in the AAA server.
  • the device includes a receiving unit for receiving first information, where the first information includes a network slice The number of connected user equipment UEs and/or the number of protocol data unit PDU sessions.
  • the device further includes: a sending unit, configured to send first configuration information, the first configuration information is used to configure resources of the network slice, and the first configuration information includes information about the network slice.
  • a sending unit configured to send first configuration information
  • the first configuration information is used to configure resources of the network slice
  • the first configuration information includes information about the network slice.
  • the first configuration information further includes a first reporting condition of the first information, and the first reporting condition includes at least one of the following conditions: the number of UEs reaches the first preset Value, the number of PDU sessions reaches the second preset value, the increase in the number of UEs reaches the third preset value, the increase in the number of PDU sessions reaches the fourth preset value, the reporting period, the number of UEs in the time window The increase amount reaches the fifth preset value, or the increase amount of the number of PDU sessions within the time window reaches the sixth preset value.
  • the device further includes: a sending unit, configured to determine to send second configuration information according to the number of UEs and/or the number of PDU sessions, and the second configuration information is used to control the network Sliced resources.
  • the second configuration information includes at least one of the following: a second reporting condition, the number of remaining UEs accessible by the network slice, and the remaining PDU sessions accessible by the network slice.
  • the number of UEs reaches the seventh preset value, the increase of the number of PDU sessions reaches the eighth preset value, and the number of UEs in the time window reaches the ninth preset value, or the number of PDU sessions in the time window
  • the increase reaches the tenth preset value
  • the second reporting condition is used to indicate a condition for reporting the first information of the network slice next time.
  • the receiving unit is further configured to: receive a first message from an authentication and authorization network element, the first message includes first information, and the first information is an authorization request message passed by the AMF network element
  • the sending unit is further configured to: send a second message to the authentication and authorization network element, the second message including the second configuration information, so that the authentication and authorization network element configures the second configuration through the authorization response message The information is sent to the AMF network element.
  • the receiving unit is further configured to: receive the first information from the SMF through the UPF network element; correspondingly, the sending unit is further configured to: send the second information to the SMF through the UPF network element Configuration information.
  • a communication device serves as an access and mobility management function AMF network element, a built-in chip of the AMF network element, a session management function SMF network element, or a built-in chip of the SMF network element, including a processor and communication An interface, the processor is used to run a computer program or instruction, so that the device implements the network slice control method as provided by the eleventh aspect or any one of the possible implementation manners of the eleventh aspect.
  • a communication device is provided.
  • the device is used as an authentication, authorization, and accounting AAA server or a built-in chip of the AAA server includes a processor and a communication interface, and the processor is used to run a computer program or instruction to enable the device to implement
  • a computer program or instruction to enable the device to implement
  • a communication system includes: access and mobility management function AMF network element/session management function SMF network element, authentication, authorization and accounting AAA server; wherein, AMF network element/SMF network element Yuan is the thirteenth aspect, any possible implementation of the thirteenth aspect, or the communication device provided by the fifteenth aspect; the AAA server is any possible implementation of the fourteenth aspect and the fourteenth aspect Or the communication device provided by the sixteenth aspect.
  • a readable storage medium is provided, and instructions are stored in the readable storage medium.
  • the instructions in the readable storage medium are executed on a device, the device executes operations such as the first aspect, Or the network slicing control method provided by any possible implementation of the first aspect.
  • a readable storage medium is provided, and instructions are stored in the readable storage medium.
  • the instructions in the readable storage medium run on a device, the device executes the second aspect, Or the network slicing control method provided by any possible implementation of the second aspect.
  • a readable storage medium is provided, and instructions are stored in the readable storage medium.
  • the instructions in the readable storage medium are executed on a device, the device executes the third aspect, Or the network slicing control method provided by any possible implementation manner of the third aspect.
  • a computer program product including instructions is provided.
  • the instructions When the instructions are executed on a device, the device executes as provided in the first aspect or any one of the possible implementation manners of the first aspect. Network slicing control method.
  • a computer program product including instructions is provided.
  • the instructions When the instructions are executed on a device, the device executes as provided by the second aspect or any of the possible implementation manners of the second aspect. Network slicing control method.
  • a computer program product including instructions is provided.
  • the instructions run on a device, the device executes the third aspect or any one of the possible implementations of the third aspect.
  • Network slicing control method When the instructions run on a device, the device executes the third aspect or any one of the possible implementations of the third aspect.
  • a readable storage medium is provided, and instructions are stored in the readable storage medium.
  • the instructions in the readable storage medium are executed on a device, the device executes the eleventh aspect.
  • the network slicing control method provided by any possible implementation manner of the eleventh aspect.
  • a readable storage medium having instructions stored in the readable storage medium, and when the instructions in the readable storage medium are executed on a device, the device is caused to perform operations as described in the twelfth aspect , Or the network slicing control method provided by any possible implementation of the twelfth aspect.
  • a computer program product including instructions is provided.
  • the instructions run on a device, the device executes the eleventh aspect or any possible implementation manner of the eleventh aspect
  • the provided network slicing control method is provided.
  • a computer program product including instructions is provided.
  • the instructions run on a device, the device executes the twelfth aspect or any possible implementation manner of the twelfth aspect
  • the provided network slicing control method is provided.
  • FIG. 1 is a schematic structural diagram of a communication system provided by an embodiment of this application.
  • FIG. 2 is a schematic flowchart of a first network slicing control method provided by an embodiment of this application;
  • FIG. 3 is a schematic flowchart of a second network slicing control method provided by an embodiment of this application.
  • FIG. 4 is a schematic diagram of a third information transmission provided by an embodiment of this application.
  • FIG. 5 is a schematic flowchart of a third network slicing control method provided by an embodiment of this application.
  • FIG. 6 is a schematic flowchart of a fourth network slicing control method provided by an embodiment of this application.
  • FIG. 7 is a schematic flowchart of a fifth network slicing control method provided by an embodiment of this application.
  • FIG. 8 is a schematic flowchart of a sixth network slicing control method provided by an embodiment of this application.
  • FIG. 9 is a schematic structural diagram of an AMF network element provided by an embodiment of this application.
  • FIG. 10 is a schematic structural diagram of another AMF network element provided by an embodiment of this application.
  • FIG. 11 is a schematic structural diagram of an authentication and authorization network element provided by an embodiment of this application.
  • FIG. 12 is a schematic structural diagram of another authentication and authorization network element provided by an embodiment of this application.
  • FIG. 13 is a schematic structural diagram of an AAA-S network element provided by an embodiment of this application.
  • FIG. 14 is a schematic structural diagram of another AAA-S provided by an embodiment of the application.
  • At least one refers to one or more, and “multiple” refers to two or more.
  • And/or describes the association relationship of the associated objects, indicating that there can be three relationships, for example, A and/or B, which can mean: A alone exists, A and B exist at the same time, and B exists alone, where A, B can be singular or plural.
  • the character “/” generally indicates that the associated objects before and after are in an “or” relationship.
  • At least one item (a) in the following” or similar expressions refers to any combination of these items, including any combination of a single item (a) or a plurality of items (a).
  • At least one of a, b, or c can represent: a, b, c, a-b, a-c, b-c, or a-b-c, where a, b, and c can be single or multiple.
  • words such as “first” and “second” do not limit the number and execution order.
  • Network slice also known as a slice network, or simply as a slice, refers to the physical or virtual network infrastructure, customized according to the service requirements of different tenants (tenant) Logical network.
  • a network slice can be a complete end-to-end network including user equipment (UE), access network, transmission network, core network, and service server, or it can include only the core network but supplemented by UE and access network.
  • the complete end-to-end network of the transmission network and the service server can provide complete communication services and have certain network capabilities.
  • Network slicing can be a communication resource that guarantees that the bearer business or service can meet the service level agreement requirements, or it can be considered as The combination of network functions and communication resources required to complete a certain communication service or certain communication services.
  • a network slice can be identified by single network slice selection assistance information (S-NSSAI).
  • S-NSSAI is composed of a slice/service type (SST) and a slice differentiator (SD).
  • SST and SD can be defined by standards or operators; SD is optional information that supplements SST to distinguish multiple network slices of the same SST, for example, it can be used to characterize the ownership of network slices.
  • SST and SD can be defined by standards or operators; SD is optional information that supplements SST to distinguish multiple network slices of the same SST, for example, it can be used to characterize the ownership of network slices.
  • Table 1 The types and functions of NSSAI defined in the 23.501 standard are shown in Table 1 below.
  • pending NSSAI may also be called the NSSAI that requires authentication and authorization or the NSSAI to be processed.
  • the pending NSSAI can be included in the allowed NSSAI after passing the authentication and authorization, that is, the pending NSSAI can allow the UE to access after passing the authentication and authorization.
  • Protocol data unit (PDU) session (session): the association between the UE and a data network to provide a PDU connection service.
  • a PDU session may include one or more quality of service (QoS) flows.
  • QoS flow refers to a data transmission channel that a UE meets a specific QoS quality requirement in the communication system (for example, a 5G network or a 5G communication system), and can be identified by a QoS flow identity (QFI).
  • QFI QoS flow identity
  • a PDU session can contain the following attribute information: data network name (DNN), address information (such as internet protocol (IP) address, media access control (MAC)) Address, etc.), S-NSSAI, service and session continuity (service and session continuity, SSC) mode, etc.
  • DNN data network name
  • address information such as internet protocol (IP) address, media access control (MAC)) Address, etc.
  • S-NSSAI service and session continuity (service and session continuity, SSC) mode, etc.
  • a PDU session is usually identified by the PDU session identifier, and the PDU session identifier can be allocated by the UE.
  • the communication system includes: a UE, a radio access network (RAN/AN), and a core network. Furthermore, the communication system may also include a data network (DN), which may refer to a service network that provides users with data transmission services, such as IP multi-media service (IMS), internet, etc. .
  • DN data network
  • IMS IP multi-media service
  • the UE can be a terminal equipment (TE), handheld terminal, notebook computer, subscriber unit, cellular phone, smart phone, wireless data card, personal digital assistant (personal digital assistant).
  • digital assistant, PDA personal digital assistant
  • PDA personal digital assistant
  • tablet computers tablet computers
  • vehicle terminals wearable devices
  • wireless modems handheld devices
  • laptop computers cordless phones
  • wireless local loops wireless local loop, WLL
  • MTC machine type communication
  • the UE and the access network equipment use a certain air interface technology to communicate with each other.
  • the access network is used to implement functions related to wireless access, and the access network may include a third generation partnership project (3rd generation partnership project, 3GPP) access network and a non-3GPP access network.
  • Access network equipment may refer to equipment that provides access services for UEs, including RAN equipment and AN equipment.
  • the RAN device is mainly a wireless network device in the 3GPP network, and the AN may be an access network device defined by non-3GPP.
  • the RAN equipment is mainly responsible for functions such as radio resource management, quality of service (QoS) management, data compression, and encryption on the air interface side.
  • the RAN equipment may include various forms of base stations, such as macro base stations, micro base stations (also called small stations), relay stations, and access points.
  • the names of devices with base station functions may be different.
  • RAN 5th generation
  • gNB 5G NodeB
  • eNB evolved NodeB
  • 3rd generation, 3G 3rd generation
  • AN equipment allows the UE and the 3GPP core network to use non-3GPP technologies for interconnection and intercommunication.
  • non-3GPP technologies such as wireless fidelity (Wi-Fi), worldwide interoperability for microwave access, WiMAX ), code division multiple access (CDMA) networks, etc.
  • the core network may include the following logical network elements: session management function (SMF) network element, access and mobility management function (access and mobility management function, AMF network element) network element, authentication server function (authentication server function, AUSF) network element, user plane function (UPF) network element, application function (AF) network element, unified data management (UDM) network element, policy control function (policy control Function, PCF) network element, network storage function (network repository function, NRF) network element, network exposure function (NEF) network element, and network slice selection function (network slice selection function, NSSF network element) Network elements, etc.
  • SMF session management function
  • AMF access and mobility management function
  • AMF authentication server function
  • UPF user plane function
  • AF application function
  • UDM unified data management
  • policy control Function policy control Function
  • PCF policy control Function
  • NRF network repository function
  • NRF network exposure function
  • NSSF network element
  • the control plane network element of the core network is mainly responsible for session management in the mobile network, such as session establishment, modification, and release; specific functions such as assigning IP addresses to users and selecting UPF that provides message forwarding functions.
  • the core network control plane network element is mainly responsible for the mobility management in the mobile network, such as user location update, user registration network, user handover, etc.
  • AUSF network element a core network control plane network element, a control plane network element provided by an operator, used to perform authentication, for example, to perform 3GPP network authentication for its subscribers.
  • the user plane network element of the core network is responsible for the forwarding and receiving of user data in the UE. It can receive user data from the DN and transmit it to the UE through the access network equipment; the UPF network element can also be transmitted from the access network equipment through the access network equipment. The UE receives the user data and forwards it to the DN.
  • AF network element It mainly supports interaction with the 3GPP core network to provide services, such as influencing data routing decisions, policy control functions, or providing third-party services to the network side.
  • UDM network element core network control plane network element, used to store user subscription data, generate authentication credential, user identification processing (for example, storage and management of user permanent identities, etc.), access authorization control and subscription data management, etc.
  • PCF network element the core network control plane network element, which mainly supports the provision of a unified policy framework to control network behavior, provides policy rules to the control layer network function, and is responsible for obtaining user subscription information related to policy decisions.
  • NRF network element core network control plane network element, used to support the service discovery function, and can also be used to maintain the information of the available network function network elements and the services they support.
  • NEF network element The control plane network element of the core network, which is mainly used to open the mobile network capabilities to the outside world.
  • NSSF network element core network control plane network element, mainly used for 5G slicing services, for example, responsible for the selection of target network slice instance (NSI).
  • NSI target network slice instance
  • the NSSF network element may also be replaced with a network slice specific authentication and authorization function (network slice specific authentication and authorization function, NSSAAF) network element.
  • NSSAAF network slice specific authentication and authorization function
  • a network slice-specific authentication and authorization function network slice-specific authentication and authorization function, NSSAAF
  • NSSAAF network slice-specific authentication and authorization function
  • the UE can communicate with the AMF network element through the N1 interface
  • the R(AN) device can communicate with the AMF network element through the N2 interface
  • the R(AN) device can communicate with the UPF network element through the N3 interface.
  • UPF network element can communicate with DN through N4 interface.
  • the network elements in the core network can communicate through a service interface.
  • the service interface can include: N NSSF interface, N nef interface, N nrf interface, N pcf interface, N udm interface, N af interface, N ausf interfaces, N AMF N nsm interfaces and interfaces.
  • the communication system may also include: an authentication, authorization and accounting (authentication authorization and accounting, AAA) server, and the AAA server (server) may also be referred to as AAA-S.
  • AAA-S can communicate with AMF network elements through intermediate network elements that support communication between AAA-S and AMF network elements.
  • the intermediate network elements can be AUSF network elements, NEF network elements, NSSAAF network elements, or other authentication and authorization processes. Network elements, etc.
  • the communication system may also include: authentication, authorization and accounting proxy (authentication authorization and accounting proxy, AAA-P).
  • AAA-S When AAA-S communicates with AMF network element, AAA-S can communicate with AAA-P first, and AAA-P will send the communication information of AAA-S through intermediate network elements such as AUSF network element, NEF network element or NSSAAF network element To the AMF network element; similarly, the AMF network element sends the communication information to the AAA-P through the AUSF network element, the NEF network element, or the NSSAAF network element and other intermediate network elements, and the AAA-P sends the communication information to the AAA-S.
  • intermediate network elements such as AUSF network element, NEF network element or NSSAAF network element
  • FIG. 2 is a schematic flowchart of a network slicing control method provided by an embodiment of the application. The method can be applied to the communication system described in FIG. 1. The method includes the following steps.
  • the AMF network element sends the first information so that the AAA-S receives the first information.
  • the first information includes the slice information of the first network slice and the first identifier of the first UE, where the first UE is allowed or to be allowed to access
  • the incoming network slice includes the first network slice.
  • the slice information of the first network slice may be used to identify, select, or determine the first network slice.
  • the slice information may be the S-NSSAI of the first network slice, or the slice information may be the S-NSSAI of the first network slice.
  • -NSSAI mapped identification information may be referred to as a mapping identification.
  • the mapping identification is used to identify a network slice by an external network or a third-party network, and may also be referred to as a slice external identification.
  • the first identifier of the first UE may be used to identify the first UE in the entire communication system.
  • the first identifier of the first UE may be a generic public subscription identifier (GPSI) of the first UE.
  • GPSI generic public subscription identifier
  • the network slice (allowed NSSAI) that the first UE is allowed to access may include at least one network slice, that is, the allowed NSSAI may include one or more S-NSSAIs.
  • the at least one network may include a first network slice, and the first network slice may be a network slice that requires authorization in the at least one network.
  • the network slice (pending NSSAI that requires authentication and authorization or NSSAI to be processed) to be allowed to be accessed by the first UE may include at least one network slice, that is, the pending NSSAI may include one or more S-NSSAIs. .
  • the at least one network slice may include the first network slice.
  • the pending NSSAI can be included in the allowed NSSAI after passing the authentication and authorization, that is, the pending NSSAI can allow the UE to access after passing the authentication and authorization.
  • the allowed and to-be-allowed NSSAIs are network slices temporarily allowed to be accessed by the first UE. If the network slices contained therein require authentication and authorization, then the network slices are slices waiting to be processed, and the network slices can only be processed after the authentication and authorization are passed.
  • the UE can be allowed to access; otherwise, the UE is not allowed to access.
  • the AMF network element may be an AMF network element serving the first UE.
  • the AMF network element can also be replaced with other network elements capable of initiating the network slicing control process, which is not specifically limited in the embodiment of the present application.
  • the AMF network element may send the first information to the authentication and authorization network element in the authorization process of the first network slice (that is, the first information may be carried in the authorization request Message), or send the first information to the authentication and authorization network element in the authentication and authorization process of the first network slice (that is, the first information may be carried in the authentication and authorization request message), the above-mentioned first information may include the information of the first network slice S-NSSAI and GPSI of the first UE.
  • the authentication and authorization network element may send the first forwarding information to the AAA-S, and the first forwarding information may include the S-NSSAI of the first network slice and the GPSI of the first UE, Or the first forwarding information includes the mapping identifier of the first network slice and the GPSI of the first UE, and the first forwarding information may be information equivalent to the first information, so the first forwarding information may also be replaced with or referred to as first information .
  • the authentication and authorization network element may send the first forwarding information to the AAA-P, and when the AAA-P receives the first forwarding information, the AAA-S P may send the first forwarding information to AAA-S.
  • the first information or the first forwarding information received by the AAA-S may not include the slice information of the first network slice, for example, in the first information
  • the S-NSSAI of the first network slice is not included.
  • the authentication and authorization network element in the embodiment of the present application may be any network element with authentication and authorization functions that can support the communication between the AMF network element and the AAA-S.
  • the authentication and authorization network element may be AUSF Network elements, NEF network elements, or NSSAAF network elements, etc., which are not specifically limited in the embodiment of the present application.
  • the first information may also include a second identifier of the first UE in the first network slice, and the second identifier may be used to identify the first UE in the first network slice, for example, the first UE
  • the second identifier of the UE may be a slice-specific ID of the first UE in the first network slice.
  • the second identity of the first UE may be obtained by the AMF network element from the first UE.
  • the AMF network element may The second identities of the first UE in multiple network slices that need to be authorized are acquired from the first UE, and one or more second identities can also be acquired from the first UE each time, through multiple acquisition processes to obtain The second identifier of the first UE in multiple network slices that need to be authorized.
  • the first information sent by the AMF network element to the authentication and authorization network element may also include an AAA-S identifier, and the AAA-S identifier may be used for the authentication and authorization network element to address AAA.
  • the first forwarding information sent by the authentication and authorization network element to AAA-P may also include the identity of the AAA-S and the identity of the AAA-S This AAA-P can be used to address AAA-S.
  • the first information or the first forwarding information received by the AAA-S may not include the AAA-S identifier.
  • the AAA-S may perform an authorization check according to the first information, and determine the first slice control information.
  • the AAA-S may determine the first network slice according to the slice information of the first network slice, and thus according to the slice information of the first UE The first identifier performs authorization check on the first network slice; when the first information further includes the second identifier of the first UE, the AAA-S may also perform authorization check on the first network slice according to the second identifier of the first UE.
  • the AMF network element determining that the first network slice requires authorization may include: the AMF network element obtains authorization indication information of the network slice that allows the first UE to access, and the authorization indication information may be used to indicate that the first UE is allowed to access. Whether the at least one incoming network slice requires authorization, so that the AMF network element can determine that the first network slice requires authorization according to the authorization indication information, that is, the first network slice is a network slice that requires authorization.
  • the AMF network element may obtain the authorization indication information locally; or, the AMF network element may obtain the authorization indication information when obtaining the subscription information of the first UE. For example, the AMF network element may obtain the first UE from the UDM network element.
  • the subscription information of the UE, the subscription information includes the authorization indication information; or, when the authorization indication information is stored in the NSSF network element, the AMF network element may also obtain the authorization indication information from the NSSF network element.
  • the AAA-S sends second information so that the AMF network element receives the second information.
  • the second information includes the first slice control information, and the first slice control information is used to control the first UE to the first network. Information used by the slice.
  • the first slice control information may also be referred to as UE granularity slice control information.
  • the first slice control information may include at least one of the following: slice aggregate maximum bit rate (slice aggregate maximum bit rate, slice-AMBR), slice maximum flow bit rate (slice maximum flow bit rate, slice-MFBR) , Slice guaranteed flow bit rate (slice-GFBR), slice-UE-AMBR (slice-UE-AMBR) of the first UE on the slice, and the maximum number of PDU sessions for the first UE on the slice.
  • slice aggregate maximum bit rate is used to control the maximum aggregate bit rate of the non-GBR QoS flow on the UE slice.
  • the slice maximum flow bit rate (slice maximum flow bit rate, slice-MFBR) is used to control the maximum aggregate bit rate of GBR QoS flow.
  • the AMBR (slice-UE-AMBR) of the first UE on the slice is used to control the maximum aggregate bit rate of the non-GBR QoS flow and GBR QoS flow on the UE slice.
  • GBR is the abbreviation of guaranteed bit rate in English.
  • the AAA-S may send the second information to the authentication and authorization network element, or the AAA-S may send the second information to the authentication and authorization network element through AAA-P, and the above-mentioned second information may include the first slice Control information; optionally, the second information may also include the S-NSSAI of the first network slice or the external identifier of the first network slice.
  • the authentication and authorization network element may send the second forwarding information to the AMF network element, and the second forwarding information may include the first slice control information; optionally, if the second The information includes the S-NSSAI of the first network slice, and the second forwarding information may also include the S-NSSAI of the first network slice.
  • the second forwarding information may also include the external identifier of the first network slice or the S-NSSAI of the first network slice, and the S-NSSAI is determined according to the external identifier.
  • the second forwarding information may be information equivalent to the second information, so the second forwarding information may also be replaced with or referred to as second information.
  • the authentication and authorization network element may send an authorization response message to the AMF network element, and the authorization response message includes the second forwarding information; or, for example, the authentication and authorization in the first network slice
  • the authentication and authorization network element may send an authentication and authorization response message to the AMF network element, and the authentication and authorization response message includes the second forwarding information.
  • the AMF network element when the AMF network element receives the second information, the AMF network element may store the first slice control information included in the second information in the context of the first UE. In another possible embodiment, the AMF network element may send the first slice control information to the UDM network element. When the UDM network element receives the first slice control information, the UDM network element may store the first slice control information. The slice control information, for example, the UDM stores the first slice control information in the context information of the first UE. Optionally, the AMF network element may also send the second slice control information to the RAN device or the AN device.
  • the AMF network element sends the first slice control information to the PCF network element, and the PCF network element may send authorized slice control information to the AMF network element, and the authorized slice control information is authorized Information used to control the use of the first network slice by the first UE, and the authorized slice control information may be the same as or different from the first slice control information. Further, when the AMF network element receives the authorized slice control information, the AMF network element stores the authorized slice control information in the context information of the first UE. In addition, the AMF network element may also send the authorized slice control information to the UDM network element, so that the UDM network element stores the authorized slice control information.
  • the AMF network element reports the first information to the AAA-S, and the AAA-S delivers the first slice control information according to the first information, and the first slice control information is used to control the first UE
  • the AAA-S can reasonably allocate slice control information to the first UE.
  • the AMF network element can dynamically obtain the slice control information of the first UE, thereby improving network slice control. Flexibility and user experience.
  • the method further includes: S203.
  • the AAA-S determines that the first slice control information has changed, the AAA-S sends third information so that the AMF network element receives the third information, the third information includes the second slice control information, and the second The slice control information is used to update information used to control the use of the first network slice by the first UE.
  • the AAA-S may send third information to the authentication and authorization network element, or the AAA-S may send third information to the authentication and authorization network element through AAA-P, and the third information may include second slice control information
  • the third information may also include the first identifier of the first UE (for example, GPSI), and/or the slice information of the first network slice (for example, S-NSSAI, or slice external identifier).
  • the authentication and authorization network element may send third forwarding information to the AMF network element, the third forwarding information may include the second slice control information, and the third forwarding information may be related to the first
  • the three pieces of information are equivalent information, so that the third forwarding information can also be replaced or referred to as third information.
  • the authentication and authorization network element may send an authorization notification message to the AMF network element, and the authorization notification message includes third forwarding information.
  • the network slice that the second UE is allowed or to be allowed to access includes the first network slice, and when the AAA-S determines that the slice control information of the second UE in the first network slice is changed, the third information is also The third slice control information is included, and the third slice control information is used to update information used for controlling the second UE to use the first network slice.
  • the network slice that the second UE is allowed or to be allowed to access includes the second network slice, and when the AAA-S determines that the slice control information of the second UE in the second network slice is changed, the third information further includes The fourth slice control information, the fourth slice control information is used to update information used to control the second UE to use the second network slice.
  • the third forwarding information sent by the authentication and authorization network element to the AMF network element may also include fourth slice control information; if If the AMF network element serving the first UE is different from the AMF network element serving the second UE, the authentication and authorization network element may send fourth slice control information to the AMF network element serving the second UE, and to the AMF network element serving the first UE The third forwarding information sent by the network element does not include the fourth slice control information.
  • the method includes: S1-S3b.
  • S1.AAA-S determines that the slice control information of multiple UEs has changed.
  • multiple UEs include UE1, UE2, UE3, and UE4, the AMF network element serving UE1 and UE2 is the AMF1 network element, and the serving UE3 and UE4 are The direct communication between AMF2 network element, AAA-S and authentication and authorization network element will be explained as an example;
  • the AAA-S sends a first AAA protocol message to the authentication and authorization network element, the first AAA protocol message includes third information, and the third information includes slice control information lists of multiple UEs.
  • the slice control information list includes UE1.
  • the authentication and authorization network element sends a first authorization notification message to the AMF1 network element, the first authorization notification message includes ⁇ GPSI_1, S-NSSAI_1, slice control information 1 ⁇ and ⁇ GPSI_2, S-NSSAI_2, slice control information 2 ⁇ ;
  • the authentication and authorization network element sends a second authorization notification message to the AMF2 network element.
  • the second authorization notification message includes ⁇ GPSI_3, S-NSSAI_3, slice control information 3 ⁇ and ⁇ GPSI_4, S-NSSAI_4, slice control information 4 ⁇ .
  • the AMF1 network element and the AMF2 network element can update the slice control information of the UE respectively and perform subsequent actions.
  • the slice control information list sent by the AAA-S may also be in other formats.
  • slice control information for different UEs in the same network slice may be in one piece of information in the slice control information list, or the same UE may be in different network slices.
  • the slice control information in may be in a piece of information in the slice control information list, or the arrangement order of different information of the same UE may also be different, which is not specifically limited in the embodiment of the present application.
  • the slice control information of UE1 and UE2 on the same network slice can be expressed as ⁇ S-NSSAI_1: GPSI 1, slice control information 1; GPSI2, slice control information 2 ⁇ ; or, UE1’s slice control information on different network slices It can be expressed as ⁇ GPSI1: S-NSSAI_1, slice control information 1; S-NSSAI_2, slice control information 2 ⁇ .
  • the AMF network element uses the second slice control information in the third information to update the previously stored first slice control information or authorized slice control information to update the previously stored first slice control information or authorized slice control information For example, the AMF network element deletes the first slice control information or authorized slice control information in the context of the first UE, and stores the second slice control information in the context of the first UE.
  • the AMF network element may also store the third slice control information in the context of the second UE, or use the third slice control information to update the second UE’s The slice control information of the second UE previously stored in the context.
  • the AMF network element may also send the second slice control information to the UDM network element, so that the UDM network element updates the first slice control information of the subscription information of the first UE.
  • the AMF network element sends the second slice control information to the PCF network element, so that the PCF network element performs authorization check on the second slice control information.
  • the AMF network element may also send the second slice control information to the RAN device or the AN device.
  • the network slicing control method provided in the embodiments of the present application can also be applied to the scenario where the AMF network element serving the first UE is switched, that is, the AMF network element serving the first UE is switched from the source AMF network element to the target AMF network. Yuan. Specifically, when the AMF network element serving the first UE is switched, the source AMF network element may send the context of the first UE to the target AMF network element, and the target AMF network element executes the steps of the AMF network element in the embodiment of this application. .
  • the slice identifier can be mapped into a new identifier by the intermediate network element during the transmission process or the received identifier can be used directly, which is not specifically limited in the embodiment of the present application.
  • the authentication and authorization network element communicates with AAA-S through AAA-P as an example for description.
  • FIG. 5 is a schematic diagram of implementing network slicing control in the authorization process of the first network slicing according to an embodiment of the application. Specifically, the method includes: S01-S11.
  • the first UE sends a registration request (registration request) message to the AMF network element;
  • the AMF network element When the AMF network element receives the registration request message, the AMF network element obtains authorization indication information of the network slice that the first UE is allowed to access from the local, UDM network element, or NSSF network element;
  • the AMF network element determines that the first network slice requires authorization according to the authorization indication information
  • the AMF network element obtains the second identity of the first UE in the first network slice from the first UE;
  • the AMF network element sends an authorize request message to the authentication and authorization network element, where the authorization request message includes first information.
  • the first information may include the GPSI of the first UE and the S-NSSAI of the first network slice.
  • the first information further includes the second identifier of the first UE;
  • the authentication and authorization network element When the authentication and authorization network element receives the authorization request message, the authentication and authorization network element sends a first AAA protocol message to AAA-P, and the first AAA protocol message includes the first information;
  • AAA-P When the AAA-P receives the first AAA protocol message, the AAA-P sends a second AAA protocol message to AAA-S, and the second AAA protocol message includes the first information;
  • the AAA-S When the AAA-S receives the second AAA protocol message, the AAA-S sends a third AAA protocol message to the AAA-P, the third AAA protocol message includes the second information, and the second information includes the first slice control information;
  • the AAA-P When the AAA-P receives the third AAA protocol message, the AAA-P sends a fourth AAA protocol message to the authentication and authorization network element, and the fourth AAA protocol message includes the second information;
  • the authentication and authorization network element When the authentication and authorization network element receives the fourth AAA protocol message, the authentication and authorization network element sends an authorization response (authorize response) message to the AMF network element, where the authorization response message includes the second information;
  • the AMF network element may store the first slice control information included in the second information, and perform subsequent actions.
  • the method may also include: S12-S15.
  • the AAA-S determines that the first slice control information has changed, the AAA-S sends a fifth AAA protocol message to the AAA-P.
  • the fifth AAA protocol message includes the third information, and the third information includes the second slice. Control information
  • the AAA-P sends a sixth AAA protocol message to the authentication and authorization network element, and the sixth AAA protocol message includes the third information;
  • the authentication and authorization network element When the authentication and authorization network element receives the sixth AAA protocol message, the authentication and authorization network element sends an authorization notification (authorize notification) message to the AMF network element, where the authorization notification message includes the third information;
  • the AMF network element may store the third information, that is, use the second slice control information included in the third information to update the first slice control information, and perform subsequent actions.
  • FIG. 6 is a schematic diagram of implementing network slicing control in the authentication and authorization process of the first network slicing according to an embodiment of the application. Specifically, the method includes:
  • the AMF network element determines that the first network slice needs to perform an authentication and authorization process
  • the AMF network element sends a first non-access stratum (NAS) mobility management (mobility management, MM) transport message to the first UE, and the first NAS MM transport message includes an extended authentication protocol EAP (extensible authentication protocol, EAP) ID request (that is, information used to request EAP ID) and the S-NSSAI of the first network slice;
  • NAS non-access stratum
  • MM mobility management
  • EAP extended authentication protocol
  • the first UE When the first UE receives the first NAS MM transmission message, the first UE sends a second NAS MM transmission message to the AMF network element.
  • the second NAS MM transmission message includes an EAP ID response (that is, used to respond to an EAP ID request Information) and the S-NSSAI of the first network slice;
  • the AMF network element sends a first authentication request message to the authentication and authorization network element, the first authentication request message includes information A, and the information A includes the EAP ID response, the GPSI of the first UE, and the S-NSSAI of the first network slice;
  • the authentication and authorization network element When the authentication and authorization network element receives the first authentication request message, the authentication and authorization network element sends a first AAA protocol message to AAA-P, and the first AAA protocol message includes an EAP ID response, GPSI, and S-NSSAI;
  • AAA-P When the AAA-P receives the first AAA protocol message, the AAA-P sends a second AAA protocol message to AAA-S.
  • the second AAA protocol message includes an EAP ID response, GPSI, and S-NSSAI;
  • the third AAA protocol message includes information B, which includes S-NSSAI, GPSI, and EAP information;
  • the AAA-P When the AAA-P receives the third AAA protocol message, the AAA-P sends a fourth AAA protocol message to the authentication and authorization network element, and the fourth AAA protocol message includes S-NSSAI, GPSI, and EAP information;
  • the authentication and authorization network element receives the fourth AAA protocol message, the authentication and authorization network element sends a first authentication response message to the AMF network element, where the first authentication response message includes S-NSSAI, GPSI, and EAP information;
  • the AMF network element When the AMF network element receives the first authentication response message, the AMF network element sends a third NAS MM transmission message to the first UE, and the third NAS MM transmission message includes S-NSSAI and EAP information;
  • the first UE sends a fourth NAS MM transmission message to the AMF network element, and the fourth NAS MM transmission message includes S-NSSAI and EAP information;
  • the AMF network element sends a second authentication request message to the authentication and authorization network element, the second authentication request message includes first information, and the first information includes EAP ID information, GPSI, and S-NSSAI;
  • the authentication and authorization network element When the authentication and authorization network element receives the second authentication request message, the authentication and authorization network element sends a fifth AAA protocol message to AAA-P, and the fifth AAA protocol message includes the first information;
  • AAA-P receives the fifth AAA protocol message
  • AAA-P sends a sixth AAA protocol message to AAA-S, and the sixth AAA protocol message includes the first information
  • the AAA-S When the AAA-S receives six AAA protocol messages, the AAA-S sends a seventh AAA protocol message to AAA-P, the seventh AAA protocol message includes second information, and the second information includes EAP success information , The first slice control information, optionally, the second information further includes S-NSSAI and/or GPSI;
  • the AAA-P When the AAA-P receives the seventh AAA protocol message, the AAA-P sends an eighth AAA protocol message to the authentication and authorization network element, and the eighth AAA protocol message includes the second information;
  • the authentication and authorization network element When the authentication and authorization network element receives the eighth AAA protocol message, the authentication and authorization network element sends a second authentication response message to the AMF network element, and the second authentication response message includes the second information;
  • the AMF network element stores the first slice control information, and executes subsequent actions.
  • steps S38 to S42 may also be executed, and S38-S42 are not shown in FIG. 6.
  • the AMF network element sends a fifth NAS MM transmission message to the first UE, and the fifth NAS MM transmission message includes EAP success information and S-NSSAI;
  • the AAA-S determines that the first slice control information has changed, the AAA-S sends a ninth AAA protocol message to the AAA-P.
  • the ninth AAA protocol message includes the third information, and the third information includes the second slice. Control information
  • the AAA-P sends a tenth AAA protocol message to the authentication and authorization network element, and the tenth AAA protocol message includes the third information;
  • the authentication and authorization network element When the authentication and authorization network element receives the tenth AAA protocol message, the authentication and authorization network element sends an authorization notification (authorize notification) message to the AMF network element, where the authorization notification message includes third information;
  • the AMF network element may use the second slice control information included in the third information to update the first slice control information, and perform subsequent actions.
  • the AMF network element can trigger the authorization process of the first network slice, and dynamically obtain the slice control information of the first UE in the authorization process of the first network slice, or
  • the AMF network element triggers the authentication and authorization process of the first network slice, and dynamically obtains the slice control information of the first UE in the authentication and authorization process of the first network slice;
  • AAA-S can also dynamically adjust the first UE according to requirements Slicing control information, thereby improving the flexibility of network slicing control and user experience.
  • FIG. 7 is a schematic flowchart of another network slicing control method provided by an embodiment of this application. The method can be applied to the communication system described in FIG. 1, and the method includes the following steps.
  • the AMF network element determines the number of UEs and/or the number of PDU sessions accessed on the network slice.
  • one or more UEs can be accessed (or registered) on the network slice, and the AMF network element can count the number of UEs connected to the network slice.
  • the AMF network element can count the number of UEs through the UE counter. The number of UEs connected to the network slice. When a new UE is connected to the network slice, the number of UEs counted by the UE counter is increased by 1. When a UE that has been connected to the network slice exits the network slice, the UE The number of UEs counted by the counter is reduced by 1.
  • one or more PDU sessions can also be established on the network slice.
  • the AMF network element can count the number of PDU sessions established on the network slice.
  • the AMF network element can count the number of PDU sessions on the network through the PDU session counter. The number of PDU sessions established on the slice. When a new PDU session is established on the network slice, the number of PDU sessions counted by the PDU session counter increases by 1. When the PDU session established on the network slice is cancelled, the PDU session counter The number of counted PDU sessions is reduced by 1.
  • the network slice may be a network slice that needs to perform slice resource control.
  • the AMF network element may start a UE counter to count the number of accesses on the network slice. The number of UEs, or start the PDU session counter to count the PDU sessions established on the network slice, or start the UE counter and the PDU session counter to count the number of UEs and the number of PDU sessions connected to the network slice.
  • the method may further include S300: the AMF network element obtains first configuration information, where the first configuration information includes the S-NSSAI of the network slice and authorization indication information, and the authorization indication information is used to indicate whether Need to perform slice resource control.
  • the AMF network element may determine that the network slice needs to perform slice resource control according to the authorization indication information.
  • the first configuration information may be sent by AAA-S.
  • the AAA-S sends the first configuration information to the authentication and authorization network element, and the authentication and authorization network element sends the first configuration information to the AMF network element. , So that the AMF network element obtains the first configuration information.
  • the AMF network element sends first information so that the AAA-S receives the first information, where the first information includes the number of UEs and/or the number of PDU sessions.
  • the first reporting condition may include at least one of the following conditions: the number of UEs reaches a first preset value, the number of PDU sessions reaches a second preset value, and the increase in the number of UEs reaches a third preset value, The increase in the number of PDU sessions reaches the fourth preset value, and the reporting period, the increase in the number of UEs in the time window reaches the fifth preset value, or the increase in the number of PDU sessions in the time window reaches the sixth preset value .
  • the first report condition may be obtained by the AMF network element.
  • the first configuration information further includes the first report condition, and the AMF network element may obtain the first report condition by obtaining the first configuration information.
  • satisfying the first reporting condition may refer to satisfying this condition.
  • the first preset value is 30, and the first reporting condition is that the number of UEs reaches If the first preset value is met, the first report condition is met, that is, the number of UEs reaches 30; when the first report condition includes at least two of the above conditions, meeting the first report condition may mean meeting these at least two conditions.
  • the first preset value is 50
  • the third preset value is 10
  • the first reporting condition includes that the number of UEs reaches the first preset value and the increase in the number of UEs reaches the third
  • satisfying the first reporting condition may mean that the number of UEs reaches 30, or the increase in the number of UEs reaches 10.
  • the first preset value, the second preset value, the third preset value, the fourth preset value, the reporting period, the fifth preset value, and the sixth preset value may be set in advance, such as ,
  • the first preset value and the second preset value can be 50 or 100, etc.
  • the third preset value and the fourth preset value can be 10 or 20, etc.
  • the reporting period can be 10 minutes, 30 minutes, or 1 hour Etc.
  • the time window may be 20 minutes
  • the fifth preset value and the sixth preset value may be 40, etc., which are not specifically limited in the embodiment of the present application.
  • the AMF network element may send first information to the authentication and authorization network element when the first reporting condition is met, and the first information includes the number of UEs; when the AMF network When the element determines the number of PDU sessions, the AMF network element can send first information to the authentication and authorization network element when the first reporting condition is met.
  • the first information includes the number of PDU sessions; when the AMF network element determines that the When the number of UEs and the number of PDU sessions are sent to the authentication and authorization network element, the first information includes the number of UEs and the number of PDU sessions.
  • the first information may be carried in an authorization request message, that is, the AMF network element may send an authorization request message to the authentication and authorization network element, and the authorization request message includes the first information; further, the first information may also include the S-NSSAI for network slicing.
  • the authentication and authorization network element may send the first information to the AAA-S; or, when the authentication and authorization network element cannot directly communicate with the AAA-S, the authentication and authorization network element cannot directly communicate with the AAA-S.
  • the authorized network element may send the first information to the AAA-P, so that the AAA-P sends the first information to the AAA-S.
  • the authentication and authorization network element may also assign an association identifier to the AMF network element, and the association identifier is used to associate the first information reported by the AMF network element, and the authentication and authorization network element may also store the AMF network element locally.
  • the meta identifier and the associated identifier, and the first information sent by the authentication and authorization network element may also include the associated identifier.
  • the authentication and authorization network element in the embodiment of the present application may be any network element with authentication and authorization functions that can support the communication between the AMF network element and the AAA-S.
  • the authentication and authorization may be an AUSF network element.
  • NEF network elements or NSSAAF network elements, etc. which are not specifically limited in the embodiment of the present application.
  • the AAA-S may store the first information locally.
  • the first information includes the number of UEs and/or the number of PDU sessions, the S-NSSAI of the network slice, and the The association identifier
  • the AAA-S may locally store the number of UEs and/or the number of PDU sessions, the S-NSSAI of the network slice, and the association identifier.
  • the AAA-S may also determine whether to issue new configuration information according to the number of UEs and/or the number of PDU sessions. If new configuration information needs to be issued, the method further includes S304.
  • the AAA-S sends second configuration information, so that the AMF network element receives the second configuration information, where the second configuration information is used to control resources of the network slice.
  • the second configuration information may include at least one of the following: a second reporting condition, the number of remaining UEs that can be accessed by the network slice, the number of remaining PDU sessions that can be accessed by the network slice, and the increase in the number of UEs reaches the seventh With a preset value, the increase in the number of PDU sessions reaches the eighth preset value, the number of UEs in the time window reaches the ninth preset value, or the increase in the number of PDU sessions within the time window reaches the tenth preset value.
  • the second reporting condition here can be used to indicate the condition for reporting the first information of the network slice next time.
  • the second reporting condition can be similar to the above-mentioned first reporting condition.
  • the preset value or reporting period of the specific condition in the second reporting condition can be It is different from the preset value or reporting period of the specific condition in the first reporting condition.
  • the reporting period in the first reporting condition is 30 minutes
  • the last week period in the second reporting condition is 10 minutes.
  • the embodiment of the application is here No longer.
  • the AAA-S may send the second configuration information to the authentication and authorization network element, and the authentication and authorization network element sends the second configuration information to the AMF network element; or, between the AAA-S and the authentication and authorization network element
  • the AAA-S can send the second configuration information to the AAA-P, so that the AAA-P forwards the second configuration information to the authentication and authorization network element, and then the authentication and authorization network element transfers the second configuration information Sent to the AMF network element.
  • the authentication and authorization network element may send an authorization response message to the AMF network element, and the authorization response message includes the second configuration information; further
  • the second configuration information may also include the S-NSSAI of the network slice.
  • the AMF network element may perform resource control of the network slice according to the second configuration.
  • the process in which the AMF network element reports the first information to the AAA-S and the AAA-S sends the second configuration information to the AMF network element provided in the foregoing embodiment can also be replaced by the SMF network element reporting the first information to the AAA-S.
  • -S reports the first information and the AAA-S sends the second configuration information to the SMF network element.
  • the specific process is shown in Figure 8.
  • the method may include: S41-S43.
  • the SMF network element determines the number of UEs and/or the number of PDU sessions accessed on the network slice;
  • the SMF network element sends first information to the AAA-S through the UPF network element, so that the AAA-S receives the first information, the first information includes the number of UEs and/or PDUs The number of sessions, that is, the SMF network element sends the first information to the UPF network element, and the UPF network element forwards the first information to the AAA-S;
  • the AAA-S sends second configuration information to the SMF network element through the UPF network element, so that the SMF network element receives the second configuration information, and the second configuration information is used to control the resources of the network slice.
  • the method further includes: S40.
  • the SMF network element obtains first configuration information, where the first configuration information includes the S-NSSAI and authorization indication information of the network slice, and the authorization The indication information is used to indicate whether slice resource control needs to be performed, so that the AMF network element can determine that the network slice needs to perform slice resource control according to the authorization indication information.
  • the AMF network element or the SMF network element may send first information.
  • the first information includes the number of UEs accessed by the network slice and/or the number of PDU sessions, and the AAA-S may receive the first information.
  • the AAA-S can perceive the resource usage of the network slice, and thus send information for controlling the resources of the network slice to the AMF network element or the SMF network element based on the number of UEs and/or the number of PDU sessions included in the first information.
  • the second configuration information realizes the control of the network slicing, and improves the flexibility of the network slicing control and the user experience.
  • the foregoing mainly introduces the solutions provided by the embodiments of the present application from the perspective of interaction between various network elements.
  • the above-mentioned AMF network elements, authentication and authorization network elements, and AAA-S include hardware structures and/or software modules corresponding to each function.
  • the present application can be implemented in the form of hardware or a combination of hardware and computer software. Whether a certain function is executed by hardware or computer software-driven hardware depends on the specific application and design constraint conditions of the technical solution. Professionals and technicians can use different methods for each specific application to implement the described functions, but such implementation should not be considered beyond the scope of this application.
  • the embodiments of this application can divide the functional modules of AMF network elements, authentication and authorization network elements, and AAA-S according to the above-mentioned method examples.
  • each functional module can be divided corresponding to each function, or two or more functions can be divided.
  • the above-mentioned integrated modules can be implemented in the form of hardware or software functional modules. It should be noted that the division of modules in the embodiments of the present application is illustrative, and is only a logical function division, and there may be other division methods in actual implementation.
  • FIG. 9 shows a schematic diagram of a possible structure of the communication device involved in an embodiment of the present application.
  • the device can be used as an AMF network element or a built-in chip of the AMF network element.
  • the device includes :Sending unit 401, receiving unit 402 and processing unit 403.
  • the sending unit 401 may be used to support the device to perform the step of sending the first information in S201 in the above method embodiment, and the receiving unit 402 may be used to perform the receiving second information in S202 in the above method embodiment.
  • the processing unit 403 is configured to support the device to execute the step of determining that the first slice control information is changed in S203 of the foregoing method embodiment, and/or other technical processes described herein.
  • the processing unit 403 is configured to support the device to perform S301 in the foregoing method embodiment, and the sending unit 401 may be configured to support the device to perform the step of sending the first information in S302 of the foregoing method embodiment.
  • the receiving unit 402 is configured to perform the step of receiving the second configuration information in S303 of the foregoing method embodiment.
  • the processing unit 403 in the embodiment of the present application may be the processor of the device, the sending unit 401 may be the transmitter of the device, and the receiving unit 402 may be the receiver of the device.
  • the transmitter is usually It can be integrated with the receiver and used as a transceiver, and a specific transceiver can also be called a communication interface or an interface circuit.
  • FIG. 10 another possible structural schematic diagram of the communication device involved in the above-mentioned embodiment provided by the embodiment of this application.
  • the device can be used as an AMF network element or a chip built in an AMF network element.
  • the device includes: processing
  • the processor 411 may also include a memory 412, a communication interface 413, and a bus 414, and the processor 411, the memory 412, and the communication interface 413 are connected through the bus 414.
  • the processor 411 is used to control and manage the actions of the device.
  • the processor 411 may be used to support the device to perform the step of determining the first slice information sending change in S203 of the foregoing method embodiment, and/or other processes used in the technology described herein.
  • the processor 411 may be used to support the device to execute S301 in the foregoing method embodiment, and/or other processes used in the technology described herein.
  • the communication interface 413 is used to support the device to communicate, for example, to support the device to communicate with the authentication and authorization network element.
  • the processor 411 may be a central processing unit, a general-purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic devices, transistor logic devices, hardware components, or other random combination. It can implement or execute various exemplary logical blocks, modules, and circuits described in conjunction with the disclosure of this application.
  • the processor may also be a combination that implements computing functions, for example, a combination of one or more microprocessors, a combination of a digital signal processor and a microprocessor, and so on.
  • the bus 414 in FIG. 10 may be a peripheral component interconnect standard (PCI) bus or an extended industry standard architecture (EISA) bus, etc.
  • PCI peripheral component interconnect standard
  • EISA extended industry standard architecture
  • the bus can be divided into an address bus, a data bus, a control bus, and so on.
  • FIG. 10 is represented by only a thick line, but it does not mean that there is only one bus or one type of bus.
  • FIG. 11 shows a possible structural diagram of a communication device involved in an embodiment of the present application.
  • the device can be used as an authentication and authorization network element or a built-in chip in the authentication and authorization network element.
  • the device includes: a receiving unit 501, a processing unit 502, and a sending unit 503.
  • the receiving unit 501 can be used to support the device receiving the first information sent by the AMF network element in S201 of the foregoing method embodiment, the second information sent by AAA-S in S202, and / Or the step of third information sent by AAA-S in S203;
  • the sending unit 503 is used to support the step of sending the first forwarding information to AAA-S by the device, the step of sending second forwarding information to AAA-S, and/or The step of sending the third forwarding information to the AAA-S;
  • the processing unit 502 is configured to support the device to perform the step of mapping the S-NSSAI of the first network slice to other identification information in the foregoing method embodiment.
  • the receiving unit 501 may be used to support the step of receiving the first information sent by the AMF network element in S301 of the foregoing method embodiment and the step of second configuration information sent by AAA-S in S302.
  • the sending unit 503 may be used to support the step of forwarding the first information sent by the AMF by the device to the AAA-S, and the step of forwarding the first configuration information and the second configuration information sent by the AAA-S to the AMF.
  • the processing unit 502 in this embodiment of the application is the processor of the device
  • the receiving unit 501 may be the receiver of the device
  • the sending unit 503 may be the transmitter of the device
  • the device can be used as an authentication and authorization network element or a built-in chip of the authentication and authorization network element.
  • the device includes :
  • the processor 511 may also include a memory 512, a communication interface 513, and a bus 514.
  • the processor 511, the memory 512, and the communication interface 513 are connected by the bus 514.
  • the processor 511 is used to control and manage the actions of the device.
  • the processor 511 can be used to support the device to perform the step of mapping the S-NSSAI of the first network slice to other identification information in the foregoing method embodiment, and / Or other processes used in the techniques described herein.
  • the communication interface 513 is used to support the device to communicate, for example, to support the device to communicate with an AMF network element or AAA-S.
  • the processor 511 may be a central processing unit, a general-purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic devices, transistor logic devices, hardware components, or other random combination. It can implement or execute various exemplary logical blocks, modules, and circuits described in conjunction with the disclosure of this application.
  • the processor may also be a combination that implements computing functions, for example, a combination of one or more microprocessors, a combination of a digital signal processor and a microprocessor, and so on.
  • the bus 514 in FIG. 12 above may be a PCI bus or an EISA bus.
  • the bus can be divided into an address bus, a data bus, a control bus, and so on. For ease of representation, only one thick line is used in the foregoing FIG. 12 to represent, but it does not mean that there is only one bus or one type of bus.
  • FIG. 13 shows a possible structural diagram of the communication device involved in the embodiment of the present application.
  • the device can be used as an AAA-S or AAA-S built-in chip, and the device includes :Receiving unit 601, processing unit 602, and sending unit 603.
  • the receiving unit 601 can be used to support the device to receive the first information sent in S201 of the foregoing method embodiment; the sending unit 603 can be used to support the device to perform S202 of the foregoing method embodiment.
  • the step of sending the second information in S203 and the step of sending the third information in S203; the processing unit 602 is configured to support the device to perform the step of determining that the first slice control information has changed in the above method embodiment, and/or the step described herein Other technical processes.
  • the receiving unit 601 can be used to support the device to receive the step of receiving the first information sent in S302 of the above method embodiment; the sending unit 603 is used to execute the step of sending the second information in S303 of the above method embodiment.
  • the step of configuring information and the step of sending the first configuration information; the processing unit 602 is configured to support the device to perform the steps of determining the first configuration information and the second configuration information in the above method embodiment, and/or other described herein Technical process.
  • the processing unit 602 in the embodiment of the present application may be the processor of the device, the receiving unit 601 may be the receiver of the device, and the sending unit 603 may be the transmitter of the device.
  • the transmitter is usually It can be integrated with the receiver and used as a transceiver, and a specific transceiver can also be called a communication interface or an interface circuit.
  • FIG. 14 another possible structural schematic diagram of the communication device involved in the above-mentioned embodiments provided by the embodiments of this application.
  • the device can be used as an AAA-S or a built-in chip of AAA-S.
  • the device includes: processing
  • the processor 611 may further include a memory 612, a communication interface 613, and a bus 614, and the processor 611, the memory 612, and the communication interface 613 are connected through the bus 614.
  • the processor 611 is used to control and manage the actions of the device.
  • the processor 611 may be used to support the device to perform the determination in the foregoing method embodiment to determine that the first slice control information is changed, and/or be used in other processes of the technology described herein.
  • the processor 611 may be used to support the device to perform the steps of determining the first configuration information and the second configuration information in the foregoing method embodiments, and/or other processes used in the technology described herein .
  • the communication interface 613 is used to support the device to communicate, for example, to support the device to communicate with the authentication and authorization network element.
  • the processor 611 may be a central processing unit, a general-purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic devices, transistor logic devices, hardware components, or other random combination. It can implement or execute various exemplary logical blocks, modules, and circuits described in conjunction with the disclosure of this application.
  • the processor may also be a combination that implements computing functions, for example, a combination of one or more microprocessors, a combination of a digital signal processor and a microprocessor, and so on.
  • the bus 614 in FIG. 14 may be a PCI bus or an EISA bus. The bus can be divided into an address bus, a data bus, a control bus, and so on. For ease of representation, the above-mentioned FIG. 14 is represented by only a thick line, but it does not mean that there is only one bus or one type of bus.
  • an embodiment of the present application also provides a communication system, which includes an AMF network element, an authentication and authorization network element, and AAA-S; wherein, the AMF network element is the communication device provided in FIG. 9 or FIG.
  • the authentication and authorization network element is the communication device provided in FIG. 11 or FIG. 12, and is used to perform the steps of the authentication and authorization network element in the foregoing method embodiment.
  • AAA-S is the communication device provided in FIG. 13 or FIG. 14, and is used to perform the steps of AAA-S in the foregoing method embodiment.
  • the disclosed device and method may be implemented in other ways.
  • the device embodiments described above are merely illustrative.
  • the division of the modules or units is only a logical function division. In actual implementation, there may be other division methods, for example, multiple units or components may be divided. It can be combined or integrated into another device, or some features can be omitted or not implemented.
  • the units described as separate parts may or may not be physically separate.
  • the parts displayed as units may be one physical unit or multiple physical units, that is, they may be located in one place, or they may be distributed to multiple different places. . Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
  • the functional units in the various embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the above-mentioned integrated unit can be implemented in the form of hardware or software functional unit.
  • the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a readable storage medium.
  • the readable storage medium may include: U disk, mobile hard disk, read-only Various media that can store program codes such as memory, random access memory, magnetic disk or optical disk.
  • a readable storage medium stores instructions.
  • the instructions in the readable storage medium run on a device, the device executes 6 The steps of the AMF network element in the method embodiment provided in any figure.
  • a readable storage medium stores instructions.
  • the instructions in the readable storage medium run on a device, the device executes 6 Steps of authenticating and authorizing network elements in the method embodiment provided in any figure.
  • a readable storage medium stores instructions.
  • the instructions in the readable storage medium run on a device, the device executes 6 Steps of AAA-S in the method embodiment provided in any figure.
  • a computer program product including instructions is provided.
  • the instructions run on a device, the device executes the AMF network in the method embodiment provided in any one of the diagrams shown in FIGS. 2-6. Yuan steps.
  • a computer program product including instructions is provided.
  • the instructions run on a device, the device executes the authentication and authorization in the method embodiment provided in any one of the diagrams shown in FIGS. 2-6. The steps of the network element.
  • a computer program product including instructions is provided.
  • the instructions run on a device, the device executes the method embodiment AAA- as shown in any one of the diagrams in Figs. 2-6. S steps.
  • a readable storage medium is provided, and instructions are stored in the readable storage medium.
  • the instructions in the readable storage medium run on a device, the device executes as shown in FIG. 7 or FIG. 8.
  • a readable storage medium is provided, and instructions are stored in the readable storage medium.
  • the instructions in the readable storage medium run on a device, the device executes as shown in FIG. 7 or FIG. 8 The steps of AAA-S in the method embodiment provided.
  • a computer program product including instructions is provided.
  • the instructions run on a device, the device executes the AMF network element or the AMF network element in the method embodiment provided in FIG. 7 or FIG. 8. Yuan steps.
  • a computer program product including instructions is provided.
  • the instructions run on a device, the device executes the steps of AAA-S in the method embodiment provided in FIG. 7 or FIG. 8.

