US 20090207843 A1
A method is provided in one example embodiment and includes receiving packets at a network element for a communications flow from an end user, the network element receiving the packets if the flow is initiated through a wireless network and through a wireline network. A network address translation (NAT) binding occurs for the end user at the network element, the NAT binding including an Internet Protocol (IP) address for the end user, the NAT binding being controlled by policy infrastructure coupled to the network element. The network element can be provided along a routing path for the flow (e.g., the IP session), irrespective of whether mobility services are used by the end user. The policy infrastructure can also support NAT control between home and visited networks with the visited network retaining control and privacy over the actual NAT elements being used.
1. A method, comprising:
receiving packets at a network element for a communications flow from an end user, the network element receiving the packets if the flow is initiated through a wireless network and through a wireline network, wherein a network address translation (NAT) binding occurs for the end user at the network element, the NAT binding including an Internet Protocol (IP) address for the end user.
2. The method of
reporting a state change associated with a border gateway function that is coupled to the network element.
3. The method of
reporting resource state information associated with a border gateway function that is coupled to the network element.
4. The method of
5. The method of
6. The method of
7. The method of
8. The method of
9. The method of
modifying one or more media parameters for the flow once the flow is active, wherein the parameters include a new IP address and new port latching.
10. An apparatus, comprising:
a network element operable to receive packets at a network element for a communications flow from an end user, the network element receiving the packets if the flow is initiated through a wireless network and through a wireline network, wherein a network address translation (NAT) binding occurs for the end user at the network element, the NAT binding including an Internet Protocol (IP) address for the end user, the network element being provided along a routing path for the flow regardless of whether mobility services are used by the end user.
11. The apparatus of
12. The apparatus of
13. The apparatus of
14. The apparatus of
15. The apparatus of
16. Logic encoded in one or more tangible media for execution and when executed by a processor operable to:
receive packets for a communications flow from an end user at a network element, the network element receiving the packets if the flow is initiated through a wireless network and through a wireline network, wherein a network address translation (NAT) binding occurs for the end user at the network element, the NAT binding including an Internet Protocol (IP) address for the end user, the network element being provided along a routing path for the flow regardless of whether mobility services are used by the end user.
17. The logic of
report a state change associated with a border gateway function element that is coupled to the network element.
18. The logic of
report resource state information associated with a border gateway function element that is coupled to the network element.
19. The logic of
20. The logic of
21. A system, comprising:
means for receiving packets for a communications flow from an end user at an interface of a network element, the network element receiving the packets if the flow is initiated through a wireless network and through a wireline network; and
means for executing a network address translation (NAT) binding for the end user at the network element, the NAT binding including an Internet Protocol (IP) address for the end user.
22. The system of
23. The system of
24. The system of
25. The system of
This application claims priority under 35 U.S.C. §119 of provisional application Ser. No. 61/029,177, filed Feb. 15, 2008 and entitled System and Method for Providing Telecommunication and Internet Converged Services and Protocols for Advanced Networking.
This invention relates in general to the field of communications and, more particularly, to providing network address translation control in a network environment.
Networking architectures have grown increasingly complex in communications environments. In addition, the augmentation of clients or end users wishing to communicate in a network environment has caused many networking configurations and systems to respond by adding elements to accommodate the increase in networking traffic. As the subscriber base of end users increases, proper routing and efficient management of communication sessions and data flows become even more critical.
As service providers increasingly move towards fixed-mobile convergence, there is a significant challenge in having a single architecture and associated infrastructure defined that can optimally support wireless and wireline networks.
To provide a more complete understanding of example embodiments and features and advantages thereof, reference is made to the following description, taken in conjunction with the accompanying figures, wherein like reference numerals represent like parts, in which:
A method is provided in one example embodiment and includes receiving packets at a network element for a communications flow from an end user, the network element receiving the packets if the flow is initiated through a wireless network and through a wireline network. A network address translation (NAT) binding occurs for the end user at the network element, the NAT binding including an Internet Protocol (IP) address for the end user, the NAT binding being controlled by policy infrastructure coupled to the network element. The network element is provided along a routing path for the flow (e.g., an IP session), irrespective of whether mobility services are used. The policy infrastructure can also support NAT control between home and visited networks with the visited network retaining control and privacy over the actual NAT elements being used. In more specific embodiments, a request is received for the NAT binding and information related to the NAT binding is returned to an entity that initiated the request, the information associated with a port number and an IP version associated with the flow. In still other embodiments, a request for the NAT binding request includes media parameters for a remote source and a destination for the flow. A request for the NAT binding request can also include the port latching for specific terminations for the flow.
Note that before proceeding, it is important to identify some of the acronyms that may be used herein in this Specification. These include: Terminal Equipment (TE), Profile Database Function (PDBF), User Access Authentication Function (UAAF), Network Access Control Function (NACF), Customer Network Gateway (CNG), Connectivity Session Location and Repository Function (CSLRF), Access Management Function(AMF), Resource Control Enforcement Function (RCEF), Border Gateway Function (BGF), Interconnect-BGF (I-BGF), Core-BGF (C-BGF), Service Policy Decision Function (SPDF), Proxy Call Session Control Function (PCSCF), Serving Call Session Control Function (SCSCF), User Profile Serving Function (UPSF), Basic Transport Function (BTF), Packet Data Network (PDN), Authentication, Authorization, and Accounting (AAA), Application Function (AF), Home Subscriber Server (HSS), Mobile Access Gateway (MAG), and a Policy and Charging Rules Function (PCRF).
