CN110086839B

CN110086839B - Dynamic access method and device for remote equipment

Info

Publication number: CN110086839B
Application number: CN201810077566.2A
Authority: CN
Inventors: 姚琦
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2018-01-26
Filing date: 2018-01-26
Publication date: 2020-08-07
Anticipated expiration: 2038-01-26
Also published as: WO2019144719A1; CN110086839A

Abstract

The application provides a dynamic access method and a dynamic access device for remote equipment. The method comprises the following steps: when the terminal determines that the MAC address in the unrecorded data packet is a new remote device, that is, a remote device that does not access the terminal, the terminal sends a session modification request message to the session management network element, and if the terminal receives an indication message sent by the session management network element to indicate that the session modification is successful, the terminal records the MAC address. Therefore, the remote equipment which dynamically applies for access is accessed to the terminal, and the method is flexible.

Description

Dynamic access method and device for remote equipment

Technical Field

The present application relates to the field of mobile communications technologies, and in particular, to a dynamic access method and apparatus for a remote device.

Background

In the communication scene of the internet of things, a terminal device may not have an Internet Protocol (IP) address, and especially for a traditional industrial device, ethernet two-layer communication is mostly adopted. In the world of everything interconnection, these devices need to be connected with an external network for information exchange and communication, so as to realize intelligent identification, positioning, tracking, monitoring and management of articles. In addition, home products are closely related to diet and entertainment of human beings, smart homes get more and more attention in recent years, each type of home products may come from different manufacturers and adopt different standards, the communication between the home products and the home products is incompatible, and a terminal in a bridge mode is needed to connect remote devices, so that intelligent hardware upgrading and interconnection between intelligent hardware are realized. For each remote device behind the terminal, how to access and perform data transmission becomes a problem to be solved first.

Currently, an access method of a remote device is generally provided, when a terminal establishes a session, an MAC address of the remote device accessed to the terminal is authorized to be allocated to each network element in a network, and each subsequent network element realizes forwarding or processing of a data packet or signaling of the remote device based on the authorized MAC address.

The scheme is only suitable for the fixed scene of the remote equipment, and cannot dynamically access new remote equipment, so that the scheme is not flexible enough.

Disclosure of Invention

The application provides a dynamic access method and a dynamic access device of remote equipment, which are used for realizing dynamic access of new remote equipment on a terminal.

In a first aspect, the present application provides a dynamic access method for a remote device, where the method includes: a terminal receives a data packet from a remote device, wherein the data packet comprises a Media Access Control (MAC) address of the remote device; if the terminal does not record the MAC address, sending a session modification request message to a session management network element, wherein the session modification request message comprises the MAC address; the terminal receives an indication message from a session management network element, wherein the indication message is used for indicating that the session modification is successful; and the terminal records the MAC address.

When the terminal determines that the MAC address in the unrecorded data packet is a new remote device, that is, a remote device that does not access the terminal, the terminal sends a session modification request message to the session management network element to request modification of the session, and if the terminal receives an indication message sent by the session management network element to indicate that the session modification is successful, the terminal records the MAC address. Therefore, the remote equipment which dynamically applies for access is accessed to the terminal, and the method is flexible.

In a possible implementation manner, the recording, by the terminal, the MAC address includes: the terminal adds the MAC address into an MAC address list, wherein the MAC address list comprises at least one MAC address, one MAC address corresponds to one remote device, and one remote device corresponds to at least one MAC address.

In another possible implementation manner, the recording, by the terminal, the MAC address includes: the terminal records the corresponding relation between the identifier of the terminal and the MAC address.

In another possible implementation manner, the recording, by the terminal, the MAC address includes: and the terminal records the corresponding relation between the identification of the remote equipment and the MAC address.

In a second aspect, the present application provides a dynamic access method for a remote device, where the method includes: a terminal receives a data packet from a remote device, wherein the data packet comprises an MAC address of the remote device; the terminal sends the data packet to the user plane network element; the terminal receives an indication message from the session management network element, wherein the indication message is used for indicating that the session modification is successful; the terminal records the MAC address.

The terminal receives a data packet sent by the remote equipment, sends the data packet to the user plane network element, when the user plane network element determines that the MAC address in the data packet is not recorded, the session management network element is triggered to modify the session, if the session management network element modifies the session successfully, an indication message for indicating that the session is modified successfully is sent to the terminal, and after the terminal receives the indication message sent by the session management network element, the MAC address is recorded. Therefore, the remote equipment which dynamically applies for access is accessed to the terminal, and the method is flexible.

In one possible implementation, the terminal records the MAC address, including: the terminal adds the MAC address into an MAC address list, wherein the MAC address list comprises at least one MAC address, one MAC address corresponds to one remote device, and one remote device corresponds to at least one MAC address.

In a third aspect, the present application provides a dynamic access method for a remote device, where the method includes: firstly, a session management network element receives a session modification request message from a terminal, wherein the session modification request message comprises a session identifier of the terminal and an MAC address of a remote device; or, the session management network element receives a notification message from the user plane network element, where the notification message includes an identifier of a session of the terminal and an MAC address of the remote device, and the notification message is used to notify that the session is modified; then, the session management network element generates a forwarding rule according to the MAC address and the session identifier, and sends the forwarding rule to the user plane network element.

In the method, when the session management network element receives the session modification request message of the terminal or receives the notification message of the user plane network element, it can be determined that the relevant information of the session needs to be modified according to the MAC address carried in the session modification request message or the notification message, and then the session management network element generates a new forwarding rule according to the MAC address and the session identifier and sends the new forwarding rule to the user plane network element. Therefore, the MAC address of the remote equipment which dynamically applies for access is sent to the corresponding network element, such as a user plane network element, so that the data packet sent by the remote equipment corresponding to the MAC address can be processed subsequently, and the method is flexible.

In a possible implementation manner, the generating, by the session management network element, a forwarding rule according to the MAC address and the identifier of the session includes: and the session management network element generates a forwarding rule according to the identifier of the downlink tunnel corresponding to the identifier of the session and the MAC address, wherein the forwarding rule is a corresponding relation between the MAC address and the identifier of the downlink tunnel.

The specific implementation mode for generating the forwarding rule is provided, and the mode is simple and easy to implement.

In a possible implementation manner, the method further includes: and the session management network element records the corresponding relation between the identifier of the downlink tunnel corresponding to the identifier of the session and the MAC address.

Therefore, the session management network element can manage the remote device corresponding to the MAC address according to the MAC address.

In a possible implementation manner, the method further includes: and the session management network element sends the MAC address to the policy control network element.

Therefore, the policy control network element can manage the remote device corresponding to the MAC address according to the MAC address.

In a possible implementation manner, the method further includes: the session management network element sends an authentication request message to an authentication server, wherein the authentication request message is used for requesting to authenticate the remote equipment; and the session management network element receives an authentication response message from the authentication server, wherein the authentication response message is used for indicating the success of authentication.

In the method, the session management network element also requests the authentication server to authenticate the remote equipment corresponding to the MAC address, and only when the authentication is successful, the remote equipment is determined to be accessed and the MAC address is recorded, so that the security during communication is improved.

In one possible implementation, the authentication request message includes a MAC address, and the MAC address is used for authenticating the remote device; or, if the session modification request message includes the identifier of the remote device or the notification message includes the identifier of the remote device, the authentication request message includes the MAC address and the identifier of the remote device, and the identifier of the remote device is used to authenticate the remote device.

Two authentication methods are provided, one is to authenticate the remote device by using the MAC address, and the other is to authenticate the remote device by using the identifier of the remote device, one can be selected according to the actual situation, and the method is flexible.

In a fourth aspect, the present application provides a dynamic access method for a remote device, where the method includes: a session management network element receives a session modification request message from a terminal, wherein the session modification request message comprises a session identifier of the terminal and a Media Access Control (MAC) address of a remote device; or, the session management network element receives a notification message from the user plane network element, where the notification message includes an identifier of a session of the terminal and an MAC address of the remote device, and the notification message is used to notify that the session is modified; and the session management network element sends an indication message to the terminal, wherein the indication message is used for indicating that the session modification is successful.

When the session management network element receives the session modification request message of the terminal or receives the notification message of the user plane network element, it can be determined that the related information of the session needs to be modified according to the MAC address carried in the session modification request message or the notification message, and further, the session management network element sends an indication message to the terminal for indicating that the session modification is successful, so that the terminal can record the MAC address, thereby implementing the access of the remote device which dynamically applies for the access to the terminal, and the method is more flexible.

In a fifth aspect, the present application provides a dynamic access method for a remote device, where the method includes: a session management network element receives a session modification request message from a terminal, wherein the session modification request message comprises a session identifier of the terminal and a Media Access Control (MAC) address of a remote device; or, the session management network element receives a notification message from the user plane network element, where the notification message includes an identifier of a session of the terminal and an MAC address of the remote device, and the notification message is used to notify that the session is modified; the session management network element sends an authentication request message to an authentication server, wherein the authentication request message is used for requesting to authenticate the remote equipment; the session management network element receives an authentication response message from the authentication server, wherein the authentication response message is used for indicating that the authentication is successful; and the session management network element generates a forwarding rule according to the identifier of the downlink tunnel corresponding to the identifier of the session and the MAC address.

When the session management network element receives a session modification request message of a terminal or receives a notification message of a user plane network element, it can be determined that the relevant information of a session needs to be modified according to an MAC address carried in the session modification request message or the notification message, the session management network element requests an authentication server to authenticate the remote equipment corresponding to the MAC address, and if the authentication is passed, the session management network element generates a new forwarding rule according to the MAC address and the session identifier and sends the new forwarding rule to the user plane network element. Therefore, the MAC address of the remote equipment which dynamically applies for access is sent to the corresponding network element, such as a user plane network element, so that the data packet sent or received by the remote equipment corresponding to the MAC address can be processed subsequently, and the method is flexible.

In a possible implementation manner, the generating, by the session management network element, a forwarding rule according to the MAC address and the identifier of the session includes: and the session management network element generates a forwarding rule according to the identifier of the downlink tunnel corresponding to the identifier of the session and the MAC address, wherein the forwarding rule is the corresponding relation between the MAC address and the identifier of the downlink tunnel.