Abstract

The present application relates to the technical field of communications, and provides a network slice control method and a communication apparatus, for use in improving network slice control flexibility and user experience. The method comprises: an AMF network element sends first information to an AAA server by means of an authentication and authorization network element, the first information comprising slice information of a first network slice and a first identifier of a first user equipment (UE), for example, the slice information being S-NSSAI or identification information obtained after the mapping of the S-NSSAI, the first identifier being GPSI, and network slices that the first UE is allowed or to be allowed to access comprising the first network slice; receiving second information from the AAA server, i.e., the second information being sent by the AAA server, for example, the AAA server sending the second information to the AMF network element by means of the authentication and authorization network element, the second information comprising first slice control information, and the first slice control information being information used by the first UE for the first network slice.

Description

一种网络切片控制方法及通信装置Network slicing control method and communication device
本申请要求于2020年05月14日提交国家知识产权局、申请号为202010406046.9、申请名称为“一种网络切片控制方法及通信装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application filed with the State Intellectual Property Office on May 14, 2020, the application number is 202010406046.9, and the application name is "A network slicing control method and communication device", the entire content of which is incorporated by reference In this application.
技术领域Technical field
本申请涉及通信技术领域,尤其涉及一种网络切片控制方法及通信装置。This application relates to the field of communication technology, and in particular to a network slicing control method and communication device.
背景技术Background technique
网络切片(network slice,NS)是指在物理或者虚拟的网络基础设施上,根据不同的租户(tenant)的业务的服务需求定制化不同的逻辑网络。网络切片可以端到端(end to end,E2E)的包括整个网络,也可以部分网络功能在多个网络切片中共享,是满足第三代合作伙伴计划(3rd generation partnership project,3GPP)提出的第五代(5rd generation,5G)移动通信技术关于网络差异化需求的关键技术。其中,多个网络切片可共享一组接入和移动性管理功能(access and mobility management function,AMF)网元,用户设备(user equipment,UE)可同时接入多个共享同一组AMF网元的网络切片。Network slicing (NS) refers to customizing different logical networks on a physical or virtual network infrastructure according to the service requirements of different tenants (tenant) business. Network slicing can be end-to-end (E2E) including the entire network, or part of the network functions can be shared among multiple network slices. It is the third generation partnership project (3rd generation partnership project, 3GPP) proposed. The 5th generation (5G) mobile communication technology is a key technology for network differentiation requirements. Among them, multiple network slices can share a set of access and mobility management function (AMF) network elements, and user equipment (UE) can simultaneously access multiple network elements that share the same group of AMF network elements. Network slicing.
目前,网络切片的切片控制信息是通过签约的方式存储在统一数据管理(unified data management,UDM)网元中,在UE注册到网络切片的过程中,服务UE的AMF网元从UDM中获取包括该切片控制信息的签约信息,并将该切片控制信息发送给接入网设备,以使接入网设备基于该切片控制信息执行对应的网络切片控制。Currently, slice control information for network slicing is stored in a unified data management (UDM) network element through a contract. During the process of UE registration to the network slice, the AMF network element serving the UE obtains it from UDM. The subscription information of the slice control information is sent, and the slice control information is sent to the access network device, so that the access network device performs corresponding network slice control based on the slice control information.
但是,当网络中部署了新的网络切片或者网络切片由第三方提供时,若网络切片的提供方想要修改该网络切片的切片控制信息,则需要发起UE的签约信息更新,由UDM更新签约信息,从而导致网络切片的提供方无法动态地实现网络切片的控制。因此,现有的切片控制信息的获取和修改方案不够灵活,用户体验不佳。However, when a new network slice is deployed in the network or the network slice is provided by a third party, if the provider of the network slice wants to modify the slice control information of the network slice, it needs to initiate the update of the UE's subscription information, and the UDM updates the contract. Therefore, the provider of the network slicing cannot dynamically realize the control of the network slicing. Therefore, the existing solutions for acquiring and modifying slice control information are not flexible enough, and the user experience is poor.
发明内容Summary of the invention
本申请提供一种网络切片控制方法及装置,用于提高网络切片控制的灵活性和用户体验。The present application provides a network slicing control method and device, which are used to improve the flexibility of network slicing control and user experience.
为达到上述目的,本申请采用如下技术方案:In order to achieve the above objectives, this application adopts the following technical solutions:
第一方面,提供一种网络切片控制方法,该方法应用于接入和移动管理功能AMF网元,该方法包括:发送第一信息,比如,AMF网元可以通过AUSF网元向AAA服务器发送第一信息,第一信息包括第一网络切片的切片信息和第一用户设备UE的第一标识,该切片信息可用于确定第一网络切片,比如,该切片信息可以是S-NSSAI或者该S-NSSAI映射之后的标识信息,第一标识可以是GPSI,其中,允许或者待允许第一UE接入的网络切片包括第一网络切片,即allowed NSSAI或者pending NSSAI(需要认证授权后可允许第一UE接入)包括第一网络切片的S-NSSAI;接收来自AAA服务器的第二信息,即第二信息是由AAA服务器发送的,比如,AAA服务器可以通过认证授权向AMF网元发送第二信息,第二信息包括第一切片控制信息,第一切片控 制信息为用于控制第一UE对第一网络切片使用的信息。In the first aspect, a network slicing control method is provided. The method is applied to an access and mobility management function AMF network element. The method includes: sending first information. For example, the AMF network element can send the first information to the AAA server through the AUSF network element. A piece of information. The first information includes slice information of the first network slice and a first identifier of the first user equipment UE. The slice information may be used to determine the first network slice. For example, the slice information may be S-NSSAI or S-NSSAI. The identification information after NSSAI mapping. The first identification can be GPSI, where the network slice that is allowed or to be allowed to be accessed by the first UE includes the first network slice, that is, allowed NSSAI or pending NSSAI (the first UE can be allowed after authentication and authorization is required. Access) S-NSSAI including the first network slice; receiving the second information from the AAA server, that is, the second information is sent by the AAA server, for example, the AAA server can send the second information to the AMF network element through authentication and authorization, The second information includes first slice control information, and the first slice control information is information used to control the use of the first network slice by the first UE.
上述技术方案中,通过该AMF网元向AAA服务器上报第一信息、AAA服务器根据第一信息下发第一切片控制信息,第一切片控制信息为用于控制第一UE对第一网络切片使用的信息,这样可以使该AAA服务器合理地为第一UE分配切片控制信息,同时该AMF网元可以动态地获取第一UE的切片控制信息,从而提高网络切片控制的灵活性和用户体验。In the above technical solution, the AMF network element reports the first information to the AAA server, and the AAA server issues the first slice control information according to the first information. The first slice control information is used to control the first UE to the first network. Information used for slicing, so that the AAA server can reasonably allocate slicing control information to the first UE. At the same time, the AMF network element can dynamically obtain the slicing control information of the first UE, thereby improving the flexibility of network slicing control and user experience .
在第一方面的一种可能的实现方式中,该方法还包括:向统一数据管理UDM网元发送第一切片控制信息,这样在UDM网元接收到第一切片控制信息时可以在本地存储第一切片控制信息。上述可能的实现方式中,可以使得UDM网元实时地获知控制第一UE对于第一网络切片使用的信息,进一步的,在双注册场景下,UDM网元可以将第一切片控制信息提供给第一UE使用的另一个AMF网元,使得另一个AMF网元无需发起新的流程获取第一切片控制信息。In a possible implementation of the first aspect, the method further includes: sending the first slice control information to the unified data management UDM network element, so that when the UDM network element receives the first slice control information, it can be locally Store the first slice control information. In the above possible implementation manners, the UDM network element can learn in real time the information that controls the first UE to use the first network slice. Further, in the dual registration scenario, the UDM network element can provide the first slice control information to The other AMF network element used by the first UE eliminates the need for another AMF network element to initiate a new process to obtain the first slice control information.
在第一方面的一种可能的实现方式中,该方法还包括:向策略控制功能PCF网元发送第一切片控制信息;接收来自PCF网元的授权切片控制信息,该授权切片控制信息可以与第一切片控制信息相同,也可以不同。上述可能的实现方式中,可以保证第一UE对于第一网络切片的切片控制信息的合法性和合理性。In a possible implementation of the first aspect, the method further includes: sending first slice control information to the policy control function PCF network element; receiving authorized slice control information from the PCF network element, where the authorized slice control information may It is the same as or different from the first slice control information. In the foregoing possible implementation manners, the legality and rationality of the slice control information for the first network slice by the first UE can be guaranteed.
在第一方面的一种可能的实现方式中,该方法还包括:向统一数据管理UDM网元发送授权切片控制信息。上述可能的实现方式中,可以使得UDM网元实时地获知第一UE对于第一网络切片使用的信息,进一步的,在双注册场景下,UDM网元可以将第一切片控制信息提供给第一UE使用的另一个AMF网元,使得另一个AMF网元无需发起新的流程获取第一切片控制信息。In a possible implementation manner of the first aspect, the method further includes: sending authorized slice control information to a unified data management UDM network element. In the foregoing possible implementation manners, the UDM network element can learn the information used by the first UE for the first network slice in real time. Further, in the dual registration scenario, the UDM network element can provide the first slice control information to the first network slice. Another AMF network element used by a UE makes it unnecessary for another AMF network element to initiate a new process to obtain the first slice control information.
在第一方面的一种可能的实现方式中,该方法还包括:接收第三信息,第三信息包括第二切片控制信息,第二切片控制信息用于更新用于控制第一UE对第一网络切片使用的信息。可选的,允许或者待允许第二UE接入的网络切片包括第一网络切片,第三信息还包括第三切片控制信息,第三切片控制信息用于更新用于控制第二UE对第一网络切片使用的信息。上述可能的实现方式中,可以使该AAA服务器合理地、动态地调整第一UE的切片控制信息,从而提高网络切片控制的灵活性和用户体验。当多个UE的切片控制信息发生变更时,通过在同一个消息中包含多个UE的切片控制信息,可以节约网络信令的开销。In a possible implementation of the first aspect, the method further includes: receiving third information, where the third information includes second slice control information, and the second slice control information is used to update the control of the first UE to the first Information used by network slicing. Optionally, the network slice that the second UE is allowed or to be allowed to access includes the first network slice, the third information also includes third slice control information, and the third slice control information is used to update the control information used to control the second UE to the first network slice. Information used by network slicing. In the foregoing possible implementation manners, the AAA server can reasonably and dynamically adjust the slice control information of the first UE, thereby improving the flexibility of network slice control and user experience. When the slice control information of multiple UEs is changed, by including the slice control information of multiple UEs in the same message, the overhead of network signaling can be saved.
在第一方面的一种可能的实现方式中,该方法还包括:将用于控制第一UE对第一网络切片使用的信息存储在第一UE的上下文中。上述可能的实现方式中,在服务第一UE的AMF网元发生切换时,可以使切换后的目标AMF网元准确获取第一UE的信息,且避免对执行授权流程的网络切片再次执行授权流程。In a possible implementation of the first aspect, the method further includes: storing information used to control the use of the first network slice by the first UE in the context of the first UE. In the above possible implementation manners, when the AMF network element serving the first UE is switched, the target AMF network element after the handover can accurately obtain the information of the first UE, and avoid performing the authorization process again on the network slice that performs the authorization process. .
在第一方面的一种可能的实现方式中,在发送第一信息之前,该方法还包括:获取允许或者待允许第一UE接入的网络切片的授权指示信息;根据授权指示信息,确定第一网络切片需要授权。可选的,获取允许第一UE接入的网络切片的授权指示信息,包括:从本地获取授权指示信息;或者,从统一数据管理UDM网元中获取第一UE的签约信息,签约信息包括授权指示信息;或者,从网络切片选择功能NSSF网元中获取授权指示信息。上述可能的实现方式中,可以使得该AMF网元在第一网络切 片的授权流程中,动态地获取第一UE的切片控制信息,从而提高网络切片控制的灵活性和用户体验。In a possible implementation of the first aspect, before sending the first information, the method further includes: obtaining authorization indication information of a network slice that is allowed or to be allowed to be accessed by the first UE; and determining the first UE according to the authorization indication information. A network slice requires authorization. Optionally, obtaining the authorization indication information of the network slice that the first UE is allowed to access includes: obtaining authorization indication information locally; or obtaining the subscription information of the first UE from the unified data management UDM network element, where the subscription information includes authorization Indication information; or, obtain authorization indication information from the network element of the network slice selection function NSSF. In the foregoing possible implementation manner, the AMF network element can dynamically obtain the slice control information of the first UE in the authorization process of the first network slice, thereby improving the flexibility of network slice control and user experience.
在第一方面的一种可能的实现方式中,第一信息还包括第一UE的第二标识,其中,第二标识为第一UE在第一网络切片中的标识。上述可能的实现方式中,第二标识可用于在第一网络切片中标识第一UE,这样可以使得AAA服务器执行对第一UE的切片认证和/或授权。In a possible implementation of the first aspect, the first information further includes a second identifier of the first UE, where the second identifier is an identifier of the first UE in the first network slice. In the foregoing possible implementation manners, the second identifier may be used to identify the first UE in the first network slice, so that the AAA server may perform slice authentication and/or authorization for the first UE.
在第一方面的一种可能的实现方式中,允许或者待允许第一UE接入的网络切片包括至少一个网络切片,至少一个网络切片包括第一网络切片,该方法还包括:从第一UE获取第一UE在至少一个网络切片的每个网络切片中的第二标识。上述可能的实现方式中,当至少一个网络切片包括多个网络切片时,可以减小该AMF网元获取第一UE在多个网络切片中的第二标识的信令开销。In a possible implementation manner of the first aspect, the network slice that is allowed or to be allowed to be accessed by the first UE includes at least one network slice, and the at least one network slice includes the first network slice, and the method further includes: Acquire the second identifier of the first UE in each network slice of the at least one network slice. In the foregoing possible implementation manner, when at least one network slice includes multiple network slices, the signaling overhead for the AMF network element to obtain the second identifier of the first UE in the multiple network slices can be reduced.
在第一方面的一种可能的实现方式中,第一信息承载在第一网络切片的授权请求消息中,第二信息承载在第一网络切片的授权响应消息中;或者,第一信息承载在第一网络切片的认证授权请求消息中,第二信息承载在第一网络切片的认证授权响应消息中。上述可能的实现方式中,可以使得AAA服务器在第一网络切片的授权流程中动态地调整第一UE的切片控制信息,同时该AMF网元可以动态地获取第一UE的切片控制信息,从而提高网络切片控制的灵活性和用户体验。In a possible implementation of the first aspect, the first information is carried in the authorization request message of the first network slice, and the second information is carried in the authorization response message of the first network slice; or, the first information is carried in In the authentication and authorization request message of the first network slice, the second information is carried in the authentication and authorization response message of the first network slice. In the foregoing possible implementation manners, the AAA server can dynamically adjust the slice control information of the first UE in the authorization process of the first network slice, and the AMF network element can dynamically obtain the slice control information of the first UE, thereby improving The flexibility and user experience of network slicing control.
第二方面,提供一种网络切片控制方法,该方法应用于认证、授权和计费AAA服务器中,该方法包括:接收第一信息,第一信息包括第一网络切片的切片信息和第一用户设备UE的第一标识,该切片信息可用于确定第一网络切片,比如,该切片信息可以是S-NSSAI或者该S-NSSAI映射之后的标识信息,第一标识可以是GPSI,其中,允许或者待允许第一UE接入的网络切片包括第一网络切片,即第一UE的allowed NSSAI或者pending NSSAI(需要认证授权后可允许第一UE接入)包括第一网络切片的S-NSSAI;向接入和移动管理功能AMF网元发送第二信息,第二信息包括第一切片控制信息,第一切片控制信息为用于控制第一UE对第一网络切片使用的信息。In a second aspect, a network slicing control method is provided. The method is applied to an AAA server for authentication, authorization, and accounting. The method includes: receiving first information, where the first information includes slice information of a first network slice and a first user The first identifier of the device UE. The slice information can be used to determine the first network slice. For example, the slice information can be S-NSSAI or the identification information after the S-NSSAI mapping. The first identifier can be GPSI, where either allows or The network slice that the first UE is to be allowed to access includes the first network slice, that is, the allowed NSSAI or pending NSSAI of the first UE (the first UE can be allowed to access after authentication and authorization) includes the S-NSSAI of the first network slice; The access and mobility management function AMF network element sends second information, the second information includes first slice control information, and the first slice control information is information used to control the use of the first network slice by the first UE.
在第二方面的一种可能的实现方式中,该方法还包括:当确定第一切片控制信息发生变更时,向AMF网元发送第三信息,第三信息包括第二切片控制信息,第二切片控制信息用于更新用于控制第一UE对第一网络切片使用的信息。In a possible implementation of the second aspect, the method further includes: when it is determined that the first slice control information is changed, sending third information to the AMF network element, the third information includes the second slice control information, and the first slice control information is changed. The second slice control information is used to update information used to control the use of the first network slice by the first UE.
在第二方面的一种可能的实现方式中,允许或者待允许第二UE接入的网络切片包括第一网络切片,当确定第二UE在第一网络切片中的切片控制信息发生变更时,第三信息还包括第三切片控制信息,第三切片控制信息用于更新用于控制第二UE对第一网络切片使用的信息。上述可能的实现方式中,当多个UE的切片控制信息发生变更时,AAA服务器可以一次信令交互调整多个UE的切片控制信息,从而减小该AAA服务器的信令开销。In a possible implementation of the second aspect, the network slice that the second UE is allowed or to be allowed to access includes the first network slice, and when it is determined that the slice control information of the second UE in the first network slice is changed, The third information further includes third slice control information, and the third slice control information is used to update information used for controlling the second UE to use the first network slice. In the foregoing possible implementation manner, when the slice control information of multiple UEs is changed, the AAA server can adjust the slice control information of multiple UEs in one signaling exchange, thereby reducing the signaling overhead of the AAA server.
在第二方面的一种可能的实现方式中,允许或者待允许第二UE接入的网络切片包括第二网络切片,当确定第二UE在第二网络切片中的切片控制信息发生变更时,第三信息还包括第四切片控制信息,第四切片控制信息用于更新用于控制第二UE对第二网络切片使用的信息。上述可能的实现方式中,当多个UE的切片控制信息发生变更时,AAA服务器可以一次信令交互调整多个UE的切片控制信息,从而减小该 AAA服务器的信令开销。In a possible implementation manner of the second aspect, the network slice that the second UE is allowed or to be allowed to access includes the second network slice, and when it is determined that the slice control information of the second UE in the second network slice is changed, The third information further includes fourth slice control information, and the fourth slice control information is used to update information for controlling the second UE to use the second network slice. In the foregoing possible implementation manner, when the slice control information of multiple UEs is changed, the AAA server can adjust the slice control information of multiple UEs in one signaling exchange, thereby reducing the signaling overhead of the AAA server.
在第二方面的一种可能的实现方式中,第一信息还包括第一UE的第二标识,其中,第二标识为第一UE在第一网络切片中的标识。In a possible implementation of the second aspect, the first information further includes a second identifier of the first UE, where the second identifier is an identifier of the first UE in the first network slice.
在第二方面的一种可能的实现方式中,第一信息承载在第一网络切片的授权请求消息中,第二信息承载在第一网络切片的授权响应消息中;或者,第一信息承载在第一网络切片的认证授权请求消息中,第二信息承载在第一网络切片的认证授权响应消息中。In a possible implementation of the second aspect, the first information is carried in the authorization request message of the first network slice, and the second information is carried in the authorization response message of the first network slice; or, the first information is carried in In the authentication and authorization request message of the first network slice, the second information is carried in the authentication and authorization response message of the first network slice.
第三方面,提供一种网络切片控制方法,应用于认证授权网元中,该认证授权网元可以为AUSF网元、NEF网元、NSSAAF网元或者其他用于认证和授权流程的网元,该方法包括:接收来自接入和移动管理功能AMF网元的第一信息,第一信息包括第一网络切片的切片信息和第一用户设备UE的第一标识,该切片信息可用于确定第一网络切片,比如,该切片信息可以是S-NSSAI或者该S-NSSAI映射之后的标识信息,第一标识可以是GPSI,允许或者待允许第一UE接入的网络切片包括第一网络切片,即第一UE的allowed NSSAI或者pending NSSAI(需要认证授权后可允许第一UE接入)包括第一网络切片的S-NSSAI;向认证、授权和计费AAA服务器发送第一转发信息,第一转发信息包括第一UE的第一标识、以及该切片信息或该切片信息的转换信息,比如,该切片信息为S-NSSAI,第一转发信息包含的为该切片信息的转换信息(即根据S-NSSAI获取S-NSSAI映射之后的标识信息),或该切片信息为S-NSSAI,第一转发信息包含的为该切片信息(即S-NSSAI),或该切片信息为S-NSSAI映射之后的标识信息,第一转发信息包含的为该切片信息(S-NSSAI映射之后的标识信息);接收来自AAA服务器的第二信息,第二信息包括第一切片控制信息,第一切片控制信息为用于控制第一UE对第一网络切片使用的信息;向该AMF网元发送第二信息。In a third aspect, a network slicing control method is provided, which is applied to an authentication and authorization network element, and the authentication and authorization network element may be an AUSF network element, a NEF network element, an NSSAAF network element, or other network elements used for authentication and authorization processes, The method includes: receiving first information from an AMF network element of an access and mobility management function, the first information including slice information of a first network slice and a first identifier of a first user equipment UE, and the slice information can be used to determine the first Network slice, for example, the slice information may be S-NSSAI or identification information after the S-NSSAI mapping, the first identifier may be GPSI, and the network slice that is allowed or to be allowed to be accessed by the first UE includes the first network slice, that is The allowed NSSAI or pending NSSAI of the first UE (the first UE can be allowed to access after authentication and authorization) includes the S-NSSAI of the first network slice; the first forwarding information is sent to the authentication, authorization, and accounting AAA server, and the first forwarding The information includes the first identifier of the first UE, and the slice information or the conversion information of the slice information. For example, the slice information is S-NSSAI, and the first forwarding information includes the conversion information of the slice information (that is, according to S-NSSAI). NSSAI obtains the identification information after S-NSSAI mapping), or the slice information is S-NSSAI, the first forwarding information contains the slice information (ie S-NSSAI), or the slice information is the identifier after S-NSSAI mapping Information, the first forwarding information contains the slice information (identification information after S-NSSAI mapping); the second information is received from the AAA server, the second information includes the first slice control information, and the first slice control information is Information used to control the use of the first network slice by the first UE; sending second information to the AMF network element.
在第三方面的一种可能的实现方式中,该方法还包括:接收来自AAA服务器的第三信息,第三信息包括第二切片控制信息,第二切片控制信息用于更新第一UE对第一网络切片的使用信息;向AMF网元发送第三转发信息,第三转发信息包括第二切片控制信息。In a possible implementation manner of the third aspect, the method further includes: receiving third information from the AAA server, the third information includes second slice control information, and the second slice control information is used to update the first UE to the second slice control information. 1. Use information of a network slice; send third forwarding information to the AMF network element, and the third forwarding information includes second slice control information.
在第三方面的一种可能的实现方式中,允许或者待允许第二UE接入的网络切片包括第一网络切片,第三信息还包括第三切片控制信息,第三转发信息还包括第三切片控制信息,第三切片控制信息用于更新用于控制第二UE对第一网络切片使用的信息。In a possible implementation manner of the third aspect, the network slice to which the second UE is allowed or to be allowed to access includes the first network slice, the third information further includes third slice control information, and the third forwarding information further includes the third network slice. The slice control information, and the third slice control information is used to update information used to control the use of the first network slice by the second UE.
在第三方面的一种可能的实现方式中,允许或者待允许第二UE接入的网络切片包括第二网络切片,第三信息还包括第四切片控制信息,该方法还包括:向服务第二网络切片的AMF网元发送第四转发信息,第四转发信息包括第四切片控制信息,第四切片控制信息用于更新用于控制第二UE对第二网络切片使用的信息。In a possible implementation manner of the third aspect, the network slice that the second UE is allowed or to be allowed to access includes the second network slice, the third information further includes fourth slice control information, and the method further includes: The AMF network element of the second network slice sends fourth forwarding information, where the fourth forwarding information includes fourth slice control information, and the fourth slice control information is used to update information used for controlling the second UE to use the second network slice.
在第三方面的一种可能的实现方式中,第一信息中还包括以下至少一项;第一UE的第二标识,AAA服务器标识;其中,第二标识为第一UE在第一网络切片中的标识;第一转发信息还可以包括:第一UE的第二标识。In a possible implementation manner of the third aspect, the first information further includes at least one of the following; the second identifier of the first UE, the AAA server identifier; wherein, the second identifier means that the first UE is in the first network slice The first forwarding information may also include: the second identifier of the first UE.
在第三方面的一种可能的实现方式中,第一信息承载在第一网络切片的授权请求消息中,向该AMF网元发送的第二信息承载在第一网络切片的授权响应消息中。In a possible implementation manner of the third aspect, the first information is carried in the authorization request message of the first network slice, and the second information sent to the AMF network element is carried in the authorization response message of the first network slice.
第四方面,提供一种通信装置,该装置作为接入和移动管理功能AMF网元或者AMF网元内置的芯片,该装置包括:发送单元,用于发送第一信息,第一信息包括第一网络切片的切片信息和第一用户设备UE的第一标识,其中,允许或者待允许第一UE接入的网络切片包括第一网络切片;接收单元,用于接收来自认证、授权和计费AAA服务器的第二信息,第二信息包括第一切片控制信息,第一切片控制信息为用于控制第一UE对第一网络切片使用的信息。In a fourth aspect, a communication device is provided, which serves as an access and mobility management function AMF network element or a built-in chip of the AMF network element. The device includes: a sending unit configured to send first information, the first information including the first The slice information of the network slice and the first identifier of the first user equipment UE, where the network slice that the first UE is allowed or to be allowed to access includes the first network slice; the receiving unit is configured to receive authentication, authorization, and accounting AAA The second information of the server, the second information includes first slice control information, and the first slice control information is information used to control the use of the first network slice by the first UE.
在第四方面的一种可能的实现方式中,发送单元还用于:向统一数据管理UDM网元发送第一切片控制信息。In a possible implementation manner of the fourth aspect, the sending unit is further configured to send the first slice control information to the unified data management UDM network element.
在第四方面的一种可能的实现方式中,发送单元还用于向策略控制功能PCF网元发送第一切片控制信息;接收单元还用于接收来自PCF网元的授权切片控制信息。In a possible implementation manner of the fourth aspect, the sending unit is further configured to send the first slice control information to the policy control function PCF network element; the receiving unit is further configured to receive authorized slice control information from the PCF network element.
在第四方面的一种可能的实现方式中,发送单元还用于:向统一数据管理UDM网元发送授权切片控制信息。In a possible implementation manner of the fourth aspect, the sending unit is further configured to send authorized slice control information to the unified data management UDM network element.
在第四方面的一种可能的实现方式中,接收单元还用于:接收第三信息,第三信息包括第二切片控制信息,第二切片控制信息用于更新用于控制第一UE对第一网络切片使用的信息。In a possible implementation of the fourth aspect, the receiving unit is further configured to: receive third information, where the third information includes second slice control information, and the second slice control information is used to update the second slice control information used to control the first UE to Information used by a network slice.
在第四方面的一种可能的实现方式中,允许或者待允许第二UE接入的网络切片包括第一网络切片,第三信息还包括第三切片控制信息,第三切片控制信息用于更新用于控制第二UE对第一网络切片使用的信息。In a possible implementation of the fourth aspect, the network slice to which the second UE is allowed or to be allowed to access includes the first network slice, the third information further includes third slice control information, and the third slice control information is used for updating Information used to control the use of the first network slice by the second UE.
在第四方面的一种可能的实现方式中,该装置还包括:处理单元,用于将用于控制第一UE对第一网络切片使用的信息存储在第一UE的上下文中。In a possible implementation manner of the fourth aspect, the apparatus further includes: a processing unit, configured to store information used to control the use of the first network slice by the first UE in the context of the first UE.
在第四方面的一种可能的实现方式中,接收单元还用于获取允许第一UE接入的网络切片的授权指示信息;处理单元还用于根据授权指示信息,确定第一网络切片需要授权。In a possible implementation of the fourth aspect, the receiving unit is further configured to obtain authorization indication information of the network slice that the first UE is allowed to access; the processing unit is further configured to determine that the first network slice requires authorization according to the authorization indication information .
在第四方面的一种可能的实现方式中,接收单元还用于:从本地获取授权指示信息;或者,从统一数据管理UDM网元中获取第一UE的签约信息,签约信息包括授权指示信息;或者,从网络切片选择功能NSSF网元中获取授权指示信息。In a possible implementation manner of the fourth aspect, the receiving unit is further configured to: obtain authorization indication information locally; or obtain the subscription information of the first UE from the unified data management UDM network element, where the subscription information includes authorization indication information ; Or, obtain authorization indication information from the network element of the network slice selection function NSSF.
在第四方面的一种可能的实现方式中,第一信息还包括第一UE的第二标识,其中,第二标识为第一UE在第一网络切片中的标识。In a possible implementation manner of the fourth aspect, the first information further includes a second identifier of the first UE, where the second identifier is an identifier of the first UE in the first network slice.
在第四方面的一种可能的实现方式中,允许或者待允许第一UE接入的网络切片包括至少一个网络切片,至少一个网络切片包括第一网络切片,接收单元还用于:从第一UE获取第一UE在至少一个网络切片的每个网络切片中的第二标识。In a possible implementation manner of the fourth aspect, the network slice allowed or to be allowed to be accessed by the first UE includes at least one network slice, at least one network slice includes the first network slice, and the receiving unit is further configured to: The UE obtains the second identifier of the first UE in each network slice of the at least one network slice.
第五方面,提供一种通信装置,该装置作为认证、授权和计费AAA服务器或者AAA服务器内置的芯片,该装置包括:接收单元,用于接收第一信息,所述第一信息包括第一网络切片的切片信息和第一用户设备UE的第一标识,其中,允许或者待允许第一UE接入的网络切片包括所述第一网络切片;发送单元,用于向接入和移动管理功能AMF网元发送第二信息,所述第二信息包括第一切片控制信息,所述第一切片控制信息为用于控制所述第一UE对所述第一网络切片使用的信息。In a fifth aspect, a communication device is provided, which serves as an authentication, authorization, and accounting AAA server or a built-in chip of the AAA server. The device includes: a receiving unit for receiving first information, where the first information includes the first The slice information of the network slice and the first identifier of the first user equipment UE, where the network slice to which the first UE is allowed or to be allowed to access includes the first network slice; the sending unit is configured to provide access and mobility management functions The AMF network element sends second information, where the second information includes first slice control information, and the first slice control information is information used to control the use of the first network slice by the first UE.
在第五方面的一种可能的实现方式中,所述发送单元还用于:当确定所述第一切片控制信息发生变更时,向所述AMF网元发送第三信息,所述第三信息包括第二切 片控制信息,所述第二切片控制信息用于更新用于控制所述第一UE对所述第一网络切片使用的信息。In a possible implementation manner of the fifth aspect, the sending unit is further configured to: when it is determined that the first slice control information is changed, send third information to the AMF network element, and the third The information includes second slice control information, and the second slice control information is used to update information used to control the use of the first network slice by the first UE.
在第五方面的一种可能的实现方式中,允许或者待允许第二UE接入的网络切片包括第一网络切片,当确定第二UE在第一网络切片中的切片控制信息发生变更时,第三信息还包括第三切片控制信息,第三切片控制信息用于更新用于控制第二UE对第一网络切片使用的信息。In a possible implementation manner of the fifth aspect, the network slice that the second UE is allowed or to be allowed to access includes the first network slice, and when it is determined that the slice control information of the second UE in the first network slice is changed, The third information further includes third slice control information, and the third slice control information is used to update information used for controlling the second UE to use the first network slice.
在第五方面的一种可能的实现方式中,允许或者待允许第二UE接入的网络切片包括第二网络切片,当确定第二UE在第二网络切片中的切片控制信息发生变更时,第三信息还包括第四切片控制信息,第四切片控制信息用于更新用于控制第二UE对第二网络切片使用的信息。In a possible implementation manner of the fifth aspect, the network slice that the second UE is allowed or to be allowed to access includes the second network slice, and when it is determined that the slice control information of the second UE in the second network slice is changed, The third information further includes fourth slice control information, and the fourth slice control information is used to update information for controlling the second UE to use the second network slice.
在第五方面的一种可能的实现方式中,第一信息还包括第一UE的第二标识,其中,第二标识为第一UE在第一网络切片中的标识。In a possible implementation of the fifth aspect, the first information further includes a second identifier of the first UE, where the second identifier is an identifier of the first UE in the first network slice.
在第五方面的一种可能的实现方式中,该切片信息包括:第一网络切片的单网络切片选择辅助信息S-NSSAI。In a possible implementation manner of the fifth aspect, the slice information includes: single network slice selection auxiliary information S-NSSAI of the first network slice.
在第五方面的一种可能的实现方式中,第一标识包括:通用公共用户标识GPSI。In a possible implementation manner of the fifth aspect, the first identifier includes: a general public user identifier GPSI.
在第五方面的一种可能的实现方式中,第一信息承载在第一网络切片的授权请求消息中,第二信息承载在第一网络切片的授权响应消息中;或者,第一信息承载在第一网络切片的认证授权请求消息中,第二信息承载在第一网络切片的认证授权响应消息中。In a possible implementation manner of the fifth aspect, the first information is carried in the authorization request message of the first network slice, and the second information is carried in the authorization response message of the first network slice; or, the first information is carried in In the authentication and authorization request message of the first network slice, the second information is carried in the authentication and authorization response message of the first network slice.
第六方面,提供一种通信装置,该装置作为认证授权网元或者认证授权网元内置的芯片,该认证授权网元可以为AUSF网元、NEF网元、NAASSF网元或者其他用于认证和授权流程的网元,该装置包括:接收单元,用于接收来自接入和移动管理功能AMF网元的第一信息,第一信息包括第一网络切片的切片信息和第一用户设备UE的第一标识,允许或者待允许第一UE接入的网络切片包括第一网络切片;发送单元,用于向认证、授权和计费AAA服务器发送第一转发信息,第一转发信息包括第一UE的第一标识、以及该切片信息或该切片信息的转换信息;接收单元,还用于接收来自AAA服务器的第二信息,第二信息包括第一切片控制信息,第一切片控制信息为用于控制第一UE对第一网络切片使用的信息;发送单元,还用于向该AMF网元发送第二信息。In a sixth aspect, a communication device is provided, which is used as an authentication and authorization network element or a built-in chip for the authentication and authorization network element. The authentication and authorization network element may be an AUSF network element, a NEF network element, a NAASSF network element, or other network elements used for authentication and authorization. The network element of the authorization process, the device includes: a receiving unit for receiving first information from the access and mobility management function AMF network element, the first information includes the slice information of the first network slice and the first user equipment UE An identifier, the network slice that the first UE is allowed or to be allowed to access includes the first network slice; the sending unit is configured to send the first forwarding information to the authentication, authorization, and accounting AAA server, and the first forwarding information includes the first UE’s The first identifier, and the slice information or the conversion information of the slice information; the receiving unit is further configured to receive the second information from the AAA server, the second information includes the first slice control information, and the first slice control information is used for To control the information used by the first UE on the first network slice; the sending unit is also used to send second information to the AMF network element.