Each of the elements of
Communication system 10 may include a configuration capable of transmission control protocol/internet protocol (TCP/IP) communications for the transmission or reception of packets in a network. Communication system 10 may also operate in conjunction with a user datagram protocol/IP (UDP/IP) or any other suitable protocol where appropriate and based on particular needs.
The example architecture of
Also provided in the architecture of
In accordance with the techniques and teachings of example embodiments, the tendered system defines a converged and consolidated architecture that covers the requirements provided by both wireless and wireline access networks with further enhancements to cover femto-cells and Wi-Fi access. The Telecommunication and Internet converged Services and Protocols for Advanced Networking (TISPAN) is a body of the European Telecommunication Standards Institute (ETSI). In one example embodiment, the architecture is based on 3GPP Evolved Packet System and the ETSI TISPAN with various functional and interface enhancements.
In particular, the proffered architecture provides for a consolidated and enhanced policy infrastructure based on 3GPP Policy and Charging Control (PCC) and ETSI TISPAN, where the PCRF and SPDF functions can be merged and the Access Resource and Admission Control Function (A-RACF) function is kept in a single element (e.g., an edge router). Further policy enhancements involve universal support for location, access network information, and NAT control and definition of network element 14 to include the conditionally invoked evolved packet system (EPS) MAG function, as well as the TISPAN Connectivity Session Location and Repository Function (CLF) and the BGF functions.
Note that 3GPP (e.g., Release 8) defines the Evolved Packet System (EPS) as specified in TS 23.401, TS.23.402, TS 23.203, etc. The EPS consists of IP access networks and an Evolved Packet Core (EPC). Access networks may be 3GPP access networks, such a GERAN, UTRAN, and E-UTRAN (LTE) or they may be non-3GPP IP access networks such as eHRPD, DSL, Cable, or the Internet. Non-3GPP IP access networks can be divided into trusted and untrusted segments. Trusted IP access networks support mobility, policy, and AAA interfaces to the EPC, whereas untrusted do not. Instead, access from untrusted networks is done via the evolved Packet Data Gateway (ePDG), which provides for IPSec security associations to the user equipment over the untrusted IP access network. The ePDG in turn supports mobility, policy, and AAA interfaces to the EPC, similar to the trusted IP access networks.
The EPC provides several services of general use to IP access networks such as mobility, policy and charging control, authentication and authorization, accounting, lawful Intercept, secure access over untrusted network, etc. 3GPP does not specify any details with respect to the non-3GPP IP access networks and, in particular, 3GPP does not specify any details for wireline IP access networks. ETSI TISPAN has defined a next generation network (NGN) architecture for wireline networks, which addresses many of the same issues the 3GPP EPC is addressing, namely: policy and charging control, authentication and authorization, accounting, and lawful intercept. ETSI TISPAN does not address all the services and features provided by the EPC (e.g. mobility and secure access), but conversely, TISPAN defines a few services and features not covered by the EPC, namely: network address translation (NAT) traversal and location information.
As service providers increasingly move toward fixed-mobile convergence, it is desirable to have a single architecture and associated infrastructure defined that can support both wireless and wireline networks. To date, NGN architectures have focused on either the wireless or the wireline side. Although these NGN architectures generally allow both wireless and wireline networks to be supported, they tend to focus on the features required by the primary type of access network they are developed for and, hence, these NGN architectures do not provide a single comprehensive architecture that fully address both wireline and wireless networks.
An example embodiment provides a unified architecture with a common core infrastructure that supports both wireline and wireless access networks. This infrastructure includes addressing relevant wireline requirements in the wireless access network portion and relevant wireless requirements in the wireline access network portion. At a high level, the combined architecture provides a single converged policy and charging infrastructure, and a single AAA infrastructure for the wireline and the wireless access network. Mobility services are supported on the wireline side, location information is provided for both the wireline and wireless access networks, and NAT traversal functionality in the form of the ETSI TISPAN BGF functions are provided for the wireless networks as well. [Roaming aspects and peering interface enhancements are also considered and are further detailed below.] Part of the architecture combines functions and interfaces of the 3GPP wireless architecture with elements from the ETSI TISPAN wireline architecture to form a single consolidated architecture that service providers (having both wireline and wireless infrastructure) can use. The architecture provides a unified and single solution to the combined requirements from wireline and wireless.
