[go: up one dir, main page]

WO2006114037A1 - A communication system with session border controller and a method for the transmission of the signaling - Google Patents

A communication system with session border controller and a method for the transmission of the signaling Download PDF

Info

Publication number
WO2006114037A1
WO2006114037A1 PCT/CN2006/000523 CN2006000523W WO2006114037A1 WO 2006114037 A1 WO2006114037 A1 WO 2006114037A1 CN 2006000523 W CN2006000523 W CN 2006000523W WO 2006114037 A1 WO2006114037 A1 WO 2006114037A1
Authority
WO
WIPO (PCT)
Prior art keywords
signaling
function entity
address
network
port number
Prior art date
Application number
PCT/CN2006/000523
Other languages
English (en)
French (fr)
Inventor
Jun Yan
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2006114037A1 publication Critical patent/WO2006114037A1/zh

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1083In-session procedures

Definitions

  • the present invention relates to the field of communication technologies, and in particular to a session border controller
  • the SBC is a concept proposed by the Internet Work Organization (IETF). It is called the Session Border Controller (SBC), which is used to solve the boundary control problem of border session services in the Next Generation Network (NGN), such as the access network.
  • NTN Next Generation Network
  • Problems such as quality (QoS) control, such as different address domains between different networks (access network, backbone network, etc.), cannot be directly interworked on the IP network, or because the management domain is different, it needs to be controlled at the boundary point.
  • QoS quality
  • the access network and the backbone network are connected to the SBC for border control, and the two different backbone networks are interconnected by SBC for boundary control.
  • Figure 2 shows the networking diagram of interworking between two networks using SBC.
  • the communication system includes a network A, a network B, and an SBC.
  • the network A and the network B are respectively connected to the SBC, and the SBC further includes a signaling control function entity and a media forwarding function entity.
  • the signaling control function entity and the media forwarding function entity respectively have two interfaces, and each entity connects to the network A and the network B by using these two interfaces.
  • the signaling control function entity completes the processing of the session signaling plane, such as the receiving and terminating of the signaling message, the processing of the media information in the signaling message, and the forwarding control of the media stream according to the session state in the signaling message.
  • the function of (reject/allow, etc.), the media forwarding function entity completes the forwarding of the session media stream under the control of the signaling control function entity.
  • the signaling control function entity uses two IP addresses, namely, IP address 1 and IP address ⁇ , to communicate with the user equipment in network A and the functional entity in network B, respectively, and the media forwarding function entity utilizes two The IP addresses, namely IP address 2 and IP address 2, communicate with the user equipment in network A and the functional entities in network B, respectively.
  • IP addresses namely IP address 1 and IP address ⁇
  • IP address 2 and IP address 2 communicate with the user equipment in network A and the functional entities in network B, respectively.
  • the SBC signaling plane address and the media plane address seen by each user equipment in the network A are different, and the two addresses belong to the address domain of the network A and the address domain of the network B, respectively.
  • Step 401 The user equipment in the network A sends a signaling message of the user registration request to the signaling control function entity of the SBC. .. ,
  • Step 404 The function entity in the network B authenticates the user equipment, and if the authentication succeeds, sends a response signaling packet with successful authentication to the signaling control function entity. If the authentication fails, the signaling is controlled. The functional entity sends a response signaling packet with the authentication failure.
  • Step 405 After receiving the response signaling packet, the signaling control function entity sends the signaling packet to the user equipment in the network A.
  • Step 406 ⁇ 410 After the user equipment in the network A receives the message, that is, after the registration is successful, the signaling control function entity sends a signaling message to the functional entity in the network B again; likewise, the network B The functional entity in the network also uses the signaling control function entity to send a signaling message to the user equipment in the network A.
  • the media forwarding function entity is used for the processing of the media plane.
  • the functional characteristics and processing models of the two entities are different, and the requirements of the two are also different.
  • the processing of a single device can handle a large amount of capacity, and the processing of the media plane is limited by the forwarding capability, so that the number of concurrent ports supported is limited, so the functional entity capacity of the media plane is compared to the device capacity of the signaling plane.