在第六方面的一种可能的实现方式中,该切片信息包括:第一网络切片的单网络切片选择辅助信息S-NSSAI。In a possible implementation manner of the sixth aspect, the slice information includes: single network slice selection auxiliary information S-NSSAI of the first network slice.
在第六方面的一种可能的实现方式中,第一标识包括:通用公共用户标识GPSI。In a possible implementation manner of the sixth aspect, the first identifier includes: a general public user identifier GPSI.
在第六方面的一种可能的实现方式中,接收单元还用于接收来自AAA服务器的第三信息,第三信息包括第二切片控制信息,第二切片控制信息用于更新第一UE对第一网络切片的使用信息;发送单元还用于向AMF网元发送第三转发信息,第三转发信息包括第二切片控制信息。In a possible implementation manner of the sixth aspect, the receiving unit is further configured to receive third information from the AAA server, the third information includes second slice control information, and the second slice control information is used to update the first UE to the second slice control information. A network slice usage information; the sending unit is further configured to send third forwarding information to the AMF network element, where the third forwarding information includes second slice control information.
在第六方面的一种可能的实现方式中,允许或者待允许第二UE接入的网络切片包括第一网络切片,第三信息还包括第三切片控制信息,第三转发信息还包括第三切片控制信息,第三切片控制信息用于更新用于控制第二UE对第一网络切片使用的信 息。In a possible implementation manner of the sixth aspect, the network slice that the second UE is allowed or to be allowed to access includes the first network slice, the third information further includes third slice control information, and the third forwarding information further includes the third network slice. The slice control information, and the third slice control information is used to update information used to control the use of the first network slice by the second UE.
在第六方面的一种可能的实现方式中,允许或者待允许第二UE接入的网络切片包括第二网络切片,第三信息还包括第四切片控制信息,发送单元还用于:向服务第二网络切片的AMF网元发送第四转发信息,第四转发信息包括第四切片控制信息,第四切片控制信息用于更新用于控制第二UE对第二网络切片使用的信息。In a possible implementation manner of the sixth aspect, the network slice to which the second UE is allowed or to be allowed to access includes the second network slice, the third information further includes fourth slice control information, and the sending unit is further configured to: The AMF network element of the second network slice sends fourth forwarding information, where the fourth forwarding information includes fourth slice control information, and the fourth slice control information is used to update information used for controlling the second UE to use the second network slice.
在第六方面的一种可能的实现方式中,该切片信息包括:第一网络切片的单网络切片选择辅助信息S-NSSAI。In a possible implementation manner of the sixth aspect, the slice information includes: single network slice selection auxiliary information S-NSSAI of the first network slice.
在第六方面的一种可能的实现方式中,第一标识包括:通用公共用户标识GPSI。In a possible implementation manner of the sixth aspect, the first identifier includes: a general public user identifier GPSI.
在第六方面的一种可能的实现方式中,第一信息中还包括以下至少一项;第一UE的第二标识,AAA服务器标识;其中,第二标识为第一UE在第一网络切片中的标识;第一转发信息还包括:第一UE的第二标识。In a possible implementation manner of the sixth aspect, the first information further includes at least one of the following; the second identifier of the first UE, the AAA server identifier; wherein, the second identifier means that the first UE is in the first network slice The first forwarding information also includes: the second identifier of the first UE.
在第六方面的一种可能的实现方式中,第一信息承载在第一网络切片的授权请求消息中,向该AMF网元发送的第二信息承载在第一网络切片的授权响应消息中。In a possible implementation manner of the sixth aspect, the first information is carried in the authorization request message of the first network slice, and the second information sent to the AMF network element is carried in the authorization response message of the first network slice.
第七方面,提供一种通信装置,该装置作为接入和移动管理功能AMF网元或者AMF网元内置的芯片,包括处理器和通信接口,该处理器用于运行计算机程序或指令,以使该装置实现如第一方面、或者第一方面的任一种可能的实现方式所提供的网络切片控制方法。In a seventh aspect, a communication device is provided. The device serves as an access and mobility management function AMF network element or a built-in chip of the AMF network element, and includes a processor and a communication interface. The processor is used to run a computer program or instruction to enable the The apparatus implements the network slicing control method as provided in the first aspect or any possible implementation manner of the first aspect.
第八方面,提供一种通信装置,该装置作为认证、授权和计费AAA服务器或者AAA服务器内置的芯片,包括处理器和通信接口,该处理器用于运行计算机程序或指令,以使该装置实现如第二方面、或者第二方面的任一种可能的实现方式所提供的网络切片控制方法。In an eighth aspect, a communication device is provided. The device is used as an authentication, authorization, and accounting AAA server or a built-in chip of the AAA server, and includes a processor and a communication interface. The processor is used to run computer programs or instructions to enable the device to implement A network slicing control method as provided in the second aspect or any possible implementation manner of the second aspect.
第九方面,提供一种通信装置,该装置作为认证授权网元或者认证授权网元内置的芯片,该认证授权网元可以为AUSF网元、NEF网元、NAASSF网元或者其他用于认证和授权流程的网元,包括处理器和通信接口,该处理器用于运行计算机程序或指令,以使该装置实现如第三方面、或者第三方面的任一种可能的实现方式所提供的网络切片控制方法。In a ninth aspect, a communication device is provided, which serves as an authentication and authorization network element or a built-in chip of the authentication and authorization network element. The authentication and authorization network element may be an AUSF network element, a NEF network element, a NAASSF network element, or other network elements used for authentication and authorization. The network element of the authorization process includes a processor and a communication interface. The processor is used to run computer programs or instructions to enable the device to implement the network slicing provided by the third aspect or any one of the possible implementation manners of the third aspect. Control Method.
第十方面,提供一种通信***,该通信***包括:接入和移动管理功能AMF网元,认证授权网元,认证、授权和计费AAA服务器;其中,AMF网元为第四方面、第四方面的任一种可能的实现方式、或者第七方面所提供的AMF网元,AAA服务器为第五方面、第五方面的任一种可能的实现方式、或者第八方面所提供的AAA服务器,认证授权网元为第六方面、第六方面的任一种可能的实现方式、或者第九方面所提供的认证授权网元。In a tenth aspect, a communication system is provided. The communication system includes: access and mobility management function AMF network element, authentication and authorization network element, authentication, authorization and accounting AAA server; wherein, the AMF network element is the fourth aspect and the first Any possible implementation of the fourth aspect, or the AMF network element provided by the seventh aspect, and the AAA server is any of the fifth aspect, any possible implementation of the fifth aspect, or the AAA server provided by the eighth aspect , The authentication and authorization network element is the sixth aspect, any possible implementation manner of the sixth aspect, or the authentication and authorization network element provided by the ninth aspect.
第十一方面,提供一种网络切片控制方法,应用于接入和移动管理功能AMF网元或者会话管理功能SMF网元中,该方法包括:确定网络切片上接入的用户设备UE数量和/或协议数据单元PDU会话数量;当满足第一上报条件时,发送第一信息,第一信息包括该UE数量和/或PDU会话数量。In an eleventh aspect, a network slicing control method is provided, which is applied to an access and mobility management function AMF network element or a session management function SMF network element. The method includes: determining the number of user equipment UEs accessed on the network slice and/ Or the number of protocol data unit PDU sessions; when the first reporting condition is met, the first information is sent, and the first information includes the number of UEs and/or the number of PDU sessions.
上述技术方案中,该AMF网元或者该SMF网元可以发送第一信息,第一信息包括网络切片接入的UE数量和/或PDU会话数量,AAA-S可以接收第一信息,这样AAA-S可以感知到该网络切片的资源使用情况,从而基于第一信息包括的该UE数量 和/或PDU会话数量控制该网络切片的资源,从而实现网络切片的控制,提高了络切片控制的灵活性和用户体验。In the above technical solution, the AMF network element or the SMF network element may send first information, the first information includes the number of UEs accessed by the network slice and/or the number of PDU sessions, and the AAA-S may receive the first information, such that AAA- S can perceive the resource usage of the network slice, and control the resources of the network slice based on the number of UEs and/or the number of PDU sessions included in the first information, thereby realizing the control of the network slice and improving the flexibility of network slice control And user experience.
在第十一方面的一种可能的实现方式中,确定网络切片上接入的UE数量和/或PDU会话数量之前,该方法还包括:获取第一配置信息,第一配置信息包括该网络切片的单网络切片选择辅助信息S-NSSAI和授权指示信息,该授权指示信息用于指示是否需要执行切片资源控制。上述可能的实现方式中,可以使得该AMF网元或者该SMF网元在该网络切片的授权流程中动态地上报第一信息,并使AAA服务器动态地调整该网络切片的配置信息,从而提高网络切片控制的灵活性和用户体验。In a possible implementation manner of the eleventh aspect, before determining the number of UEs and/or the number of PDU sessions accessed on the network slice, the method further includes: acquiring first configuration information, where the first configuration information includes the network slice The single network slice selection auxiliary information S-NSSAI and authorization indication information are used to indicate whether slice resource control needs to be performed. In the foregoing possible implementation manners, the AMF network element or the SMF network element can dynamically report the first information in the authorization process of the network slicing, and the AAA server can dynamically adjust the configuration information of the network slicing, thereby improving the network The flexibility and user experience of slice control.
在第十一方面的一种可能的实现方式中,第一配置信息还包括第一上报条件,第一上报条件包括以下条件中的至少一种:该UE数量达到第一预设值,该PDU会话数量达到第二预设值,该UE数量的增加量达到第三预设值,该PDU会话数量的增加量达到第四预设值,上报周期,时间窗内的UE数量的增加量达到第五预设值、或时间窗内的PDU会话数量的增加量达到第六预设值。上述可能的实现方式中,可以使得该AMF网元或者该SMF网元按照第一上报条件动态地上报第一信息。In a possible implementation manner of the eleventh aspect, the first configuration information further includes a first report condition, and the first report condition includes at least one of the following conditions: the number of UEs reaches the first preset value, and the PDU The number of sessions reaches the second preset value, the increase in the number of UEs reaches the third preset value, the increase in the number of PDU sessions reaches the fourth preset value, the reporting period, and the increase in the number of UEs in the time window reaches the first The fifth preset value, or the increase in the number of PDU sessions within the time window, reaches the sixth preset value. In the foregoing possible implementation manner, the AMF network element or the SMF network element may be caused to dynamically report the first information according to the first report condition.
在第十一方面的一种可能的实现方式中,该方法还包括:接收第二配置信息,第二配置信息用于控制该网络切片的资源。上述可能的实现方式中,可以使得AAA服务器通过第二配置信息动态地调整该网络切片的配置信息,从而提高网络切片控制的灵活性和用户体验。In a possible implementation of the eleventh aspect, the method further includes: receiving second configuration information, where the second configuration information is used to control resources of the network slice. In the foregoing possible implementation manners, the AAA server can dynamically adjust the configuration information of the network slice through the second configuration information, thereby improving the flexibility of network slice control and user experience.
在第十一方面的一种可能的实现方式中,第二配置信息包括以下至少一项:第二上报条件,该网络切片可接入的剩余UE数量,该网络切片可接入的剩余PDU会话数量,该UE数量的增加量达到第七预设值,该PDU会话数量的增加量达到第八预设值,时间窗的UE数量达到第九预设值、或时间窗内的PDU会话数量的增加量达到第十预设值;第二上报条件用于指示下次上报该网络切片的第一信息的条件。上述可能的实现方式中,可以使得AAA服务器通过第二配置信息动态地调整第一信息的上报条件。In a possible implementation of the eleventh aspect, the second configuration information includes at least one of the following: a second reporting condition, the number of remaining UEs accessible by the network slice, and the remaining PDU sessions accessible by the network slice The number of UEs reaches the seventh preset value, the increase of the number of PDU sessions reaches the eighth preset value, and the number of UEs in the time window reaches the ninth preset value, or the number of PDU sessions in the time window The increase reaches the tenth preset value; the second reporting condition is used to indicate a condition for reporting the first information of the network slice next time. In the foregoing possible implementation manners, the AAA server can dynamically adjust the reporting condition of the first information through the second configuration information.
在第十一方面的一种可能的实现方式中,当该方法应用于AMF网元时,发送第一信息,包括:向认证授权网元发送授权请求消息,授权请求消息包括第一信息;相应的,接收第二配置信息,包括:接收认证授权网元发送的授权响应消息,授权响应消息包括第二配置信息。上述可能的实现方式中,可以使得该AMF网元在该网络切片的授权流程中动态地上报第一信息,AAA服务器动态地调整控制该网络切片,从而提高网络切片控制的灵活性和用户体验。In a possible implementation of the eleventh aspect, when the method is applied to an AMF network element, sending the first information includes: sending an authorization request message to the authentication and authorization network element, where the authorization request message includes the first information; correspondingly Yes, receiving the second configuration information includes: receiving an authorization response message sent by an authentication and authorization network element, where the authorization response message includes the second configuration information. In the foregoing possible implementation manners, the AMF network element can dynamically report the first information in the authorization process of the network slicing, and the AAA server can dynamically adjust and control the network slicing, thereby improving the flexibility of network slicing control and user experience.
在第十一方面的一种可能的实现方式中,当该方法应用于SMF网元时,发送第一信息,包括:通过UPF网元向AAA服务器发送第一信息;相应的,接收第二配置信息,包括:通过UPF网元接收来自AAA服务器的第二配置信息。上述可能的实现方式中,可以使得该SMF网元动态地上报第一信息,AAA服务器动态地调整控制该网络切片,从而提高网络切片控制的灵活性和用户体验。In a possible implementation of the eleventh aspect, when the method is applied to an SMF network element, sending the first information includes: sending the first information to the AAA server through the UPF network element; correspondingly, receiving the second configuration The information includes: receiving the second configuration information from the AAA server through the UPF network element. In the foregoing possible implementation manners, the SMF network element can dynamically report the first information, and the AAA server can dynamically adjust and control the network slice, thereby improving the flexibility of network slice control and user experience.
第十二方面,提供一种网络切片控制方法,应用于认证、授权和计费AAA服务器中,该方法包括:接收第一信息,第一信息包括网络切片上接入的用户设备UE数量和/或协议数据单元PDU会话数量。In a twelfth aspect, a network slicing control method is provided, which is applied to an AAA server for authentication, authorization, and accounting. The method includes: receiving first information, where the first information includes the number of user equipment UEs accessed on the network slicing and/ Or the number of protocol data unit PDU sessions.
在第十二方面的一种可能的实现方式中,接收第一信息之前,该方法还包括:发 送第一配置信息,第一配置信息用于配置网络切片的资源,第一配置信息包括网络切片的单网络切片选择辅助信息S-NSSAI和授权指示信息。In a possible implementation of the twelfth aspect, before receiving the first information, the method further includes: sending first configuration information, where the first configuration information is used to configure resources of the network slice, and the first configuration information includes the network slice The single network slice selection auxiliary information S-NSSAI and authorization indication information.
在第十二方面的一种可能的实现方式中,第一配置信息还包括第一信息的第一上报条件,第一上报条件包括以下条件中的至少一种:该UE数量达到第一预设值,该PDU会话数量达到第二预设值,该UE数量的增加量达到第三预设值,该PDU会话数量的增加量达到第四预设值,上报周期,时间窗内的UE数量的增加量达到第五预设值、或时间窗内的PDU会话数量的增加量达到第六预设值。In a possible implementation manner of the twelfth aspect, the first configuration information further includes a first reporting condition of the first information, and the first reporting condition includes at least one of the following conditions: the number of UEs reaches the first preset Value, the number of PDU sessions reaches the second preset value, the increase in the number of UEs reaches the third preset value, the increase in the number of PDU sessions reaches the fourth preset value, the reporting period, the number of UEs in the time window The increase amount reaches the fifth preset value, or the increase amount of the number of PDU sessions within the time window reaches the sixth preset value.
在第十二方面的一种可能的实现方式中,该方法还包括:根据该UE数量和/或PDU会话数量,确定发送第二配置信息,第二配置信息用于控制网络切片的资源。In a possible implementation manner of the twelfth aspect, the method further includes: determining to send second configuration information according to the number of UEs and/or the number of PDU sessions, where the second configuration information is used to control the resources of the network slice.
在第十二方面的一种可能的实现方式中,第二配置信息包括以下至少一项:第二上报条件,该网络切片可接入的剩余UE数量,该网络切片可接入的剩余PDU会话数量,该UE数量的增加量达到第七预设值,该PDU会话数量的增加量达到第八预设值,时间窗的UE数量达到第九预设值、或时间窗内的PDU会话数量的增加量达到第十预设值;第二上报条件用于指示下次上报该网络切片的第一信息的条件。In a possible implementation manner of the twelfth aspect, the second configuration information includes at least one of the following: a second reporting condition, the number of remaining UEs accessible by the network slice, and the remaining PDU sessions accessible by the network slice The number of UEs reaches the seventh preset value, the increase of the number of PDU sessions reaches the eighth preset value, and the number of UEs in the time window reaches the ninth preset value, or the number of PDU sessions in the time window The increase reaches the tenth preset value; the second reporting condition is used to indicate a condition for reporting the first information of the network slice next time.
在第十二方面的一种可能的实现方式中,接收第一信息,包括:接收来自认证授权网元的第一消息,第一消息包括第一信息,第一信息是AMF网元通过授权请求消息发送给认证授权网元的;相应的,发送第二配置信息,包括:向认证授权网元发送第二消息,第二消息包括第二配置信息,以使认证授权网元通过授权响应消息将第二配置信息发送给AMF网元。In a possible implementation manner of the twelfth aspect, receiving the first information includes: receiving a first message from an authentication and authorization network element, the first message includes the first information, and the first information is an authorization request by the AMF network element The message is sent to the authentication and authorization network element; correspondingly, sending the second configuration information includes: sending a second message to the authentication and authorization network element, the second message includes the second configuration information, so that the authentication and authorization network element sends the authorization response message to the authentication and authorization network element. The second configuration information is sent to the AMF network element.
在第十二方面的一种可能的实现方式中,接收第一信息,包括:通过UPF网元接收来自SMF的第一信息;相应的,发送第二配置信息,包括:通过UPF网元向SMF发送第二配置信息。In a possible implementation of the twelfth aspect, receiving the first information includes: receiving the first information from the SMF through the UPF network element; correspondingly, sending the second configuration information includes: sending the second configuration information to the SMF through the UPF network element Send the second configuration information.
第十三方面,提供一种通信装置,该装置为接入和移动管理AMF网元、AMF网元内置的芯片、会话管理功能SMF网元或者SMF网元内置的芯片,该装置包括:处理单元,用于确定网络切片上接入的用户设备UE数量和/或协议数据单元PDU会话数量;发送单元,用于当满足第一上报条件时,发送第一信息,第一信息包括该UE数量和/或PDU会话数量。In a thirteenth aspect, a communication device is provided, which is an access and mobility management AMF network element, a chip built in an AMF network element, a session management function SMF network element, or a chip built in an SMF network element, the device includes: a processing unit , Used to determine the number of user equipment UEs accessed on the network slice and/or the number of protocol data unit PDU sessions; the sending unit, used to send first information when the first reporting condition is met, the first information including the number of UEs and / Or the number of PDU sessions.
在第十三方面的一种可能的实现方式中,该装置还包括:接收单元,用于获取第一配置信息,第一配置信息包括该网络切片的单网络切片选择辅助信息S-NSSAI和授权指示信息,该授权指示信息用于指示是否需要执行切片资源控制。In a possible implementation of the thirteenth aspect, the device further includes: a receiving unit configured to obtain first configuration information, the first configuration information including single network slice selection auxiliary information S-NSSAI and authorization of the network slice Indication information, the authorization indication information is used to indicate whether slice resource control needs to be performed.
在第十三方面的一种可能的实现方式中,第一配置信息还包括第一上报条件,第一上报条件包括以下条件中的至少一种:该UE数量达到第一预设值,该PDU会话数量达到第二预设值,该UE数量的增加量达到第三预设值,该PDU会话数量的增加量达到第四预设值,上报周期,时间窗内的UE数量的增加量达到第五预设值、或时间窗内的PDU会话数量的增加量达到第六预设值。In a possible implementation manner of the thirteenth aspect, the first configuration information further includes a first report condition, and the first report condition includes at least one of the following conditions: the number of UEs reaches the first preset value, and the PDU The number of sessions reaches the second preset value, the increase in the number of UEs reaches the third preset value, the increase in the number of PDU sessions reaches the fourth preset value, the reporting period, and the increase in the number of UEs in the time window reaches the first The fifth preset value, or the increase in the number of PDU sessions within the time window, reaches the sixth preset value.
在第十三方面的一种可能的实现方式中,该装置还包括:接收单元,用于接收第二配置信息,第二配置信息用于控制网络切片的资源。In a possible implementation manner of the thirteenth aspect, the device further includes: a receiving unit, configured to receive second configuration information, where the second configuration information is used to control resources of the network slicing.
在第十三方面的一种可能的实现方式中,第二配置信息包括以下至少一项:第二上报条件,该网络切片可接入的剩余UE数量,该网络切片可接入的剩余PDU会话数 量,该UE数量的增加量达到第七预设值,该PDU会话数量的增加量达到第八预设值,时间窗的UE数量达到第九预设值、或时间窗内的PDU会话数量的增加量达到第十预设值;第二上报条件用于指示下次上报该网络切片的第一信息的条件。In a possible implementation manner of the thirteenth aspect, the second configuration information includes at least one of the following: a second reporting condition, the number of remaining UEs accessible by the network slice, and the remaining PDU sessions accessible by the network slice The number of UEs reaches the seventh preset value, the increase of the number of PDU sessions reaches the eighth preset value, and the number of UEs in the time window reaches the ninth preset value, or the number of PDU sessions in the time window The increase reaches the tenth preset value; the second reporting condition is used to indicate a condition for reporting the first information of the network slice next time.
在第十三方面的一种可能的实现方式中,当该装置为AMF网元或者AMF网元内置的芯片时,发送单元还用于:向认证授权网元发送授权请求消息,授权请求消息包括第一信息;相应的,接收单元还用于接收认证授权网元发送的授权响应消息,授权响应消息包括第二配置信息。In a possible implementation of the thirteenth aspect, when the device is an AMF network element or a built-in chip of the AMF network element, the sending unit is further configured to: send an authorization request message to the authentication and authorization network element, and the authorization request message includes First information; correspondingly, the receiving unit is further configured to receive an authorization response message sent by an authentication and authorization network element, where the authorization response message includes the second configuration information.
在第十三方面的一种可能的实现方式中,当装置应用于SMF网元或者SMF网元内置的芯片时,发送单元还用于通过UPF网元向AAA服务器发送第一信息;相应的,接收单元还用于通过UPF网元接收来自AAA服务器的第二配置信息。In a possible implementation manner of the thirteenth aspect, when the device is applied to an SMF network element or a chip built into the SMF network element, the sending unit is further configured to send the first information to the AAA server through the UPF network element; correspondingly, The receiving unit is further configured to receive the second configuration information from the AAA server through the UPF network element.
第十四方面,提供一种通信装置,该装置为认证、授权和计费AAA服务器或者AAA服务器内置的芯片,该装置包括:接收单元,用于接收第一信息,第一信息包括网络切片上接入的用户设备UE数量和/或协议数据单元PDU会话数量。In a fourteenth aspect, a communication device is provided. The device is an authentication, authorization, and accounting AAA server or a chip built in the AAA server. The device includes a receiving unit for receiving first information, where the first information includes a network slice The number of connected user equipment UEs and/or the number of protocol data unit PDU sessions.
在第十四方面的一种可能的实现方式中,该装置还包括:发送单元,用于发送第一配置信息,第一配置信息用于配置网络切片的资源,第一配置信息包括网络切片的单网络切片选择辅助信息S-NSSAI和授权指示信息。In a possible implementation manner of the fourteenth aspect, the device further includes: a sending unit, configured to send first configuration information, the first configuration information is used to configure resources of the network slice, and the first configuration information includes information about the network slice. Single network slice selection auxiliary information S-NSSAI and authorization indication information.
在第十四方面的一种可能的实现方式中,第一配置信息还包括第一信息的第一上报条件,第一上报条件包括以下条件中的至少一种:该UE数量达到第一预设值,该PDU会话数量达到第二预设值,该UE数量的增加量达到第三预设值,该PDU会话数量的增加量达到第四预设值,上报周期,时间窗内的UE数量的增加量达到第五预设值、或时间窗内的PDU会话数量的增加量达到第六预设值。In a possible implementation manner of the fourteenth aspect, the first configuration information further includes a first reporting condition of the first information, and the first reporting condition includes at least one of the following conditions: the number of UEs reaches the first preset Value, the number of PDU sessions reaches the second preset value, the increase in the number of UEs reaches the third preset value, the increase in the number of PDU sessions reaches the fourth preset value, the reporting period, the number of UEs in the time window The increase amount reaches the fifth preset value, or the increase amount of the number of PDU sessions within the time window reaches the sixth preset value.
在第十四方面的一种可能的实现方式中,该装置还包括:发送单元,用于根据该UE数量和/或PDU会话数量,确定发送第二配置信息,第二配置信息用于控制网络切片的资源。In a possible implementation manner of the fourteenth aspect, the device further includes: a sending unit, configured to determine to send second configuration information according to the number of UEs and/or the number of PDU sessions, and the second configuration information is used to control the network Sliced resources.
在第十四方面的一种可能的实现方式中,第二配置信息包括以下至少一项:第二上报条件,该网络切片可接入的剩余UE数量,该网络切片可接入的剩余PDU会话数量,该UE数量的增加量达到第七预设值,该PDU会话数量的增加量达到第八预设值,时间窗的UE数量达到第九预设值、或时间窗内的PDU会话数量的增加量达到第十预设值;第二上报条件用于指示下次上报该网络切片的第一信息的条件。In a possible implementation manner of the fourteenth aspect, the second configuration information includes at least one of the following: a second reporting condition, the number of remaining UEs accessible by the network slice, and the remaining PDU sessions accessible by the network slice The number of UEs reaches the seventh preset value, the increase of the number of PDU sessions reaches the eighth preset value, and the number of UEs in the time window reaches the ninth preset value, or the number of PDU sessions in the time window The increase reaches the tenth preset value; the second reporting condition is used to indicate a condition for reporting the first information of the network slice next time.
在第十四方面的一种可能的实现方式中,接收单元还用于:接收来自认证授权网元的第一消息,第一消息包括第一信息,第一信息是AMF网元通过授权请求消息发送给认证授权网元的;相应的,发送单元还用于:向认证授权网元发送第二消息,第二消息包括第二配置信息,以使认证授权网元通过授权响应消息将第二配置信息发送给AMF网元。In a possible implementation of the fourteenth aspect, the receiving unit is further configured to: receive a first message from an authentication and authorization network element, the first message includes first information, and the first information is an authorization request message passed by the AMF network element Correspondingly, the sending unit is further configured to: send a second message to the authentication and authorization network element, the second message including the second configuration information, so that the authentication and authorization network element configures the second configuration through the authorization response message The information is sent to the AMF network element.
在第十四方面的一种可能的实现方式中,接收单元还用于:通过UPF网元接收来自SMF的第一信息;相应的,发送单元还用于:通过UPF网元向SMF发送第二配置信息。In a possible implementation of the fourteenth aspect, the receiving unit is further configured to: receive the first information from the SMF through the UPF network element; correspondingly, the sending unit is further configured to: send the second information to the SMF through the UPF network element Configuration information.
第十五方面,提供一种通信装置,该装置作为接入和移动管理功能AMF网元、AMF网元内置的芯片、会话管理功能SMF网元或者SMF网元内置的芯片,包括处理 器和通信接口,该处理器用于运行计算机程序或指令,以使该装置实现如第十一方面、或者第十一方面的任一种可能的实现方式所提供的网络切片控制方法。In a fifteenth aspect, a communication device is provided. The device serves as an access and mobility management function AMF network element, a built-in chip of the AMF network element, a session management function SMF network element, or a built-in chip of the SMF network element, including a processor and communication An interface, the processor is used to run a computer program or instruction, so that the device implements the network slice control method as provided by the eleventh aspect or any one of the possible implementation manners of the eleventh aspect.
第十六方面,提供一种通信装置,该装置作为认证、授权和计费AAA服务器或者AAA服务器内置的芯片包括处理器和通信接口,该处理器用于运行计算机程序或指令,以使该装置实现如第十二方面、或者第十二方面的任一种可能的实现方式所提供的网络切片控制方法。In a sixteenth aspect, a communication device is provided. The device is used as an authentication, authorization, and accounting AAA server or a built-in chip of the AAA server includes a processor and a communication interface, and the processor is used to run a computer program or instruction to enable the device to implement Such as the twelfth aspect or the network slicing control method provided in any possible implementation manner of the twelfth aspect.
第十七方面,提供一种通信***,该通信***包括:接入和移动管理功能AMF网元/会话管理功能SMF网元,认证、授权和计费AAA服务器;其中,AMF网元/SMF网元为第十三方面、第十三方面的任一种可能的实现方式、或者第十五方面所提供的通信装置;AAA服务器为第十四方面、第十四方面的任一种可能的实现方式、或者第十六方面所提供的通信装置。In a seventeenth aspect, a communication system is provided. The communication system includes: access and mobility management function AMF network element/session management function SMF network element, authentication, authorization and accounting AAA server; wherein, AMF network element/SMF network element Yuan is the thirteenth aspect, any possible implementation of the thirteenth aspect, or the communication device provided by the fifteenth aspect; the AAA server is any possible implementation of the fourteenth aspect and the fourteenth aspect Or the communication device provided by the sixteenth aspect.
在本申请的另一方面,提供一种可读存储介质,该可读存储介质中存储有指令,当该可读存储介质中的指令在设备上运行时,使得该设备执行如第一方面、或者第一方面的任一种可能的实现方式所提供的网络切片控制方法。In another aspect of the present application, a readable storage medium is provided, and instructions are stored in the readable storage medium. When the instructions in the readable storage medium are executed on a device, the device executes operations such as the first aspect, Or the network slicing control method provided by any possible implementation of the first aspect.
在本申请的另一方面,提供一种可读存储介质,该可读存储介质中存储有指令,当该可读存储介质中的指令在设备上运行时,使得该设备执行如第二方面、或者第二方面的任一种可能的实现方式所提供的网络切片控制方法。In another aspect of the present application, a readable storage medium is provided, and instructions are stored in the readable storage medium. When the instructions in the readable storage medium run on a device, the device executes the second aspect, Or the network slicing control method provided by any possible implementation of the second aspect.
在本申请的另一方面,提供一种可读存储介质,该可读存储介质中存储有指令,当该可读存储介质中的指令在设备上运行时,使得该设备执行如第三方面、或者第三方面的任一种可能的实现方式所提供的网络切片控制方法。In another aspect of the present application, a readable storage medium is provided, and instructions are stored in the readable storage medium. When the instructions in the readable storage medium are executed on a device, the device executes the third aspect, Or the network slicing control method provided by any possible implementation manner of the third aspect.
在本申请的另一方面,提供一种包括指令的计算机程序产品,当该指令在设备上运行时,使得该设备执行如第一方面、或者第一方面的任一种可能的实现方式所提供的网络切片控制方法。In another aspect of the present application, a computer program product including instructions is provided. When the instructions are executed on a device, the device executes as provided in the first aspect or any one of the possible implementation manners of the first aspect. Network slicing control method.
在本申请的另一方面,提供一种包括指令的计算机程序产品,当该指令在设备上运行时,使得该设备执行如第二方面、或者第二方面的任一种可能的实现方式所提供的网络切片控制方法。In another aspect of the present application, a computer program product including instructions is provided. When the instructions are executed on a device, the device executes as provided by the second aspect or any of the possible implementation manners of the second aspect. Network slicing control method.
在本申请的另一方面,提供一种包括指令的计算机程序产品,当该指令在设备上运行时,使得该设备执行如第三方面、或者第三方面的任一种可能的实现方式所提供的网络切片控制方法。In another aspect of the present application, a computer program product including instructions is provided. When the instructions run on a device, the device executes the third aspect or any one of the possible implementations of the third aspect. Network slicing control method.
在本申请的另一方面,提供一种可读存储介质,该可读存储介质中存储有指令,当该可读存储介质中的指令在设备上运行时,使得该设备执行如第十一方面、或者第十一方面的任一种可能的实现方式所提供的网络切片控制方法。In another aspect of the present application, a readable storage medium is provided, and instructions are stored in the readable storage medium. When the instructions in the readable storage medium are executed on a device, the device executes the eleventh aspect. , Or the network slicing control method provided by any possible implementation manner of the eleventh aspect.
在本申请的另一方面,提供一种可读存储介质,该可读存储介质中存储有指令,当该可读存储介质中的指令在设备上运行时,使得该设备执行如第十二方面、或者第十二方面的任一种可能的实现方式所提供的网络切片控制方法。In another aspect of the present application, there is provided a readable storage medium having instructions stored in the readable storage medium, and when the instructions in the readable storage medium are executed on a device, the device is caused to perform operations as described in the twelfth aspect , Or the network slicing control method provided by any possible implementation of the twelfth aspect.
在本申请的另一方面,提供一种包括指令的计算机程序产品,当该指令在设备上运行时,使得该设备执行如第十一方面、或者第十一方面的任一种可能的实现方式所提供的网络切片控制方法。In another aspect of the present application, a computer program product including instructions is provided. When the instructions run on a device, the device executes the eleventh aspect or any possible implementation manner of the eleventh aspect The provided network slicing control method.
在本申请的另一方面,提供一种包括指令的计算机程序产品,当该指令在设备上 运行时,使得该设备执行如第十二方面、或者第十二方面的任一种可能的实现方式所提供的网络切片控制方法。In another aspect of the present application, a computer program product including instructions is provided. When the instructions run on a device, the device executes the twelfth aspect or any possible implementation manner of the twelfth aspect The provided network slicing control method.
需要说明的是,本申请中第二方面至第十方面及其各种可能的实现方式的有益效果,可以参考第一方面及其各种可能的实现方式中的有益效果分析,本申请中第十二方面至第十七方面及其各种可能的实现方式的有益效果,可以参考第十一方面及其各种可能的实现方式中的有益效果分析,此处不再赘述。It should be noted that for the beneficial effects of the second aspect to the tenth aspect and various possible implementation manners of this application, you can refer to the beneficial effect analysis in the first aspect and various possible implementation manners. For the beneficial effects of the twelfth aspect to the seventeenth aspect and its various possible implementation manners, reference may be made to the analysis of the beneficial effects in the eleventh aspect and its various possible implementation manners, which will not be repeated here.
附图说明Description of the drawings
图1为本申请实施例提供的一种通信***的结构示意图;FIG. 1 is a schematic structural diagram of a communication system provided by an embodiment of this application;
图2为本申请实施例提供的第一种网络切片控制方法的流程示意图;2 is a schematic flowchart of a first network slicing control method provided by an embodiment of this application;
图3为本申请实施例提供的第二种网络切片控制方法的流程示意图;FIG. 3 is a schematic flowchart of a second network slicing control method provided by an embodiment of this application;
图4为本申请实施例提供的一种第三信息传输的示意图;FIG. 4 is a schematic diagram of a third information transmission provided by an embodiment of this application;
图5为本申请实施例提供的第三种网络切片控制方法的流程示意图;FIG. 5 is a schematic flowchart of a third network slicing control method provided by an embodiment of this application;
图6为本申请实施例提供的第四种网络切片控制方法的流程示意图;FIG. 6 is a schematic flowchart of a fourth network slicing control method provided by an embodiment of this application;
图7为本申请实施例提供的第五种网络切片控制方法的流程示意图;FIG. 7 is a schematic flowchart of a fifth network slicing control method provided by an embodiment of this application;
图8为本申请实施例提供的第六种网络切片控制方法的流程示意图;FIG. 8 is a schematic flowchart of a sixth network slicing control method provided by an embodiment of this application;
图9为本申请实施例提供的一种AMF网元的结构示意图;FIG. 9 is a schematic structural diagram of an AMF network element provided by an embodiment of this application;