Additionally, the enhanced architecture covers femto-cells and Wi-Fi access points and can potentially use the same interfaces and functional elements as provided by the combined wireless/wireline architecture. In addition, there can be a merger of the 3GPP Policy and Charging Control (PCC) architecture and the ETSI TISPAN policy model, whereby the 3GPP PCRF function incorporates the ETSI TISPAN Service Policy Decision Function (SPDF). The A-RACF function can be placed in an edge element (e.g., network element 14) to align the wireline access network with the wireless access network. The admission control decision can be handled by the PDN gateway (in its capacity as a Policy and Charging Enforcement Function (PCEF)) and/or other elements, but not necessarily the PCRF. This provides for a consistent and distributed policy management solution to all access networks in the architecture. An alternative solution would be to keep the A-RACF with the PCRF, however this may imply inconsistent behavior between the wireless and wireline networks from a PCC point of view. In a general sense, the proffered architecture can offer an evolved broadband network gateway (eBNG) (e.g., network element 14), which includes a mobile access gateway that can be invoked conditionally so that only devices or services that actually need mobility services incur the associated cost and overhead of providing mobility services. Associated with this are:
a) Enhancements to both the 3GPP PCC and ETSI TISPAN policy model by universally providing location and access network information on all policy interfaces, and incorporating the TISPAN Connectivity Session Location and Repository Function (CLF) into the eBNG to enable this universal consolidation. This provides for distributed session state management in the wireline access network in a manner that is consistent with the wireless access network.
b) Enhancements to the 3GPP PCC architecture to include TISPAN Border Gateway Function (BGF) functionality, and an integrated and consolidated approach to enable BGF control for NAT traversal using the policy infrastructure for both wireless and wireline access.
In an example flow, network element 14 can receive packets for a communications flow from an end user, who can conduct the flow through a wireless network and a wireline network. The end user can elect either network option and yet have packets for the flow processed at a single location. More specifically, network element 14 can provide policy control for the end user at a single node in the network. This can include policy-based resource control, which provides mediation between applications and the underlying network layer to intelligently manage network resources (e.g., dynamically and in real time). For operators, policy control is important for delivering a wide variety of high-value services with guaranteed quality of service across fixed, wireless, and cable access technologies. This policy control could further involve resource reservation requests (QoS and bandwidth reservations/allocations) to the appropriate gateway function for a session admission control decision based on defined policies for the subscriber and network resource limits. Then, based on the response received, resources can be assured and bandwidth guaranteed (e.g., on a per session basis).
Network element 14 can resolve admission control decisions for the end user in both the wireless network and the wireline network. Subscriber specific policy decisions can be executed by the PCRF (or other elements in
In terms of advantages, such a solution satisfies both the requirements from the wireless and the wireline side by having each side add the missing pieces to the other (e.g., NAT control for wireless and mobility for wireline). It also provides for consistent interfaces and operations to the elements in both the wireless and the wireline access network. Further, such a solution supports these consistent interfaces in both roaming and non-roaming scenarios: some of which are discussed in detail below with reference to
In terms of some of the operational aspects of the proposed architecture, the following features are subsequently detailed: 1) session handling; 2) service insertion; 3) flexible service layer; 4) network address translation (NAT); 5) location information and network attachment sub-system (NASS) bundled authentication; and 6) charging. Turning first to session handling, access session AAA and address assignment can be handled by the AMF in conjunction with the NACF (e.g., the DHCP-server) and the UAAF (e.g., the AAA-Server) with corresponding enforcement functions for authorization data (e.g., the A-RACF and the RCEF). In one example, several access session types are supported (e.g., PPP, IP-Sessions, etc.). In addition, models such as PPP/L2TP model are enabled. The access session establishment also includes distribution of service layer access point/application manager (e.g., proxy-call session control function (P-CSCF) address). Note that the AMF, RCEF, A-RACF, and CLF could be supplied as a single physical device (potentially even including DHCP-Server (NACF)). The configuration could also be simplified to a new gateway function in the converged architecture (e.g., network element 14 of
In one example, the BGF serves as an anchor point for service-layer (e.g., IMS) controlled services in the access/aggregation network. NAT can be used as “anchoring technology,” where traffic to be controlled is directed/routed to the BGF, rather than tunneled to the BGF. In some implementations, not all traffic needs to go through the BGF (e.g., non-service-layer-controlled traffic, multicast traffic, traffic that does not require NAT-traversal operations, etc.). The BGF fulfills additional service layer functions (e.g., service-layer QoS, but is not necessarily involved in endpoint address assignment and authentication). At a concept level, the BGF and the PDN-gateway can fulfill similar roles in the network architecture, though individual functions could differ.
In regards to service insertion, multiple service insertion points can be driven by service economics (e.g., aggregation density, bandwidth, session counts, addressing requirements, traffic management (e.g. shaping) requirements, etc.). In such configurations, different PoPs/locations exist for different applications. Note that there is an evolution from one gateway to potentially multiple (i.e., not every packet is required to go through the same gateway). This can result in different service edges/service anchors. TISPAN allows for distributed service control points and even chained service control points, where there are multiple RCEFs and the RCEF placement is not restricted.
For the next mechanism, which is the flexible service layer feature, unicast and multicast is equally supported by TISPAN functional elements. The BTF is added in R2 to represent traffic forwarding and the interaction with policy enforcement (e.g., RCEF). TISPAN supports “push” and “pull” models for resource reservation and admission control. In terms of “push,” the connection admission control (CAC) request is originated from the service layer (e.g., P-CSCF originated request during SIP call setup). For “pull,” the CAC request is originated from the transport layer. The request could be originated from a network element within the network. The request could also be originated from the user equipment. There could also be combined models (service layer triggered transport signaling) in TISPAN. The SPDF is not necessarily involved in the pull-mode. For enhanced performance, co-location of the RCEF and the A-RACF on a single device is possible.