  • the signaling control function entity of one signaling plane may control multiple media forwarding function entities; on the other hand, the signaling plane is usually centralized, for example, the signaling plane device may be located in the central computer room of the operator network. The media device is distributed, close to the user, such as the residential property room where the user is located. Therefore, the above networking application mode has the following disadvantages:
  • the centralized large-capacity signaling control function entity is directly exposed to the access user.
  • one of the above-mentioned networks A or B is an access network, and the access is an uncontrollable end user with security threats. Therefore, there is a certain security risk.
  • the centralized large-capacity signaling control function entity is attacked, all users accessing the functional entity using the signaling control function cannot perform session services.
  • the centralized signaling control function entity and the distributed media forwarding function entity make the networking mode difficult to deploy in an actual network.
  • the signaling control function entity located in the operator center equipment room is not in the network B.
  • the edge between the network A and the network A is usually located at the edge of the media forwarding function entity, so the signaling control function entity and the network A are difficult to directly interface (unless the private line is connected from the network A to the signaling control function entity directly.
  • the mode is inconvenient and costly in practical applications, and the operator does not consider it. Therefore, the signaling control function entity cannot configure the IP address in network A, and the access user in network A cannot directly
  • the signaling control function entity communicates directly, and as a result, the above model cannot be applied in the actual networking.
  • the signaling control function entity and the media forwarding function entity are implemented on one device, that is, the IP address 1 and the IP address 2 are combined, that is, the signaling control function entity and the media forwarding function entity are not separated.
  • This scheme does not take into account the difference between the signaling plane and the media plane processing characteristics. Because the signaling plane technically requires more processing power of the general-purpose CPU, the media plane technically requires more professional CPU or directly through specific use.
  • the hardware forwarding capability provided by the integrated circuit (ASIC) chip so the separation of the two is more in line with the technical characteristics of signaling processing and media forwarding separation in the future network.
  • an object of the present invention is to provide a communication network with SBC and a method for transmitting signaling thereof, so that a large-capacity centralized signaling control function entity shields an access user equipment and reduces a signaling control function entity. Security risks, and solve the problems that cannot be applied in the above actual networking.
  • the present invention provides a method of transmitting signaling in a communication system having an SBC, the method being implemented as follows: the communication system includes at least a first network, a second network, and an SBC, and the SBC is at least The signaling static transformation function entity and the signaling control function entity include the following steps:
  • the user equipment in the first network sends a signaling message of the registration request to the signaling static transformation function entity, where the destination IP address/port number of the signaling packet is a signaling static transformation function entity in the first network.
  • IP address/port number, source IP address/port number is the IP address/port number of the user equipment in the first network;
  • the signaling static conversion function entity modifies the destination IP address/port number of the signaling packet to the IP address/port number of the signaling control function entity, and the source IP address. /port number is modified to the IP address assigned by the signaling static conversion function entity
  • the signaling control function entity After receiving the signaling message, the signaling control function entity analyzes and processes the signaling message, and sends the signaling message to the functional entity in the second network.
  • Step B can further include:
  • the step of setting the NAT entry of the signaling packet of the user equipment in the step B1 includes:
  • the signaling static conversion function entity After receiving the signaling packet of the user equipment, the signaling static conversion function entity obtains the source IP address/port number in the signaling packet;
  • the signaling static conversion function entity allocates an IP address/port number of the signaling static conversion function entity to the user equipment, and saves the IP address/port number of the user equipment in the first network and the signaling static transformation function entity. The correspondence between the IP address/port number assigned by itself.
  • the IP address/port number of the signaling control function entity in step B may use the destination IP address/port number in the signaling packet to statically change the IP address of the functional entity in the first network from the preset signaling. Obtained in the mapping relationship between the port number and the IP address of the signaling control function entity.
  • the mapping relationship between the IP address/port number of the first network and the IP address of the signaling control function entity of the signaling static conversion function entity may be preset in the signaling static transformation function entity, or may be set in the static and signaling Transforming functional entities that functional entities can communicate with.
  • the mapping relationship between the IP address/port number of the first network and the IP address of the signaling control function entity may be randomly configured, or configured according to a certain algorithm, or according to a predefined Mechanism configured.
  • Step C can further include:
  • the Cl and the signaling control function entity After receiving the signaling packet, the Cl and the signaling control function entity obtain the user identity in the signaling packet. And a source IP address/port number of the signaling packet, where the source IP address/port number is an IP address/port number assigned by the signaling static conversion function entity, and the signaling control function entity records the user identity Corresponding to the IP address/port number assigned by the signaling static conversion function entity itself.