Two authentication methods are given above, one is to authenticate the remote device by using the MAC address, and the other is to authenticate the remote device by using the identifier of the remote device, and one may be selected according to actual situations.

In a sixth aspect, the present application provides a dynamic access method for a remote device, where the method includes: a user plane network element receives a data packet from a terminal through an uplink tunnel, wherein the data packet comprises a Media Access Control (MAC) address of remote equipment; the user plane network element determines the identification of the session of the terminal according to the identification of the uplink tunnel and the corresponding relation between the identification of the uplink tunnel and the identification of the session of the terminal; if the user plane network element does not record the MAC address, sending a notification message to a session management network element, wherein the notification message comprises the MAC address and a session identifier and is used for notifying the modification of the session; and the user plane network element receives a forwarding rule from the session management network element, wherein the forwarding rule is the corresponding relation between the identifier of the downlink tunnel corresponding to the identifier of the session and the MAC address.

In one possible implementation manner, the method further includes: and the user plane network element determines that the MAC address in the data packet is not recorded in the MAC address associated with the identifier of the downlink tunnel corresponding to the identifier of the session.

That is, the user plane network element determines the identifier of the downlink tunnel corresponding to the identifier of the session according to the identifier of the session; and determining the MAC address associated with the identifier of the downlink tunnel according to the identifier of the downlink tunnel, and then judging whether the MAC address associated with the identifier of the downlink tunnel comprises the MAC address carried in the data packet, if so, indicating that the user plane network element records the MAC address in the data packet, and if not, indicating that the user plane network element does not record the MAC address in the data packet.

In a seventh aspect, the present application provides an apparatus, which may be a terminal or a chip. The apparatus has the function of implementing the embodiments of the first aspect described above. The function can be realized by hardware, and can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the functions described above.

In an eighth aspect, the present application provides an apparatus comprising: a processor and a memory; the memory is configured to store instructions, and when the apparatus is executed, the processor executes the instructions stored in the memory, so as to cause the apparatus to perform the dynamic access method of the remote device in the first aspect or any implementation method of the first aspect. It should be noted that the memory may be integrated into the processor or may be independent from the processor.

In a ninth aspect, the present application provides an apparatus, which includes a processor, configured to couple with a memory, read an instruction in the memory, and execute a dynamic access method of a remote device in any implementation method of the first aspect or the first aspect according to the instruction.

In a tenth aspect, the present application provides an apparatus, which may be a terminal or a chip. The apparatus has the function of implementing the embodiments of the second aspect described above. The function can be realized by hardware, and can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the functions described above.

In an eleventh aspect, the present application provides an apparatus comprising: a processor and a memory; the memory is configured to store instructions, and when the apparatus is running, the processor executes the instructions stored in the memory, so as to cause the apparatus to perform the dynamic access method of the remote device in the second aspect or any implementation method of the second aspect. It should be noted that the memory may be integrated into the processor or may be independent from the processor.

In a twelfth aspect, the present application provides an apparatus, which includes a processor, which is coupled to a memory, and configured to read an instruction in the memory and execute a dynamic access method of a remote device in any implementation method of the second aspect or the second aspect according to the instruction.

In a thirteenth aspect, the present application provides an apparatus, which may be a session management network element or a chip. The apparatus has a function of realizing the embodiments of the third aspect described above. The function can be realized by hardware, and can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the functions described above.

In a fourteenth aspect, the present application provides an apparatus comprising: a processor and a memory; the memory is configured to store instructions, and when the apparatus is running, the processor executes the instructions stored in the memory, so as to cause the apparatus to perform a dynamic access method of a remote device in any implementation method of the third aspect or the third aspect. It should be noted that the memory may be integrated into the processor or may be independent from the processor.

In a fifteenth aspect, the present application provides an apparatus, which includes a processor, configured to couple with a memory, read an instruction in the memory, and execute a dynamic access method of a remote device in any implementation method of the third aspect or the third aspect according to the instruction.

In a sixteenth aspect, the present application provides an apparatus, which may be a session management network element or a chip. The apparatus has a function of realizing the embodiments of the fourth aspect described above. The function can be realized by hardware, and can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the functions described above.

In a seventeenth aspect, the present application provides an apparatus comprising: a processor and a memory; the memory is configured to store instructions, and when the apparatus is running, the processor executes the instructions stored in the memory, so as to cause the apparatus to perform the dynamic access method of the remote device in any implementation method of the fourth aspect or the fourth aspect. It should be noted that the memory may be integrated into the processor or may be independent from the processor.

In an eighteenth aspect, the present application provides an apparatus, which includes a processor, which is coupled to a memory, and configured to read an instruction in the memory and execute a dynamic access method of a remote device in any implementation method of the fourth aspect or the fourth aspect according to the instruction.

In a nineteenth aspect, the present application provides an apparatus, which may be a session management network element or a chip. The apparatus has the function of implementing the embodiments of the fifth aspect described above. The function can be realized by hardware, and can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the functions described above.

In a twentieth aspect, the present application provides an apparatus comprising: a processor and a memory; the memory is configured to store instructions, and when the apparatus is running, the processor executes the instructions stored in the memory, so as to cause the apparatus to perform the dynamic access method of the remote device in any implementation method of the fifth aspect or the fifth aspect. It should be noted that the memory may be integrated into the processor or may be independent from the processor.

In a twenty-first aspect, the present application provides an apparatus, which includes a processor, which is coupled to a memory, and configured to read an instruction in the memory and execute a dynamic access method of a remote device in any implementation method of the fifth aspect or the fifth aspect according to the instruction.

In a twenty-second aspect, the present application provides an apparatus, which may be a user plane network element or a chip. The apparatus has a function of realizing the embodiments of the above-described sixth aspect. The function can be realized by hardware, and can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the functions described above.

In a twenty-third aspect, the present application provides an apparatus comprising: a processor and a memory; the memory is configured to store instructions, and when the apparatus is running, the processor executes the instructions stored in the memory, so as to cause the apparatus to perform the dynamic access method of the remote device in any implementation method of the sixth aspect or the sixth aspect. It should be noted that the memory may be integrated into the processor or may be independent from the processor.

In a twenty-fourth aspect, the present application provides an apparatus, which includes a processor, which is coupled to a memory, and configured to read an instruction in the memory and execute a dynamic access method of a remote device in any implementation method of the above-mentioned sixth aspect or sixth aspect according to the instruction.

In a twenty-fifth aspect, the present application further provides a system, where the system includes a session management network element, and the session management network element is configured to perform the steps performed by the session management network element in any one of the methods of the third aspect, the fourth aspect, the fifth aspect, the third aspect, the fourth aspect, and the fifth aspect. In a possible design, the system may further include a user plane network element, where the user plane network element may be configured to perform the steps performed by the user plane network element in any one of the methods of the sixth aspect and the sixth aspect or in the scheme provided in the embodiment of the present invention. In a possible design, the system may further include other devices, such as a terminal, and the like, interacting with the session management network element and/or the user plane network element in the solution provided in the embodiment of the present invention.

In a twenty-sixth aspect, the present application further provides a computer-readable storage medium having a program or instructions stored thereon, which when run on a computer, causes the computer to perform the method of the above-mentioned aspects.

In a twenty-seventh aspect, the present application further provides a computer program product comprising instructions which, when run on a computer, cause the computer to perform the method of the above aspects.

These and other aspects of the present application will be more readily apparent from the following description of the embodiments.

Drawings

FIG. 1(a) is a schematic diagram of a possible network architecture provided herein;

FIG. 1(b) is a schematic diagram of another possible network architecture provided herein;

fig. 2 is a schematic diagram illustrating a dynamic access method of a remote device according to the present application;

fig. 3 is a schematic diagram illustrating a dynamic access method of a remote device according to another embodiment of the present disclosure;

FIG. 4 is a schematic view of an apparatus provided herein;

FIG. 5 is a schematic view of yet another apparatus provided herein;

FIG. 6 is a schematic view of yet another apparatus provided herein;

fig. 7 is a schematic diagram of a terminal provided in the present application;

fig. 8 is a schematic view of yet another apparatus provided herein.

Detailed Description

In order to make the objects, technical solutions and advantages of the present application more clear, the present application will be further described in detail with reference to the accompanying drawings. The particular methods of operation in the method embodiments may also be applied to apparatus embodiments or system embodiments. In the description of the present application, unless otherwise specified, "a plurality" means two or more, and "/" means "or".

The network architecture and the service scenario described in the embodiment of the present application are for more clearly illustrating the technical solution of the embodiment of the present application, and do not form a limitation on the technical solution provided in the embodiment of the present application, and as a person of ordinary skill in the art knows that along with the evolution of the network architecture and the appearance of a new service scenario, the technical solution provided in the embodiment of the present application is also applicable to similar technical problems.

Fig. 1(a) is a schematic diagram of a possible network architecture applicable to the present application. The network architecture includes a session management network element and a user plane network element. Optionally, the network architecture further comprises a terminal. Further, the network architecture may also include a remote device.

The session management network element is mainly used for session management in the mobile network, such as session establishment, modification and release. The specific functions include allocating an IP address to a user, selecting a user plane functional network element providing a message forwarding function, and the like. In 5G, the session management network element may be a Session Management Function (SMF) network element, and certainly, in future communication, for example, in 6th generation (6G), the session management network element may still be an SMF network element or have another name, which is not limited in this application.

The user plane network element is mainly responsible for processing user messages, such as forwarding, charging and the like. In 5G, the network slice selection network element may be a User Plane Function (UPF) network element, and certainly, in future communication, for example, in 6G, the user plane network element may still be a UPF network element or have another name, which is not limited in this application.

A terminal is a device with relay capability, and may be, for example, a relay user equipment (relay UE), a bridge user equipment (bridge UE), or the like.

The remote device may access the network through a terminal having a relay capability, for example, a remote user equipment (remote UE) or the like.