For the network address translation (NAT) mechanism, NAT on the customer premise equipment (CPE) (called the CNG in TISPAN) is used in wireline deployments. The TE can be deployed behind a routed CNG, where local addressing of the TE is handled by the CNG. NAT traversal can use the application layer gateway (ALG) in the P-CSCF. The NAT could be incorporated into RCEF (i.e., the PCEF), when combined with the C-BGF. Note that S7 has been replaced by Gx and, thus, can be thought of as interchangeable as used herein.
For location information and network attachment sub-system (NASS) bundled authentication (NBA), one objective is to support SIP-endpoints that do not necessarily support authentication (SIP-digest) and to provide location information for emergency calls. During registration or call-setup, the P-CSCF can query the access network to retrieve location information on the access session. The P-CSCF inserts the information into SIP P-A-N-I (P-Access-Network-Info) header. Information can be leveraged to skip authentication for the TE (at the SIP-level), or to provide location information in case of an emergency call.
Location information and event notification service can be offered via the e2 Interface to the CLF. The CLF represents a database of currently active access sessions: data typically available on a BNG. The CLF does not have an immediate counterpart in 3GPP. NASS services available at the e2 reference point can be provided to the AF and to the Customer Network Gateway Configuration Function (CNGCF).
For information query service, the AF can query the access network to receive information on the state of a particular access session. The AF can register to receive a particular event occurring within the access network (e.g., subscriber logs onto the access network). If a particular event occurs, the access network sends a notification message to all AFs, which registered to receive the event.
In certain embodiments, the subscriber has a bundled subscription for network access and application/IMS services (e.g., voice). In some instances, the user's handheld does not support IMS authentication procedures. A provider trusts the authentication/authorization of the access session. Once the access session is established, the user can register for application services as well, without additional authentication requirements. For simplicity reasons, the use-case assumes that the access provider trusts the physical line towards the subscriber (i.e., no explicit authentication used in the example). There can be two different user data repositories (AAA databases): one for the access user profile and one for the application user profile. The access provider trusts the physical line towards the subscriber (i.e., no explicit authentication used in the example). Addresses can be assigned using DHCP.
Note that in many implementations, the HSS knows the current MME, SGSN, or AAA server, the serving gateway (for 3GPP access), and the PDN gateway. Also, the MME/SGSN knows the initial location information/cell-ID (upon attach or handover), the tracking area, the serving gateway, and PDN gateway. The PCRF knows the initial location information/cell-ID (upon attach or handover) (e.g., provided via S7). The AAA server knows the PDN gateway assigned and [potentially] the initial location information from non-3GPP IP access.
In terms of design choices, the AMF, A-RACF, RCEF, and CLF are typically co-located in a single physical platform. For a multi-edge wireline architecture, with multiple A-RACF (where the A-RACF function resides on the network elements), this allows for multiple gateways and, further, allows traffic to bypass the PDN gateway for sessions that do not need its services (i.e., add a direct link from a wireline access at network element 14 of
In TISPAN, the user profile information can be handled by the A-RACF and not the SPDF. The PCRF function still includes user profile information, although network element 14 of
In one example implementation, the BGF functional concept is a service gateway (service session anchor) and the C-BGF is a superset of the RCEF (i.e., RCEF plus NAT). The C-BGF and RCEF are integrated and are request dependent. For Mobility Services, the C-BGF can be used upstream of the mobility anchor (PDN gateway), where the C-BGF is configured on the PDN gateway as well. Alternatively, the C-BGF function can be kept separate. Also, a separate I-BGF function can be provided for inter-provider peering. Alternatively, the I-BGF function can be part of the PDN gateway. A single consolidated policy and NAT control interface can be used that is DIAMETER based, which enables optimized message flows when the BGF is integrated with the gateway(s). Note that with this flow, as with the others detailed herein, RADIUS, TACACS, and DIAMETER protocols can be implemented or substituted with other protocols that can achieve the intended communications.
Note that the TISPAN architecture differentiates devices in the home network. The CNG is usually fixed to an access network, where no mobility is assumed for the CNG. Example embodiments include terminal equipment that is assumed to be mobile. It is desired to do handover between different access networks (e.g., to provide seamless connectivity throughout a house). A routed CNG typically does NAT operations and is generally represented by a single IP address in the access network. Multiple TEs can be “hidden” behind a single IP address. TE addressing can be subscriber controlled (e.g., where the CNG serves as a local DHCP server). One approach is to assume a bridged CNG/CPE for TEs that require mobility. Note that the CNG could be a hybrid (i.e., routed for some services, bridged for others). Alternatively, endpoint MIP support (host-based mobility) could be used.