  • step C it may further include:
  • the notification static signaling function entity successfully authenticates, and the signaling static conversion function entity permanently maintains the signaling message.
  • the notification signaling static transformation function entity fails to authenticate, and the signaling static transformation function entity deletes the signaling message. NAT entry.
  • the method further includes:
  • the timer is started, and if the signaling static conversion function entity receives the notification of successful authentication sent by the signaling control function entity before the timer expires, the timer is cancelled, and the subsequent processing steps are continued, if the timer expires before the timer expires. If the notification that the authentication succeeds is not received, the signaling static transformation function entity deletes the corresponding NAT entry.
  • the method may further include: after the signaling control function entity receives the command to cancel the user from the second network, sending a command to delete the signaling NAT entry of the user to the signaling static transformation function entity. After receiving the command, the signaling static conversion function entity deletes the NAT entry of the signaling packet of the user equipment.
  • step C it may further include:
  • the signaling control function entity receives the signaling of the functional entity in the second network, and analyzes the signaling packet, and obtains the user identity from the signaling packet, according to step C1. The correspondence relationship is obtained, and the signaling static conversion function corresponding to the user identity is obtained. An IP address/port number of the entity, and forwarding the signaling packet to the signaling static conversion function entity according to the IP address/port number;
  • the signaling static conversion function entity uses the signaling message NAT entry to perform NAT address translation on the signaling packet from the signaling control function entity, and sends the signaling message after the translated address to the first network.
  • the user device in .
  • the method may further comprise:
  • the user equipment sends a signaling packet to the signaling static transformation function entity in the first network.
  • the signaling static conversion function entity performs static NAT address translation on the source and destination address/port number of the signaling packet according to the NAT entry of the signaling packet, and forwards the signaling packet to the signaling packet.
  • Signaling control function entity
  • the signaling control function entity After receiving the signaling packet, the signaling control function entity parses and processes the signaling packet, and after determining that the user equipment has successfully registered, sends the signaling packet to the function in the second network. entity.
  • Step B can further include:
  • the NAT entry of the signaling packet of the user equipment is set.
  • the entry is an IP address/port number of the user equipment in the first network and an IP address/port number assigned by the signaling static conversion function entity.
  • the signaling static conversion function entity After receiving the signaling message of the user equipment or the signaling control function entity in the first network, the signaling static conversion function entity performs the NAT address conversion by using the NAT entry in step B21, and then sends the signaling entry to the NAT address.
  • the signaling controls the functional entity or the user equipment in the first network.
  • the communication system is an SBC-enabled NGN network defined by the International Telecommunication Union (ITU-T), ETSI's NGN network standard telecommunications and Internet convergence service, and Advanced Network Protocol (TISPAN), or in the Internet Working Group (IETF).
  • ITU-T International Telecommunication Union
  • ETSI's NGN network standard telecommunications and Internet convergence service and Advanced Network Protocol (TISPAN), or in the Internet Working Group (IETF).
  • TISPAN Advanced Network Protocol
  • IETF Internet Working Group
  • the SBC When the communication system is an ITU-T defined SGN-enabled NGN network, the SBC is a Service Control Proxy Function (SCPF) and a Border Gateway Function (BGF); when the communication system is an SNB-defined NGN defined by TISPAN In the network, the SBC is an application function (AF) and an access border gateway (A-BGF); the access network is a plurality of digital subscriber lines (xDSL), a wireless local area network (Wlan), a cable (Cable), and a global microwave connection. Interoperability (WiMax) and a variety of wireless and wired access networks.
  • the first network adopts an Internet Protocol version 4 (IPv4) address format or an Internet Protocol version 6 (IPv6) address format
  • the second network adopts an IPv4 address format or an IPv6 address format.
  • IPv4 Internet Protocol version 4
  • IPv6 Internet Protocol version 6
  • the signaling static transformation function entity may be set in the media forwarding function entity in the SBC or exist as an independent physical entity.