Based on the network architecture shown in fig. 1(a), the present application can implement dynamic access of a remote device, specifically, access of the remote device to a terminal and a core network. Specifically, the session management network element and the user plane network element in the present application may have the following functions.

Firstly, a session management network element receives a session modification request message from a terminal, wherein the session modification request message comprises a session identifier of the terminal and an MAC address of a remote device; or, the session management network element receives a notification message from the user plane network element, where the notification message includes an identifier of a session of the terminal and an MAC address of the remote device, and the notification message is used to notify that the session is modified; then, the session management network element generates a forwarding rule according to the MAC address and the session identifier, and sends the forwarding rule to the user plane network element.

When the session management network element receives a session modification request message of a terminal or receives a notification message of a user plane network element, it can be determined that the relevant information of the session needs to be modified according to the MAC address carried in the session modification request message or the notification message, and then the session management network element generates a new forwarding rule according to the MAC address and the identifier of the session and sends the new forwarding rule to the user plane network element. Therefore, the MAC address of the remote equipment which dynamically applies for access is sent to the corresponding network element, such as a user plane network element, so that the data packet sent or received by the remote equipment corresponding to the MAC address can be processed subsequently, and the method is flexible.

A user plane network element, configured to receive a data packet from a terminal through an uplink tunnel, where the data packet includes a media access control MAC address of a remote device; determining the identifier of the session of the terminal according to the identifier of the uplink tunnel and the corresponding relation between the identifier of the uplink tunnel and the identifier of the session of the terminal; if the user plane network element does not record the MAC address, sending a notification message to a session management network element, wherein the notification message comprises the MAC address and a session identifier and is used for notifying the modification of the session; and receiving a forwarding rule from the session management network element, wherein the forwarding rule is the corresponding relation between the identifier of the downlink tunnel corresponding to the identifier of the session and the MAC address.

Fig. 1(b) is a schematic diagram of another possible network architecture provided by the present application. The network architecture is added with a part of other network elements on the basis of the network architecture shown in fig. 1 (a).

In fig. 1(b), the SMF network element and the UPF network element are a specific example of the session management network element and the user plane network element shown in fig. 1(a), respectively. Also, fig. 1(b) exemplarily shows 4 remote devices, namely, a remote device 1, a remote device 2, a remote device 3, and a remote device 4. The remote device 1-the remote device 3 are remote devices fixedly connected to the terminal, that is, connected in the process of establishing a session by the terminal, and the remote device 4 needs to be dynamically connected, that is, a remote device dynamically requesting access after the terminal establishes a session. The present application mainly introduces a method for dynamic access of a remote device 4.

Further, the following network elements are also included in fig. 1 (b):

the mobility management network element is mainly used for mobility management in a mobile network, such as user location update, user registration network, or user handover. In 5G, the mobility management network element may be an access and mobility management function (AMF) network element, and in future communication, for example, in 6G, the mobility management network element may still be an AMF network element, or may have another name, which is not limited in this application. Fig. 1(b) illustrates an example where the mobility management network element is an AMF network element.

The policy control network element includes a user subscription data management function, a policy control function, a charging policy control function, or quality of service (QoS) control. In 5G, the policy control network element may be a Policy Control Function (PCF) network element, and in future communications such as 6G, the policy control network element may still be a PCF network element, or have another name, which is not limited in this application. Fig. 1(b) illustrates an example where the policy control network element is a PCF network element.

A Radio Access Network (RAN) device is a device for providing a terminal with a Radio communication function, and includes but is not limited to: next generation base station (gNB), Radio Network Controller (RNC), Base Station Controller (BSC), Base Transceiver Station (BTS), home base station (e.g., home node B, HNB), Base Band Unit (BBU), transmission point (TRP), Transmission Point (TP), mobile switching center (msc), etc. The base station in the present application may also be a device that provides a terminal with a wireless communication function in other communication systems that may appear in the future.

The authentication server is a physical entity or a logic unit with authentication capability. For example, fig. 1(b) illustrates an example in which the authentication server is a data network authentication and authorization accounting (DN-AAA) server. The DN-AAA server may be deployed within an operator-deployed network or may be deployed independently in an external data network.

It is to be understood that the network elements described above may be network elements in a hardware device, or may be software functions running on dedicated hardware, or virtualization functions instantiated on a platform (e.g., a cloud platform).

For convenience of description, the following description of the present application takes a session management network element as an SMF network element, a user plane network element as an UPF network element, and a policy control network element as a PCF network element as an example. For convenience of description, the SMF network element, the UPF network element, and the PCF network element are respectively abbreviated as SMF, UPF, and PCF. The SMF, UPF, and PCF described anywhere in the following embodiments may be replaced with a session management network element, a user plane network element, and a policy control network element, respectively.

The following describes a dynamic access method of a remote device provided in the present application with reference to fig. 1(a) and fig. 1 (b).

Fig. 2 is a schematic diagram illustrating a dynamic access method of a remote device according to the present application. The method comprises the following steps:

step 201, the remote device sends a data packet to the terminal, and accordingly, the terminal receives the data packet from the remote device.

The data packet includes the MAC address of the remote device.

In the present application, after receiving a packet, the terminal has two processing methods, wherein the first processing method corresponds to step 202a described below, and the second processing method corresponds to step 202b described below. That is, the processing method may be selected from two processing methods, i.e., step 202a and step 202 b. Moreover, if step 202b is executed, step 202c may be executed.

That is, the present application will perform step 202a, or perform steps 202 b-202 c.

In step 202a, if the terminal determines that the MAC address in the data packet is not recorded, the terminal sends a session modification request message to the SMF, and accordingly, the SMF receives the session modification request message from the terminal.

After receiving the data packet sent by the remote device, the terminal may obtain the MAC address of the remote device from the data packet, and determine whether the MAC address is recorded.

The mode of recording the MAC address by the terminal may be recording a correspondence between an identifier of the terminal and the MAC address. Further, if there are multiple MAC addresses in the terminal, the terminal may also generate an associated MAC address list, and then record the correspondence between the MAC address list and the identifier of the terminal.

A method for recording a MAC address by a terminal is described below in the form of a table. It should be noted that, in practical applications, the recording of the MAC address is not limited to the table format.

Identification of terminal	MAC address	Identification of sessions
			Terminal ID1	MAC1	Session ID1
Terminal ID1	MAC2	Session ID1
			Terminal ID1	MAC3	Session ID1

TABLE 1-1 MAC Address of terminal record

Referring to table 1-1, it is assumed that the identifier of the terminal is terminal ID1, and the MAC address list recorded by the terminal currently includes MAC1, MAC2 and MAC3, where MAC1 is the MAC address of remote device 1, MAC2 is the MAC address of remote device 2, and MAC3 is the MAC address of remote device 3. That is, one MAC address corresponds to one remote device, and in this case, the MAC address can also be used to uniquely identify one remote device.

Of course, it is also possible that one remote device corresponds to multiple MAC addresses, for example, in table 1-1, MAC1 and MAC2 are the MAC addresses of remote device 1, and MAC3 is the MAC address of remote device 2, in which case the MAC address cannot be used to uniquely identify one remote device. At this point, a remote device may be uniquely identified with other identification, such as the identification of the remote device. It should be noted that the terminal may obtain the identifier of the remote device, and the method for obtaining the identifier of the remote device by the terminal is not limited in this application.

Taking table 1-1 as an example, the MAC address currently recorded by the terminal includes MAC1, MAC2, and MAC3, indicating that the remote devices corresponding to MAC1, MAC2, and MAC3 have been accessed to the terminal.

Further, the identification of the session corresponding to MAC1, MAC2, and MAC3, respectively, may also be recorded. After receiving a data packet sent by a remote device, a terminal needs to send the data packet to the UPF through a tunnel of a user plane through a certain session, and therefore, a corresponding relationship between an MAC address and an identifier of the session needs to be recorded. For example, referring to table 1-1, since the session corresponding to MAC1 is session ID1, when a packet sent by remote device 1 arrives at the terminal, the terminal will send the packet to the UPF through the session corresponding to session ID 1. The session identifier may also be other information mapped one to the session, such as tunnel information corresponding to the session. It should be noted that, if there is only one session in the terminal, the identifier of the corresponding session may not be recorded.

Further, the identifier of the remote device corresponding to each MAC address may also be recorded, for example, a column may be added to table 1-1 to record the identifiers of the remote devices corresponding to the MAC addresses, for example, the identifier of the remote device 1 corresponding to the MAC1, the identifier of the remote device 2 corresponding to the MAC2, and the identifier of the remote device 3 corresponding to the MAC 3.

It should be noted that, in the present application, multiple sessions may be established in a terminal, each session may correspond to one or more MAC addresses, and one MAC address corresponds to one remote device. The method for binding the corresponding session for the MAC address by the terminal is not limited, and for example, a suitable session may be bound for the MAC address according to the current load of the session, the number of the MAC addresses currently associated with the session, and other factors.

Note that, in table 1-1, only the correspondence between the session identifier and the MAC address may be recorded, and the correspondence between the session identifier and the terminal identifier may not be recorded. That is, in table 1-1 above, the identification of the terminal may not be recorded.

For example, in step 201, if the remote device that sends the packet to the terminal is the remote device 4, and the MAC address of the remote device 4 is MAC4, the packet sent by the remote device 4 includes MAC 4.

When the terminal receives the data packet sent by the remote device 4, the MAC4 can be obtained from the data packet, and it is determined whether the terminal records the MAC address 4.

For example, it can be looked up from the above table 1-1 whether the MAC4 is recorded, and since the MAC4 is not recorded in the table 1, the terminal can determine the MAC4 in the unrecorded packet, and thus can determine that the remote device 4 is a new remote device, i.e., a new remote device requesting access to the terminal.

When the terminal determines that the MAC4 is not recorded, the terminal may bind a corresponding session for the remote device 4, for example, the session bound by the terminal for the remote device 4 is also a session corresponding to the session ID1 (the session may be referred to as session 1).