In terms of the C-BGF and I-BGF functions, these represent packet-to-packet gateway elements (e.g., controlled by the SPDF; SPDF may be relaying AF instructions (from service layer)). These elements can also provide usage metering, allocation and translation of IP addresses and port numbers (network address port translation (NAPT)), and interworking between IPv4 and IPv6 networks (NAPT-PT). For the RCEF functions, these may include gate control (open/close gates), packet marking, resource allocation (per flow), policing of uplink/downlink traffic, and transcoding (optional). For C-BGF specific functions, these elements sit at boundaries between the access network and the core network and can offer hosted NAT traversal (latching).
For the I-BGF specific functions, these sit at a boundary between core networks and, further, may behave autonomously or under the control of the service layer (e.g., via RACS). The BGF functions can include packet marking, usage metering, and policing functions, which benefit from being provided by the I-BGF in the downlink direction, and the C-BGF in the uplink direction. Hosted NAT traversal can be provided by C-BGF. Functions that can be provided by either the C-BGF or the I-BGF include gate control, IPv4, and IPv6 interworking, transcoding (optional). While the home network can use BGF functions in the visited network (and ask the visited network to use them), the visited network could decide when to actually use these (and which C-BGF and I-BGF) for a flow (e.g., depending on where a flow originates and terminates (which networks)).
The CLF in the visited network (e.g., part of network element 14) could convey location information to the home network. The policy peering interface can be used for this. Peering can include the business relationship where ISPs reciprocally provide connectivity to each other's transit customers. The access network information can also easily be provided in this manner. Alternatively, the existing DIAMETER based e2 interface (TISPAN) can be used, however this could require an additional peering interface and infrastructure.
As noted earlier, network element 14 of
In terms of interfaces in the architecture, for the AF to PCRF interface, there is an Rx+Gq′ harmonization. For policy peering (PCRF to PCRF), the S9 (Gx/Rx and Ri′) interface is enhanced. For policy enforcement and delegation (PCRF to gateway), the S7 and S7a (Gx and Gxa) interface is enhanced. For AAA server peering (the AF/P-CSCF to PCRF), the Rx+Gq′ interface is enhanced.
The main additions to the Rx interface include binding information (NAT), latching indication (NAT), authorization lifetime support, IPTV package authorization, location Information transfer, and access network information transfer. In regards to the PCRF to PCRF [S9→S9+NAT+Location+Access S9], the S9 is an evolution of the Gx and/or Rx interface. There is a transfer of PCC information at the service data flow (SDF) level for the local breakout. There is also a transfer of QoS parameters and related packet filters for all other cases. There is also a transfer of control information. For the main additions to the S9 interface, there is NAT control (binding information and latching), transfer of location information, and transfer of access network information.
For the PCRF to PDN-gateway [S7→S7+NAT], the S7 interface is based on the Gx interface. There is also a transfer of PCC information at the SDF level and a transfer of access network and location information. The main additions to S7 include NAT control (binding information and latching). For the PCRF to the enhanced PDN gateway, there is an S7a→S7a+NAT+events+location+access. The S7a/b/c interface is based on the Gx interface. There is also a transfer of QoS parameters and related packet filters and a transfer of control information. The additions may include a transfer of network access and location information, location information query/response, and event notification (for P-CSCF interaction optimization for NASS bundled authentication and compatibility with e2). Also included are binding information (NAT) and related addressing information and address latching (NAT).
For the PCRF to I-BGF exchanges, there is a new S7d reference point similar to the evolved S7 interface (PCRF-PDN gateway). This can be based on the Gx interface and there is a transfer of PCC information at the SDF level. Also provided is NAT control (binding information and latching). Contrary to S7, there is no need for a transfer of access network and location information.
For AAA interactions [Ta* considerations], the Ta* connects the trusted non-3GPP IP access with the 3GPP AAA server/proxy and transports access authentication, authorization, mobility parameters and charging-related information in a secure manner. The Ta* resembles the TISPAN e5 (UAAF to UAAF) reference point from a functional point of view (AAA-proxy interface).
Typically, the PCRF may use the subscription information as a basis for the policy and charging control decisions. The subscription information may apply for both session-based and non-session based services. The PCRF can maintain session linking to the sessions where the assigned care of address (CoA) and user equipment (UE) identity (if available over Gxx) are equal. The AF can be an element offering applications that require dynamic policy and/or charging control. The AF can communicate with the PCRF to transfer dynamic session information. The AF may receive an indication that the service information is not accepted by the PCRF together with service information that the PCRF would accept. In that case, the AF can reject the service establishment towards the UE. If possible, the AF forwards the service information to the UE that the PCRF would accept.
An AF may communicate with multiple PCRFs. The AF can contact the appropriate PCRF based on either: 1) the end user IP address; and/or 2) a user equipment (UE) identity for which the AF is aware. In case of a private IP address being used for the end user, the AF may send additional PDN information (e.g., PDN ID) over the Rx interface. This PDN information can be used by the PCRF for session binding, and it can be used to help select the correct PCRF. For certain events related to policy control, the AF can be able to give instructions to the PCRF to act on its own. The AF may use bearer level information in the AF session signaling or adjust the bearer level event reporting. The AF may request the PCRF to report on the signaling path status for the AF session. The AF can cancel the request when the AF ceases handling the user.