  • the present invention provides a communication system having an SBC, the system comprising: the system comprising at least a first network, a second network, and an SBC, the SBC including at least a signaling static transformation function entity and signaling control a functional entity, the signaling static transformation function entity is connected to the first network and the signaling control function entity, and the signaling control function entity is connected to the second network and the signaling static transformation function entity, wherein
  • the signaling static conversion function entity is configured to receive a signaling message of the user equipment in the first network, and modify the destination IP address/port number of the signaling packet to an IP address/port number of the signaling control function entity, The source IP address/port number is changed to the IP address/port number assigned by the signaling static conversion function entity, and the signaling packet is sent to the signaling control function entity;
  • the signaling control function entity is configured to receive the signaling packet of the signaling static transformation function entity, analyze the processing of the signaling packet, and send the signaling packet to the functional entity in the second network.
  • the signaling static conversion function entity is further configured to: after receiving the signaling message of the first network user equipment for the first time, obtain the source IP address/port number of the signaling packet, and select signaling control for the user equipment.
  • IP address/port number of the functional entity, the source IP address/port number is The IP address/port number of the user equipment in the first network, and the correspondence between the IP address/port number of the user equipment in the first network and the IP address/port number assigned by the signaling static conversion function entity.
  • the signaling control function entity is further configured to: after receiving the signaling message of the signaling static conversion function entity for the first time, save the source IP address of the user identity identifier and the signaling packet carried in the signaling packet/
  • the source IP address/port number is the IP address/port number assigned by the signaling static conversion function entity itself.
  • the signaling static conversion function entity is further configured to: when not receiving the signaling message of the first network user equipment for the first time, according to the IP address/port number and signaling static of the user equipment in the first network The corresponding relationship between the IP address and the port number assigned by the function entity is changed, the signaling packet is statically translated, and the converted signaling packet is sent to the signaling control function entity.
  • the signaling control function entity is further configured to receive a signaling message from the second network, and determine a corresponding static signaling transformation according to a correspondence between the user identity and the source IP address/port number saved by the user.
  • the IP address/port number assigned by the function entity itself, and the signaling packet is sent to the signaling static transformation function entity;
  • the signaling static conversion function entity is further configured to receive a signaling message from the signaling control function entity, and convert the address of the signaling message according to the NAT entry of the signaling message saved by itself. Then sent to the user equipment of the second network.
  • the communication system is an NGN network with SBC function defined by ITU-T, TISPAN, or a communication network satisfying the SBC model in the IETF,
  • the SBC is SCPF and BGF;
  • the communication system is an NGN network with SBC function defined by TISPAN
  • the SBC is AF and A-BGF
  • the access network is a network of xDSL, Wlan, Cable WiMax, and wireless access methods.
  • the signaling static transformation function entity is a logical entity in a media forwarding function entity in the SBC, or an independent physical entity.
  • the system and method of the present invention can provide only the media forwarding function entity for the users in the first network in the centrally arranged signaling control function entity and the distributed arrangement media forwarding function entity.
  • the address resolves the actual networking configuration problem.
  • the signaling control function entity since the signaling control function entity is connected to the second network and is not directly connected to the first network, the signaling message of the user must pass through the media forwarding function entity or the signaling static conversion function entity to reach the signaling. Control function entity. Therefore, users can only attack a media forwarding function entity or a signaling static transformation function entity, but the impact on the entire system is much smaller, which can effectively prevent malicious attacks by users and make the entire system more secure.
  • the present invention can flexibly adapt to complex address situations in various networking networks to meet the networking requirements of different operators. BRIEF DESCRIPTION OF THE DRAWINGS
  • Figure 1 is a schematic diagram of the SBC networking model
  • FIG. 2 is a schematic diagram of a network model with SBC in the prior art
  • FIG. 3 is a schematic diagram of a typical network model with SBC in the prior art
  • FIG. 4 is a schematic diagram of a signaling transmission flow based on the network model shown in FIG. 3;
  • FIG. 5A is a schematic diagram of a networking model for implementing the system of the present invention
  • FIG. 5B is a schematic diagram of a networking of a specific embodiment of the system of the present invention
  • Figure 6 is a schematic flow chart of the method of the present invention.
  • FIG. 7 is a schematic flow chart of a specific embodiment of implementing the method of the present invention based on the system shown in FIG. 5B. Mode for carrying out the invention
  • a communication system embodying the present invention includes: a first network, a second network, and an SBC.
  • the SBC further includes a signaling control functional entity and a number of signaling static translation functional entities.