图10为本申请实施例提供的另一种AMF网元的结构示意图;FIG. 10 is a schematic structural diagram of another AMF network element provided by an embodiment of this application;
图11为本申请实施例提供的一种认证授权网元的结构示意图;FIG. 11 is a schematic structural diagram of an authentication and authorization network element provided by an embodiment of this application;
图12为本申请实施例提供的另一种认证授权网元的结构示意图;FIG. 12 is a schematic structural diagram of another authentication and authorization network element provided by an embodiment of this application;
图13为本申请实施例提供的一种AAA-S网元的结构示意图;FIG. 13 is a schematic structural diagram of an AAA-S network element provided by an embodiment of this application;
图14为本申请实施例提供的另一种AAA-S的结构示意图。FIG. 14 is a schematic structural diagram of another AAA-S provided by an embodiment of the application.
具体实施方式Detailed ways
本申请中,“至少一个”是指一个或者多个,“多个”是指两个或两个以上。“和/或”,描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B的情况,其中A,B可以是单数或者复数。字符“/”一般表示前后关联对象是一种“或”的关系。“以下中的至少一项(个)”或其类似表达,是指的这些项中的任意组合,包括单项(个)或复数项(个)的任意组合。例如,a,b或c中的至少一项(个),可以表示:a、b、c、a-b、a-c、b-c、或a-b-c,其中a、b、c可以是单个,也可以是多个。另外,在本申请的实施例中,“第一”、“第二”等字样并不对数量和执行次序进行限定。In this application, "at least one" refers to one or more, and "multiple" refers to two or more. "And/or" describes the association relationship of the associated objects, indicating that there can be three relationships, for example, A and/or B, which can mean: A alone exists, A and B exist at the same time, and B exists alone, where A, B can be singular or plural. The character "/" generally indicates that the associated objects before and after are in an "or" relationship. "At least one item (a) in the following" or similar expressions refers to any combination of these items, including any combination of a single item (a) or a plurality of items (a). For example, at least one of a, b, or c can represent: a, b, c, a-b, a-c, b-c, or a-b-c, where a, b, and c can be single or multiple. In addition, in the embodiments of the present application, words such as "first" and "second" do not limit the number and execution order.
需要说明的是,本申请中,“示例性的”或者“例如”等词用于表示作例子、例证或说明。本申请中被描述为“示例性的”或者“例如”的任何实施例或设计方案不应被解释为比其他实施例或设计方案更优选或更具优势。确切而言,使用“示例性的”或者“例如”等词旨在以具体方式呈现相关概念。It should be noted that in this application, words such as "exemplary" or "for example" are used to indicate examples, illustrations, or illustrations. Any embodiment or design solution described as "exemplary" or "for example" in this application should not be construed as being more preferable or advantageous than other embodiments or design solutions. To be precise, words such as "exemplary" or "for example" are used to present related concepts in a specific manner.
为了便于理解本申请实施例的技术方案,首先给出本申请相关技术的简要介绍如下:In order to facilitate the understanding of the technical solutions of the embodiments of the present application, first, a brief introduction of the related technologies of the present application is given as follows:
网络切片(network slice,NS),又可以称为切片网络,也可以简称为切片,是指在物理或者虚拟的网络基础设施上,根据不同的租户(tenant)的业务的服务需求定制化不同的逻辑网络。网络切片可以是一个包括用户设备(user equipment,UE)、接 入网、传输网、核心网和业务服务器的完整的端到端网络,也可以是仅包括核心网络但是辅以UE、接入网、传输网和业务服务器的完整的端到端网络,能够提供完整的通信服务,具有一定的网络能力,网络切片可以是保证承载业务或者服务能达到服务水平协议要求的通信资源,也可以认为是完成某个通信业务或某些通信业务所需的网络功能及通信资源的组合。一个网络切片可由单网络切片选择辅助信息(single network slice selection assistance information,S-NSSAI)来标识。S-NSSAI由切片/服务类型(slice/service type,SST)和切片区分标识(slice differentiator,SD)组成。其中,SST和SD可以由标准定义或者运营商自定义;SD是补充SST的可选信息,以区分相同SST的多个网络切片,例如可以用来表征网络切片的归属关系。23.501标准中定义的NSSAI的类型和作用如下表1所示。Network slice (NS), also known as a slice network, or simply as a slice, refers to the physical or virtual network infrastructure, customized according to the service requirements of different tenants (tenant) Logical network. A network slice can be a complete end-to-end network including user equipment (UE), access network, transmission network, core network, and service server, or it can include only the core network but supplemented by UE and access network. , The complete end-to-end network of the transmission network and the service server can provide complete communication services and have certain network capabilities. Network slicing can be a communication resource that guarantees that the bearer business or service can meet the service level agreement requirements, or it can be considered as The combination of network functions and communication resources required to complete a certain communication service or certain communication services. A network slice can be identified by single network slice selection assistance information (S-NSSAI). The S-NSSAI is composed of a slice/service type (SST) and a slice differentiator (SD). Among them, SST and SD can be defined by standards or operators; SD is optional information that supplements SST to distinguish multiple network slices of the same SST, for example, it can be used to characterize the ownership of network slices. The types and functions of NSSAI defined in the 23.501 standard are shown in Table 1 below.
表1Table 1
Figure PCTCN2021077861-appb-000001
Figure PCTCN2021077861-appb-000001
另外,在引入切片认证和授权之后,还存在一种待允许的NSSAI(可称为pending NSSAI),pending NSSAI也可以称为需要认证和授权的NSSAI或者待处理的NSSAI。该pending NSSAI通过认证授权之后即可被包含在allowed NSSAI中,即该pending NSSAI通过认证授权之后即可允许UE接入。In addition, after the introduction of slice authentication and authorization, there is also a kind of NSSAI to be allowed (may be called pending NSSAI), and the pending NSSAI may also be called the NSSAI that requires authentication and authorization or the NSSAI to be processed. The pending NSSAI can be included in the allowed NSSAI after passing the authentication and authorization, that is, the pending NSSAI can allow the UE to access after passing the authentication and authorization.
协议数据单元(protocol data unit,PDU)会话(session):UE与一个数据网络之间提供一个PDU连接服务的关联。在通信***(比如,5G网络或5G通信***)内,一个PDU会话可以包含一个或多个服务质量(quality of service,QoS)流(flow)。QoS流是指UE在该通信***内(比如,5G网络内或5G通信***)满足特定QoS质量需求的数据传输通道,可以通过QoS流标识(QoS flow identity,QFI)进行标识。在UE和网络侧,一个PDU会话可以包含以下属性信息:数据网络名称(data network name,DNN)、地址信息(如因特网协议(internet protocol,IP)地址、媒体介入控制(media access control,MAC)地址等)、S-NSSAI、业务和会话连续性(service and session continuity,SSC)模式等。一个PDU会话通常由PDU会话标识来识别,PDU会话标识可以由UE分配。Protocol data unit (PDU) session (session): the association between the UE and a data network to provide a PDU connection service. In a communication system (for example, a 5G network or a 5G communication system), a PDU session may include one or more quality of service (QoS) flows. A QoS flow refers to a data transmission channel that a UE meets a specific QoS quality requirement in the communication system (for example, a 5G network or a 5G communication system), and can be identified by a QoS flow identity (QFI). On the UE and the network side, a PDU session can contain the following attribute information: data network name (DNN), address information (such as internet protocol (IP) address, media access control (MAC)) Address, etc.), S-NSSAI, service and session continuity (service and session continuity, SSC) mode, etc. A PDU session is usually identified by the PDU session identifier, and the PDU session identifier can be allocated by the UE.
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行地描述。The technical solutions in the embodiments of the present application will be described below in conjunction with the drawings in the embodiments of the present application.
如图1所示,为本申请实施例提供的一种通信***架构示意图。如图1所示,该通信***包括:UE、无线接入网(radio access network,RAN/AN)和核心网。进一步,该通信***还可以包括数据网络(data network,DN),DN可以是指为用户提供数据传输服务的服务网络,如IP多媒体业务(IP multi-media service,IMS)、因特网(internet)等。As shown in FIG. 1, it is a schematic diagram of a communication system architecture provided by an embodiment of this application. As shown in Figure 1, the communication system includes: a UE, a radio access network (RAN/AN), and a core network. Furthermore, the communication system may also include a data network (DN), which may refer to a service network that provides users with data transmission services, such as IP multi-media service (IMS), internet, etc. .
其中,UE可以为终端设备(terminal equipment,TE)、手持终端、笔记本电脑、用户单元(subscriber unit)、蜂窝电话(cellular phone)、智能电话(smart phone)、无 线数据卡、个人数字助理(personal digital assistant,PDA)电脑、平板型电脑、车载终端、可穿戴设备、无线调制解调器(modem)、手持设备(handheld)、膝上型电脑(laptop computer)、无绳电话(cordless phone)、无线本地环路(wireless local loop,WLL)台、机器类型通信(machine type communication,MTC)终端或是其他可以接入网络的设备。UE与接入网设备之间采用某种空口技术相互通信。Among them, the UE can be a terminal equipment (TE), handheld terminal, notebook computer, subscriber unit, cellular phone, smart phone, wireless data card, personal digital assistant (personal digital assistant). digital assistant, PDA) computers, tablet computers, vehicle terminals, wearable devices, wireless modems, handheld devices, laptop computers, cordless phones, wireless local loops (wireless local loop, WLL), machine type communication (MTC) terminal, or other devices that can access the network. The UE and the access network equipment use a certain air interface technology to communicate with each other.
另外,该接入网用于实现无线接入有关的功能,该接入网可以包括第三代合作伙伴计划(3rd generation partnership project,3GPP)接入网和non-3GPP的接入网。接入网设备可以是指为UE提供接入服务的设备,包含RAN设备和AN设备。RAN设备主要是3GPP网络中的无线网络设备,AN可以是non-3GPP定义的接入网设备。RAN设备主要负责空口侧的无线资源管理、服务质量(quality of service,QoS)管理、数据压缩和加密等功能。RAN设备可以包括各种形式的基站,例如:宏基站,微基站(也称为小站),中继站,接入点等。在采用不同的无线接入技术的***中,具备基站功能的设备的名称可能会有所不同,例如,在第五代(5th generation,5G)***中,称为RAN或者gNB(5G NodeB);在LTE***中,称为演进的节点B(evolved NodeB,eNB或者eNodeB);在第三代(3rd generation,3G)***中,称为节点B(Node B)等。AN设备允许UE和3GPP核心网之间采用非3GPP技术互连互通,其中,非3GPP技术例如:无线保真(wireless fidelity,Wi-Fi)、全球微波互联接入(worldwide interoperability for microwave access,WiMAX)、码分多址(code division multiple access,CDMA)网络等。In addition, the access network is used to implement functions related to wireless access, and the access network may include a third generation partnership project (3rd generation partnership project, 3GPP) access network and a non-3GPP access network. Access network equipment may refer to equipment that provides access services for UEs, including RAN equipment and AN equipment. The RAN device is mainly a wireless network device in the 3GPP network, and the AN may be an access network device defined by non-3GPP. The RAN equipment is mainly responsible for functions such as radio resource management, quality of service (QoS) management, data compression, and encryption on the air interface side. The RAN equipment may include various forms of base stations, such as macro base stations, micro base stations (also called small stations), relay stations, and access points. In systems using different radio access technologies, the names of devices with base station functions may be different. For example, in the 5th generation (5G) system, it is called RAN or gNB (5G NodeB); In the LTE system, it is called an evolved NodeB (evolved NodeB, eNB or eNodeB); in the third generation (3rd generation, 3G) system, it is called a Node B (Node B), etc. AN equipment allows the UE and the 3GPP core network to use non-3GPP technologies for interconnection and intercommunication. Among them, non-3GPP technologies such as wireless fidelity (Wi-Fi), worldwide interoperability for microwave access, WiMAX ), code division multiple access (CDMA) networks, etc.
再者,该核心网可以包括以下逻辑网元:会话管理功能(session management function,SMF)网元、接入与移动性管理功能(access and mobility management function,AMF网元)网元、认证服务器功能(authentication server function,AUSF)网元、用户面功能(user plane function,UPF)网元、应用功能(application function,AF)网元、统一数据管理(unified data management,UDM)网元、策略控制功能(policy control Function,PCF)网元、网络存储功能(network repository function,NRF)网元、网络开放功能(network exposure function,NEF)网元和网络切片选择功能(network slice selection function,NSSF网元)网元等。下面分别对不同的核心网网元的功能进行介绍说明,具体如下所示。Furthermore, the core network may include the following logical network elements: session management function (SMF) network element, access and mobility management function (access and mobility management function, AMF network element) network element, authentication server function (authentication server function, AUSF) network element, user plane function (UPF) network element, application function (AF) network element, unified data management (UDM) network element, policy control function (policy control Function, PCF) network element, network storage function (network repository function, NRF) network element, network exposure function (NEF) network element, and network slice selection function (network slice selection function, NSSF network element) Network elements, etc. The functions of different core network elements are introduced and explained as follows.
SMF网元:核心网控制面网元,主要负责移动网络中的会话管理,比如,会话建立、修改、释放;具体功能如为用户分配IP地址、选择提供报文转发功能的UPF等。SMF network element: The control plane network element of the core network is mainly responsible for session management in the mobile network, such as session establishment, modification, and release; specific functions such as assigning IP addresses to users and selecting UPF that provides message forwarding functions.
AMF网元:核心网控制面网元,主要负责移动网络中的移动性管理,比如,用户位置更新、用户注册网络、用户切换等。AMF network element: The core network control plane network element is mainly responsible for the mobility management in the mobile network, such as user location update, user registration network, user handover, etc.
AUSF网元:核心网控制面网元,由运营商提供的控制面网元,用于执行认证,比如,用于执行3GPP网络对其签约用户的认证。AUSF network element: a core network control plane network element, a control plane network element provided by an operator, used to perform authentication, for example, to perform 3GPP network authentication for its subscribers.
UPF网元:核心网用户面网元,用于负责UE中用户数据的转发和接收,可以从DN接收用户数据,通过接入网设备传输给UE;UPF网元还可以通过接入网设备从UE接收用户数据,转发到DN。UPF network element: The user plane network element of the core network is responsible for the forwarding and receiving of user data in the UE. It can receive user data from the DN and transmit it to the UE through the access network equipment; the UPF network element can also be transmitted from the access network equipment through the access network equipment. The UE receives the user data and forwards it to the DN.
AF网元:主要支持与3GPP核心网交互来提供服务,例如影响数据路由决策,策略控制功能或者向网络侧提供第三方的一些服务。AF network element: It mainly supports interaction with the 3GPP core network to provide services, such as influencing data routing decisions, policy control functions, or providing third-party services to the network side.
UDM网元:核心网控制面网元,用于存储用户签约数据,生成认证信任状,用户标识处理(比如,存储和管理用户永久身份等),接入授权控制和签约数据管理等。UDM network element: core network control plane network element, used to store user subscription data, generate authentication credential, user identification processing (for example, storage and management of user permanent identities, etc.), access authorization control and subscription data management, etc.
PCF网元:核心网控制面网元,主要支持提供统一的策略框架来控制网络行为,提供策略规则给控制层网络功能,同时负责获取与策略决策相关的用户签约信息。PCF network element: the core network control plane network element, which mainly supports the provision of a unified policy framework to control network behavior, provides policy rules to the control layer network function, and is responsible for obtaining user subscription information related to policy decisions.
NRF网元:核心网控制面网元,用于支持服务发现功能,还可用于维护可用网络功能网元的信息以及各自支持的服务等。NRF network element: core network control plane network element, used to support the service discovery function, and can also be used to maintain the information of the available network function network elements and the services they support.
NEF网元:核心网控制面网元,主要用于负责移动网络能力的对外开放。NEF network element: The control plane network element of the core network, which is mainly used to open the mobile network capabilities to the outside world.
NSSF网元:核心网控制面网元,主要用于5G的切片业务,比如,负责目标网络切片实例(network slice instance,NSI)的选择。可选的,NSSF网元也可以替换为网络切片特定的认证和授权功能(network slice specific authentication and authorization function,NSSAAF)网元。NSSF network element: core network control plane network element, mainly used for 5G slicing services, for example, responsible for the selection of target network slice instance (NSI). Optionally, the NSSF network element may also be replaced with a network slice specific authentication and authorization function (network slice specific authentication and authorization function, NSSAAF) network element.
可选的,为了实现对切片进行与认证和授权相关的功能,可以引入网络切片特定认证和授权功能(network slice-specific authentication and authorization function,NSSAAF)网元。Optionally, in order to implement functions related to authentication and authorization of slices, a network slice-specific authentication and authorization function (network slice-specific authentication and authorization function, NSSAAF) network element may be introduced.
在图1所示的通信***中,UE可以通过N1接口与AMF网元通信,R(AN)设备可以通过N2接口与AMF网元通信,R(AN)设备可以通过N3接口与UPF网元通信,UPF网元可以通过N4接口与DN通信。另外,核心网中的网元可以通过服务化接口进行通信,比如,该服务化接口可以包括:N NSSF接口、N nef接口、N nrf接口、N pcf接口、N udm接口、N af接口、N ausf接口、N AMF接口和N nsm接口等。可以理解的是,在上述图1所示的通信***中,各网元的功能以及接口仅为示例性的,各个网元在应用于本申请的实施例中时,并非全部功能都是必需的。 In the communication system shown in Figure 1, the UE can communicate with the AMF network element through the N1 interface, the R(AN) device can communicate with the AMF network element through the N2 interface, and the R(AN) device can communicate with the UPF network element through the N3 interface. , UPF network element can communicate with DN through N4 interface. In addition, the network elements in the core network can communicate through a service interface. For example, the service interface can include: N NSSF interface, N nef interface, N nrf interface, N pcf interface, N udm interface, N af interface, N ausf interfaces, N AMF N nsm interfaces and interfaces. It can be understood that, in the communication system shown in FIG. 1 above, the functions and interfaces of each network element are only exemplary. When each network element is applied to the embodiment of the present application, not all functions are necessary. .
进一步的,在本申请中,该通信***还可以包括:认证、授权和计费(authentication authorization and accounting,AAA)服务器,AAA服务器(server)也可以称为AAA-S。AAA-S可以通过支持AAA-S与AMF网元通信的中间网元与AMF网元进行通信,该中间网元可以是AUSF网元、NEF网元、NSSAAF网元或者其他用于认证和授权流程的网元,等。可选的,该通信***还可以包括:认证、授权和计费代理(authentication authorization and accounting proxy,AAA-P)。当AAA-S与AMF网元通信时,AAA-S可以先与AAA-P通信,由AAA-P将AAA-S的通信信息通过AUSF网元、NEF网元或NSSAAF网元等中间网元发送给AMF网元;类似的,AMF网元通过AUSF网元、NEF网元或NSSAAF网元等中间网元将通信信息发送给AAA-P,由AAA-P发送给AAA-S。Further, in this application, the communication system may also include: an authentication, authorization and accounting (authentication authorization and accounting, AAA) server, and the AAA server (server) may also be referred to as AAA-S. AAA-S can communicate with AMF network elements through intermediate network elements that support communication between AAA-S and AMF network elements. The intermediate network elements can be AUSF network elements, NEF network elements, NSSAAF network elements, or other authentication and authorization processes. Network elements, etc. Optionally, the communication system may also include: authentication, authorization and accounting proxy (authentication authorization and accounting proxy, AAA-P). When AAA-S communicates with AMF network element, AAA-S can communicate with AAA-P first, and AAA-P will send the communication information of AAA-S through intermediate network elements such as AUSF network element, NEF network element or NSSAAF network element To the AMF network element; similarly, the AMF network element sends the communication information to the AAA-P through the AUSF network element, the NEF network element, or the NSSAAF network element and other intermediate network elements, and the AAA-P sends the communication information to the AAA-S.
图2为本申请实施例提供的一种网络切片控制方法的流程示意图,该方法可应用于图1所描述的通信***中,该方法包括以下几个步骤。FIG. 2 is a schematic flowchart of a network slicing control method provided by an embodiment of the application. The method can be applied to the communication system described in FIG. 1. The method includes the following steps.
S201:AMF网元发送第一信息,以使AAA-S接收第一信息,第一信息包括第一网络切片的切片信息和第一UE的第一标识,其中,允许或待允许第一UE接入的网络切片包括第一网络切片。S201: The AMF network element sends the first information so that the AAA-S receives the first information. The first information includes the slice information of the first network slice and the first identifier of the first UE, where the first UE is allowed or to be allowed to access The incoming network slice includes the first network slice.
其中,第一网络切片的切片信息可以用于标识、选择或者确定第一网络切片,比如,该切片信息可以是第一网络切片的S-NSSAI,或者该切片信息可以是第一网络切片的S-NSSAI映射后的标识信息,下文中可以将该映射后的标识称为映射标识,映射 标识用于外部网络或第三方网络识别网络切片,还可以称为切片外部标识。第一UE的第一标识可以用于在整个通信***中的标识第一UE,比如,第一UE的第一标识可以是第一UE的通用公共用户标识(generic public subscription identifier,GPSI)。The slice information of the first network slice may be used to identify, select, or determine the first network slice. For example, the slice information may be the S-NSSAI of the first network slice, or the slice information may be the S-NSSAI of the first network slice. -NSSAI mapped identification information. Hereinafter, the mapped identification may be referred to as a mapping identification. The mapping identification is used to identify a network slice by an external network or a third-party network, and may also be referred to as a slice external identification. The first identifier of the first UE may be used to identify the first UE in the entire communication system. For example, the first identifier of the first UE may be a generic public subscription identifier (GPSI) of the first UE.
另外,允许第一UE接入的网络切片(allowed NSSAI)可以包括至少一个网络切片,即allowed NSSAI可以包括一个或者多个S-NSSAI。这至少一个网络可以包括第一网络切片,且第一网络切片可以是这至少一个网络中需要授权的网络切片。或者,待允许第一UE接入的网络切片(pending NSSAI也可以称为需要认证和授权的NSSAI或者待处理的NSSAI)可以包括至少一个网络切片,即pending NSSAI可以包括一个或者多个S-NSSAI。这至少一个网络切片可以包括第一网络切片。该pending NSSAI通过认证授权之后即可被包含在allowed NSSAI中,即该pending NSSAI通过认证授权之后即可允许UE接入。所述允许和待允许的NSSAI为临时允许第一UE接入的网络切片,其中包含的网络切片若需要认证授权,则该网络切片为等待处理的切片,该网络切片只有认证授权通过之后,才可以允许UE接入;否则,不允许UE接入。In addition, the network slice (allowed NSSAI) that the first UE is allowed to access may include at least one network slice, that is, the allowed NSSAI may include one or more S-NSSAIs. The at least one network may include a first network slice, and the first network slice may be a network slice that requires authorization in the at least one network. Alternatively, the network slice (pending NSSAI that requires authentication and authorization or NSSAI to be processed) to be allowed to be accessed by the first UE may include at least one network slice, that is, the pending NSSAI may include one or more S-NSSAIs. . The at least one network slice may include the first network slice. The pending NSSAI can be included in the allowed NSSAI after passing the authentication and authorization, that is, the pending NSSAI can allow the UE to access after passing the authentication and authorization. The allowed and to-be-allowed NSSAIs are network slices temporarily allowed to be accessed by the first UE. If the network slices contained therein require authentication and authorization, then the network slices are slices waiting to be processed, and the network slices can only be processed after the authentication and authorization are passed. The UE can be allowed to access; otherwise, the UE is not allowed to access.
再者,该AMF网元可以是服务第一UE的AMF网元。在本申请实施例中,该AMF网元也可以替换为其他能够发起网络切片控制流程的其他网元,本申请实施例对此不作具体限制。Furthermore, the AMF network element may be an AMF network element serving the first UE. In the embodiment of the present application, the AMF network element can also be replaced with other network elements capable of initiating the network slicing control process, which is not specifically limited in the embodiment of the present application.
具体的,当该AMF网元确定第一网络切片需要授权时,该AMF网元可以在第一网络切片的授权流程中向认证授权网元发送第一信息(即第一信息可以承载在授权请求消息中),或者在第一网络切片的认证授权流程中向认证授权网元发送第一信息(即第一信息可以承载在认证授权请求消息中),上述第一信息可以包括第一网络切片的S-NSSAI和第一UE的GPSI。当该认证授权网元接收到第一信息时,该认证授权网元可以向AAA-S发送第一转发信息,第一转发信息可以包括第一网络切片的S-NSSAI和第一UE的GPSI,或者第一转发信息包括第一网络切片的映射标识和第一UE的GPSI,第一转发信息可以是与第一信息等价的信息,从而第一转发信息也可以替换为或者称为第一信息。可选的,当该认证授权网元无法与AAA-S直接通信时,该认证授权网元可以向AAA-P发送第一转发信息,当AAA-P接收到第一转发信息时,该AAA-P可以将第一转发信息发送给AAA-S。可选的,若AAA-S只管理一种网络切片,则该AAA-S接收到的第一信息或者第一转发信息中还可以不包括第一网络切片的切片信息,比如,第一信息中不包括第一网络切片的S-NSSAI。Specifically, when the AMF network element determines that the first network slice requires authorization, the AMF network element may send the first information to the authentication and authorization network element in the authorization process of the first network slice (that is, the first information may be carried in the authorization request Message), or send the first information to the authentication and authorization network element in the authentication and authorization process of the first network slice (that is, the first information may be carried in the authentication and authorization request message), the above-mentioned first information may include the information of the first network slice S-NSSAI and GPSI of the first UE. When the authentication and authorization network element receives the first information, the authentication and authorization network element may send the first forwarding information to the AAA-S, and the first forwarding information may include the S-NSSAI of the first network slice and the GPSI of the first UE, Or the first forwarding information includes the mapping identifier of the first network slice and the GPSI of the first UE, and the first forwarding information may be information equivalent to the first information, so the first forwarding information may also be replaced with or referred to as first information . Optionally, when the authentication and authorization network element cannot directly communicate with the AAA-S, the authentication and authorization network element may send the first forwarding information to the AAA-P, and when the AAA-P receives the first forwarding information, the AAA-S P may send the first forwarding information to AAA-S. Optionally, if the AAA-S manages only one type of network slice, the first information or the first forwarding information received by the AAA-S may not include the slice information of the first network slice, for example, in the first information The S-NSSAI of the first network slice is not included.
需要说明的是,本申请实施例中的认证授权网元可以为能够支持该AMF网元与该AAA-S通信的具有认证授权功能的任一网元,比如,该认证授权网元可以为AUSF网元、NEF网元或者NSSAAF网元等,本申请实施例对此不作具体限制。It should be noted that the authentication and authorization network element in the embodiment of the present application may be any network element with authentication and authorization functions that can support the communication between the AMF network element and the AAA-S. For example, the authentication and authorization network element may be AUSF Network elements, NEF network elements, or NSSAAF network elements, etc., which are not specifically limited in the embodiment of the present application.
在一种可能的实施例中,第一信息还可以包括第一UE在第一网络切片中的第二标识,第二标识可以用于在第一网络切片中标识第一UE,比如,第一UE的第二标识可以为第一UE在第一网络切片中的切片特定标识(slice-specific ID)。其中,第一UE的第二标识可以是该AMF网元从第一UE获取的,当允许第一UE接入的至少一个网络切片中存在多个网络切片需要授权时,该AMF网元可以一次性地从第一UE中获取第一UE在需要授权的多个网络切片中的第二标识,也可以每次从第一UE中获取一个或者多个第二标识,通过多次获取过程以得到第一UE在需要授权的多个网络切片 中的第二标识。In a possible embodiment, the first information may also include a second identifier of the first UE in the first network slice, and the second identifier may be used to identify the first UE in the first network slice, for example, the first UE The second identifier of the UE may be a slice-specific ID of the first UE in the first network slice. Wherein, the second identity of the first UE may be obtained by the AMF network element from the first UE. When there are multiple network slices that require authorization in at least one network slice that the first UE is allowed to access, the AMF network element may The second identities of the first UE in multiple network slices that need to be authorized are acquired from the first UE, and one or more second identities can also be acquired from the first UE each time, through multiple acquisition processes to obtain The second identifier of the first UE in multiple network slices that need to be authorized.
在另一种可能的实施例中,该AMF网元向认证授权网元发送的第一信息还可以包括AAA-S的标识,该AAA-S的标识可以用于该认证授权网元寻址AAA-S;当该认证授权网元无法与AAA-S直接通信时,该认证授权网元向AAA-P发送的第一转发信息中也可以包括该AAA-S的标识,该AAA-S的标识可以用于该AAA-P寻址AAA-S。AAA-S接收到的第一信息或者第一转发信息中可以不包括该AAA-S的标识。In another possible embodiment, the first information sent by the AMF network element to the authentication and authorization network element may also include an AAA-S identifier, and the AAA-S identifier may be used for the authentication and authorization network element to address AAA. -S; when the authentication and authorization network element cannot directly communicate with AAA-S, the first forwarding information sent by the authentication and authorization network element to AAA-P may also include the identity of the AAA-S and the identity of the AAA-S This AAA-P can be used to address AAA-S. The first information or the first forwarding information received by the AAA-S may not include the AAA-S identifier.
具体的,当该AAA-S接收到第一信息时,该AAA-S可以根据第一信息执行授权检查,并确定第一切片控制信息。具体的,当第一信息包括第一网络切片的切片信息和第一UE的第一标识时,该AAA-S可以根据第一网络切片的切片信息确定第一网络切片,从而根据第一UE的第一标识对第一网络切片执行授权检查;当第一信息还包括第一UE的第二标识时,该AAA-S还可以根据第一UE的第二标识对第一网络切片执行授权检查。Specifically, when the AAA-S receives the first information, the AAA-S may perform an authorization check according to the first information, and determine the first slice control information. Specifically, when the first information includes the slice information of the first network slice and the first identifier of the first UE, the AAA-S may determine the first network slice according to the slice information of the first network slice, and thus according to the slice information of the first UE The first identifier performs authorization check on the first network slice; when the first information further includes the second identifier of the first UE, the AAA-S may also perform authorization check on the first network slice according to the second identifier of the first UE.
进一步的,该AMF网元确定第一网络切片需要授权,可以包括:该AMF网元获取允许第一UE接入的网络切片的授权指示信息,该授权指示信息可以用于指示允许第一UE接入的至少一个网络切片是否需要授权,从而该AMF网元可以根据该授权指示信息确定第一网络切片需要授权,即第一网络切片是需要授权的网络切片。其中,该AMF网元可以从本地获取该授权指示信息;或者,该AMF网元在获取第一UE的签约信息时获取该授权指示信息,比如,该AMF网元从UDM网元中获取第一UE的签约信息,该签约信息包括该授权指示信息;或者,当该授权指示信息存储在NSSF网元中时,该AMF网元还可以从NSSF网元中获取该授权指示信息。Further, the AMF network element determining that the first network slice requires authorization may include: the AMF network element obtains authorization indication information of the network slice that allows the first UE to access, and the authorization indication information may be used to indicate that the first UE is allowed to access. Whether the at least one incoming network slice requires authorization, so that the AMF network element can determine that the first network slice requires authorization according to the authorization indication information, that is, the first network slice is a network slice that requires authorization. The AMF network element may obtain the authorization indication information locally; or, the AMF network element may obtain the authorization indication information when obtaining the subscription information of the first UE. For example, the AMF network element may obtain the first UE from the UDM network element. The subscription information of the UE, the subscription information includes the authorization indication information; or, when the authorization indication information is stored in the NSSF network element, the AMF network element may also obtain the authorization indication information from the NSSF network element.
S202:该AAA-S发送第二信息,以使该AMF网元接收第二信息,第二信息包括第一切片控制信息,第一切片控制信息为用于控制第一UE对第一网络切片使用的信息。S202: The AAA-S sends second information so that the AMF network element receives the second information. The second information includes the first slice control information, and the first slice control information is used to control the first UE to the first network. Information used by the slice.
其中,第一切片控制信息也可以称为UE粒度的切片控制信息。比如,第一切片控制信息可以包括以下至少一项:切片的聚合最大比特率(slice aggregate maximum bit rate,slice-AMBR),切片的最大流量比特率(slice maximum flow bit rate,slice-MFBR),切片的保证流比特率(slice guaranteed flow bit rate,slice-GFBR),切片上第一UE的AMBR(slice-UE-AMBR),切片上第一UE的最大PDU会话数量。其中。切片的聚合最大比特率(slice aggregate maximum bit rate,slice-AMBR),用于控制UE的切片上non-GBR QoS flow的最大聚合比特率。切片的最大流量比特率(slice maximum flow bit rate,slice-MFBR),用于控制GBR QoS flow的最大聚合比特率。切片上第一UE的AMBR(slice-UE-AMBR),用于控制UE的切片上的non-GBR QoS flow和GBR QoS flow的最大聚合比特率。GBR为保证比特速率的英文guaranteed bit rate的缩写。The first slice control information may also be referred to as UE granularity slice control information. For example, the first slice control information may include at least one of the following: slice aggregate maximum bit rate (slice aggregate maximum bit rate, slice-AMBR), slice maximum flow bit rate (slice maximum flow bit rate, slice-MFBR) , Slice guaranteed flow bit rate (slice-GFBR), slice-UE-AMBR (slice-UE-AMBR) of the first UE on the slice, and the maximum number of PDU sessions for the first UE on the slice. in. The slice aggregate maximum bit rate (slice aggregate maximum bit rate, slice-AMBR) is used to control the maximum aggregate bit rate of the non-GBR QoS flow on the UE slice. The slice maximum flow bit rate (slice maximum flow bit rate, slice-MFBR) is used to control the maximum aggregate bit rate of GBR QoS flow. The AMBR (slice-UE-AMBR) of the first UE on the slice is used to control the maximum aggregate bit rate of the non-GBR QoS flow and GBR QoS flow on the UE slice. GBR is the abbreviation of guaranteed bit rate in English.
具体的,该AAA-S可以向该认证授权网元发送第二信息,或者,该AAA-S通过AAA-P向该认证授权网元发送第二信息,上述第二信息可以包括第一切片控制信息;可选的,第二信息还可以包括第一网络切片的S-NSSAI或第一网络切片的外部标识。当该认证授权网元接收到第二信息时,该认证授权网元可以向该AMF网元发送第二转发信息,第二转发信息可以包括第一切片控制信息;可选的,若第二信息包括第一网络切片的S-NSSAI,第二转发信息还可以包括第一网络切片的S-NSSAI。若第二信 息包括第一网络切片的外部标识,第二转发信息还可以包括第一网络切片的外部标识或第一网络切片的S-NSSAI,S-NSSAI为根据外部标识确定。第二转发信息可以是与第二信息等价的信息,从而第二转发信息也可以替换为或者称为第二信息。比如,在第一网络切片的授权流程中,该认证授权网元可以向该AMF网元发送授权响应消息,该授权响应消息包括第二转发信息;或者,比如,在第一网络切片的认证授权流程中,该认证授权网元可以向该AMF网元发送认证授权响应消息,该认证授权响应消息包括第二转发信息。Specifically, the AAA-S may send the second information to the authentication and authorization network element, or the AAA-S may send the second information to the authentication and authorization network element through AAA-P, and the above-mentioned second information may include the first slice Control information; optionally, the second information may also include the S-NSSAI of the first network slice or the external identifier of the first network slice. When the authentication and authorization network element receives the second information, the authentication and authorization network element may send the second forwarding information to the AMF network element, and the second forwarding information may include the first slice control information; optionally, if the second The information includes the S-NSSAI of the first network slice, and the second forwarding information may also include the S-NSSAI of the first network slice. If the second information includes the external identifier of the first network slice, the second forwarding information may also include the external identifier of the first network slice or the S-NSSAI of the first network slice, and the S-NSSAI is determined according to the external identifier. The second forwarding information may be information equivalent to the second information, so the second forwarding information may also be replaced with or referred to as second information. For example, in the authorization process of the first network slice, the authentication and authorization network element may send an authorization response message to the AMF network element, and the authorization response message includes the second forwarding information; or, for example, the authentication and authorization in the first network slice In the process, the authentication and authorization network element may send an authentication and authorization response message to the AMF network element, and the authentication and authorization response message includes the second forwarding information.
在一种可能的实施例中,当该AMF网元接收到第二信息时,该AMF网元可以将第二信息中包括的第一切片控制信息存储在第一UE的上下文中。在另一种可能的实施例中,该AMF网元可以向UDM网元发送第一切片控制信息,当该UDM网元接收到第一切片控制信息时,该UDM网元可以存储第一切片控制信息,比如,该UDM将第一切片控制信息存储在第一UE的上下文信息中。可选的,该AMF网元还可以将第二切片控制信息发送给RAN设备或AN设备。In a possible embodiment, when the AMF network element receives the second information, the AMF network element may store the first slice control information included in the second information in the context of the first UE. In another possible embodiment, the AMF network element may send the first slice control information to the UDM network element. When the UDM network element receives the first slice control information, the UDM network element may store the first slice control information. The slice control information, for example, the UDM stores the first slice control information in the context information of the first UE. Optionally, the AMF network element may also send the second slice control information to the RAN device or the AN device.