Both network element 14 and PCRF 18 are network elements that facilitate service flows between endpoints and a given network (e.g., for networks such as those illustrated in
In one example implementation, network element 14 is an edge gateway that includes software for achieving some or all of the functionalities outlined herein. Network element 14 may include A-RACF and, further, provide the control and general processing mechanisms as outlined herein. The SPDF, which can reside in PCRF 18, can send instructions to network element 14 (C-BGF) for setting up the NAT traversal. The C-BGF informs the PCRF about the NAT binding to use and the PCRF can tell the AF about this activity. From an enforcement perspective, network element 14 can control those activities. In one example, PCRF 18 is a network element that includes software to achieve the control and general processing mechanisms outlined herein in this document. In other embodiments, this feature may be provided external to the network elements or included in some other network device to achieve these intended functionalities. Alternatively, both network element 14 and PCRF 18 include this software (or reciprocating software) that can coordinate in order to achieve the operations outlined herein. In still other embodiments, one or both of these devices may include any suitable algorithms, hardware, software, components, modules, interfaces, or objects that facilitate the operations thereof.
Each of these components (network element 14 and PCRF 18) can also include memory elements for storing information to be used in achieving the control and general processing mechanisms outlined herein. Additionally, each of these devices may include a processor that can execute software (e.g., logic) or an algorithm to perform the activities discussed in this Specification. These components may further keep information in any suitable memory element such as a random access memory (RAM), read only memory (ROM), erasable programmable ROM (EPROM), electronically erasable PROM (EEPROM), application specific integrated circuit (ASIC), software, hardware, or in any other suitable component, device, element, or object where appropriate and based on particular needs.
Returning to the flow of
In regards to example embodiments that offer a visited network BGF control using policy peering, this could involve extending the policy peering interface (e.g., S9) between the home and visited network with a BGF control. In particular, this could involve NAT control. Dynamically created mapping entries (or “bindings”) are typically maintained by a NAT element with a timer. If no packets that use the mapping are received by the NAT within a certain time window, then the binding is removed from the NAT element and the address is returned to a NAT pool. NAT elements can manage address mapping in numerous ways such as outlined herein.
From a protocol point of view, the 3GPP S9 interface could include the following example NAT control functionalities (similar to the Gx enhancements proposed herein). The first functionality could involve a request of the NAT binding (two endpoints/terminations, each containing an IP address, port, and IP version) to receive and to transmit the media flows (where information about the allocated bindings could be returned to the requester). The second functionality could indicate, in the NAT binding request, the remote source and destination media parameters for each media flow, including possible wildcarding of specific media parameters (in case the information is not known by the controlling node). The third example functionality could indicate, in the NAT binding request, the IP address/port latching for specific terminations (if the information cannot be retrieved from signaling data, the data is known to be incorrect, etc.).
The fourth example functionality could indicate, in the NAT binding request, the media transport protocol (RTP, T.38, MSRP, etc.) for each media flow in order for the BGF to be able to perform protocol specific functions (e.g., dual-port reservation for RTP/RTCP, proper statistics collection, etc.). The fifth example functionality could indicate, in the NAT binding request, if the media flow is uni- or bidirectional (in case of unidirectional, also indicate the specific direction). The sixth example functionality could request mid-session modification of media parameters, including a possible request for new IP address/port latching.
Additionally, in certain examples, resource state synchronization features provided by the la interface parts of the S9 interface enhancements could include reporting of the BGF state change (due to rebooting, network failure, hardware failure, etc.), and requesting and reporting of the current BGF resource state. The S9 enhancements enable the policy infrastructure in the home network to communicate with (and control) the BGF functions in the visited network and, in particular, to have the visited network perform NAT control and interconnect using an I-BGF. This can enable the efficient use of a local breakout of traffic in the visited network, while gaining access to services such as v4/v6 translation in the visited network. It can also allow for interconnect scenarios that involve I-BGF elements in the networks, where the users actually are currently. Furthermore, when the users are in the same networks, it allows for bypassing of those (unnecessary) I-BGF elements and usage of the local C-BGF functions.
A second example implementation involves selecting a C-BGF and/or I-BGF function to use when the originating and/or terminating user is roaming and a local breakout is being used. The visited network PCRF can control the use and selection of BGF functions in the visited network, which shields the home network from not only which C-BGF and possibly I-BGF is being used, but also whether one, both, or none of these elements will actually be used. The home PCRF can request use of the NAT features from the visited PCRF and the visited PCRF, in turn, decides which C-BGF and/or I-BGF element(s) to use. In the example case where the C-BGF is combined with the access router, optimal C-BGF selection from a routing point of view is simplistic.