  • the network A shown in Fig. 5A is a network, and the network B is a second network.
  • the signaling control function entity is connected to the network B and the signaling static conversion function entity, and each signaling static transformation function entity is connected to the network 8, the network B, and the signaling control function entity.
  • the signaling static transformation function entity may be a logical entity in a media forwarding function entity or an independent physical entity.
  • the communication system of the present invention may be an NGN network with SBC function defined by ITU-T or TISPAN.
  • the SBC is SCPF and BGF; when the communication system is defined for TISPAN
  • the SBC is AF and A-BGF.
  • network A is the access network
  • network B is the core network.
  • the access network can access the network for any of a variety of access modes, such as xDSL, Wlan, Cable, WiMax, and other wired and wireless modes.
  • the IP address in the above network can be in the IPv4 address format or the IPv6 address format.
  • the address translation includes address format conversion in various situations such as IPv4-IPv4, IPv4-IPv6, IPv6-IPv6, and IPv6-IPv4.
  • the signaling static transformation function entity is configured to forward signaling packets between the network A and the signaling control function entity.
  • the signaling static conversion function entity first forwards the signaling message of a user equipment in the network A, that is, the registration request of a user equipment in the network A
  • the network of the user setting message in the network A needs to be dynamically created.
  • An address translation (NAT) entry such as: a correspondence between an IP address/port number of the user equipment in the first network and an IP address/port number assigned by the signaling static conversion function entity, for receiving the subsequent From the first network or letter
  • the signaling packets of the function control entity are translated by NAT, and the signaling packets are forwarded.
  • the signaling static conversion function entity when the signaling static conversion function entity receives the signaling message that is not sent for the first time in the network A, the signaling packet is statically translated and then forwarded to the NAT entry according to the signaling packet.
  • the signaling control function entity when the signaling static conversion function entity receives the signaling message from the signaling control function entity, the signaling message is also subjected to static address translation, and then forwarded to the user equipment in the network A.
  • the mapping between the signaling address on the media forwarding packet and the address of the signaling control function entity is configured in the signaling static conversion function entity, and is used to convert the user equipment sent by the network device A.
  • the destination address of the signaling packet, or the source address of the packet sent by the signaling control function entity when the signaling static conversion function entity receives the signaling message that is not sent for the first time in the network A, the signaling packet is statically translated and then forwarded to the NAT entry according to the signaling packet.
  • the signaling control function entity when the signal
  • the signaling control function entity is configured to analyze and process the received signaling message, and perform signaling interaction with the functional entity in the network B. After receiving the signaling message of the registration request forwarded by the signaling static transformation function entity, the signaling control function entity obtains the user identity identifier in the information packet, and saves the user identity identifier and the source IP address in the signaling packet.
  • the source IP address/port number is the IP address/port number assigned by the signaling static conversion function entity itself.
  • the signaling control function entity may obtain the user identity from the signaling message, and obtain the user identity and The mapping between the source address and the port number obtains the IP address/port number assigned by the signaling static conversion function entity corresponding to the user identity, and then forwards the signaling packet to the signaling static according to the IP address/port number. Transform functional entities.
  • the signaling configuration allocated by the user equipment or the second network to the user is controlled.
  • the address of the functional entity is the address of the signaling static transformation function entity.
  • the user directly sends the signaling packet to the signaling static transformation function entity in the SBC, and the signaling static transformation function entity passes the signaling packet through the letter.
  • the control function entity is forwarded to the functional entity in the second network.
  • the signaling control function entity sends the signaling packet to the signaling static transformation function entity, and then the signaling static transformation function entity sends the signaling packet to the signaling entity.
  • the signaling control function entity sends the signaling packet to the signaling static transformation function entity, and then the signaling static transformation function entity sends the signaling packet to the signaling entity.
  • the method of implementing the present invention includes the following steps:
  • Step 601 The user equipment in the first network sends a signaling message of the registration request to the signaling static transformation function entity, where the destination IP address/port number of the signaling packet is a signaling static transformation function entity in the first network.
  • the IP address/port number, the source address/port number is the address/port number of the user equipment in the first network.
  • Step 602 After receiving the signaling packet of the user equipment, the signaling static transformation function entity modifies the destination IP address/port number of the signaling packet to the IP address of the signaling control function entity, and the source IP address/port. The number is modified to the IP address assigned by the signaling static transformation function entity.