在又一种可能的实施例中,该AMF网元将第一切片控制信息发送给PCF网元,PCF网元可以向该AMF网元发送授权切片控制信息,该授权切片控制信息为授权的用于控制第一UE对第一网络切片使用的信息,该授权切片控制信息可以与第一切片控制信息相同,也可以与第一切片控制信息不同。进一步的,当该AMF网元接收到该授权切片控制信息时,该AMF网元将该授权切片控制信息存储在第一UE的上下文信息中。此外,该AMF网元还可以向该UDM网元发送该授权切片控制信息,以使该UDM网元存储授权切片控制信息。In another possible embodiment, the AMF network element sends the first slice control information to the PCF network element, and the PCF network element may send authorized slice control information to the AMF network element, and the authorized slice control information is authorized Information used to control the use of the first network slice by the first UE, and the authorized slice control information may be the same as or different from the first slice control information. Further, when the AMF network element receives the authorized slice control information, the AMF network element stores the authorized slice control information in the context information of the first UE. In addition, the AMF network element may also send the authorized slice control information to the UDM network element, so that the UDM network element stores the authorized slice control information.
在本申请实施例中,通过该AMF网元向AAA-S上报第一信息、AAA-S根据第一信息下发第一切片控制信息,第一切片控制信息为用于控制第一UE对第一网络切片使用的信息,这样可以使该AAA-S合理地为第一UE分配切片控制信息,同时该AMF网元可以动态地获取第一UE的切片控制信息,从而提高网络切片控制的灵活性和用户体验。In this embodiment of the application, the AMF network element reports the first information to the AAA-S, and the AAA-S delivers the first slice control information according to the first information, and the first slice control information is used to control the first UE For the information used by the first network slice, the AAA-S can reasonably allocate slice control information to the first UE. At the same time, the AMF network element can dynamically obtain the slice control information of the first UE, thereby improving network slice control. Flexibility and user experience.
进一步的,如图3所示,该方法还包括:S203。Further, as shown in FIG. 3, the method further includes: S203.
S203:当该AAA-S确定第一切片控制信息发生变更时,该AAA-S发送第三信息,以使该AMF网元接收第三信息,第三信息包括第二切片控制信息,第二切片控制信息用于更新用于控制第一UE对第一网络切片使用的信息。S203: When the AAA-S determines that the first slice control information has changed, the AAA-S sends third information so that the AMF network element receives the third information, the third information includes the second slice control information, and the second The slice control information is used to update information used to control the use of the first network slice by the first UE.
其中,该AAA-S可以向该认证授权网元发送第三信息,或者,该AAA-S通过AAA-P向该认证授权网元发送第三信息,上述第三信息可以包括第二切片控制信息;可选的,第三信息还可以包括第一UE的第一标识(比如,GPSI),和/或,第一网络切片的切片信息(比如,S-NSSAI,或切片外部标识)。当该认证授权网元接收到第三信息时,该认证授权网元可以向该AMF网元发送第三转发信息,第三转发信息可以包括第二切片控制信息,第三转发信息可以是与第三信息等价的信息,从而第三转发信息也可以替换为或者称为第三信息。比如,该认证授权网元可以向该AMF网元发送授权通知消息,该授权通知消息包括第三转发信息。Wherein, the AAA-S may send third information to the authentication and authorization network element, or the AAA-S may send third information to the authentication and authorization network element through AAA-P, and the third information may include second slice control information Optionally, the third information may also include the first identifier of the first UE (for example, GPSI), and/or the slice information of the first network slice (for example, S-NSSAI, or slice external identifier). When the authentication and authorization network element receives the third information, the authentication and authorization network element may send third forwarding information to the AMF network element, the third forwarding information may include the second slice control information, and the third forwarding information may be related to the first The three pieces of information are equivalent information, so that the third forwarding information can also be replaced or referred to as third information. For example, the authentication and authorization network element may send an authorization notification message to the AMF network element, and the authorization notification message includes third forwarding information.
可选的,允许或待允许第二UE接入的网络切片包括第一网络切片,当该AAA-S确定确第二UE在第一网络切片中的切片控制信息发生变更时,第三信息还包括第三 切片控制信息,第三切片控制信息用于更新用于控制第二UE对第一网络切片使用的信息。Optionally, the network slice that the second UE is allowed or to be allowed to access includes the first network slice, and when the AAA-S determines that the slice control information of the second UE in the first network slice is changed, the third information is also The third slice control information is included, and the third slice control information is used to update information used for controlling the second UE to use the first network slice.
可选的,允许或待允许第二UE接入的网络切片包括第二网络切片,当该AAA-S确定第二UE在第二网络切片中的切片控制信息发生变更时,第三信息还包括第四切片控制信息,第四切片控制信息用于更新用于控制第二UE对第二网络切片使用的信息。此时,若服务第一UE的AMF网元和服务第二UE的AMF网元相同,则该认证授权网元向该AMF网元发送的第三转发信息还可以包括第四切片控制信息;若服务第一UE的AMF网元和服务第二UE的AMF网元不同,则该认证授权网元可以向服务第二UE的AMF网元发送第四切片控制信息,而向服务第一UE的AMF网元发送的第三转发信息中不包括第四切片控制信息。Optionally, the network slice that the second UE is allowed or to be allowed to access includes the second network slice, and when the AAA-S determines that the slice control information of the second UE in the second network slice is changed, the third information further includes The fourth slice control information, the fourth slice control information is used to update information used to control the second UE to use the second network slice. At this time, if the AMF network element serving the first UE is the same as the AMF network element serving the second UE, the third forwarding information sent by the authentication and authorization network element to the AMF network element may also include fourth slice control information; if If the AMF network element serving the first UE is different from the AMF network element serving the second UE, the authentication and authorization network element may send fourth slice control information to the AMF network element serving the second UE, and to the AMF network element serving the first UE The third forwarding information sent by the network element does not include the fourth slice control information.
示例性的,如图4所示,该方法包括:S1-S3b。Exemplarily, as shown in FIG. 4, the method includes: S1-S3b.
S1.AAA-S确定多个UE的切片控制信息发生变更,图4中以多个UE包括UE1、UE2、UE3和UE4,服务UE1和UE2的AMF网元为AMF1网元、服务UE3和UE4为AMF2网元、AAA-S与认证授权网元直接通信为例进行说明;S1.AAA-S determines that the slice control information of multiple UEs has changed. In Figure 4, multiple UEs include UE1, UE2, UE3, and UE4, the AMF network element serving UE1 and UE2 is the AMF1 network element, and the serving UE3 and UE4 are The direct communication between AMF2 network element, AAA-S and authentication and authorization network element will be explained as an example;
S2.该AAA-S向认证授权网元发送第一AAA协议消息,第一AAA协议消息包括第三信息,第三信息包括多个UE的切片控制信息列表,比如,该切片控制信息列表包括UE1对应的{GPSI_1,S-NSSAI_1,切片控制信息1}、UE2对应的{GPSI_2,S-NSSAI_2,切片控制信息2}、UE3对应的{GPSI_3,S-NSSAI_3,切片控制信息3}和UE4对应的{GPSI_4,S-NSSAI_4,切片控制信息4};S2. The AAA-S sends a first AAA protocol message to the authentication and authorization network element, the first AAA protocol message includes third information, and the third information includes slice control information lists of multiple UEs. For example, the slice control information list includes UE1. Corresponding {GPSI_1, S-NSSAI_1, slice control information 1}, {GPSI_2, S-NSSAI_2, slice control information 2} corresponding to UE2, {GPSI_3, S-NSSAI_3, slice control information 3} corresponding to UE3, and UE4 {GPSI_4, S-NSSAI_4, slice control information 4};
S3a.该认证授权网元向AMF1网元发送第一授权通知消息,第一授权通知消息包括{GPSI_1,S-NSSAI_1,切片控制信息1}和{GPSI_2,S-NSSAI_2,切片控制信息2};S3a. The authentication and authorization network element sends a first authorization notification message to the AMF1 network element, the first authorization notification message includes {GPSI_1, S-NSSAI_1, slice control information 1} and {GPSI_2, S-NSSAI_2, slice control information 2};
S3b.该认证授权网元向AMF2网元发送第二授权通知消息,第二授权通知消息包括{GPSI_3,S-NSSAI_3,切片控制信息3}和{GPSI_4,S-NSSAI_4,切片控制信息4}。S3b. The authentication and authorization network element sends a second authorization notification message to the AMF2 network element. The second authorization notification message includes {GPSI_3, S-NSSAI_3, slice control information 3} and {GPSI_4, S-NSSAI_4, slice control information 4}.
当AMF1网元接收到第一授权通知消息,AMF2网元接收到第一授权通知消息时,AMF1网元和AMF2网元可以分别更新UE的切片控制信息,并执行后续动作。When the AMF1 network element receives the first authorization notification message and the AMF2 network element receives the first authorization notification message, the AMF1 network element and the AMF2 network element can update the slice control information of the UE respectively and perform subsequent actions.
需要说明的是,该AAA-S发送的切片控制信息列表还可以是其他格式,比如,同一网络切片不同UE的切片控制信息可以位于切片控制信息列表的一条信息中,或者同一UE在不同网络切片中的切片控制信息可以切片控制信息列表的一条信息中,或者,同一UE的不同信息的排列顺序也可以不同等,本申请实施例对此不作具体限制。比如,UE1和UE2在同一网络切片上的切片控制信息可以表示为{S-NSSAI_1:GPSI 1,切片控制信息1;GPSI2,切片控制信息2};或者,UE1在不同网络切片上的切片控制信息可以表示为{GPSI1:S-NSSAI_1,切片控制信息1;S-NSSAI_2,切片控制信息2}。It should be noted that the slice control information list sent by the AAA-S may also be in other formats. For example, slice control information for different UEs in the same network slice may be in one piece of information in the slice control information list, or the same UE may be in different network slices. The slice control information in may be in a piece of information in the slice control information list, or the arrangement order of different information of the same UE may also be different, which is not specifically limited in the embodiment of the present application. For example, the slice control information of UE1 and UE2 on the same network slice can be expressed as {S-NSSAI_1: GPSI 1, slice control information 1; GPSI2, slice control information 2}; or, UE1’s slice control information on different network slices It can be expressed as {GPSI1: S-NSSAI_1, slice control information 1; S-NSSAI_2, slice control information 2}.
在一种可能的实施中,当该AMF网元接收到第三信息时,该AMF网元使用第三信息中的第二切片控制信息更新之前存储的第一切片控制信息或者授权切片控制信息,比如,该AMF网元删除第一UE的上下文中的第一切片控制信息或者授权切片控制信息,并将第二切片控制信息存储在第一UE的上下文中。可选的,当第三信息还包括第三切片控制信息时,该AMF网元还可以将第三切片控制信息存储在第二UE的上下文中,或者使用第三切片控制信息更新第二UE的上下文中之前存储的第二UE 的切片控制信息。In a possible implementation, when the AMF network element receives the third information, the AMF network element uses the second slice control information in the third information to update the previously stored first slice control information or authorized slice control information For example, the AMF network element deletes the first slice control information or authorized slice control information in the context of the first UE, and stores the second slice control information in the context of the first UE. Optionally, when the third information further includes third slice control information, the AMF network element may also store the third slice control information in the context of the second UE, or use the third slice control information to update the second UE’s The slice control information of the second UE previously stored in the context.
在另一种可能的实施中,该AMF网元还可以将第二切片控制信息发送给UDM网元,以使UDM网元更新第一UE的签约信息的第一切片控制信息。在又一种可能的实施例中,该AMF网元将第二切片控制信息发送给PCF网元,以使该PCF网元对第二切片控制信息进行授权检查。可选的,该AMF网元还可以将第二切片控制信息发送给RAN设备或AN设备。In another possible implementation, the AMF network element may also send the second slice control information to the UDM network element, so that the UDM network element updates the first slice control information of the subscription information of the first UE. In another possible embodiment, the AMF network element sends the second slice control information to the PCF network element, so that the PCF network element performs authorization check on the second slice control information. Optionally, the AMF network element may also send the second slice control information to the RAN device or the AN device.
进一步的,本申请实施例提供的网络切片控制方法还可以应用于服务第一UE的AMF网元发生切换的场景下,即服务第一UE的AMF网元从源AMF网元切换为目标AMF网元。具体的,当服务第一UE的AMF网元发生切换时,源AMF网元可以将第一UE的上下文发送给目标AMF网元,由目标AMF网元执行本申请实施例中AMF网元的步骤。Further, the network slicing control method provided in the embodiments of the present application can also be applied to the scenario where the AMF network element serving the first UE is switched, that is, the AMF network element serving the first UE is switched from the source AMF network element to the target AMF network. Yuan. Specifically, when the AMF network element serving the first UE is switched, the source AMF network element may send the context of the first UE to the target AMF network element, and the target AMF network element executes the steps of the AMF network element in the embodiment of this application. .
在上述流程中,切片标识在传输的过程中可以被中间网元映射成新的标识或者直接使用接收到的标识,本申请实施例对此不做具体限制。In the above process, the slice identifier can be mapped into a new identifier by the intermediate network element during the transmission process or the received identifier can be used directly, which is not specifically limited in the embodiment of the present application.
为便于理解,下面分别以在第一网络切片的授权流程和在第一网络切片的认证授权流程中实现网络切片控制为例,对本申请实施例提供的方案进行举例说明,具体如下图5和图6所示。下述举例中以认证授权网元通过AAA-P与AAA-S通信为例进行说明。For ease of understanding, the following takes the authorization process of the first network slice and the realization of network slice control in the authentication and authorization process of the first network slice as examples to illustrate the solutions provided in the embodiments of the present application, as shown in Figures 5 and 5 below. 6 shown. In the following example, the authentication and authorization network element communicates with AAA-S through AAA-P as an example for description.
图5为本申请实施例提供的一种在第一网络切片的授权流程中实现网络切片控制的示意图。具体的,该方法包括:S01-S11。FIG. 5 is a schematic diagram of implementing network slicing control in the authorization process of the first network slicing according to an embodiment of the application. Specifically, the method includes: S01-S11.
S01.第一UE向AMF网元发送注册请求(registration request)消息;S01. The first UE sends a registration request (registration request) message to the AMF network element;
S02.当该AMF网元接收到注册请求消息时,该AMF网元从本地、UDM网元或者NSSF网元中获取允许第一UE接入的网络切片的授权指示信息;S02. When the AMF network element receives the registration request message, the AMF network element obtains authorization indication information of the network slice that the first UE is allowed to access from the local, UDM network element, or NSSF network element;
S03.该AMF网元根据该授权指示信息确定第一网络切片需要授权;S03. The AMF network element determines that the first network slice requires authorization according to the authorization indication information;
S04(该步骤为可选步骤).该AMF网元从第一UE中获取第一UE在第一网络切片中的第二标识;S04 (this step is an optional step). The AMF network element obtains the second identity of the first UE in the first network slice from the first UE;
S05.该AMF网元向认证授权网元发送授权请求(authorize request)消息,该授权请求消息包括第一信息,第一信息可以包括第一UE的GPSI和第一网络切片的S-NSSAI,可选的,第一信息还包括第一UE的第二标识;S05. The AMF network element sends an authorize request message to the authentication and authorization network element, where the authorization request message includes first information. The first information may include the GPSI of the first UE and the S-NSSAI of the first network slice. Optionally, the first information further includes the second identifier of the first UE;
S06.当该认证授权网元接收到该授权请求消息时,该认证授权网元向AAA-P发送第一AAA协议消息,第一AAA协议消息包括第一信息;S06. When the authentication and authorization network element receives the authorization request message, the authentication and authorization network element sends a first AAA protocol message to AAA-P, and the first AAA protocol message includes the first information;
S07.当该AAA-P接收到第一AAA协议消息时,该AAA-P向AAA-S发送第二AAA协议消息,第二AAA协议消息包括第一信息;S07. When the AAA-P receives the first AAA protocol message, the AAA-P sends a second AAA protocol message to AAA-S, and the second AAA protocol message includes the first information;
S08.当该AAA-S接收到第二AAA协议消息时,该AAA-S向AAA-P发送第三AAA协议消息,第三AAA协议消息包括第二信息,第二信息包括第一切片控制信息;S08. When the AAA-S receives the second AAA protocol message, the AAA-S sends a third AAA protocol message to the AAA-P, the third AAA protocol message includes the second information, and the second information includes the first slice control information;
S09.当该AAA-P接收到第三AAA协议消息时,该AAA-P向该认证授权网元发送第四AAA协议消息,第四AAA协议消息包括第二信息;S09. When the AAA-P receives the third AAA protocol message, the AAA-P sends a fourth AAA protocol message to the authentication and authorization network element, and the fourth AAA protocol message includes the second information;
S10.当该认证授权网元接收到第四AAA协议消息时,该认证授权网元向该AMF网元发送授权响应(authorize response)消息,该授权响应消息包括第二信息;S10. When the authentication and authorization network element receives the fourth AAA protocol message, the authentication and authorization network element sends an authorization response (authorize response) message to the AMF network element, where the authorization response message includes the second information;
S11.当该AMF网元接收到该授权响应消息时,该AMF网元可以存储第二信息中 包括的第一切片控制信息,并执行后续动作。S11. When the AMF network element receives the authorization response message, the AMF network element may store the first slice control information included in the second information, and perform subsequent actions.
进一步的,该方法还可以包括:S12-S15。Further, the method may also include: S12-S15.
S12.当该AAA-S确定第一切片控制信息发生变更时,该AAA-S向AAA-P发送第五AAA协议消息,第五AAA协议消息包括第三信息,第三信息包括第二切片控制信息;S12. When the AAA-S determines that the first slice control information has changed, the AAA-S sends a fifth AAA protocol message to the AAA-P. The fifth AAA protocol message includes the third information, and the third information includes the second slice. Control information
S13.该AAA-P向该认证授权网元发送第六AAA协议消息,第六AAA协议消息包括第三信息;S13. The AAA-P sends a sixth AAA protocol message to the authentication and authorization network element, and the sixth AAA protocol message includes the third information;
S14.当该认证授权网元接收到第六AAA协议消息时,该认证授权网元向该AMF网元发送授权通知(authorize notification)消息,该授权通知消息包括第三信息;S14. When the authentication and authorization network element receives the sixth AAA protocol message, the authentication and authorization network element sends an authorization notification (authorize notification) message to the AMF network element, where the authorization notification message includes the third information;
S15.当该AMF网元接收到该授权通知消息时,该AMF网元可以存储第三信息,即使用第三信息包括的第二切片控制信息更新第一切片控制信息,并执行后续动作。S15. When the AMF network element receives the authorization notification message, the AMF network element may store the third information, that is, use the second slice control information included in the third information to update the first slice control information, and perform subsequent actions.
图6为本申请实施例提供的一种在第一网络切片的认证授权流程中实现网络切片控制的示意图。具体的,该方法包括:FIG. 6 is a schematic diagram of implementing network slicing control in the authentication and authorization process of the first network slicing according to an embodiment of the application. Specifically, the method includes:
S20.AMF网元确定第一网络切片需要执行认证授权流程;S20. The AMF network element determines that the first network slice needs to perform an authentication and authorization process;
S21.该AMF网元向第一UE发送第一非接入层(non-access stratum,NAS)移动管理(mobility management,MM)传输(transport)消息,第一NAS MM传输消息包括扩展的认证协议EAP(extensible authentication protocol,EAP)ID请求(即用于请求EAP ID的信息)和第一网络切片的S-NSSAI;S21. The AMF network element sends a first non-access stratum (NAS) mobility management (mobility management, MM) transport message to the first UE, and the first NAS MM transport message includes an extended authentication protocol EAP (extensible authentication protocol, EAP) ID request (that is, information used to request EAP ID) and the S-NSSAI of the first network slice;
S22.当第一UE接收到第一NAS MM传输消息时,第一UE向该AMF网元发送第二NAS MM传输消息,第二NAS MM传输消息包括EAP ID响应(即用于响应EAP ID请求的信息)和第一网络切片的S-NSSAI;S22. When the first UE receives the first NAS MM transmission message, the first UE sends a second NAS MM transmission message to the AMF network element. The second NAS MM transmission message includes an EAP ID response (that is, used to respond to an EAP ID request Information) and the S-NSSAI of the first network slice;
S23.该AMF网元向认证授权网元发送第一认证请求消息,第一认证请求消息包括信息A,该信息A包括EAP ID响应、第一UE的GPSI和第一网络切片的S-NSSAI;S23. The AMF network element sends a first authentication request message to the authentication and authorization network element, the first authentication request message includes information A, and the information A includes the EAP ID response, the GPSI of the first UE, and the S-NSSAI of the first network slice;
S24.当该认证授权网元接收到第一认证请求消息时,该认证授权网元向AAA-P发送第一AAA协议消息,第一AAA协议消息包括EAP ID响应、GPSI和S-NSSAI;S24. When the authentication and authorization network element receives the first authentication request message, the authentication and authorization network element sends a first AAA protocol message to AAA-P, and the first AAA protocol message includes an EAP ID response, GPSI, and S-NSSAI;
S25.当该AAA-P接收到第一AAA协议消息时,该AAA-P向AAA-S发送第二AAA协议消息,第二AAA协议消息包括EAP ID响应、GPSI和S-NSSAI;S25. When the AAA-P receives the first AAA protocol message, the AAA-P sends a second AAA protocol message to AAA-S. The second AAA protocol message includes an EAP ID response, GPSI, and S-NSSAI;
S26.当该AAA-S接收到第二AAA协议消息时,该AAA-S向AAA-P发送第三AAA协议消息,第三AAA协议消息包括信息B,该信息B包括S-NSSAI、GPSI和EAP信息;S26. When the AAA-S receives the second AAA protocol message, the AAA-S sends a third AAA protocol message to AAA-P. The third AAA protocol message includes information B, which includes S-NSSAI, GPSI, and EAP information;
S27.当该AAA-P接收到第三AAA协议消息时,该AAA-P向该认证授权网元发送第四AAA协议消息,第四AAA协议消息包括S-NSSAI、GPSI和EAP信息;S27. When the AAA-P receives the third AAA protocol message, the AAA-P sends a fourth AAA protocol message to the authentication and authorization network element, and the fourth AAA protocol message includes S-NSSAI, GPSI, and EAP information;
S28.当该认证授权网元接收到第四AAA协议消息时,该认证授权网元向该AMF网元发送第一认证响应消息,第一认证响应消息包括S-NSSAI、GPSI和EAP信息;S28. When the authentication and authorization network element receives the fourth AAA protocol message, the authentication and authorization network element sends a first authentication response message to the AMF network element, where the first authentication response message includes S-NSSAI, GPSI, and EAP information;
S29.当该AMF网元接收到第一认证响应消息时,该AMF网元向第一UE发送第三NAS MM传输消息,第三NAS MM传输消息包括S-NSSAI和EAP信息;S29. When the AMF network element receives the first authentication response message, the AMF network element sends a third NAS MM transmission message to the first UE, and the third NAS MM transmission message includes S-NSSAI and EAP information;
S30.第一UE向该AMF网元发送第四NAS MM传输消息,第四NAS MM传输消息包括S-NSSAI和EAP信息;S30. The first UE sends a fourth NAS MM transmission message to the AMF network element, and the fourth NAS MM transmission message includes S-NSSAI and EAP information;
S31.该AMF网元向认证授权网元发送第二认证请求消息,第二认证请求消息包 括第一信息,第一信息包括EAP ID信息、GPSI和S-NSSAI;S31. The AMF network element sends a second authentication request message to the authentication and authorization network element, the second authentication request message includes first information, and the first information includes EAP ID information, GPSI, and S-NSSAI;
S32.当该认证授权网元接收到第二认证请求消息时,该认证授权网元向AAA-P发送第五AAA协议消息,第五AAA协议消息包括第一信息;S32. When the authentication and authorization network element receives the second authentication request message, the authentication and authorization network element sends a fifth AAA protocol message to AAA-P, and the fifth AAA protocol message includes the first information;
S33.当该AAA-P接收到第五AAA协议消息时,该AAA-P向AAA-S发送第六AAA协议消息,第六AAA协议消息包括第一信息;S33. When the AAA-P receives the fifth AAA protocol message, the AAA-P sends a sixth AAA protocol message to AAA-S, and the sixth AAA protocol message includes the first information;
S34.当该AAA-S接收到六AAA协议消息时,该AAA-S向AAA-P发送第七AAA协议消息,第七AAA协议消息包括第二信息,第二信息包括EAP成功(success)信息、第一切片控制信息,可选的,第二信息还包括S-NSSAI、和/或GPSI;S34. When the AAA-S receives six AAA protocol messages, the AAA-S sends a seventh AAA protocol message to AAA-P, the seventh AAA protocol message includes second information, and the second information includes EAP success information , The first slice control information, optionally, the second information further includes S-NSSAI and/or GPSI;
S35.当该AAA-P接收到第七AAA协议消息时,该AAA-P向该认证授权网元发送第八AAA协议消息,第八AAA协议消息包括第二信息;S35. When the AAA-P receives the seventh AAA protocol message, the AAA-P sends an eighth AAA protocol message to the authentication and authorization network element, and the eighth AAA protocol message includes the second information;
S36.当该认证授权网元接收到第八AAA协议消息时,该认证授权网元向该AMF网元发送第二认证响应消息,第二认证响应消息包括第二信息;S36. When the authentication and authorization network element receives the eighth AAA protocol message, the authentication and authorization network element sends a second authentication response message to the AMF network element, and the second authentication response message includes the second information;
S37.该AMF网元存储第一切片控制信息,并执行后续动作。S37. The AMF network element stores the first slice control information, and executes subsequent actions.
可选的,还可以执行如下步骤S38至S42,图6中未示出S38-S42。Optionally, the following steps S38 to S42 may also be executed, and S38-S42 are not shown in FIG. 6.
S38.该AMF网元向第一UE发送第五NAS MM传输消息,第五NAS MM传输消息包括EAP成功(success)信息和S-NSSAI;S38. The AMF network element sends a fifth NAS MM transmission message to the first UE, and the fifth NAS MM transmission message includes EAP success information and S-NSSAI;
S39.当该AAA-S确定第一切片控制信息发生变更时,该AAA-S向AAA-P发送第九AAA协议消息,第九AAA协议消息包括第三信息,第三信息包括第二切片控制信息;S39. When the AAA-S determines that the first slice control information has changed, the AAA-S sends a ninth AAA protocol message to the AAA-P. The ninth AAA protocol message includes the third information, and the third information includes the second slice. Control information
S40.该AAA-P向该认证授权网元发送第十AAA协议消息,第十AAA协议消息包括第三信息;S40. The AAA-P sends a tenth AAA protocol message to the authentication and authorization network element, and the tenth AAA protocol message includes the third information;
S41.当该认证授权网元接收到第十AAA协议消息时,该认证授权网元向该AMF网元发送授权通知(authorize notification)消息,该授权通知消息包括第三信息;S41. When the authentication and authorization network element receives the tenth AAA protocol message, the authentication and authorization network element sends an authorization notification (authorize notification) message to the AMF network element, where the authorization notification message includes third information;
S42.当该AMF网元接收到该授权通知消息时,该AMF网元可以使用第三信息包括的第二切片控制信息更新第一切片控制信息,并执行后续动作。S42. When the AMF network element receives the authorization notification message, the AMF network element may use the second slice control information included in the third information to update the first slice control information, and perform subsequent actions.
在本申请实施例中,当UE注册到网络侧后,AMF网元可以触发第一网络切片的授权流程,并在第一网络切片的授权流程中动态地获取第一UE的切片控制信息,或者AMF网元触发第一网络切片的认证授权流程,并在第一网络切片的认证授权流程中动态地获取第一UE的切片控制信息;此外,AAA-S也可以根据需求动态地调整第一UE的切片控制信息,从而提高网络切片控制的灵活性和用户体验。In the embodiment of this application, after the UE is registered on the network side, the AMF network element can trigger the authorization process of the first network slice, and dynamically obtain the slice control information of the first UE in the authorization process of the first network slice, or The AMF network element triggers the authentication and authorization process of the first network slice, and dynamically obtains the slice control information of the first UE in the authentication and authorization process of the first network slice; in addition, AAA-S can also dynamically adjust the first UE according to requirements Slicing control information, thereby improving the flexibility of network slicing control and user experience.
图7为本申请实施例提供的另一种网络切片控制方法的流程示意图,该方法可应用于图1所描述的通信***中,该方法包括以下几个步骤。FIG. 7 is a schematic flowchart of another network slicing control method provided by an embodiment of this application. The method can be applied to the communication system described in FIG. 1, and the method includes the following steps.
S301:AMF网元确定网络切片上接入的UE数量和/或PDU会话数量。S301: The AMF network element determines the number of UEs and/or the number of PDU sessions accessed on the network slice.
其中,该网络切片上可以接入(或者注册)一个或者多个UE,该AMF网元可以对该网络切片上接入的UE数量进行统计,比如,该AMF网元可以通过UE计数器统计对该网络切片上接入的UE数量,当该网络切片上新接入一个UE时,该UE计数器统计的UE数量加1,当该网络切片上已接入的一个UE退出该网络切片时,该UE计数器统计的UE数量减1。同理,该网络切片上也可以建立一个或者多个PDU会话,该AMF网元可以对该网络切片上建立的PDU会话数量进行统计,比如,该AMF网 元可以通过PDU会话计数器统计对该网络切片上建立的PDU会话数量,当该网络切片上新建立一个PDU会话时,该PDU会话计数器统计的PDU会话数量加1,当该网络切片上已建立的PDU会话被取消时,该PDU会话计数器统计的PDU会话数量减1。Among them, one or more UEs can be accessed (or registered) on the network slice, and the AMF network element can count the number of UEs connected to the network slice. For example, the AMF network element can count the number of UEs through the UE counter. The number of UEs connected to the network slice. When a new UE is connected to the network slice, the number of UEs counted by the UE counter is increased by 1. When a UE that has been connected to the network slice exits the network slice, the UE The number of UEs counted by the counter is reduced by 1. In the same way, one or more PDU sessions can also be established on the network slice. The AMF network element can count the number of PDU sessions established on the network slice. For example, the AMF network element can count the number of PDU sessions on the network through the PDU session counter. The number of PDU sessions established on the slice. When a new PDU session is established on the network slice, the number of PDU sessions counted by the PDU session counter increases by 1. When the PDU session established on the network slice is cancelled, the PDU session counter The number of counted PDU sessions is reduced by 1.
具体的,该网络切片可以是需要执行切片资源控制的网络切片,当该AMF网元确定该网络切片需要执行切片资源控制时,该AMF网元可以启动UE计数器以统计该网络切片上接入的UE数量,或者启动PDU会话计数器以统计该网络切片上建立的PDU会话,或者启动UE计数器和PDU会话计数器以统计该网络切片上接入的UE数量和PDU会话数量。Specifically, the network slice may be a network slice that needs to perform slice resource control. When the AMF network element determines that the network slice needs to perform slice resource control, the AMF network element may start a UE counter to count the number of accesses on the network slice. The number of UEs, or start the PDU session counter to count the PDU sessions established on the network slice, or start the UE counter and the PDU session counter to count the number of UEs and the number of PDU sessions connected to the network slice.
可选的,在S301之前,该方法还可以包括S300:该AMF网元获取第一配置信息,第一配置信息包括该网络切片的S-NSSAI和授权指示信息,该授权指示信息用于指示是否需要执行切片资源控制。相应的,该AMF网元可以根据该授权指示信息确定该网络切片需要执行切片资源控制。其中,第一配置信息可以是由AAA-S发送的,比如,该AAA-S将第一配置信息发送给认证授权网元,由该认证授权网元将第一配置信息发送给该AMF网元,以使该AMF网元获取到第一配置信息。Optionally, before S301, the method may further include S300: the AMF network element obtains first configuration information, where the first configuration information includes the S-NSSAI of the network slice and authorization indication information, and the authorization indication information is used to indicate whether Need to perform slice resource control. Correspondingly, the AMF network element may determine that the network slice needs to perform slice resource control according to the authorization indication information. The first configuration information may be sent by AAA-S. For example, the AAA-S sends the first configuration information to the authentication and authorization network element, and the authentication and authorization network element sends the first configuration information to the AMF network element. , So that the AMF network element obtains the first configuration information.
S302:当满足第一上报条件时,该AMF网元发送第一信息,以使该AAA-S接收第一信息,第一信息包括该UE数量和/或PDU会话数量。S302: When the first reporting condition is met, the AMF network element sends first information so that the AAA-S receives the first information, where the first information includes the number of UEs and/or the number of PDU sessions.
其中,第一上报条件可以包括以下条件中的至少一种:该UE数量达到第一预设值,该PDU会话数量达到第二预设值,该UE数量的增加量达到第三预设值,该PDU会话数量的增加量达到第四预设值,上报周期,时间窗内的UE数量的增加量达到第五预设值、或时间窗内的PDU会话数量的增加量达到第六预设值。上述该UE数量的增加量达到第三预设值可以是指本次确定的该UE数量与上一次确定的该UE数量之间的差值达到第三预设值,该PDU会话数量的增加量达到第四预设值可以是指本次确定的该PDU会话数量与上一次确定的该PDU会话数量之间的差值达到第四预设值。可选的,第一上报条件可以是该AMF网元获取的,比如,第一配置信息还包括第一上报条件,该AMF网元可以通过获取第一配置信息来获取第一上报条件。The first reporting condition may include at least one of the following conditions: the number of UEs reaches a first preset value, the number of PDU sessions reaches a second preset value, and the increase in the number of UEs reaches a third preset value, The increase in the number of PDU sessions reaches the fourth preset value, and the reporting period, the increase in the number of UEs in the time window reaches the fifth preset value, or the increase in the number of PDU sessions in the time window reaches the sixth preset value . The aforementioned increase in the number of UEs reaching the third preset value may mean that the difference between the number of UEs determined this time and the number of UEs determined last time reaches the third preset value, and the increase in the number of PDU sessions Reaching the fourth preset value may mean that the difference between the number of PDU sessions determined this time and the number of PDU sessions determined last time reaches the fourth preset value. Optionally, the first report condition may be obtained by the AMF network element. For example, the first configuration information further includes the first report condition, and the AMF network element may obtain the first report condition by obtaining the first configuration information.
另外,当第一上报条件包括上述条件中的一种条件时,则满足第一上报条件可以是指满足该种条件,比如,第一预设值为30,第一上报条件为该UE数量达到第一预设值,则满足第一上报条件即为满足该UE数量达到30;当第一上报条件包括上述条件中的至少两种条件时,则满足第一上报条件可以是指满足这至少两种条件中的任一种,比如,第一预设值为50,第三预设值为10,第一上报条件包括该UE数量达到第一预设值和该UE数量的增加量达到第三预设值,则满足第一上报条件可以是指该UE数量达到30、或者该UE数量的增加量达到10。In addition, when the first reporting condition includes one of the above conditions, satisfying the first reporting condition may refer to satisfying this condition. For example, the first preset value is 30, and the first reporting condition is that the number of UEs reaches If the first preset value is met, the first report condition is met, that is, the number of UEs reaches 30; when the first report condition includes at least two of the above conditions, meeting the first report condition may mean meeting these at least two conditions. For example, the first preset value is 50, the third preset value is 10, and the first reporting condition includes that the number of UEs reaches the first preset value and the increase in the number of UEs reaches the third With a preset value, satisfying the first reporting condition may mean that the number of UEs reaches 30, or the increase in the number of UEs reaches 10.
需要说明的是,第一预设值、第二预设值、第三预设值、第四预设值、上报周期、第五预设值和第六预设值可以是事先设置的,比如,第一预设值和第二预设值可以是50或100等,第三预设值和第四预设值可以是10或20等,该上报周期可以是10分钟、30分钟或者1小时等,时间窗可以是20分钟,第五预设值和第六预设值可以是40等,本申请实施例对此不作具体限制。It should be noted that the first preset value, the second preset value, the third preset value, the fourth preset value, the reporting period, the fifth preset value, and the sixth preset value may be set in advance, such as , The first preset value and the second preset value can be 50 or 100, etc., the third preset value and the fourth preset value can be 10 or 20, etc., and the reporting period can be 10 minutes, 30 minutes, or 1 hour Etc., the time window may be 20 minutes, and the fifth preset value and the sixth preset value may be 40, etc., which are not specifically limited in the embodiment of the present application.
具体的,当该AMF网元确定的是该UE数量时,该AMF网元可以在满足第一上报条件时向认证授权网元发送第一信息,第一信息包括该UE数量;当该AMF网元确 定的是该PDU会话数量时,该AMF网元可以在满足第一上报条件时向认证授权网元发送第一信息,第一信息包括该PDU会话数量;当该AMF网元确定的是该UE数量和该PDU会话数量时向认证授权网元发送第一信息,第一信息包括该UE数量和该PDU会话数量。可选的,第一信息可以承载在授权请求消息中,即该AMF网元可以向认证授权网元发送授权请求消息,该授权请求消息包括第一信息;进一步的,第一信息还可以包括该网络切片的S-NSSAI。Specifically, when the AMF network element determines the number of UEs, the AMF network element may send first information to the authentication and authorization network element when the first reporting condition is met, and the first information includes the number of UEs; when the AMF network When the element determines the number of PDU sessions, the AMF network element can send first information to the authentication and authorization network element when the first reporting condition is met. The first information includes the number of PDU sessions; when the AMF network element determines that the When the number of UEs and the number of PDU sessions are sent to the authentication and authorization network element, the first information includes the number of UEs and the number of PDU sessions. Optionally, the first information may be carried in an authorization request message, that is, the AMF network element may send an authorization request message to the authentication and authorization network element, and the authorization request message includes the first information; further, the first information may also include the S-NSSAI for network slicing.