Fundamentally, the PCRFs can decide whether the originating and terminating users reside in the same network. If they do not, the I-BGF functionality may be invoked in the originating and terminating network (e.g., for a distributed Session Border Controller (SBC), where the I-BGF represents the data path part). If the users reside in the same network, the I-BGF functionality would not be invoked. This problem can be alleviated as follows. First, on the terminating side, the PCRF can examine the IP address information received from the originating side and decide whether the originating and terminating user reside in the same network. If they do, the I-BGF functionality is not used. Otherwise, it is used and the I-BGF selection can be based on the IP addressing information received coupled with the IP routing information. Second, on the originating side, the PCRF does not know where the terminating user resides and, hence, whether to use I-BGF functionality or not for the call (let alone which I-BGF to actually use). The policy exchange can be enhanced between the Application Function (e.g., P-CSCF) and the PCRF with an indication as to whether a single stage exchange is performed, or if a two-stage, policy exchange can be used. In a single stage exchange, it is difficult to change the addressing information provided initially and, hence, an I-BGF can be inserted initially as a cautionary measure.
The I-BGF could then be chosen to be close to the user equipment in order to minimize the effect of using it if not ultimately needed. An example use case for this would be a regular Session Initiation Protocol (SIP) setup that does not involve SIP preconditions (i.e., there is a single offer/answer exchange). In a two-stage exchange, it is possible to change the IP addressing information after the first exchange. Once the originating side receives the terminating side IP addressing information, it can follow a similar approach as the terminating side in deciding whether to use an I-BGF, and which I-BGF to select for the call.
Example embodiments can offer several advantages such as allowing for local breakout in the visited network while supporting use of hosted NAT functions such as v4/v6 translation services. It can further allow the visited network to completely control whether C-BGF and/or I-BGF is to be used, as well as which BGF elements to actually use. Further, certain embodiments can avoid the need for the home provider network to have to know about the internal BGF structure and elements in the visited network ahead of time. This can enable the visited network to maintain some privacy/confidentiality in terms of how many BGF elements it has, where they reside, and whether they are C-BGFs or I-BGFs. Example arrangements can also enable optimal use of BGF elements by only using them when they are needed. Moreover, example embodiments can enable the AF to assist the PCC infrastructure with deciding whether to use a BGF, rather than being overly cautious and blindly using an I-BGF on the originating side.
In regards to the NAT traversal support aspect of example embodiments, on the mobile side, the C-BGF functionality can be added to the PDN GW, where the existing S7/Gx policy interface can be expanded to include the NAT control functions provided by the la interface. There are several advantages to such an implementation. For example, by having the PDN GW and the C-BGF in the same element, use of the NAT functions (e.g., for v4/v6 translation) does not introduce unnatural routing paths since the traffic will traverse the PDN GW. Additionally, with the PDN GW and C-BGF [potentially] in the same element, the number of message interactions can be minimized by providing the policy and NAT control functionality over a single interface.
In more specific examples, the DIAMETER-based Gx PCC interface can be extended with the NAT features provided by the la interface. The interface can request (e.g., via NAT binding) [two endpoints/terminations, each containing an IP address, port and IP version] the information outlined above. On the wireline side, the C-BGF can leverage the evolved interfaces defined for the mobile side, where the C-BGF could be included in network element 14. This could include using the same 3GPP Gx/Gxa PCC interface enhanced with the NAT features defined for a combined PDN GW/BGF when mobility services provided by the PDN GW are not used. This provides a similar set of benefits as for the mobile side in terms of avoiding unnatural routing paths and more efficient interactions via a single consolidated interface. Furthermore, from a wireless/wireline converged architecture point of view, there is the benefit of having the same functions and interfaces to the wireline and the wireless access networks.
Note that the C-BGF function can be provided on both the wireline side as well as in the PDN GW to allow for routing in the network. Wireline devices that do not use mobility services will not have their traffic traverse the PDN GW. For full convergence, the I-BGF functional element can be introduced. In terms of strategic interfaces, in example embodiments, the same strategy with a single consolidated policy interface (S7d) based on the 3GPP Gx PCC interface, can be employed with enhancements for the NAT features provided by the la interface.
In regards to a selective network-based mobility invocation, one example embodiment involves defining network element 14 to include a mobile access gateway (MAG) function (e.g., as defined by PMIPv6). The network element could further include (or be coupled to) a foreign agent [FA]. In one example, the MAG is invoked selectively based on the device requesting an IP address, as opposed to unconditionally for all devices requesting an IP address. Devices that require the IP mobility services can therefore invoke the MAG, which in turn will interact with the PDN gateway (GW) in order to obtain an IP address for the device and, further, establish the IP mobility binding and tunneling with the PDN GW. Devices that do not require IP mobility services will not invoke the MAG and, hence, an IP address will be assigned locally on network element 14, where IP mobility overhead is avoided.
The decision as to whether IP mobility services are even needed can be performed in several different ways. For example, network element 14 may interact with an AAA infrastructure (or policy infrastructure) when the device (or user) requests an IP address, and the decision of whether mobility services are required can be based on the authorization data received back from the AAA server (or PCRF). Alternatively, the decision of whether mobility services are required can be based on identifiers derived from the access network (e.g., physical line-ID, NAS-port-ID, etc.). These could be received, for example, via DHCP-Option-82 or through a PPPoE tag. In still other examples, the device itself may indicate whether it requires mobility services. For example, if the device uses DHCP to obtain an IP address, then a DHCP option could be used to indicate whether IP mobility services are needed. If PPP is being used, then a PPP option may be used instead.