  • the signaling message is sent to the signaling control function entity.
  • the IP address/port number assigned by the signaling static conversion function entity may be randomly selected by the media forwarding entity, or may be selected according to a certain priority, or may be selected according to an algorithm. , or other predefined mechanisms of choice.
  • the IP address of the signaling control function entity may be obtained from the above mapping relationship by using the destination IP address/port number in the signaling message/ The port number.
  • the mapping relationship between the IP address/port number of the signaling static conversion function entity and the IP address of the signaling control function entity can be configured according to the requirements of the operator.
  • mapping relationship between the signaling IP address/port number of the signaling static conversion function entity and the IP address of the signaling control function entity is not configured in advance, it may also be random, according to some kind Priority or choice according to some algorithm.
  • Step 603 After receiving the signaling packet, the signaling control function entity analyzes and processes the signaling packet, and sends the signaling packet to the functional entity in the second network.
  • the process of analyzing and processing the signaling packet may be the same as or different from the prior art, and how it is handled does not affect the protection scope of the present invention.
  • the signaling static conversion function entity can correctly forward the subsequent signaling message sent by the user equipment, and the signaling sent by the second network to the user equipment, in the step A NAT entry is dynamically created in the 602 to perform static address translation on the received signaling packet, so as to achieve correct forwarding.
  • the NAT entry of the signaling packet can include the following two conditions:
  • the entry may include only the user equipment in the network. Correspondence between the IP address/port number and the IP address/port number assigned by the signaling static conversion function entity. In this way, the NAT entry of the signaling packet of the user equipment can be set as follows:
  • the signaling static conversion function entity After receiving the signaling packet sent by the user equipment for the first time, the signaling static conversion function entity obtains the source IP address/port number in the signaling packet after registering the request packet; the signaling static conversion function entity is the The user equipment allocates an IP address/port number of the signaling static conversion function entity, and saves the correspondence between the IP address/port number of the user equipment in the first network and the IP address/port number assigned by the signaling static conversion function entity. The relationship is the NAT entry of the signaling packet corresponding to the user equipment.
  • the NAT entry of the signaling packet of the user equipment may include: Correspondence between the IP address/port number of the user equipment in the first network and the IP address/port number assigned by the signaling static conversion function entity, and Correspondence between the IP address/port number of the first network and the IP address of the signaling control function entity. Therefore, you can obtain NAT entries in the following manner:
  • the signaling static conversion function entity After receiving the signaling message sent by the user equipment for the first time, the signaling static conversion function entity obtains the source IP address/port number and the destination IP address/port number in the signaling message after registering the request message, and The signaling static conversion function entity allocates a IP address/port number of the signaling static conversion function entity to the user equipment, and selects an IP address/port number of the signaling control function entity, and saves the user equipment in the first network. Correspondence between the IP address/port number and the IP address/port number assigned by the signaling static conversion function entity, and the correspondence between the IP address/port number of the first network and the IP address of the signaling control function entity. The corresponding relationship is the NAT entry of the signaling packet.
  • the NAT entry of the above signaling packet can be deleted after the user logs out and the user fails to register.
  • the signaling control function entity can obtain the user identity in the signaling message after receiving the signaling message in the foregoing step 603.
  • the source IP address/port number is the IP address/port number assigned by the signaling static conversion function entity in step 602, and the signaling control function entity records the user identity.
  • the signaling control function entity when receiving the signaling message sent by the function entity in the second network to the user equipment in the first network, the signaling control function entity obtains the signaling static transformation function entity from the corresponding relationship according to the called user number.
  • the IP address/port number is forwarded to the signaling static transformation function entity according to the IP address/port number.
  • the communication system of this embodiment includes a first network and a second network. And SBC.
  • the SBC further includes a signaling control function entity and a media forwarding function entity.
  • the network A shown in FIG. 5B is the first network, and the network B is the second network.
  • the signaling control function entity is connected to the network B and the media forwarding function entity, and the media forwarding function entity is connected to the network A, the network B, and the signaling control function entity.
  • the communication system of the present invention may be an NGN network with SBC function defined by ITU-T, TISPAN.
  • the SBC is SCPF and BGF; when the communication system is defined for TISPAN
  • the SBC is AF and A-BGF.