Further, the terminal sends a session modification request message to the SMF, where the session modification request message includes an identifier of a session of the terminal and a MAC address of the remote device. For example, the session modification request message includes the session ID1 and the MAC 4.

The session modification request message is used to request modification of the session, i.e. to request information for modifying the session. The information of the session includes information such as a MAC address corresponding to the session. It is understood that the session modification request message will trigger the SMF to authenticate the remote device corresponding to the new MAC address and determine whether to record the new MAC address.

As another implementation manner, the step 202a is not executed, but the following steps 202b to 202c are executed.

In step 202b, the terminal sends a data packet to the UPF through the RAN device, and accordingly, the UPF receives the data packet from the terminal through the uplink tunnel.

After receiving the data packet sent by the remote device, the terminal sends the data packet to the UPF through the RAN device, which can also be understood as that the terminal sends the data packet to the UPF through a tunnel of the user plane. Specifically, the terminal first sends a data packet to the RAN device, and then the RAN device sends the data packet to the UPF through a certain uplink tunnel. The mode for selecting the uplink tunnel by the RAN device may be to select a corresponding uplink tunnel according to a session bound by the terminal for the MAC address.

Taking the example shown in table 1-1 as an example, in the process of establishing the session 1 described in table 1-1, the SMF or the UPF allocates the uplink tunnel resource to the session, where the uplink tunnel resource includes an IP address of the UPF and an identifier of a tunnel (e.g., a Tunnel Endpoint Identifier (TEID)), and sends the allocated uplink tunnel resource to the RAN device. Thus, the RAN device records the correspondence between the session identifier and the uplink tunnel resource.

In the process of establishing session 1 described in table 1-1, the RAN device stores a mapping relationship between an air interface transmission channel (a transmission channel between the terminal and the RAN device) and an uplink tunnel resource, so that when the terminal sends a data packet to the RAN device, the RAN device may determine a corresponding uplink tunnel according to the air interface transmission channel, and then send the data packet to the UPF through the determined uplink tunnel.

In step 202c, if the UPF determines that the MAC address is not recorded, the UPF sends a notification message to the SMF, and accordingly, the SMF receives the notification message from the UPF.

And after the UPF receives the data packet through the uplink tunnel, the UPF acquires the MAC address in the data packet and judges whether the MAC address is recorded in the UPF.

As one implementation, the UPF may directly look up whether the MAC address is recorded from the MAC address list recorded by the UPF. For example, the UPF may traverse the recorded MAC address list, and sequentially search whether the MAC address is recorded.

As another implementation manner, the UPF may determine, according to the identifier of the uplink tunnel that sends the data packet, the identifier of the downlink tunnel corresponding to the identifier of the uplink tunnel, and then determine whether the MAC address corresponding to the identifier of the downlink tunnel includes the MAC address in the data packet. The resources of the downlink tunnel are allocated by the RAN device during session establishment, and the resources of the downlink tunnel include an IP address of the RAN device and an identifier (e.g., TEID) of the tunnel. And the resources of the downlink tunnel allocated by the RAN device are sent to the SMF and the UPF. It can be understood that one session corresponds to one tunnel, and the tunnel includes an uplink tunnel and a downlink tunnel, where the uplink tunnel may be indicated by an identifier of the uplink tunnel, and the resource of the uplink tunnel includes an IP address of the UPF and the identifier of the uplink tunnel; accordingly, the downlink tunnel may be indicated by an identifier of the downlink tunnel, and the resources of the downlink tunnel include the IP address of the RAN device and the identifier of the downlink tunnel.

Taking the example in table 1-1 above as an example, in the process of establishing session 1, the terminal associates MAC1, MAC2, and MAC3 with session ID1, and in the process of establishing the session, the UPF records the identifier of the downlink tunnel corresponding to the session and the correspondence relationship between the identifier and the MAC address. For example, taking the form of a table as an example, refer to table 2-1, which is a correspondence relationship between the identifier of the downlink tunnel recorded in the UPF and the MAC address.

MAC address	Identification of downlink tunnel
		MAC1	Downstream tunnel identification 1
MAC2	Downstream tunnel identification 1
		MAC3	Downstream tunnel identification 1

Table 2-1 correspondence of MAC address recorded by UPF and identifier of downlink tunnel

Referring to table 2-1, assuming that the packet transmitted by the terminal includes MAC4, the method for the UPF to determine whether MAC4 in the packet is recorded is as follows: the UPF determines, according to the identifier of the uplink tunnel of the data packet sent by the RAN device, a downlink tunnel identifier corresponding to the identifier of the uplink tunnel, for example, a downlink tunnel identifier 1. Then, according to the downlink tunnel identifier 1, determining a corresponding MAC address: MAC1, MAC2, and MAC 3. Since the MAC4 is not included therein, the UPF determines that the MAC4 is not recorded.

In the above implementation, the UPF first determines a partial MAC address from all recorded MAC addresses, where the partial MAC address may include a MAC address in a data packet, and then further determines whether the partial MAC address includes a MAC address in a data packet.

In either of the two manners, if the UPF determines that the MAC address in the data packet is not recorded, the UPF sends a notification message to the SMF, where the notification message includes the identifier of the session and the MAC address.

The notification message is used to notify the modification session, and may also be understood as being used to notify information of the modification session, or may be understood as being used to trigger the SMF to authenticate the remote device corresponding to the MAC address.

If the step 202a is adopted, it may be understood that the SMF is triggered by the control plane to verify the remote device corresponding to the MAC address. If the above steps 202b to 202c are adopted, it can be understood that the SMF is triggered by the user plane to verify the remote device corresponding to the MAC address.

Optionally, as an implementation manner, after receiving a session modification request message sent by a terminal or a notification message sent by a UPF, the SMF verifies the remote device corresponding to the MAC address through an authentication server. I.e. the following steps 203-204 are performed.

Optionally, as another implementation manner, after receiving the session modification request message sent by the terminal or the notification message sent by the UPF, the SMF may not verify the remote device corresponding to the MAC address, that is, the SMF may default that the remote device is legal. Then steps 203-204 described below need not be performed in this implementation.

Further, optionally, the SMF may also determine whether the MAC address is recorded locally. If the SMF locally records the MAC address, the SMF determines that the MAC address is not a new MAC address, and then the process is terminated. If the SMF does not locally record the MAC address, the SMF determines that the MAC address is a new MAC address, and the SMF continues the subsequent process, for example, execute step 203-step 209, or execute step 205-step 209.

If step 203-step 204 are executed, then:

in step 203, the SMF sends an authentication request message to the authentication server, and accordingly, the authentication server receives the authentication request message from the SMF.

The authentication request message is used to request authentication of the remote device.

As an implementation, since one MAC address is assigned to only one remote device, one remote device may be identified using the MAC address. The authentication request message may include a MAC address, and the authentication server may verify the remote device corresponding to the MAC address through the MAC address. For example, an authentication message (e.g., a verification code, etc.) may be sent to the remote device, and when the authentication server receives the correct authentication message returned by the remote device, the verification is successful. Otherwise, authentication fails.

As another implementation manner, if the identifier of the remote device is used to uniquely identify one remote device, the authentication request message may carry the MAC address and the identifier of the remote device, where the identifier of the remote device is used to authenticate the remote device. The authentication server may verify the remote device by the identity of the remote device. For example, an authentication message (e.g., a verification code, etc.) may be sent to the remote device, and when the authentication server receives the correct authentication message returned by the remote device, the verification is successful. Otherwise, authentication fails. The identifier of the remote device may be carried in a session modification request message to be sent to the SMF, or carried in a notification message to be sent to the SMF.

In step 204, the authentication server sends an authentication response message to the SMF, and accordingly, the SMF receives the authentication response message from the authentication server.

And if the authentication server successfully authenticates the terminal equipment, sending an authentication response message to the SMF, wherein the authentication response message is used for indicating that the authentication is successful.

Optionally, the authentication response message further carries a MAC address, where the MAC address is the MAC address carried in the authentication request message in step 203.

Steps 203-204 are optional. The SMF may also perform step 205 upon receiving 202c the notification message. If the above steps 203 to 204 are executed, the authentication server successfully authenticates the terminal device. If the above steps 203-204 are not performed, the SMF may be considered as default that the remote device is authentic.

Step 205, the SMF sends an indication message to the terminal, and accordingly, the terminal receives the indication message from the SMF.

The indication message is used to indicate that the session modification is successful.

In step 206, the terminal records the MAC address.

The mode of recording the MAC address by the terminal is as follows: the terminal adds the MAC address into an associated MAC address list, wherein the associated MAC address list comprises at least one MAC address, one MAC address corresponds to one remote device, and one remote device corresponds to at least one MAC address. Or, the terminal records the corresponding relation between the terminal identifier and the MAC address. Alternatively, a new MAC address may be added to the above-described Table 1-1 as shown in Table 1-1.

For example, if the new MAC address is MAC4 and the session bound by MAC4 is also session ID1, then table 1-2 is obtained after adding MAC4 to table 1-1.

Identification of terminal	MAC address	Identification of sessions
			Terminal ID1	MAC1	Session ID1
Terminal ID1	MAC2	Session ID1
			Terminal ID1	MAC3	Session ID1
Terminal deviceID1	MAC4	Session ID1

Table 1-2 MAC addresses of terminal records

Through the above steps 201, 202a, 205 and 206, when the terminal determines that the MAC address in the unrecorded data packet is determined, that is, it determines that the remote device corresponding to the MAC address is a new remote device, that is, a remote device that does not access the terminal, therefore, the terminal sends a session modification request message to the session management network element for requesting to modify the session, and after receiving the session modification request message, the session management network element modifies the relevant information of the session according to the MAC address and notifies the terminal to record the MAC address. Therefore, the remote equipment which dynamically applies for access is accessed to the terminal, and the method is flexible.

Or, through the above step 201, step 202b, step 202c, step 205, and step 206, the terminal sends the data packet to the user plane network element, and when the user plane network element determines that the MAC address in the data packet is not recorded, the user plane network element triggers the session management network element to modify the relevant information of the session according to the MAC address, and notifies the terminal to record the MAC address. Therefore, the remote equipment which dynamically applies for access is accessed to the terminal, and the method is flexible.