Other examples, where multiple service gateways are available to the access device over a single layer-2 access domain (e.g., one gateway supports IP-mobility services, while another gateway provides access to the local IPTV service network) and DHCP is used, the DHCP server could send down option-121 information as part of the IP address assignment procedure. This information identifies the IP address ranges, subnets, and next-hop IP gateways for each service to which that user has access. Hence, the access device could select the appropriate exit point/gateway using a routing decision and implicitly decide whether to use a mobility enabled service or not (i.e., using local breakout to access an IPTV service). Note that this scenario assumes that the address of the access device is assigned by the PDN GW, and address-ranges are partitioned as service specific.
The approaches outlined above can provide several advantages such as offering a more efficient use of overall network resources, which includes reduced overall usage of the IP mobility infrastructure by only invoking the MAG and PDN GW for devices that truly need and/or can use IP mobility. The architecture also offers less overall bandwidth usage by not routing packets to the PDN GW and by avoiding tunnel overhead between the MAG and PDN GW for devices that do not need IP mobility. It can also offer less delay for devices that do need IP mobility by avoiding routing to the PDN GW (which can serve as the Local Mobility Anchor [LMA]).
One assumption in example scenarios is that when the mobile device requests an IP address, it is actually provided by network element 14. This is not automatically the case. In particular, when a Network Address Translator (NAT) is deployed between user equipment and network element 14, then the IP address will be assigned by the NAT instead (e.g., customer network gateway), and network-based IP mobility services for that user equipment will not be invoked. In order to address this and still allow for efficient use of IPv4 addresses provided by the service provider, hybrid NATs could be used. A hybrid NAT can operate in routed mode for some devices and bridged mode for other devices. In routed mode, the NAT assigns a local IP address to the user equipment, whereas in bridged mode, the NAT allows the IP address to be assigned externally. The hybrid NAT can make this determination based on: 1) provisioned device information; and 2) a DHCP option, which informs the hybrid NAT of whether a local (routed mode) or remote (bridged mode) IP address could be assigned. The DHCP option used could be the same as that used by network element 14 to determine whether IP mobility services are needed.
An alternative solution to some of these challenges is to use an evolved Packet Data Gateway (ePDG) function. User equipment could establish an IPSec Security Association (possibly through a NAT) with the ePDG, and the ePDG would in turn invoke network-based mobility (PMIPv6) to the PDN GW. This could provide the IP mobility services for that particular user equipment. Such a solution would also work through NATs (provided IPSec is run on top of UDP) and, it would be an easy way to ensure that only devices that need mobility services would get them. In terms of the IPv4, UDP, IPSec ESP, IPv4, and payload issues, in one example implementation the following overhead is incurred: IPv4 header (20 bytes), UDP header (8 bytes), and IPSec ESP (12+bytes) for each packet (40+bytes).
The RCEF functions can include gate control (open/close gates), packet marking, resource allocation (per flow), policing of uplink/downlink traffic, and transcoding (which may be optional). The C-BGF can sit at the boundary between the access network and the core network and perform hosted NAT Traversal (latching). The I-BGF can sit at a boundary between core networks and, further, it may behave autonomously or under the control of the service layer (via RACS).
Note that with the examples provided herein, interaction may be described in terms of two, three, four, or more network elements. However, this has been done for purposes of clarity and example only. In certain cases, it may be easier to describe one or more of the functionalities of a given set of flows by only referencing a limited number of network elements. It should be appreciated that communication system 10 (and its teachings) are readily scalable and can accommodate a large number of components, as well as more complicated or sophisticated arrangements and configurations. Accordingly, the examples provided should not limit the scope or inhibit the broad teachings of communication system 10 as potentially applied to a myriad of other architectures. Note also that the teachings discussed herein can readily be applied to wireless and femto access points and their respective environments.
It is also important to note that the steps described with reference to the preceding FIGURES illustrate only some of the possible scenarios that may be executed by, or within, communication system 10. Some of these steps may be deleted or removed where appropriate, or these steps may be modified or changed considerably without departing from the scope of the discussed concepts. In addition, a number of these operations have been described as being executed concurrently with, or in parallel to, one or more additional operations. However, the timing of these operations may be altered considerably. The preceding operational flows have been offered for purposes of example and discussion. Substantial flexibility is provided by communication system 10 in that any suitable arrangements, chronologies, configurations, and timing mechanisms may be provided without departing from the teachings of the discussed concepts.
Numerous other changes, substitutions, variations, alterations, and modifications may be ascertained to one skilled in the art and it can be intended that the discussed concept encompass all such changes, substitutions, variations, alterations, and modifications as falling within the scope of the appended claims. In order to assist the United States Patent and Trademark Office (USPTO) and, additionally, any readers of any patent issued on this application in interpreting the claims appended hereto, Applicant wishes to note that the Applicant: (a) does not intend any of the appended claims to invoke paragraph six (6) of 35 U.S.C. section 112 as it exists on the date of the filing hereof unless the words “means for” or “step for” are specifically used in the particular claims; and (b) does not intend, by any statement in the specification, to limit this invention in any way that is not otherwise reflected in the appended claims.