之后,当该认证授权网元接收到第一信息时,该认证授权网元可以向AAA-S发送第一信息;或者,在该认证授权网元与该AAA-S无法直接通信时,该认证授权网元可以向AAA-P发送第一信息,以使该AAA-P向该AAA-S发送第一信息。可选的,该认证授权网元还可以为该AMF网元分配一个关联标识,该关联标识用于关联该AMF网元上报的第一信息,该认证授权网元还可以在本地存储该AMF网元标识和该关联标识,该认证授权网元发送的第一信息中也可以包括该关联标识。Afterwards, when the authentication and authorization network element receives the first information, the authentication and authorization network element may send the first information to the AAA-S; or, when the authentication and authorization network element cannot directly communicate with the AAA-S, the authentication and authorization network element cannot directly communicate with the AAA-S. The authorized network element may send the first information to the AAA-P, so that the AAA-P sends the first information to the AAA-S. Optionally, the authentication and authorization network element may also assign an association identifier to the AMF network element, and the association identifier is used to associate the first information reported by the AMF network element, and the authentication and authorization network element may also store the AMF network element locally. The meta identifier and the associated identifier, and the first information sent by the authentication and authorization network element may also include the associated identifier.
需要说明的是,本申请实施例中的认证授权网元可以为能够支持该AMF网元与该AAA-S通信的具有认证授权功能的任一网元,比如,该认证授权可以为AUSF网元、NEF网元或者NSSAAF网元等,本申请实施例对此不作具体限制。It should be noted that the authentication and authorization network element in the embodiment of the present application may be any network element with authentication and authorization functions that can support the communication between the AMF network element and the AAA-S. For example, the authentication and authorization may be an AUSF network element. , NEF network elements or NSSAAF network elements, etc., which are not specifically limited in the embodiment of the present application.
当该AAA-S接收到第一信息时,该AAA-S可以在本地存储第一信息,比如,第一信息包括该UE数量和/或该PDU会话数量、该网络切片的S-NSSAI、该关联标识,该AAA-S可以在本地存储该UE数量和/或该PDU会话数量、该网络切片的S-NSSAI和该关联标识。可选的,该AAA-S还可以根据该UE数量和/或该PDU会话数量,确定是否下发新的配置信息,若需要下发新的配置信息,该方法还包括S304。When the AAA-S receives the first information, the AAA-S may store the first information locally. For example, the first information includes the number of UEs and/or the number of PDU sessions, the S-NSSAI of the network slice, and the The association identifier, the AAA-S may locally store the number of UEs and/or the number of PDU sessions, the S-NSSAI of the network slice, and the association identifier. Optionally, the AAA-S may also determine whether to issue new configuration information according to the number of UEs and/or the number of PDU sessions. If new configuration information needs to be issued, the method further includes S304.
S303:该AAA-S发送第二配置信息,以使该AMF网元接收第二配置信息,第二配置信息用于控制该网络切片的资源。S303: The AAA-S sends second configuration information, so that the AMF network element receives the second configuration information, where the second configuration information is used to control resources of the network slice.
其中,第二配置信息可以包括以下至少一项:第二上报条件,该网络切片可接入的剩余UE数量,该网络切片可接入的剩余PDU会话数量,该UE数量的增加量达到第七预设值,该PDU会话数量的增加量达到第八预设值,时间窗的UE数量达到第九预设值、或时间窗内的PDU会话数量的增加量达到第十预设值。这里的第二上报条件可用于指示下次上报该网络切片的第一信息的条件,第二上报条件可以与上述第一上报条件类似,第二上报条件中具体条件的预设值或上报周期可以与第一上报条件中具体条件的预设值或上报周期不同,比如,第一上报条件中的上报周期为30分钟,第二上报条件中的上周周期为10分钟,本申请实施例在此不再赘述。Wherein, the second configuration information may include at least one of the following: a second reporting condition, the number of remaining UEs that can be accessed by the network slice, the number of remaining PDU sessions that can be accessed by the network slice, and the increase in the number of UEs reaches the seventh With a preset value, the increase in the number of PDU sessions reaches the eighth preset value, the number of UEs in the time window reaches the ninth preset value, or the increase in the number of PDU sessions within the time window reaches the tenth preset value. The second reporting condition here can be used to indicate the condition for reporting the first information of the network slice next time. The second reporting condition can be similar to the above-mentioned first reporting condition. The preset value or reporting period of the specific condition in the second reporting condition can be It is different from the preset value or reporting period of the specific condition in the first reporting condition. For example, the reporting period in the first reporting condition is 30 minutes, and the last week period in the second reporting condition is 10 minutes. The embodiment of the application is here No longer.
具体的,AAA-S可以向该认证授权网元发送第二配置信息,由该认证授权网元将第二配置信息发送给该AMF网元;或者,在该AAA-S与该认证授权网元无法直接通信时,该AAA-S可以向AAA-P发送第二配置信息,以使AAA-P将第二配置信息转发给该认证授权网元,再由该认证授权网元将第二配置信息发送给该AMF网元。可选的,该认证授权网元将第二配置信息发送给该AMF网元时,该认证授权网元可以向该AMF网元发送授权响应消息,该授权响应消息包括第二配置信息;进一步的,第二配置信息还可以包括该网络切片的S-NSSAI。当该AMF网元接收到第二配置信息时,该AMF网元可以根据第二配置执行该网络切片的资源控制。Specifically, the AAA-S may send the second configuration information to the authentication and authorization network element, and the authentication and authorization network element sends the second configuration information to the AMF network element; or, between the AAA-S and the authentication and authorization network element When direct communication is not possible, the AAA-S can send the second configuration information to the AAA-P, so that the AAA-P forwards the second configuration information to the authentication and authorization network element, and then the authentication and authorization network element transfers the second configuration information Sent to the AMF network element. Optionally, when the authentication and authorization network element sends the second configuration information to the AMF network element, the authentication and authorization network element may send an authorization response message to the AMF network element, and the authorization response message includes the second configuration information; further The second configuration information may also include the S-NSSAI of the network slice. When the AMF network element receives the second configuration information, the AMF network element may perform resource control of the network slice according to the second configuration.
进一步的,上述实施例提供的该AMF网元向该AAA-S上报第一信息、以及该 AAA-S向该AMF网元发送第二配置信息的过程,也可以替换为SMF网元向该AAA-S上报第一信息、以及该AAA-S向该SMF网元发送第二配置信息,具体过程如图8所示。Further, the process in which the AMF network element reports the first information to the AAA-S and the AAA-S sends the second configuration information to the AMF network element provided in the foregoing embodiment can also be replaced by the SMF network element reporting the first information to the AAA-S. -S reports the first information and the AAA-S sends the second configuration information to the SMF network element. The specific process is shown in Figure 8.
如图8所示,该方法可以包括:S41-S43。As shown in Figure 8, the method may include: S41-S43.
S41.该SMF网元确定网络切片上接入的UE数量和/或PDU会话数量;S41. The SMF network element determines the number of UEs and/or the number of PDU sessions accessed on the network slice;
S42.当满足第一上报条件时,该SMF网元通过UPF网元向该AAA-S发送第一信息,以使该AAA-S接收第一信息,第一信息包括该UE数量和/或PDU会话数量,即该SMF网元向该UPF网元发送第一信息,由该UPF网元将第一信息转发给该AAA-S;S42. When the first reporting condition is met, the SMF network element sends first information to the AAA-S through the UPF network element, so that the AAA-S receives the first information, the first information includes the number of UEs and/or PDUs The number of sessions, that is, the SMF network element sends the first information to the UPF network element, and the UPF network element forwards the first information to the AAA-S;
S43.该AAA-S通过UPF网元向该SMF网元发送第二配置信息,以使该SMF网元接收第二配置信息,第二配置信息用于控制该网络切片的资源。S43. The AAA-S sends second configuration information to the SMF network element through the UPF network element, so that the SMF network element receives the second configuration information, and the second configuration information is used to control the resources of the network slice.
可选的,如图8所示,在S41之前,该方法还包括:S40.该SMF网元获取第一配置信息,第一配置信息包括该网络切片的S-NSSAI和授权指示信息,该授权指示信息用于指示是否需要执行切片资源控制,从而该AMF网元可以根据该授权指示信息确定该网络切片需要执行切片资源控制。Optionally, as shown in FIG. 8, before S41, the method further includes: S40. The SMF network element obtains first configuration information, where the first configuration information includes the S-NSSAI and authorization indication information of the network slice, and the authorization The indication information is used to indicate whether slice resource control needs to be performed, so that the AMF network element can determine that the network slice needs to perform slice resource control according to the authorization indication information.
需要说明的是,上述图8中关于S40至S43的详细描述,可以对应参见图7中关于S300至S303的详细描述,本申请实施例在此不再赘述。It should be noted that the detailed description of S40 to S43 in FIG. 8 may correspond to the detailed description of S300 to S303 in FIG.
在本申请实施例中,该AMF网元或者该SMF网元可以发送第一信息,第一信息包括网络切片接入的UE数量和/或PDU会话数量,AAA-S可以接收第一信息,这样AAA-S可以感知到该网络切片的资源使用情况,从而基于第一信息包括的该UE数量和/或PDU会话数量向该AMF网元或者该SMF网元发送用于控制该网络切片的资源的第二配置信息,从而实现网络切片的控制,提高了络切片控制的灵活性和用户体验。In the embodiment of the present application, the AMF network element or the SMF network element may send first information. The first information includes the number of UEs accessed by the network slice and/or the number of PDU sessions, and the AAA-S may receive the first information. The AAA-S can perceive the resource usage of the network slice, and thus send information for controlling the resources of the network slice to the AMF network element or the SMF network element based on the number of UEs and/or the number of PDU sessions included in the first information. The second configuration information realizes the control of the network slicing, and improves the flexibility of the network slicing control and the user experience.
上述主要从各个网元之间交互的角度对本申请实施例提供的方案进行了介绍。可以理解的是,上述AMF网元、认证授权网元和AAA-S等为了实现上述功能,其包含了执行各个功能相应的硬件结构和/或软件模块。本领域技术人员应该很容易意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,本申请能够以硬件或硬件和计算机软件的结合形式来实现。某个功能究竟以硬件还是计算机软件驱动硬件的方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。The foregoing mainly introduces the solutions provided by the embodiments of the present application from the perspective of interaction between various network elements. It can be understood that, in order to realize the above-mentioned functions, the above-mentioned AMF network elements, authentication and authorization network elements, and AAA-S include hardware structures and/or software modules corresponding to each function. Those skilled in the art should easily realize that in combination with the units and algorithm steps of the examples described in the embodiments disclosed herein, the present application can be implemented in the form of hardware or a combination of hardware and computer software. Whether a certain function is executed by hardware or computer software-driven hardware depends on the specific application and design constraint conditions of the technical solution. Professionals and technicians can use different methods for each specific application to implement the described functions, but such implementation should not be considered beyond the scope of this application.
本申请实施例可以根据上述方法示例对AMF网元、认证授权网元和AAA-S进行功能模块的划分,例如,可以对应各个功能划分各个功能模块,也可以将两个或两个以上的功能集成在一个处理模块中。上述集成的模块既可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。需要说明的是,本申请实施例中对模块的划分是示意性的,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式。The embodiments of this application can divide the functional modules of AMF network elements, authentication and authorization network elements, and AAA-S according to the above-mentioned method examples. For example, each functional module can be divided corresponding to each function, or two or more functions can be divided. Integrated in a processing module. The above-mentioned integrated modules can be implemented in the form of hardware or software functional modules. It should be noted that the division of modules in the embodiments of the present application is illustrative, and is only a logical function division, and there may be other division methods in actual implementation.
在采用集成的单元的情况下,图9示出了本申请实施例中所涉及的通信装置的一种可能的结构示意图,该装置可以作为AMF网元或者AMF网元内置的芯片,该装置包括:发送单元401,接收单元402和处理单元403。In the case of using an integrated unit, FIG. 9 shows a schematic diagram of a possible structure of the communication device involved in an embodiment of the present application. The device can be used as an AMF network element or a built-in chip of the AMF network element. The device includes :Sending unit 401, receiving unit 402 and processing unit 403.
在一种可能的实现方式中,发送单元401可用于支持该装置执行上述方法实施例 中的S201中发送第一信息的步骤,接收单元402用于执行上述方法实施例的S202中接收第二信息、以及S203中接收第三信息的步骤,处理单元403用于支持该装置执行上述方法实施例的S203中确定第一切片控制信息发生变更的步骤,和/或本文所描述的其他技术过程。在另一种可能的实现方式中,处理单元403用于支持该装置执行上述方法实施例中的S301,发送单元401可用于支持该装置执行上述方法实施例的S302中发送第一信息的步骤,接收单元402用于执行上述方法实施例的S303中接收第二配置信息的步骤。In a possible implementation, the sending unit 401 may be used to support the device to perform the step of sending the first information in S201 in the above method embodiment, and the receiving unit 402 may be used to perform the receiving second information in S202 in the above method embodiment. , And the step of receiving the third information in S203, the processing unit 403 is configured to support the device to execute the step of determining that the first slice control information is changed in S203 of the foregoing method embodiment, and/or other technical processes described herein. In another possible implementation manner, the processing unit 403 is configured to support the device to perform S301 in the foregoing method embodiment, and the sending unit 401 may be configured to support the device to perform the step of sending the first information in S302 of the foregoing method embodiment. The receiving unit 402 is configured to perform the step of receiving the second configuration information in S303 of the foregoing method embodiment.
需要说明的是,上述方法实施例涉及的各步骤的所有相关内容均可以援引到对应功能模块的功能描述,在此不再赘述。It should be noted that all relevant content of the steps involved in the foregoing method embodiments can be cited in the functional description of the corresponding functional module, and will not be repeated here.
在采用硬件实现的基础上,本申请实施例中的处理单元403可以为该装置的处理器,发送单元401可以为该装置的发送器,接收单元402可以为该装置的接收器,发送器通常可以和接收器集成在一起用作收发器,具体的收发器还可以称为通信接口或接口电路。On the basis of hardware implementation, the processing unit 403 in the embodiment of the present application may be the processor of the device, the sending unit 401 may be the transmitter of the device, and the receiving unit 402 may be the receiver of the device. The transmitter is usually It can be integrated with the receiver and used as a transceiver, and a specific transceiver can also be called a communication interface or an interface circuit.
如图10所示,为本申请实施例提供的上述实施例所涉及的通信装置的另一种可能的结构示意图,该装置可以作为AMF网元或者AMF网元内置的芯片,该装置包括:处理器411,还可以包括存储器412、通信接口413和总线414,处理器411、存储器412和通信接口413通过总线414连接。As shown in FIG. 10, another possible structural schematic diagram of the communication device involved in the above-mentioned embodiment provided by the embodiment of this application. The device can be used as an AMF network element or a chip built in an AMF network element. The device includes: processing The processor 411 may also include a memory 412, a communication interface 413, and a bus 414, and the processor 411, the memory 412, and the communication interface 413 are connected through the bus 414.
其中,处理器411用于对该装置的动作进行控制管理。在一种可能的实现方式中,处理器411可用于支持该装置执行上述方法实施例的S203中确定第一切片信息发送变更的步骤,和/或用于本文所描述的技术的其他过程。在另一种可能的实现方式中,处理器411可用于支持该装置执行上述方法实施例中的S301,和/或用于本文所描述的技术的其他过程。通信接口413用于支持该装置进行通信,比如支持该装置与认证授权网元进行通信。The processor 411 is used to control and manage the actions of the device. In a possible implementation manner, the processor 411 may be used to support the device to perform the step of determining the first slice information sending change in S203 of the foregoing method embodiment, and/or other processes used in the technology described herein. In another possible implementation manner, the processor 411 may be used to support the device to execute S301 in the foregoing method embodiment, and/or other processes used in the technology described herein. The communication interface 413 is used to support the device to communicate, for example, to support the device to communicate with the authentication and authorization network element.
在本申请实施例中,处理器411可以是中央处理器单元,通用处理器,数字信号处理器,专用集成电路,现场可编程门阵列或者其他可编程逻辑器件、晶体管逻辑器件、硬件部件或者其任意组合。其可以实现或执行结合本申请公开内容所描述的各种示例性的逻辑方框,模块和电路。所述处理器也可以是实现计算功能的组合,例如包含一个或多个微处理器组合,数字信号处理器和微处理器的组合等等。上述图10中的总线414可以是外设部件互连标准(peripheral component interconnect,PCI)总线或扩展工业标准结构(extended industry standard architecture,EISA)总线等。所述总线可以分为地址总线、数据总线、控制总线等。为便于表示,上述图10中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。In the embodiment of the present application, the processor 411 may be a central processing unit, a general-purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic devices, transistor logic devices, hardware components, or other random combination. It can implement or execute various exemplary logical blocks, modules, and circuits described in conjunction with the disclosure of this application. The processor may also be a combination that implements computing functions, for example, a combination of one or more microprocessors, a combination of a digital signal processor and a microprocessor, and so on. The bus 414 in FIG. 10 may be a peripheral component interconnect standard (PCI) bus or an extended industry standard architecture (EISA) bus, etc. The bus can be divided into an address bus, a data bus, a control bus, and so on. For ease of presentation, the above-mentioned FIG. 10 is represented by only a thick line, but it does not mean that there is only one bus or one type of bus.
在采用集成的单元的情况下,图11示出了本申请实施例中所涉及的通信装置的一种可能的结构示意图,该装置可以作为认证授权网元或者认证授权网元内置的芯片,该装置包括:接收单元501,处理单元502和发送单元503。In the case of an integrated unit, FIG. 11 shows a possible structural diagram of a communication device involved in an embodiment of the present application. The device can be used as an authentication and authorization network element or a built-in chip in the authentication and authorization network element. The device includes: a receiving unit 501, a processing unit 502, and a sending unit 503.
在一种可能的实现方式中,接收单元501可用于支持该装置接收上述方法实施例的S201中AMF网元发送的第一信息的步骤,S202中AAA-S发送的第二信息的步骤,和/或S203中AAA-S发送的第三信息的步骤;发送单元503用于支持该装置向AAA-S发送第一转发信息的步骤,向AAA-S发送第二转发信息的步骤,和/或向AAA-S发送 第三转发信息的步骤;处理单元502用于支持该装置执行上述方法实施例中将第一网络切片的S-NSSAI映射为其他标识信息的步骤。在另一种可能的实现方式中,接收单元501可用于支持该装置接收上述方法实施例的S301中AMF网元发送的第一信息的步骤,S302中AAA-S发送的第二配置信息的步骤;发送单元503可用于支持该装置向AAA-S转发AMF发送的第一信息的步骤,以及向AMF转发AAA-S发送的第一配置信息、第二配置信息的步骤。In a possible implementation, the receiving unit 501 can be used to support the device receiving the first information sent by the AMF network element in S201 of the foregoing method embodiment, the second information sent by AAA-S in S202, and / Or the step of third information sent by AAA-S in S203; the sending unit 503 is used to support the step of sending the first forwarding information to AAA-S by the device, the step of sending second forwarding information to AAA-S, and/or The step of sending the third forwarding information to the AAA-S; the processing unit 502 is configured to support the device to perform the step of mapping the S-NSSAI of the first network slice to other identification information in the foregoing method embodiment. In another possible implementation manner, the receiving unit 501 may be used to support the step of receiving the first information sent by the AMF network element in S301 of the foregoing method embodiment and the step of second configuration information sent by AAA-S in S302. The sending unit 503 may be used to support the step of forwarding the first information sent by the AMF by the device to the AAA-S, and the step of forwarding the first configuration information and the second configuration information sent by the AAA-S to the AMF.
需要说明的是,上述方法实施例涉及的各步骤的所有相关内容均可以援引到对应功能模块的功能描述,在此不再赘述。It should be noted that all relevant content of the steps involved in the foregoing method embodiments can be cited in the functional description of the corresponding functional module, and will not be repeated here.
在采用硬件实现的基础上,本申请实施例中的处理单元502以为该装置的处理器,接收单元501可以为该装置的接收器,发送单元503可以为该装置的发送器,发送器通常可以和接收器集成在一起用作收发器,具体的收发器还可以称为通信接口或者接口电路。On the basis of hardware implementation, the processing unit 502 in this embodiment of the application is the processor of the device, the receiving unit 501 may be the receiver of the device, the sending unit 503 may be the transmitter of the device, and the transmitter usually Integrated with the receiver and used as a transceiver, the specific transceiver can also be called a communication interface or an interface circuit.
如图12所示,为本申请实施例提供的上述实施例所涉及的通信装置的另一种可能的结构示意图,该装置可以作为认证授权网元或者认证授权网元内置的芯片,该装置包括:处理器511,还可以包括存储器512、通信接口513和总线514,处理器511、存储器512和通信接口513通过总线514连接。As shown in FIG. 12, another possible structural schematic diagram of the communication device involved in the above-mentioned embodiment provided by the embodiment of this application. The device can be used as an authentication and authorization network element or a built-in chip of the authentication and authorization network element. The device includes : The processor 511 may also include a memory 512, a communication interface 513, and a bus 514. The processor 511, the memory 512, and the communication interface 513 are connected by the bus 514.
其中,处理器511用于对该装置的动作进行控制管理,比如,处理器511可用于支持该装置执行上述方法实施例中将第一网络切片的S-NSSAI映射为其他标识信息的步骤,和/或用于本文所描述的技术的其他过程。通信接口513用于支持该装置进行通信,比如支持该装置与AMF网元或者AAA-S进行通信。The processor 511 is used to control and manage the actions of the device. For example, the processor 511 can be used to support the device to perform the step of mapping the S-NSSAI of the first network slice to other identification information in the foregoing method embodiment, and / Or other processes used in the techniques described herein. The communication interface 513 is used to support the device to communicate, for example, to support the device to communicate with an AMF network element or AAA-S.
在本申请实施例中,处理器511可以是中央处理器单元,通用处理器,数字信号处理器,专用集成电路,现场可编程门阵列或者其他可编程逻辑器件、晶体管逻辑器件、硬件部件或者其任意组合。其可以实现或执行结合本申请公开内容所描述的各种示例性的逻辑方框,模块和电路。所述处理器也可以是实现计算功能的组合,例如包含一个或多个微处理器组合,数字信号处理器和微处理器的组合等等。上述图12中的总线514可以是PCI总线或EISA总线等。所述总线可以分为地址总线、数据总线、控制总线等。为便于表示,上述图12中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。In the embodiment of the present application, the processor 511 may be a central processing unit, a general-purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic devices, transistor logic devices, hardware components, or other random combination. It can implement or execute various exemplary logical blocks, modules, and circuits described in conjunction with the disclosure of this application. The processor may also be a combination that implements computing functions, for example, a combination of one or more microprocessors, a combination of a digital signal processor and a microprocessor, and so on. The bus 514 in FIG. 12 above may be a PCI bus or an EISA bus. The bus can be divided into an address bus, a data bus, a control bus, and so on. For ease of representation, only one thick line is used in the foregoing FIG. 12 to represent, but it does not mean that there is only one bus or one type of bus.
在采用集成的单元的情况下,图13示出了本申请实施例中所涉及的通信装置的一种可能的结构示意图,该装置可以作为AAA-S或者AAA-S内置的芯片,该装置包括:接收单元601,处理单元602和发送单元603。In the case of using an integrated unit, FIG. 13 shows a possible structural diagram of the communication device involved in the embodiment of the present application. The device can be used as an AAA-S or AAA-S built-in chip, and the device includes :Receiving unit 601, processing unit 602, and sending unit 603.
在一种可能的实现方式中,接收单元601可用于支持该装置接收上述方法实施例的S201中发送的第一信息的步骤;发送单元603用于可用于支持该装置执行上述方法实施例的S202中发送第二信息的步骤、以及S203中发送第三信息的步骤;处理单元602用于支持该装置执行上述方法实施例中确定第一切片控制信息发生变更的步骤,和/或本文所描述的其他技术过程。在另一种可能的实现方式中,接收单元601可用于支持该装置接收上述方法实施例的S302中发送的第一信息的步骤;发送单元603用于执行上述方法实施例的S303中发送第二配置信息的步骤、以及发送第一配置信息的步骤;处理单元602用于支持该装置执行上述方法实施例中的确定第一配置信息、第二 配置信息的步骤,和/或本文所描述的其他技术过程。In a possible implementation, the receiving unit 601 can be used to support the device to receive the first information sent in S201 of the foregoing method embodiment; the sending unit 603 can be used to support the device to perform S202 of the foregoing method embodiment. The step of sending the second information in S203 and the step of sending the third information in S203; the processing unit 602 is configured to support the device to perform the step of determining that the first slice control information has changed in the above method embodiment, and/or the step described herein Other technical processes. In another possible implementation manner, the receiving unit 601 can be used to support the device to receive the step of receiving the first information sent in S302 of the above method embodiment; the sending unit 603 is used to execute the step of sending the second information in S303 of the above method embodiment. The step of configuring information and the step of sending the first configuration information; the processing unit 602 is configured to support the device to perform the steps of determining the first configuration information and the second configuration information in the above method embodiment, and/or other described herein Technical process.
需要说明的是,上述方法实施例涉及的各步骤的所有相关内容均可以援引到对应功能模块的功能描述,在此不再赘述。It should be noted that all relevant content of the steps involved in the foregoing method embodiments can be cited in the functional description of the corresponding functional module, and will not be repeated here.
在采用硬件实现的基础上,本申请实施例中的处理单元602可以为该装置的处理器,接收单元601可以为该装置的接收器,发送单元603可以为该装置的发送器,发送器通常可以和接收器集成在一起用作收发器,具体的收发器还可以称为通信接口或者接口电路。On the basis of hardware implementation, the processing unit 602 in the embodiment of the present application may be the processor of the device, the receiving unit 601 may be the receiver of the device, and the sending unit 603 may be the transmitter of the device. The transmitter is usually It can be integrated with the receiver and used as a transceiver, and a specific transceiver can also be called a communication interface or an interface circuit.
如图14所示,为本申请实施例提供的上述实施例所涉及的通信装置的另一种可能的结构示意图,该装置可以作为AAA-S或者AAA-S内置的芯片,该装置包括:处理器611,还可以包括存储器612、通信接口613和总线614,处理器611、存储器612和通信接口613通过总线614连接。As shown in FIG. 14, another possible structural schematic diagram of the communication device involved in the above-mentioned embodiments provided by the embodiments of this application. The device can be used as an AAA-S or a built-in chip of AAA-S. The device includes: processing The processor 611 may further include a memory 612, a communication interface 613, and a bus 614, and the processor 611, the memory 612, and the communication interface 613 are connected through the bus 614.
其中,处理器611用于对该装置的动作进行控制管理。在一种可能的实现方式中,处理器611可用于支持该装置执行上述方法实施例中确定第一切片控制信息发生变更,和/或用于本文所描述的技术的其他过程。在另一种可能的实现方式中,处理器611可用于支持该装置执行上述方法实施例中确定第一配置信息、第二配置信息的步骤,和/或用于本文所描述的技术的其他过程。通信接口613用于支持该装置进行通信,比如支持该装置与认证授权网元进行通信。The processor 611 is used to control and manage the actions of the device. In a possible implementation manner, the processor 611 may be used to support the device to perform the determination in the foregoing method embodiment to determine that the first slice control information is changed, and/or be used in other processes of the technology described herein. In another possible implementation manner, the processor 611 may be used to support the device to perform the steps of determining the first configuration information and the second configuration information in the foregoing method embodiments, and/or other processes used in the technology described herein . The communication interface 613 is used to support the device to communicate, for example, to support the device to communicate with the authentication and authorization network element.
在本申请实施例中,处理器611可以是中央处理器单元,通用处理器,数字信号处理器,专用集成电路,现场可编程门阵列或者其他可编程逻辑器件、晶体管逻辑器件、硬件部件或者其任意组合。其可以实现或执行结合本申请公开内容所描述的各种示例性的逻辑方框,模块和电路。所述处理器也可以是实现计算功能的组合,例如包含一个或多个微处理器组合,数字信号处理器和微处理器的组合等等。上述图14中的总线614可以是PCI总线或EISA总线等。所述总线可以分为地址总线、数据总线、控制总线等。为便于表示,上述图14中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。In the embodiment of the present application, the processor 611 may be a central processing unit, a general-purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic devices, transistor logic devices, hardware components, or other random combination. It can implement or execute various exemplary logical blocks, modules, and circuits described in conjunction with the disclosure of this application. The processor may also be a combination that implements computing functions, for example, a combination of one or more microprocessors, a combination of a digital signal processor and a microprocessor, and so on. The bus 614 in FIG. 14 may be a PCI bus or an EISA bus. The bus can be divided into an address bus, a data bus, a control bus, and so on. For ease of representation, the above-mentioned FIG. 14 is represented by only a thick line, but it does not mean that there is only one bus or one type of bus.
基于此,本申请实施例还提供一种通信***,该通信***包括AMF网元、认证授权网元和AAA-S;其中,AMF网元为上述图9或图10所提供的通信装置,用于执行上述方法实施例中AMF网元的步骤;认证授权网元为上述图11或图12所提供的通信装置,用于执行上述方法实施例中认证授权网元的步骤。AAA-S为上述图13或图14所提供的通信装置,用于执行上述方法实施例中AAA-S的步骤。Based on this, an embodiment of the present application also provides a communication system, which includes an AMF network element, an authentication and authorization network element, and AAA-S; wherein, the AMF network element is the communication device provided in FIG. 9 or FIG. In performing the steps of the AMF network element in the foregoing method embodiment; the authentication and authorization network element is the communication device provided in FIG. 11 or FIG. 12, and is used to perform the steps of the authentication and authorization network element in the foregoing method embodiment. AAA-S is the communication device provided in FIG. 13 or FIG. 14, and is used to perform the steps of AAA-S in the foregoing method embodiment.
在本申请所提供的几个实施例中,应该理解到,所揭露的装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述模块或单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个装置,或一些特征可以忽略,或不执行。In the several embodiments provided in this application, it should be understood that the disclosed device and method may be implemented in other ways. For example, the device embodiments described above are merely illustrative. For example, the division of the modules or units is only a logical function division. In actual implementation, there may be other division methods, for example, multiple units or components may be divided. It can be combined or integrated into another device, or some features can be omitted or not implemented.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是一个物理单元或多个物理单元,即可以位于一个地方,或者也可以分布到多个不同地方。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate parts may or may not be physically separate. The parts displayed as units may be one physical unit or multiple physical units, that is, they may be located in one place, or they may be distributed to multiple different places. . Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, the functional units in the various embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit. The above-mentioned integrated unit can be implemented in the form of hardware or software functional unit.
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个可读取存储介质中,该可读存储介质可以包括:U盘、移动硬盘、只读存储器、随机存取存储器、磁碟或者光盘等各种可以存储程序代码的介质。基于这样的理解,本申请实施例的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来。If the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a readable storage medium. The readable storage medium may include: U disk, mobile hard disk, read-only Various media that can store program codes such as memory, random access memory, magnetic disk or optical disk. Based on this understanding, the technical solutions of the embodiments of the present application can be embodied in the form of software products in essence or a part that contributes to the prior art, or all or part of the technical solutions.
在本申请的另一方面,提供一种可读存储介质,该可读存储介质中存储有指令,当该可读存储介质中的指令在设备上运行时,使得该设备执行如图2-图6任一图示所提供的方法实施例中AMF网元的步骤。In another aspect of the present application, a readable storage medium is provided. The readable storage medium stores instructions. When the instructions in the readable storage medium run on a device, the device executes 6 The steps of the AMF network element in the method embodiment provided in any figure.
在本申请的另一方面,提供一种可读存储介质,该可读存储介质中存储有指令,当该可读存储介质中的指令在设备上运行时,使得该设备执行如图2-图6任一图示所提供的方法实施例中认证授权网元的步骤。In another aspect of the present application, a readable storage medium is provided. The readable storage medium stores instructions. When the instructions in the readable storage medium run on a device, the device executes 6 Steps of authenticating and authorizing network elements in the method embodiment provided in any figure.
在本申请的另一方面,提供一种可读存储介质,该可读存储介质中存储有指令,当该可读存储介质中的指令在设备上运行时,使得该设备执行如图2-图6任一图示所提供的方法实施例中AAA-S的步骤。In another aspect of the present application, a readable storage medium is provided. The readable storage medium stores instructions. When the instructions in the readable storage medium run on a device, the device executes 6 Steps of AAA-S in the method embodiment provided in any figure.
在本申请的另一方面,提供一种包括指令的计算机程序产品,当该指令在设备上运行时,使得该设备执行如图2-图6任一图示所提供的方法实施例中AMF网元的步骤。In another aspect of the present application, a computer program product including instructions is provided. When the instructions run on a device, the device executes the AMF network in the method embodiment provided in any one of the diagrams shown in FIGS. 2-6. Yuan steps.
在本申请的另一方面,提供一种包括指令的计算机程序产品,当该指令在设备上运行时,使得该设备执行如图2-图6任一图示所提供的方法实施例中认证授权网元的步骤。In another aspect of the present application, a computer program product including instructions is provided. When the instructions run on a device, the device executes the authentication and authorization in the method embodiment provided in any one of the diagrams shown in FIGS. 2-6. The steps of the network element.
在本申请的另一方面,提供一种包括指令的计算机程序产品,当该指令在设备上运行时,使得该设备执行如图2-图6任一图示所提供的方法实施例中AAA-S的步骤。In another aspect of the present application, a computer program product including instructions is provided. When the instructions run on a device, the device executes the method embodiment AAA- as shown in any one of the diagrams in Figs. 2-6. S steps.
在本申请的另一方面,提供一种可读存储介质,该可读存储介质中存储有指令,当该可读存储介质中的指令在设备上运行时,使得该设备执行如图7或图8所提供的方法实施例中AMF网元或者AMF网元的步骤。In another aspect of the present application, a readable storage medium is provided, and instructions are stored in the readable storage medium. When the instructions in the readable storage medium run on a device, the device executes as shown in FIG. 7 or FIG. 8. The steps of the AMF network element or the AMF network element in the method embodiment provided.
在本申请的另一方面,提供一种可读存储介质,该可读存储介质中存储有指令,当该可读存储介质中的指令在设备上运行时,使得该设备执行如图7或图8所提供的方法实施例中AAA-S的步骤。In another aspect of the present application, a readable storage medium is provided, and instructions are stored in the readable storage medium. When the instructions in the readable storage medium run on a device, the device executes as shown in FIG. 7 or FIG. 8 The steps of AAA-S in the method embodiment provided.
在本申请的另一方面,提供一种包括指令的计算机程序产品,当该指令在设备上运行时,使得该设备执行如图7或图8所提供的方法实施例中AMF网元或者AMF网元的步骤。In another aspect of the present application, a computer program product including instructions is provided. When the instructions run on a device, the device executes the AMF network element or the AMF network element in the method embodiment provided in FIG. 7 or FIG. 8. Yuan steps.
在本申请的另一方面,提供一种包括指令的计算机程序产品,当该指令在设备上运行时,使得该设备执行如图7或图8所提供的方法实施例中AAA-S的步骤。In another aspect of the present application, a computer program product including instructions is provided. When the instructions run on a device, the device executes the steps of AAA-S in the method embodiment provided in FIG. 7 or FIG. 8.
最后应说明的是:以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何在本申请揭露的技术范围内的变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以所述权利要求的保护范围为准。Finally, it should be noted that the above are only specific implementations of this application, but the scope of protection of this application is not limited to this. Any changes or substitutions within the technical scope disclosed in this application shall be covered by this application. Within the scope of protection applied for. Therefore, the protection scope of this application should be subject to the protection scope of the claims.