In step 207, the SMF records the correspondence between the MAC address and the session identifier.

As an implementation manner, the SMF records a correspondence between the MAC address and the identifier of the session, specifically: and the SMF records the corresponding relation between the identifier of the downlink tunnel corresponding to the identifier of the session and the MAC address.

For example, the SMF may record the MAC address in the same manner as the UPF. Taking table 2-1 as an example, the SMF also records the information of table 2-1. If the packet end MAC address in the above steps is MAC4, the SMF records the MAC4, and then obtains table 2-2.

MAC address	Identification of downlink tunnel
		MAC1	Downstream tunnel identification 1
MAC2	Downstream tunnel identification 1
		MAC3	Downstream tunnel identification 1
MAC4	Downstream tunnel identification 1

Table 2-2 correspondence of MAC address recorded by SMF and identifier of downlink tunnel

Further, the method can also comprise the following steps:

in step 208, the SMF generates a forwarding rule according to the MAC address and the session identifier, and sends the forwarding rule to the UPF, and accordingly the UPF receives the forwarding rule from the SMF.

As an implementation manner, the forwarding rule may be a correspondence between an identifier of a downlink tunnel corresponding to an identifier of a session and an MAC address. Therefore, if the MAC address of the packet terminal in each step is MAC4, the forwarding rule of the SMF to the UPF is (MAC4, downlink tunnel id 1). And after receiving the forwarding rule, the UPF stores the forwarding rule.

As an example, if the UPF records the correspondence between the MAC address and the identifier of the downlink tunnel in the form of table 2-1, after receiving the forwarding rule, the UPF may update the table 2-1 according to the forwarding rule, so as to obtain the table 2-2 shown above.

Further, the method can also comprise the following steps:

at step 209, the SMF sends the MAC address to the PCF.

The PCF may record a corresponding relationship between the MAC address and information (such as identification information or address information) of the SMF.

It should be noted that there is no strict execution sequence between step 205 and step 209 in the above method. Specifically, the order among step 205, step 207, step 208, and step 209 may be arbitrary, and step 206 may be executed after step 205.

By the method, the dynamic access of the remote equipment can be realized, so that a more flexible communication method is provided.

A specific embodiment is given below to describe the dynamic access method of the remote device.

Fig. 3 is a schematic diagram illustrating a dynamic access method of a remote device according to another embodiment of the present invention. As an example, the MAC address of the remote device 1 is MAC1, the MAC address of the remote device 2 is MAC2, the MAC address of the remote device 3 is MAC3, and the MAC address of the remote device 4 is MAC 4. The remote device 1, the remote device 2 and the remote device 3 are accessed in the process of establishing the session by the terminal, and the remote device 4 dynamically requests for access.

Further, the MAC addresses of the remote devices 1, 2, and 3 and the identifiers of the terminals corresponding to the MAC addresses are pre-configured (for example, may be manually configured) on the DN-AAA (the DN-AAA is a specific example of the authentication server). For example, the information recorded on the DN-AAA is: (identification of terminal, MAC1, MAC2, MAC 3).

The method comprises three parts, wherein the first part is an access process of a remote device 1, a remote device 2 and a remote device 3, and comprises the following steps 1-4; the second part is the dynamic access process of the remote device 4, which comprises the following steps 5-10 d; the third part is the normal processing flow of the uplink and downlink data packets, and comprises the following steps 11 to 15.

First, a flow in which the terminal and each network element record MAC addresses (MAC1, MAC2, and MAC3) in the flow of establishing a session is described.

Step 1, the terminal sends a session establishment request message to the AMF, and correspondingly, the AMF receives the session establishment request message from the terminal.

The session establishment request message carries an identifier of a terminal, an identifier of a session (e.g., an identifier of a Protocol Data Unit (PDU) session), a network slice, a Data Network Name (DNN), an ethernet session type, and the like.

Wherein, the identification of the session is used for indicating the session established by the terminal. The network slice and DNN are used by the AMF to select the appropriate SMF. The ethernet session type is used to indicate that the established session is an ethernet session.

Step 2, the AMF forwards the session establishment request message to the selected SMF.

In this step, the AMF selects an appropriate SMF according to the DNN and the network slice, and then forwards the session establishment request message to the SMF.

At step 3a, the SMF decides to send a session authentication/authorization request message to the DN-AAA based on local policy (e.g., receiving a session request for DNN or an ethernet type session).

The session authentication/authorization request message includes the identity of the terminal.

Step 3b, the DN-AAA sends a session authentication/authorization reply message to the SMF.

The session authentication/authorization reply message carries the MAC address which is pre-configured on the DN-AAA and corresponds to the identifier of the terminal.

Based on the specific example given in this embodiment, MAC1, MAC2, and MAC3 are included in the session authentication/authorization reply message.

And 4, the SMF establishes an uplink tunnel and a downlink tunnel corresponding to the session, and stores the corresponding relation between the MAC address and the session identifier on the UPF.

In this step, the operations to be executed mainly include:

firstly, an uplink tunnel and a downlink tunnel corresponding to a session are established.

The SMF initiates a N4 session setup request to the UPF, the SMF or UPF allocates UPF uplink tunnel resources (including TEID and IP address of UPF) and informs the RAN device of the uplink tunnel resources. The RAN device allocates downlink tunnel resources (including the TEID and the IP address of the RAN device) and informs the UPF of the downlink tunnel resources. Thus, the uplink and downlink tunnels of the session are established.

Secondly, the UPF records the correspondence between the MAC address and the identifier of the session.

One implementation is that the SMF sends the forwarding rule, i.e. the correspondence between the MAC address and the downlink tunnel identifier, to the UPF. Where the MAC address here is the DN-AAA, sent to the SMF via step 3 b.

Another implementation manner is that the SMF notifies the UPF of the MAC address, and the UPF generates a forwarding rule, that is, a correspondence between the MAC address and the downlink tunnel identifier. Where the MAC address here is the DN-AAA, sent to the SMF via step 3 b.

For example, if the correspondence between the MAC address of the UPF record and the downlink tunnel identifier is represented in the form of a table, the contents of the UPF record are as shown in table 2-1.

Optionally, the SMF may also record a correspondence between the MAC address and the downlink tunnel identifier. If the correspondence between the MAC address of the SMF record and the downlink tunnel identifier is represented in the form of a table, the contents of the SMF record are also as shown in table 2-1 above.

Optionally, the method further comprises:

thirdly, the SMF informs the PCF of the MAC address, and the PCF records the corresponding relation between the MAC address and the SMF.

The PCF records the corresponding relation between the MAC address and the SMF so that the subsequent PCF can find the corresponding session according to the MAC address. For example, the message sent by the Application Function (AF) network element to the PCF may not carry the identifier of the terminal, but carries information such as the MAC address, DNN, and network slice, and the like, the PCF may find the corresponding SMF according to the MAC address, then send the MAC address to the corresponding SMF, and the SMF finds the identifier of the corresponding session according to the MAC address and sends the identifier of the session to the PCF, so that the PCF may obtain the identifier of the session by the above method.

Next, if there is a new remote device, such as remote device 4, that needs to dynamically access the terminal, it can be implemented through steps 5-10 d as follows.

And step 5, the terminal receives the data packet sent by the remote device 4.

The MAC address of remote device 4, i.e., MAC4, is included in the packet.

Step 6a and steps 7-10 d are executed, wherein step 6a triggers the SMF to modify the session information through the control plane; or, executing steps 6b to 6c and steps 7 to 10d, wherein the steps 6b to 6c are information for triggering the SMF modification session through the user plane.

Step 6a, the terminal sends a session modification request message to the SMF, and accordingly, the SMF receives the session modification request message.

The terminal determines that MAC4 is not recorded and thus that a new remote device is attempting access. The terminal sends a session modification request message to the SMF, where the session modification request message carries the MAC address (the MAC address of the remote device 4 is MAC4) and the identifier of the session. For example, the identification of the session with which the terminal is associated for the remote device is session ID 1.

Optionally, the session modification request message further includes an identifier of the remote device 4.

And 6b, the terminal sends the data packet to the UPF, and correspondingly, the UPF receives the data packet sent by the terminal.

The MAC address of remote device 4, i.e., MAC4, is included in the packet.

Step 6c, the UPF determines that MAC4 is not recorded, then sends a notification message to the SMF, and accordingly, the SMF receives the notification message from the UPF.

The notification message includes MAC4 and the identification of the session (i.e., session ID 1). For example, the UPF determines that there is no recorded MAC4 by looking up the above-described Table 2-1 of records.

The following describes a specific implementation manner of determining the session identifier carried in the notification message by the UPF.

One implementation manner is that, in the session establishment flow of the above steps 1 to 4, the UPF further records the correspondence between the uplink tunnel identifier and the identifier of the session. Therefore, the UPF may determine, through step 6b, the identifier of the session corresponding to the identifier of the uplink tunnel according to the identifier of the uplink tunnel of the received data packet. For example, taking the record form of the table as an example, the UPF records the correspondence between the uplink tunnel identifier and the session identifier as shown in table 3-1.

Identification of uplink tunnel	Identification of sessions
		Uplink tunnel identifier 1	Session ID1
Uplink tunnel identifier 2	Session ID2

TABLE 3-1 correspondence between upstream tunnel ID and session ID

As another implementation manner, in the session establishment procedure of step 1 to step 4, the UPF may record the correspondence between the uplink tunnel identifier and the session identifier of N4, and record the correspondence between the session identifier of N4 and the session identifier. Therefore, the UPF may determine, through step 6b, the N4 session id corresponding to the identifier of the uplink tunnel of the received data packet, and then determine, according to the N4 session id, the session id corresponding to the N4 session id. For example, taking the form of a table as an example, the UPF records the correspondence between the uplink tunnel identifier and the N4 session identifier as shown in table 3-2, and records the correspondence between the N4 session identifier and the session identifier as shown in table 3-3.

Where N4 refers to the interface between the UPF and SMF, and N4 session refers to the identity of the session used for communication between the UPF and SMF.