  • network A is the access network
  • network B is the core network.
  • the access network can access the network for any of a variety of access modes, such as xDSL, Wlan, Cable, WiMax, and other wired and wireless modes.
  • the IP address in the above network can be in the IPv4 address format or the IPv6 address format.
  • the address translation includes address format conversion in various situations such as IPv4-IPv4, IPv4-IPv6, IPv6-IPv6, and IPv6-IPv4.
  • the media forwarding function entity can be used to forward data packets between the network A and the network B, and can also be used to forward signaling messages between the network A and the signaling control function entity.
  • the media forwarding function entity first forwards the signaling packet of a user equipment in the network A, that is, the registration request of the user equipment in the network A
  • the NAT entry of the user equipment signaling packet in the network A needs to be dynamically created. That is, the correspondence between the IP address/port number of the user equipment in the first network and the IP address/port number assigned by the media forwarding function entity itself is used for the received network from the first network or the signaling function control entity.
  • the signaling packet is translated by NAT, and the signaling packet is forwarded.
  • the device when the media forwarding function entity receives the signaling message that is not sent for the first time in the network A, the device performs the static address translation and then forwards the message to the message according to the NAT entry of the signaling message.
  • the control function entity when the media forwarding function entity receives the signaling message from the signaling control function entity, the signaling message is also subjected to static address translation, and then forwarded to the media forwarding function entity.
  • media forwarding The mapping between the signaling address on the media forwarding packet and the address of the signaling control function entity is configured in the entity to be used to convert the signaling sent by the user equipment in the network A. The destination address, or the source address of the packet sent by the signaling control function entity.
  • the signaling control function entity is configured to analyze and process the received signaling message, and perform signaling interaction with the functional entity in the network B. After receiving the signaling message of the registration request forwarded by the media forwarding function entity, the signaling control function entity obtains the user identity identifier in the information packet, and saves the user identity identifier and the source IP address/port in the signaling packet. The correspondence between the numbers, where the source IP address/port number is the IP address/port number assigned by the media forwarding function entity itself.
  • the signaling control function entity may obtain the user identity from the signaling message, and obtain the user identity and Corresponding relationship between the source address and the port number, obtaining the IP address/port number assigned by the media forwarding function entity corresponding to the user identity, and then according to the IP address
  • Step 701 The user equipment in the network A sends a signaling message of the registration request to the media forwarding function entity, where the signaling packet includes the access.
  • Request information and user information, and the destination IP address of the signaling message is the IP address of the media forwarding function entity, and the source IP address is the IP address of the user equipment in the network A.
  • Steps 702 to 703 After receiving the signaling packet, the media forwarding function entity obtains the source IP address/port number and the destination IP address/port number of the signaling packet, and allocates a media forwarding function entity's own IP address. /port number, and then dynamically create a NAT entry for the signaling packet of the user equipment, where the entry is the IP address/port number of the user equipment in network A and the IP address/port assigned by the media forwarding function entity itself.
  • the source IP address/port number of the signaling packet is set to the media forwarding function according to the NAT entry of the signaling packet.
  • the IP address/port number assigned by the user; and the mapping relationship between the IP address/port number of the first network and the IP address/port number of the signaling control function entity is obtained according to the pre-set mapping relationship of the IP address/port number of the signaling control function entity.
  • the IP address/port number is converted into the IP address/port number of the signaling control function entity, and the signaling message is forwarded to the signaling control function entity.
  • Steps 704 to 705 After receiving the signaling, the signaling control function entity parses and processes the signaling packet, and obtains the user identity and the source IP address/port number.
  • the source IP address is the media forwarding function.
  • the IP address/port number of the entity is used to store the correspondence between the user identity and the IP address assigned by the media forwarding function entity, and the signaling message is sent to the functional entity in the network B.
  • Step 706 After receiving the signaling packet, the device in the network B authenticates the user equipment according to the user identity contained therein, and if the authentication succeeds, sends a response message to the signaling control function entity. If the authentication fails, the packet is sent to the signaling function control entity.
  • Steps 707 - 708 After receiving the response signaling packet, the signaling control function entity obtains the user identity identifier, and obtains the media forwarding function entity corresponding to the user identity identifier according to the corresponding relationship in step 704. IP address/port number, and then set the destination IP address of the signaling packet to the IP address/port number of the media forwarding function entity, and the source IP address/port number is the IP address of the signaling control function entity itself. The signaling message is sent to the media forwarding function entity.