Claims (30)

  1. 一种网络切片控制方法,其特征在于,所述方法应用于接入和移动管理功能AMF网元,所述方法包括:A network slicing control method, characterized in that the method is applied to an access and mobility management function AMF network element, and the method includes:
    发送第一信息,所述第一信息包括第一网络切片的切片信息和第一用户设备UE的第一标识,其中,允许或者待允许所述第一UE接入的网络切片包括所述第一网络切片;Send first information, where the first information includes the slice information of the first network slice and the first identifier of the first user equipment UE, where the network slice to which the first UE is allowed or to be allowed to access includes the first Network slicing
    接收来自认证、授权和计费AAA服务器的第二信息,所述第二信息包括第一切片控制信息,所述第一切片控制信息为用于控制所述第一UE对所述第一网络切片使用的信息。Receive second information from the authentication, authorization, and accounting AAA server, where the second information includes first slice control information, and the first slice control information is used to control the first UE to control the first slice. Information used by network slicing.
  2. 根据权利要求1所述的方法,其特征在于,所述方法还包括:The method according to claim 1, wherein the method further comprises:
    向策略控制功能PCF网元发送所述第一切片控制信息;Sending the first slice control information to the policy control function PCF network element;
    接收来自所述PCF网元的授权切片控制信息。Receive authorized slice control information from the PCF network element.
  3. 根据权利要求2所述的方法,其特征在于,所述方法还包括:The method according to claim 2, wherein the method further comprises:
    向统一数据管理UDM网元发送所述授权切片控制信息。Send the authorized slice control information to the unified data management UDM network element.
  4. 根据权利要求1-3任一项所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1-3, wherein the method further comprises:
    接收第三信息,所述第三信息包括第二切片控制信息,所述第二切片控制信息用于更新用于控制所述第一UE对所述第一网络切片使用的信息。Receiving third information, where the third information includes second slice control information, and the second slice control information is used to update information used to control the use of the first network slice by the first UE.
  5. 根据权利要求4所述的方法,其特征在于,允许或者待允许第二UE接入的网络切片包括所述第一网络切片,所述第三信息还包括第三切片控制信息,所述第三切片控制信息用于更新用于控制所述第二UE对所述第一网络切片使用的信息。The method according to claim 4, wherein the network slice that the second UE is allowed or to be allowed to access includes the first network slice, and the third information further includes third slice control information, and the third The slice control information is used to update information used to control the use of the first network slice by the second UE.
  6. 根据权利要求1-5任一项所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1-5, wherein the method further comprises:
    将用于控制所述第一UE对所述第一网络切片使用的信息存储在所述第一UE的上下文中。Storing information used to control the use of the first network slice by the first UE in the context of the first UE.
  7. 根据权利要求1-6任一项所述的方法,其特征在于,在所述发送第一信息之前,所述方法还包括:The method according to any one of claims 1 to 6, characterized in that, before the sending the first information, the method further comprises:
    获取所述允许所述第一UE接入的网络切片的授权指示信息;Acquiring the authorization indication information of the network slice that the first UE is allowed to access;
    根据所述授权指示信息,确定所述第一网络切片需要授权。According to the authorization indication information, it is determined that the first network slice requires authorization.
  8. 根据权利要求7所述的方法,其特征在于,所述获取所述允许所述第一UE接入的网络切片的授权指示信息,包括:The method according to claim 7, wherein the obtaining the authorization indication information of the network slice that the first UE is allowed to access includes:
    从本地获取所述授权指示信息;或者,Obtain the authorization instruction information locally; or,
    从统一数据管理UDM网元中获取所述第一UE的签约信息,所述签约信息包括所述授权指示信息;或者,Obtain the subscription information of the first UE from the unified data management UDM network element, where the subscription information includes the authorization indication information; or,
    从网络切片选择功能NSSF网元中获取所述授权指示信息。Obtain the authorization indication information from the network element of the network slice selection function NSSF.
  9. 根据权利要求1-8任一项所述的方法,其特征在于,所述第一信息还包括所述第一UE的第二标识,其中,所述第二标识为所述第一UE在所述第一网络切片中的标识。The method according to any one of claims 1-8, wherein the first information further includes a second identifier of the first UE, wherein the second identifier means that the first UE is Describe the identification in the first network slice.
  10. 根据权利要求9所述的方法,其特征在于,所述允许或者待允许所述第一UE接入的网络切片包括至少一个网络切片,所述至少一个网络切片包括所述第一网络切 片,所述方法还包括:The method according to claim 9, wherein the network slice allowed or to be allowed to be accessed by the first UE includes at least one network slice, and the at least one network slice includes the first network slice, so The method also includes:
    从所述第一UE获取所述第一UE在所述至少一个网络切片的每个网络切片中的第二标识。Acquire the second identifier of the first UE in each network slice of the at least one network slice from the first UE.
  11. 一种网络切片控制方法,其特征在于,所述方法应用于认证、授权和计费AAA服务器中,所述方法包括:A network slicing control method, characterized in that the method is applied to an authentication, authorization, and accounting AAA server, and the method includes:
    接收第一信息,所述第一信息包括第一网络切片的切片信息和第一用户设备UE的第一标识,其中,允许或者待允许所述第一UE接入的网络切片包括所述第一网络切片;Receive first information, where the first information includes slice information of a first network slice and a first identifier of a first user equipment UE, where the network slice that is allowed or to be allowed to be accessed by the first UE includes the first Network slicing
    向接入和移动管理功能AMF网元发送第二信息,所述第二信息包括第一切片控制信息,所述第一切片控制信息为用于控制所述第一UE对所述第一网络切片使用的信息。Send second information to the access and mobility management function AMF network element, where the second information includes first slice control information, and the first slice control information is used to control the first UE to control the first slice. Information used by network slicing.
  12. 根据权利要求11所述的方法,其特征在于,所述方法还包括:The method according to claim 11, wherein the method further comprises:
    当确定所述第一切片控制信息发生变更时,向所述AMF网元发送第三信息,所述第三信息包括第二切片控制信息,所述第二切片控制信息用于更新用于控制所述第一UE对所述第一网络切片使用的信息。When it is determined that the first slice control information has changed, third information is sent to the AMF network element. The third information includes second slice control information, and the second slice control information is used to update control information. Information used by the first UE on the first network slice.
  13. 根据权利要求12所述的方法,其特征在于,允许或者待允许第二UE接入的网络切片包括所述第一网络切片,当确定所述第二UE在所述第一网络切片中的切片控制信息发生变更时,所述第三信息还包括第三切片控制信息,所述第三切片控制信息用于更新用于控制所述第二UE对所述第一网络切片使用的信息。The method according to claim 12, wherein the network slice that the second UE is allowed or to be allowed to access includes the first network slice, and when the slice of the second UE in the first network slice is determined When the control information changes, the third information further includes third slice control information, and the third slice control information is used to update information used to control the second UE to use the first network slice.
  14. 根据权利要求12或13所述的方法,其特征在于,允许或者待允许第二UE接入的网络切片包括第二网络切片,当确定所述第二UE在所述第二网络切片中的切片控制信息发生变更时,所述第三信息还包括第四切片控制信息,所述第四切片控制信息用于更新用于控制所述第二UE对所述第二网络切片使用的信息。The method according to claim 12 or 13, wherein the network slice that the second UE is allowed or to be allowed to access includes a second network slice, and when the slice of the second UE in the second network slice is determined When the control information changes, the third information further includes fourth slice control information, and the fourth slice control information is used to update information used to control the second UE to use the second network slice.
  15. 一种通信装置,其特征在于,该装置作为接入和移动管理功能AMF网元或者AMF网元内置的芯片,所述装置包括:A communication device, characterized in that the device is used as an access and mobility management function AMF network element or a built-in chip of the AMF network element, and the device includes:
    发送单元,用于发送第一信息,所述第一信息包括第一网络切片的切片信息和第一用户设备UE的第一标识,其中,允许或者待允许所述第一UE接入的网络切片包括所述第一网络切片;The sending unit is configured to send first information, where the first information includes slice information of the first network slice and a first identifier of the first user equipment UE, where the network slice to which the first UE is allowed or to be allowed to access Including the first network slice;
    接收单元,用于接收来自认证、授权和计费AAA服务器的第二信息,所述第二信息包括第一切片控制信息,所述第一切片控制信息为用于控制所述第一UE对所述第一网络切片使用的信息。The receiving unit is configured to receive second information from an authentication, authorization, and accounting AAA server, where the second information includes first slice control information, and the first slice control information is used to control the first UE Information used for the first network slice.
  16. 根据权利要求15所述的装置,其特征在于,The device of claim 15, wherein:
    所述发送单元,还用于向策略控制功能PCF网元发送所述第一切片控制信息;The sending unit is further configured to send the first slice control information to the policy control function PCF network element;
    所述接收单元,还用于接收来自所述PCF网元的授权切片控制信息。The receiving unit is further configured to receive authorized slice control information from the PCF network element.
  17. 根据权利要求16所述的装置,其特征在于,所述发送单元,还用于:The device according to claim 16, wherein the sending unit is further configured to:
    向统一数据管理UDM网元发送所述授权切片控制信息。Send the authorized slice control information to the unified data management UDM network element.
  18. 根据权利要求15-17任一项所述的装置,其特征在于,所述接收单元,还用于:The device according to any one of claims 15-17, wherein the receiving unit is further configured to:
    接收第三信息,所述第三信息包括第二切片控制信息,所述第二切片控制信息用 于更新用于控制所述第一UE对所述第一网络切片使用的信息。Receiving third information, where the third information includes second slice control information, and the second slice control information is used to update information used to control the use of the first network slice by the first UE.
  19. 根据权利要求18所述的装置,其特征在于,允许或者待允许第二UE接入的网络切片包括所述第一网络切片,所述第三信息还包括第三切片控制信息,所述第三切片控制信息用于更新用于控制所述第二UE对所述第一网络切片使用的信息。The apparatus according to claim 18, wherein the network slice that the second UE is allowed or to be allowed to access includes the first network slice, and the third information further includes third slice control information, and the third The slice control information is used to update information used to control the use of the first network slice by the second UE.
  20. 根据权利要求15-19任一项所述的装置,其特征在于,所述装置还包括:The device according to any one of claims 15-19, wherein the device further comprises:
    处理单元,用于将用于控制所述第一UE对所述第一网络切片使用的信息存储在所述第一UE的上下文中。The processing unit is configured to store information used to control the use of the first network slice by the first UE in the context of the first UE.
  21. 根据权利要求15-20任一项所述的装置,其特征在于,所述装置还包括:The device according to any one of claims 15-20, wherein the device further comprises:
    获取单元,用于获取所述允许所述第一UE接入的网络切片的授权指示信息;An obtaining unit, configured to obtain authorization indication information of the network slice that the first UE is allowed to access;
    处理单元,用于根据所述授权指示信息,确定所述第一网络切片需要授权。The processing unit is configured to determine that the first network slice requires authorization according to the authorization indication information.
  22. 根据权利要求21所述的装置,其特征在于,所述获取单元,还用于:The device according to claim 21, wherein the acquiring unit is further configured to:
    从本地获取所述授权指示信息;或者,Obtain the authorization instruction information locally; or,
    从统一数据管理UDM网元中获取所述第一UE的签约信息,所述签约信息包括所述授权指示信息;或者,Obtain the subscription information of the first UE from the unified data management UDM network element, where the subscription information includes the authorization indication information; or,
    从网络切片选择功能NSSF网元中获取所述授权指示信息。Obtain the authorization indication information from the network element of the network slice selection function NSSF.
  23. 一种通信装置,其特征在于,该装置作为认证、授权和计费AAA服务器或者AAA服务器内置的芯片,所述装置包括:A communication device, characterized in that the device is used as an authentication, authorization, and accounting AAA server or a built-in chip of the AAA server, and the device includes:
    接收单元,用于接收第一信息,所述第一信息包括第一网络切片的切片信息和第一用户设备UE的第一标识,其中,允许或者待允许所述第一UE接入的网络切片包括所述第一网络切片;The receiving unit is configured to receive first information, where the first information includes slice information of the first network slice and a first identifier of the first user equipment UE, where the network slice that the first UE is allowed or to be allowed to access Including the first network slice;
    发送单元,用于向接入和移动管理功能AMF网元发送第二信息,所述第二信息包括第一切片控制信息,所述第一切片控制信息为用于控制所述第一UE对所述第一网络切片使用的信息。The sending unit is configured to send second information to the access and mobility management function AMF network element, where the second information includes first slice control information, and the first slice control information is used to control the first UE Information used for the first network slice.
  24. 根据权利要求23所述的装置,其特征在于,所述发送单元,还用于:The device according to claim 23, wherein the sending unit is further configured to:
    当确定所述第一切片控制信息发生变更时,向所述AMF网元发送第三信息,所述第三信息包括第二切片控制信息,所述第二切片控制信息用于更新用于控制所述第一UE对所述第一网络切片使用的信息。When it is determined that the first slice control information is changed, third information is sent to the AMF network element. The third information includes second slice control information, and the second slice control information is used to update the control information. Information used by the first UE on the first network slice.
  25. 根据权利要求24所述的装置,其特征在于,允许或者待允许第二UE接入的网络切片包括所述第一网络切片,当确定所述第二UE在所述第一网络切片中的切片控制信息发生变更时,所述第三信息还包括第三切片控制信息,所述第三切片控制信息用于更新用于控制所述第二UE对所述第一网络切片使用的信息。The apparatus according to claim 24, wherein the network slice that the second UE is allowed or to be allowed to access includes the first network slice, and when the slice of the second UE in the first network slice is determined When the control information changes, the third information further includes third slice control information, and the third slice control information is used to update information used to control the second UE to use the first network slice.
  26. 根据权利要求24或25所述的装置,其特征在于,允许或者待允许第二UE接入的网络切片包括第二网络切片,当确定所述第二UE在所述第二网络切片中的切片控制信息发生变更时,所述第三信息还包括第四切片控制信息,所述第四切片控制信息用于更新用于控制所述第二UE对所述第二网络切片使用的信息。The apparatus according to claim 24 or 25, wherein the network slice that the second UE is allowed or to be allowed to access includes a second network slice, and when the slice of the second UE in the second network slice is determined When the control information changes, the third information further includes fourth slice control information, and the fourth slice control information is used to update information used to control the second UE to use the second network slice.
  27. 一种通信装置,其特征在于,所述装置作为接入和移动管理功能AMF网元或者AMF网元内置的芯片,包括处理器和通信接口,所述处理器用于运行计算机程序或指令,以使所述装置实现如权利要求1-10中任一项所述的网络切片控制方法。A communication device, characterized in that, as an access and mobility management function AMF network element or a built-in chip of the AMF network element, the device includes a processor and a communication interface, and the processor is used to run computer programs or instructions to enable The device implements the network slicing control method according to any one of claims 1-10.
  28. 一种通信装置,其特征在于,所述装置作为认证、授权和计费AAA服务器或 者AAA服务器内置的芯片,包括处理器和通信接口,所述处理器用于运行计算机程序或指令,以使所述装置实现执行如权利要求11-14中任一项所述的方法。A communication device, characterized in that, as an authentication, authorization, and accounting AAA server or a built-in chip of the AAA server, the device includes a processor and a communication interface, and the processor is used to run a computer program or instruction to enable the The device implements the method according to any one of claims 11-14.
  29. 一种可读存储介质,其特征在于,所述可读存储介质中存储有指令,当所述可读存储介质中的所述指令在设备上运行时,使得所述设备执行权利要求1-10中任一项所述的方法。A readable storage medium, characterized in that instructions are stored in the readable storage medium, and when the instructions in the readable storage medium are executed on a device, the device executes claims 1-10 The method of any one of.
  30. 一种可读存储介质,其特征在于,所述可读存储介质中存储有指令,当所述可读存储介质中的所述指令在设备上运行时,使得所述设备执行如权利要求11-14中任一项所述的方法。A readable storage medium, characterized in that instructions are stored in the readable storage medium, and when the instructions in the readable storage medium are executed on a device, the device executes as claimed in claim 11- 14. The method of any one of 14.
PCT/CN2021/077861 2020-05-14 2021-02-25 Network slice control method and communication apparatus WO2021227600A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010406046.9A CN113746649B (en) 2020-05-14 2020-05-14 Network slice control method and communication device
CN202010406046.9 2020-05-14