Identification of uplink tunnel	N4 Session identification
		Uplink tunnel identifier 1	N4 Session ID1
Uplink tunnel identifier 2	N4 Session ID2

TABLE 3-2 correspondence between upstream tunnel identifications and N4 Session identifications

Identification of sessions	N4 Session identification
		Session ID1	N4 Session ID1
Session ID2	N4 Session ID2

TABLE 3-3 correspondences between identities of sessions and identities of N4 sessions

Optionally, a black list may be maintained in the UPF, and the black list is used to record prohibited MAC addresses. When the UPF receives a packet including a MAC address in the blacklist, the packet is directly discarded without being notified to the SMF.

And 7, the SMF decides to initiate the session secondary authentication authorization.

The SMF can judge whether to initiate the session secondary authentication authorization according to the following modes: the SMF determines whether to record the MAC address (i.e., MAC4), and if so, the SMF determines not to initiate a session secondary authentication authorization, and proceeds to step 10 d; if the MAC address is not recorded, determining to initiate session secondary authentication authorization.

This step 7 is an optional step, and if step 7 is not executed, the SMF defaults to the need of initiating the session secondary authentication authorization.

In step 8a, the SMF sends a session authentication/authorization request message to the DN-AAA, and correspondingly, the DN-AAA receives the session authentication/authorization request message from the SMF.

The session authentication/authorization request message includes MAC4, MAC4 is used to identify remote device 4.

Alternatively, the session authentication/authorization request message includes MAC4 and the identification of remote device 4, which identification of remote device 4 is used to identify remote device 4.

Alternatively, the session authentication/authorization request message includes an identification of the remote device 4, the identification of the remote device 4 being used to identify the remote device 4.

The DN-AAA authenticates the remote device 4. For the specific authentication process, reference may be made to related schemes in the prior art, which are not described herein again.

It should be noted that, if the session authentication/authorization request message includes MAC4 and the identifier of the remote device 4, where the identifier of the remote device 4 is used to identify the remote device 4, the DN-AAA verifies the remote device 4 based on the identifier of the remote device 4.

If the session authentication/authorization request message includes MAC4, which MAC4 is used to identify remote device 4, DN-AAA verifies remote device 4 based on MAC 4.

Alternatively, the session authentication/authorization request message includes MAC4 and the identity of remote device 4, the identity of remote device 4 being used to identify remote device 4, and DN-AAA verifies remote device 4 based on the identity of remote device 4.

Or, the session authentication/authorization request message includes the identifier of the remote device 4, where the identifier of the remote device 4 is used to identify the remote device 4, and then the DN-AAA verifies the remote device 4 based on the identifier of the remote device 4.

And step 8b, the DN-AAA sends a session authentication/authorization reply message to the SMF, and correspondingly, the SMF receives the session authentication/authorization reply message from the DN-AAA.

If the authentication is successful, the session authentication/authorization reply message indicates that the authentication is successful.

For example, as an implementation manner, if the session authentication/authorization request message includes the MAC4, when the authentication is successful, the MAC4 may be carried in the session authentication/authorization reply message, and when the SMF receives the session authentication/authorization reply message and determines that the session authentication/authorization reply message includes the MAC4, the authentication is determined to be successful.

As another implementation manner, if the session authentication/authorization request message does not include the MAC4, when the authentication is successful, the session authentication/authorization reply message may carry indication information, where the indication information is used to indicate that the authentication is successful, and when the SMF receives the session authentication/authorization reply message, the SMF determines that the authentication is successful according to the indication information therein.

The session authentication/authorization request message and the session authentication/authorization reply message are respectively a specific example of the authentication request message and the authentication response message in the embodiment shown in fig. 2.

It should be noted that the steps 8a to 8c are optional steps. When steps 8 a-8 c are not performed, then the SMF by default authenticates the remote device 4 successfully.

Step 9a, the SMF sends a session management policy request message to the PCF, and correspondingly, the PCF receives the session management policy request message from the SMF.

The session management policy request message includes MAC 4.

Step 9b, PCF sends session management strategy reply message to SMF, correspondingly, SMF receives session management strategy reply message from PCF.

As an implementation, the PCF may generate a new policy according to the MAC4 and send the new policy to the SMF in a session management policy reply message.

This step 9b is an optional step.

Step 10a, the SMF records the correspondence between the MAC address and the session identifier.

Specifically, the SMF records the correspondence between the identifier of the downstream tunnel corresponding to the identifier of the session (i.e., downstream tunnel identifier 1) and the MAC address (i.e., MAC 4). The SMF also sends a session modification request message to the UPF, which in turn receives the session modification request message from the SMF.

The session modification request message includes a forwarding rule, which is a correspondence relationship between MAC4 and downlink tunnel identifier 1.

That is, the SMF determines the downlink tunnel identifier 1 corresponding to the session ID1 according to the session ID1, then generates a corresponding relationship between the MAC4 and the downlink tunnel identifier 1, and sends the relationship to the UPF by being carried in the session modification request message.

As one implementation, if authentication fails, the SMF sends a failure indication to the UPF, which blacklists the MAC4 according to the failure indication. Subsequently, when the UPF receives the packet of the MAC4, the packet is directly discarded.

Step 10b, the UPF sends a session modification reply message to the SMF, and accordingly, the SMF receives the session modification reply message from the UPF.

This step 10b is an optional step.

Step 10c, the SMF sends an indication message to the terminal, and accordingly, the terminal receives the indication message from the SMF.

Optionally, MAC4 is included in the indication message.

As an implementation manner, if the above step 6a is performed, the indication message of the step 10c may be a session modification reply message in a specific implementation.

And step 10d, the terminal records the information of the remote equipment 4.

The information of the remote device 4 recorded by the terminal includes, for example, the MAC4, the identifier of the remote device 4, and the like.

Through the steps 5 to 10d, dynamic access to the remote device 4 is realized.

The normal processing flow of the upstream and downstream packets is described below.

In the upstream direction, the following steps 11 to 12 are included.

And step 11, the remote device 4 sends the uplink data packet to the UPF through the terminal.

The upstream packet includes MAC 4.

And step 12, after receiving the uplink data packet, the UPF detects whether the source MAC address is authorized.

The source MAC address is the MAC address of the remote device 4 in the upstream packet, i.e., MAC 4.

The UPF determines whether the source MAC address is authorized by determining whether the source MAC address is recorded. If the record is recorded, the authorization is determined, and if the record is not recorded, the unauthorized is determined.

And if the uplink data packet is determined to be unauthorized, discarding the uplink data packet. If the authorization is determined, the uplink data packet is sent to a Data Network (DN).

Since the previous steps have already accessed the remote device 4 to the terminal, the UPF determines that the MAC4 is authorized and therefore sends an upstream packet to the DN.

In the downstream direction, the following steps 13 to 15 are included.

And step 13, the DN sends a downlink data packet to the UPF.

The downstream packet includes a destination MAC address, for example, the destination MAC address is a MAC address of the remote device 4, i.e., MAC 4.

And step 14, after receiving the downlink data packet, the UPF detects whether the destination MAC address is authorized.

The method for detecting whether the destination MAC address is authorized by the UPF is the same as the method for detecting whether the source MAC address is authorized by the UPF, and reference may be made to the foregoing description.

And step 15, if the UPF determines that the destination MAC address is authorized, the downlink data packet is sent to the corresponding remote equipment through the downlink tunnel.

In the above, a method for accessing a new remote device is provided, which can dynamically access the new remote device to the terminal, and thus is more flexible.

The above-mentioned scheme provided by the present application is mainly introduced from the perspective of interaction between network elements. It is to be understood that the above-described implementation of each network element includes, in order to implement the above-described functions, a corresponding hardware structure and/or software module for performing each function. Those of skill in the art will readily appreciate that the present invention can be implemented in hardware or a combination of hardware and computer software, with the exemplary elements and algorithm steps described in connection with the embodiments disclosed herein. Whether a function is performed as hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.

Based on the same inventive concept, as shown in fig. 4, a schematic diagram of an apparatus provided by the present application, where the apparatus may be a user plane network element, a session management network element, or a chip, and may perform the method of any of the foregoing embodiments.

The apparatus 400 includes at least one processor 401, communication circuitry 402, memory 403 and at least one communication interface 404.

The processor 401 may be a general-purpose Central Processing Unit (CPU), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more ics for controlling the execution of programs in accordance with the present disclosure.

The communication link 402 may include a path for communicating information between the aforementioned components.

The communication interface 404 may be any device, such as a transceiver, for communicating with other devices or communication networks, such as ethernet, Radio Access Network (RAN), wireless local area networks (W L AN), etc.

The memory 403 may be a read-only memory (ROM) or other type of static storage device that can store static information and instructions, a Random Access Memory (RAM) or other type of dynamic storage device that can store information and instructions, an electrically erasable programmable read-only memory (EEPROM), a compact disc read-only memory (CD-ROM) or other optical disc storage, optical disc storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to these. The memory may be separate and coupled to the processor via a communication line 402. The memory may also be integral to the processor.

The memory 403 is used for storing computer-executable instructions for executing the present invention, and is controlled by the processor 401. The processor 401 is configured to execute the computer-executable instructions stored in the memory 403, so as to implement the multicast packet sending method provided in the following embodiments of the present application.

Optionally, the computer-executable instructions in the embodiments of the present application may also be referred to as application program codes, which are not specifically limited in the embodiments of the present application.

In particular implementations, processor 401 may include one or more CPUs such as CPU0 and CPU1 in fig. 4 as an example.

In particular implementations, apparatus 400 may include multiple processors, such as processor 401 and processor 408 in fig. 4, for example, as an example. Each of these processors may be a single-core (single-CPU) processor or a multi-core (multi-CPU) processor. A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).

When the apparatus shown in fig. 4 is a chip, which may be a chip of a user plane network element or a chip of a session management network element, for example, the chip includes a processor 401 (which may also include a processor 408), a communication line 402, a memory 403, and a communication interface 404. In particular, the communication interface 404 may be an input interface, a pin or a circuit, or the like. The memory 403 may be a register, cache, or the like. Processor 401 and processor 408 may be a general purpose CPU, microprocessor, ASIC, or one or more integrated circuits for controlling program execution of the dynamic access method of the remote device of any of the embodiments described above.

The present application may perform division of functional modules on the apparatus according to the above method example, for example, each functional module may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. It should be noted that, the division of the modules in the present application is schematic, and is only a logical function division, and there may be another division manner in actual implementation. For example, in the case of dividing each functional module by corresponding functions, fig. 5 shows a schematic diagram of an apparatus, where the apparatus 500 may be a session management network element as referred to in the foregoing embodiments, or a chip in the session management network element, and the apparatus 500 includes a receiving unit 501, a sending unit 502, and a processing unit 503.

In a first implementation:

the receiving unit 501 is configured to receive a session modification request message from a terminal, where the session modification request message includes an identifier of a session of the terminal and a media access control MAC address of a remote device; or, the receiving unit 501 is configured to receive a notification message from a user plane network element, where the notification message includes an identifier of a session of the terminal and a MAC address of a remote device, and the notification message is used to notify that the session is modified;

the processing unit 503 is configured to generate a forwarding rule according to the MAC address and the identifier of the session;

the sending unit 502 is configured to send the forwarding rule to the user plane network element.

As a possible implementation manner, the processing unit 503 is specifically configured to: and generating the forwarding rule according to the identifier of the downlink tunnel corresponding to the identifier of the session and the MAC address, wherein the forwarding rule is a corresponding relation between the MAC address and the identifier of the downlink tunnel.

As a possible implementation manner, the processing unit 503 is further configured to record a corresponding relationship between an identifier of the downlink tunnel corresponding to the identifier of the session and the MAC address.

As a possible implementation manner, the sending unit 502 is further configured to send the MAC address to a policy control network element.

As a possible implementation manner, the sending unit 502 is further configured to send an authentication request message to an authentication server, where the authentication request message is used to request to authenticate the remote device; the receiving unit 501 is further configured to receive an authentication response message from the authentication server, where the authentication response message is used to indicate that authentication is successful.

As a possible implementation manner, the authentication request message includes the MAC address, and the MAC address is used for authenticating the remote device; or, if the session modification request message includes the identifier of the remote device or the notification message includes the identifier of the remote device, the authentication request message includes the MAC address and the identifier of the remote device, and the identifier of the remote device is used to authenticate the remote device.

In a second implementation:

the sending unit 502 is configured to send an indication message to the terminal, where the indication message is used to indicate that the session modification is successful.

It should be understood that the apparatus may be configured to implement the steps performed by the session management network element in the method according to the embodiment of the present application, and reference may be made to the above for related features, which are not described herein again.

Specifically, the functions/implementation procedures of the receiving unit 501, the processing unit 503, and the sending unit 502 in fig. 5 may be implemented by the processor 501 in fig. 5 calling a computer executing instruction stored in the memory 503. Alternatively, the functions/implementation procedures of the processing unit 503 in fig. 5 may be implemented by the processor 501 in fig. 5 calling a computer executing instruction stored in the memory 503, and the functions/implementation procedures of the receiving unit 501 and the sending unit 502 in fig. 5 may be implemented by the communication interface 504 in fig. 5.

Alternatively, when the apparatus 500 is a chip or a circuit, the functions/implementation processes of the receiving unit 501 and the sending unit 502 may also be implemented by pins or circuits. Alternatively, when the apparatus 500 is a chip, the memory 503 may be a storage unit in the chip, such as a register, a cache, and the like. Of course, when the apparatus 500 is a session management network element, the memory 503 may be a storage unit located outside a chip in the session management network element, and this embodiment of the present application is not limited in this embodiment.

The present application may perform division of functional modules on the apparatus according to the above method example, for example, each functional module may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. It should be noted that, the division of the modules in the present application is schematic, and is only a logical function division, and there may be another division manner in actual implementation. For example, in the case of dividing each functional module by corresponding functions, fig. 6 shows a schematic diagram of an apparatus, where the apparatus 600 may be a user plane network element as referred to in the foregoing embodiments, or a chip in the user plane network element, and the apparatus 600 includes a receiving unit 601, a sending unit 602, and a processing unit 603.

The receiving unit 601 is configured to receive a data packet from a terminal through an uplink tunnel, where the data packet includes a media access control MAC address of a remote device;

the processing unit 603 is configured to determine an identifier of a session of the terminal according to the identifier of the uplink tunnel and a correspondence between the identifier of the uplink tunnel and the identifier of the session of the terminal;

the sending unit 602 is configured to send a notification message to a session management network element if the MAC address is not recorded, where the notification message includes the MAC address and an identifier of the session, and the notification message is used to notify that the session is modified;

the receiving unit 601 is further configured to receive a forwarding rule from the session management network element, where the forwarding rule is a correspondence between an identifier of a downlink tunnel corresponding to the identifier of the session and the MAC address.

As a possible implementation manner, the processing unit 602 is further configured to determine that the MAC address is not recorded in the MAC address associated with the identifier of the downlink tunnel corresponding to the identifier of the session.

It should be understood that the apparatus may be configured to implement the steps performed by the user plane network element in the method according to the embodiment of the present application, and reference may be made to the above for related features, which are not described herein again.

Specifically, the functions/implementation procedures of the receiving unit 601, the processing unit 603, and the sending unit 602 in fig. 6 can be implemented by the processor 601 in fig. 6 calling a computer executing instruction stored in the memory 603. Alternatively, the functions/implementation procedures of the processing unit 603 in fig. 6 may be implemented by the processor 601 in fig. 6 calling a computer executing instruction stored in the memory 603, and the functions/implementation procedures of the receiving unit 601 and the transmitting unit 602 in fig. 6 may be implemented by the communication interface 604 in fig. 6.

Alternatively, when the apparatus 600 is a chip or a circuit, the functions/implementation processes of the receiving unit 601 and the sending unit 602 may also be implemented by pins or circuits. Alternatively, when the apparatus 600 is a chip, the memory 603 may be a storage unit in the chip, such as a register, a cache, and the like. Of course, when the apparatus 600 is a user plane network element, the memory 603 may be a storage unit located outside a chip in the user plane network element, which is not specifically limited in this embodiment of the present application.

Fig. 7 shows a simplified schematic diagram of a possible design structure of a terminal according to an embodiment of the present invention. The terminal 700 comprises a transmitter 701, a receiver 702 and a processor 703. The processor 703 may be a controller, which is shown as "controller/processor 703" in fig. 7. Optionally, the terminal 700 may further include a modem processor 705, where the modem processor 705 may include an encoder 706, a modulator 707, a decoder 708, and a demodulator 709.

In one example, transmitter 701 conditions (e.g., converts to analog, filters, amplifies, and frequency upconverts, etc.) the output samples and generates an uplink signal, which is transmitted via an antenna to the RAN equipment described in the embodiments above. On the downlink, the antenna receives the downlink signal transmitted by the RAN equipment in the above embodiment. Receiver 702 conditions (e.g., filters, amplifies, downconverts, and digitizes, etc.) the received signal from the antenna and provides input samples. Within modem processor 705, an encoder 706 receives traffic data and signaling messages to be sent on the uplink and processes (e.g., formats, encodes, and interleaves) the traffic data and signaling messages. A modulator 707 further processes (e.g., symbol maps and modulates) the encoded traffic data and signaling messages and provides output samples. A demodulator 709 processes (e.g., demodulates) the input samples and provides symbol estimates. A decoder 708 processes (e.g., deinterleaves and decodes) the symbol estimates and provides decoded data and signaling messages for transmission to terminal 700. The encoder 706, modulator 707, demodulator 709, and decoder 708 may be implemented by a combined modem processor 705. These elements are processed according to the radio access technology employed by the radio access network. It should be noted that, when the terminal 700 does not include the modem processor 705, the above-mentioned functions of the modem processor 705 may be performed by the processor 703.

The processor 703 controls and manages the operation of the terminal 700, and is configured to execute the processing procedure performed by the terminal 700 in the embodiment of the present invention. For example, the processor 703 is further configured to execute the processing procedures related to the terminal in the methods shown in fig. 2 to 3 and/or other procedures of the technical solutions described in this application.

Further, terminal 700 can also include a memory 704, memory 704 for storing program codes and data for terminal 700.

The present application may perform division of functional modules on the apparatus according to the above method example, for example, each functional module may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. It should be noted that, the division of the modules in the present application is schematic, and is only a logical function division, and there may be another division manner in actual implementation. For example, in the case of dividing each functional module according to each function, fig. 8 shows a schematic diagram of an apparatus, the apparatus 800 may be a terminal as referred to in the above embodiments, or a chip in the terminal, and the apparatus 800 includes a receiving unit 801, a transmitting unit 802, and a processing unit 803.

In a first implementation:

the receiving unit 801 is configured to receive a data packet from a remote device, where the data packet includes a MAC address of the remote device;

the sending unit 802 is configured to send a session modification request message to a session management network element if the MAC address is not recorded by the apparatus, where the session modification request message includes the MAC address;

the receiving unit 801 is further configured to receive an indication message from the session management network element, where the indication message is used to indicate that session modification is successful;

the processing unit 803 is configured to record the MAC address.

As a possible implementation manner, the processing unit 803 is specifically configured to: and adding the MAC addresses into an MAC address list, wherein the MAC address list comprises at least one MAC address, one MAC address corresponds to one remote device, and one remote device corresponds to at least one MAC address.

As a possible implementation manner, the processing unit 803 is specifically configured to: and recording the corresponding relation between the terminal identification and the MAC address.

In a second implementation:

the sending unit 802 is configured to send the data packet to a user plane network element;

the receiving unit 801 is further configured to receive an indication message from a session management network element, where the indication message is used to indicate that session modification is successful;

the processing unit 803 is configured to record the MAC address.

It should be understood that the apparatus may be used to implement the steps executed by the terminal in the method according to the embodiment of the present invention, and the related features may refer to the foregoing description, which is not described herein again.