Publications (1)

Publication Number Publication Date
WO2021227600A1 true WO2021227600A1 (en) 2021-11-18

Family

ID=78526400

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/077861 WO2021227600A1 (en) 2020-05-14 2021-02-25 Network slice control method and communication apparatus

Country Status (2)

Country Link
CN (1) CN113746649B (en)
WO (1) WO2021227600A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023133860A1 (en) * 2022-01-14 2023-07-20 北京小米移动软件有限公司 Information transmission method and apparatus, communication device, and storage medium

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117354155A (en) * 2022-06-27 2024-01-05 中兴通讯股份有限公司 Network management method and device, network element and computer readable medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108347729A (en) * 2017-01-24 2018-07-31 电信科学技术研究院 Method for authenticating, slice authentication agent entity and session management entity in network slice
US20190109823A1 (en) * 2017-10-09 2019-04-11 Comcast Cable Communications, Llc Ethernet type packet data unit session communications
CN109743893A (en) * 2016-09-09 2019-05-10 华为技术有限公司 Method and apparatus for network slice
CN110476447A (en) * 2017-03-21 2019-11-19 诺基亚技术有限公司 The registration process of enhancing in the mobile system for supporting network slice
US20200053083A1 (en) * 2018-08-13 2020-02-13 Lenovo (Singapore) Pte. Ltd. Network slice authentication

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019017835A1 (en) * 2017-07-20 2019-01-24 华为国际有限公司 Network authentication method and related device and system
CN109391940B (en) * 2017-08-02 2021-02-12 华为技术有限公司 Method, equipment and system for accessing network
US10764789B2 (en) * 2017-08-11 2020-09-01 Comcast Cable Communications, Llc Application-initiated network slices in a wireless network
US10660016B2 (en) * 2017-11-08 2020-05-19 Ofinno, Llc Location based coexistence rules for network slices in a telecommunication network
CN110380887B (en) * 2018-04-13 2021-04-09 华为技术有限公司 Communication method and device
US11419046B2 (en) * 2018-04-13 2022-08-16 Telefonaktiebolaget Lm Ericsson (Publ) Methods and systems for performing multi-domain network slice selection and approval
CN110876174B (en) * 2018-08-31 2021-05-18 华为技术有限公司 Network slice selection method, equipment and system
CN110972208B (en) * 2018-09-28 2021-07-09 华为技术有限公司 Slice information processing method and device
WO2020088594A1 (en) * 2018-11-02 2020-05-07 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for data transmission

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109743893A (en) * 2016-09-09 2019-05-10 华为技术有限公司 Method and apparatus for network slice
CN108347729A (en) * 2017-01-24 2018-07-31 电信科学技术研究院 Method for authenticating, slice authentication agent entity and session management entity in network slice
CN110476447A (en) * 2017-03-21 2019-11-19 诺基亚技术有限公司 The registration process of enhancing in the mobile system for supporting network slice
US20190109823A1 (en) * 2017-10-09 2019-04-11 Comcast Cable Communications, Llc Ethernet type packet data unit session communications
US20200053083A1 (en) * 2018-08-13 2020-02-13 Lenovo (Singapore) Pte. Ltd. Network slice authentication

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023133860A1 (en) * 2022-01-14 2023-07-20 北京小米移动软件有限公司 Information transmission method and apparatus, communication device, and storage medium

Also Published As

Publication number Publication date
CN113746649B (en) 2022-12-06
CN113746649A (en) 2021-12-03

Similar Documents

Publication Publication Date Title
US11917498B2 (en) Communication method and communications apparatus
US20230093339A1 (en) Session Management Method, Apparatus, and System
US11153744B2 (en) Roaming support for next generation slice architecture
KR102469191B1 (en) Information transmission method and device, computer readable storage medium
WO2021037175A1 (en) Network slice management method and related device
US20200015117A1 (en) Ambr determining method and communications entity
WO2019033796A1 (en) Session processing method and related device
US11848963B2 (en) Method for providing restricted service, and communications device
EP3771242A1 (en) Key generation method and relevant apparatus
WO2021197185A1 (en) Communication method and communication device
EP4024956A1 (en) Communication method, apparatus, and system
JP7043631B2 (en) Methods and devices for determining SSC mode
US20230199550A1 (en) Relay Management Method and Communication Apparatus
US20220103482A1 (en) Maximum data burst volume (mdbv) determining method, apparatus, and system
WO2021227600A1 (en) Network slice control method and communication apparatus
WO2021204361A1 (en) Apparatus, method and computer program
US20230388909A1 (en) Ensuring network control of simultaneous access to network slices with application awareness
WO2021218244A1 (en) Communication method, apparatus and system
US20200403788A1 (en) Information Sending Method, Key Generation Method, and Apparatus
CN114342511A (en) Communication method and communication device
EP4068820A1 (en) Communication method and communication apparatus
WO2024051313A1 (en) Communication resource management method, apparatus and system, and storage medium
WO2023077948A1 (en) Communication method and apparatus
WO2024077546A1 (en) Capability calling method and communication apparatus
WO2023142887A1 (en) Communication method and communication apparatus

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21805035

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21805035

Country of ref document: EP

Kind code of ref document: A1