Specifically, the functions/implementation procedures of the receiving unit 801, the processing unit 803, and the sending unit 802 in fig. 8 may be implemented by the processor 801 in fig. 8 calling a computer executing instruction stored in the memory 803. Alternatively, the functions/implementation procedures of the processing unit 803 in fig. 8 may be implemented by the processor 801 in fig. 8 calling a computer executing instruction stored in the memory 803, and the functions/implementation procedures of the receiving unit 801 and the transmitting unit 802 in fig. 8 may be implemented by the communication interface 804 in fig. 8.

Alternatively, when the apparatus 800 is a chip or a circuit, the functions/implementation processes of the receiving unit 801 and the sending unit 802 may also be implemented by pins or circuits. Alternatively, when the apparatus 800 is a chip, the memory 803 may be a storage unit in the chip, such as a register, a cache, and the like. Of course, when the apparatus 800 is a terminal, the memory 803 may be a storage unit located outside a chip in the terminal, and this embodiment of the present application is not limited in this respect.

The computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, e.g., from one website site, computer, server, or data center via a wired (e.g., coaxial cable, optical fiber, digital subscriber line (DS L)) or wireless (e.g., infrared, wireless, microwave, etc.) manner to another website site, computer, server, or data center.

The various illustrative logical units and circuits described in this application may be implemented or operated upon by design of a general purpose processor, a digital signal processor, an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof. A general-purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a digital signal processor and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a digital signal processor core, or any other similar configuration.

The steps of a method or algorithm described in the embodiments herein may be embodied directly in hardware, in a software element executed by a processor, or in a combination of the two. The software cells may be stored in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. For example, a storage medium may be coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC, which may be disposed in a terminal device. In the alternative, the processor and the storage medium may reside as discrete components in a terminal device.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

While the invention has been described in conjunction with specific features and embodiments thereof, it will be evident that various modifications and combinations can be made thereto without departing from the spirit and scope of the invention. Accordingly, the specification and figures are merely exemplary of the invention as defined in the appended claims and are intended to cover any and all modifications, variations, combinations, or equivalents within the scope of the invention. It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims

1. A dynamic access method for a remote device, comprising:

a terminal receives a data packet from a remote device, wherein the data packet comprises a Media Access Control (MAC) address of the remote device;

if the terminal does not record the MAC address, sending a session modification request message to a session management network element, wherein the session modification request message comprises the MAC address;

the terminal receives an indication message from the session management network element, wherein the indication message is used for indicating that the session modification is successful;

and the terminal records the MAC address.

2. The method of claim 1, wherein the terminal records the MAC address, comprising:

and the terminal adds the MAC address into an MAC address list, wherein the MAC address list comprises at least one MAC address, one MAC address corresponds to one remote device, and one remote device corresponds to at least one MAC address.

3. The method of claim 1, wherein the terminal records the MAC address, comprising:

and the terminal records the corresponding relation between the identifier of the terminal and the MAC address.

4. A dynamic access method for a remote device, comprising:

a terminal receives a data packet from a remote device and sends the data packet to a user plane network element, wherein the data packet comprises a Media Access Control (MAC) address of the remote device;

the terminal receives an indication message from a session management network element, wherein the indication message is used for indicating that the session modification is successful;

and the terminal records the MAC address.

5. The method of claim 4, wherein the terminal records the MAC address, and wherein the method comprises:

6. The method of claim 4, wherein the terminal records the MAC address, and wherein the method comprises:

7. A dynamic access method for a remote device, comprising:

a session management network element receives a session modification request message from a terminal, wherein the session modification request message comprises a session identifier of the terminal and a Media Access Control (MAC) address of a remote device; or, the session management network element receives a notification message from the user plane network element, where the notification message includes the identifier of the session of the terminal and the MAC address of the remote device, and the notification message is used to notify that the session is modified;

and the session management network element generates a forwarding rule according to the MAC address and the session identifier, and sends the forwarding rule to the user plane network element.

8. The method of claim 7, wherein the generating, by the session management network element, a forwarding rule according to the MAC address and the identifier of the session comprises:

and the session management network element generates the forwarding rule according to the identifier of the downlink tunnel corresponding to the identifier of the session and the MAC address, where the forwarding rule is a corresponding relationship between the MAC address and the identifier of the downlink tunnel.

9. The method according to claim 7 or 8, characterized in that the method further comprises:

and the session management network element records the corresponding relation between the identifier of the downlink tunnel corresponding to the identifier of the session and the MAC address.

10. The method according to claim 7 or 8, characterized in that the method further comprises:

and the session management network element sends the MAC address to a policy control network element.

11. The method according to claim 7 or 8, characterized in that the method further comprises:

the session management network element sends an authentication request message to an authentication server, wherein the authentication request message is used for requesting to authenticate the remote equipment;

and the session management network element receives an authentication response message from the authentication server, wherein the authentication response message is used for indicating that the authentication is successful.

12. The method of claim 11, wherein the authentication request message includes the MAC address, and wherein the MAC address is used for authenticating the remote device; or,

if the session modification request message includes the identifier of the remote device or the notification message includes the identifier of the remote device, the authentication request message includes the MAC address and the identifier of the remote device, and the identifier of the remote device is used to authenticate the remote device.

13. A dynamic access method for a remote device, comprising:

and the session management network element sends an indication message to the terminal, wherein the indication message is used for indicating that the session modification is successful.

14. A dynamic access method for a remote device, comprising:

a user plane network element receives a data packet from a terminal through an uplink tunnel, wherein the data packet comprises a Media Access Control (MAC) address of remote equipment;

the user plane network element determines the identifier of the session of the terminal according to the identifier of the uplink tunnel and the corresponding relation between the identifier of the uplink tunnel and the identifier of the session of the terminal;

if the user plane network element does not record the MAC address, sending a notification message to a session management network element, wherein the notification message comprises the MAC address and the session identifier, and the notification message is used for notifying modification of the session;

and the user plane network element receives a forwarding rule from the session management network element, wherein the forwarding rule is a corresponding relation between the identifier of the downlink tunnel corresponding to the identifier of the session and the MAC address.

15. The method of claim 14, further comprising:

and the user plane network element determines that the MAC address is not recorded in the MAC address associated with the identifier of the downlink tunnel corresponding to the identifier of the session.

16. A communication apparatus, comprising a processing unit, a transmitting unit, and a receiving unit;

the receiving unit is configured to receive a data packet from a remote device, where the data packet includes a MAC address of the remote device;

the sending unit is configured to send a session modification request message to a session management network element if the MAC address is not recorded by the apparatus, where the session modification request message includes the MAC address;

the receiving unit is further configured to receive an indication message from the session management network element, where the indication message is used to indicate that session modification is successful;

and the processing unit is used for recording the MAC address.

17. The apparatus according to claim 16, wherein the processing unit is specifically configured to:

and adding the MAC addresses into an MAC address list, wherein the MAC address list comprises at least one MAC address, one MAC address corresponds to one remote device, and one remote device corresponds to at least one MAC address.

18. The apparatus according to claim 16, wherein the processing unit is specifically configured to:

and recording the corresponding relation between the identification of the communication device and the MAC address.

19. A communication apparatus, comprising a processing unit, a transmitting unit, and a receiving unit;

the sending unit is used for sending the data packet to a user plane network element;

the receiving unit is further configured to receive an indication message from a session management network element, where the indication message is used to indicate that session modification is successful;

and the processing unit is used for recording the MAC address.

20. The apparatus according to claim 19, wherein the processing unit is specifically configured to:

21. The apparatus according to claim 19, wherein the processing unit is specifically configured to:

22. A communication apparatus, comprising a processing unit, a transmitting unit, and a receiving unit;

the receiving unit is configured to receive a session modification request message from a terminal, where the session modification request message includes an identifier of a session of the terminal and a media access control MAC address of a remote device; or, the receiving unit is configured to receive a notification message from a user plane network element, where the notification message includes an identifier of a session of the terminal and an MAC address of a remote device, and the notification message is used to notify that the session is modified;

the processing unit is used for generating a forwarding rule according to the MAC address and the identifier of the session;

and the sending unit is configured to send the forwarding rule to the user plane network element.

23. The apparatus according to claim 22, wherein the processing unit is specifically configured to:

and generating the forwarding rule according to the identifier of the downlink tunnel corresponding to the identifier of the session and the MAC address, wherein the forwarding rule is a corresponding relation between the MAC address and the identifier of the downlink tunnel.

24. The apparatus according to claim 22 or 23, wherein the processing unit is further configured to record a correspondence between an identifier of a downstream tunnel corresponding to the identifier of the session and the MAC address.

25. The apparatus according to claim 22 or 23, wherein the sending unit is further configured to send an authentication request message to an authentication server, where the authentication request message is used to request authentication of the remote device;

the receiving unit is further configured to receive an authentication response message from the authentication server, where the authentication response message is used to indicate that authentication is successful.

26. A communication apparatus, comprising a transmitting unit and a receiving unit;

the sending unit is configured to send an indication message to the terminal, where the indication message is used to indicate that the session modification is successful.

27. A communication apparatus, comprising a processing unit, a transmitting unit, and a receiving unit;

the receiving unit is configured to receive a data packet from a terminal through an uplink tunnel, where the data packet includes a media access control MAC address of a remote device;

the processing unit is configured to determine an identifier of a session of the terminal according to the identifier of the uplink tunnel and a correspondence between the identifier of the uplink tunnel and the identifier of the session of the terminal;

the sending unit is configured to send a notification message to a session management network element if the MAC address is not recorded, where the notification message includes the MAC address and an identifier of the session, and the notification message is used to notify that the session is modified;

the receiving unit is further configured to receive a forwarding rule from the session management network element, where the forwarding rule is a correspondence between an identifier of a downlink tunnel corresponding to the identifier of the session and the MAC address.

28. The apparatus of claim 27, wherein the processing unit is further configured to determine that the MAC address is not recorded in a MAC address associated with an identifier of a downlink tunnel corresponding to the identifier of the session.