  • Step 709 710 After receiving the signaling packet, the media forwarding function entity obtains the source IP address of the signaling packet, that is, the IP address/port number of the signaling control function entity, and performs the signaling according to step 702.
  • the NAT entry of the packet is obtained by obtaining the IP address/port number of the user equipment in the network A corresponding to the IP packet of the signaling control function entity, and then modifying the destination IP address of the signaling packet to the user equipment in the network A.
  • the media forwarding function entity has a mapping relationship between the IP address/port number of the first network and the IP address/port number of the signaling control function entity, and the source IP address/port number is changed to its own media forwarding function entity at the first The IP address/port number in the network, and the signaling message is sent to the user equipment in the first network end.
  • step 707 if the response signaling packet received by the signaling control function entity is a signaling message for successful authentication, the signaling control function entity needs to notify the media forwarding function entity to permanently save and maintain the user equipment.
  • Corresponding NAT entry that is, the correspondence between the IP address/port number of the media forwarding function entity and the IP address/port number of the signaling control function entity, until the user logs out, the signaling control function entity notifies the media forwarding function entity to delete This entry. If the response signaling packet is a signaling packet that fails to be authenticated, the signaling control function entity notifies the media forwarding function entity to delete the NAT entry of the signaling packet corresponding to the user equipment.
  • the media forwarding function entity may send a signaling message to the functional entity in the network B, and may start a timer, if the timer expires before the timer expires. If the notification packet of the authentication succeeded by the signaling control function entity is not received, the NAT entry corresponding to the user equipment is deleted after the timer expires.
  • the media forwarding function entity receives the command for the user to log off sent by the signaling control function entity, the NAT entry of the signaling packet needs to be deleted.
  • the session request may be further accepted or initiated, such as performing step 711 to step 715 and/or step 716 to step 719.
  • the processes of step 711 to step 715 and the processes of step 716 to step 719 are independent of each other, and only one of the processes may be executed, or two processes may be executed, and there is no prioritization between them. Describe these two processes.
  • Steps 711 to 715 The function entity in the network B sends signaling packets in the network through the signaling control function entity, the media forwarding function entity, and the user equipment in the network A.
  • the signaling control function entity needs to obtain the media corresponding to the user identity carried in the signaling message.
  • the IP address of the physical forwarding function entity In the media forwarding function entity, the signaling packet is translated according to the NAT entry of the signaling packet and then sent out. This is the same as steps 706 ⁇ 710. .
  • Steps 716 ⁇ 719 After the user equipment in the network A sends the signaling message for the first time, that is, accesses the request packet, and obtains the response signaling packet for successful authentication, it needs to interact with the network B again.
  • the user equipment in the medium may perform signaling interaction with the functional entity in the network B through the media forwarding function entity and the signaling control function entity.
  • the source IP address/port number of the media forwarding function entity conversion signaling needs to be implemented by using a NAT entry, and the destination IP address/port number needs to be searched for the media forwarding function entity configured in the media forwarding entity in the first network.
  • the IP address/port number is mapped to the IP address/port number of the signaling control function entity.
  • the IP address/port number of the corresponding signaling control function entity is obtained.
  • the NAT entry of the signaling packet is set to include the correspondence between the IP address/port number of the user equipment in the first network and the IP address/port number assigned by the media forwarding function entity, and the first The mapping between the IP address/port number of the network and the IP address of the signaling control function entity. Then, after the user has successfully registered, the signaling message between the user equipment and the signaling control function entity in the first network reaches the media forwarding function entity, and the media forwarding function entity can use the NAT of the signaling packet. After the NAT entry is translated, the entry is sent to the signaling control function entity or the user equipment in the first network. The following is as follows: The user equipment sends a signaling message to the media forwarding function entity in the network A.
  • the destination IP address/port number of the IP packet is the IP address/port number of the media forwarding function entity
  • the source IP address/port number is The IP address/port number of the user equipment in the network A.
  • the media forwarding function entity directly uses the NAT entry of the signaling packet to perform a static NAT address translation on the signaling packet, that is, the Transmitting the destination IP address of the packet to the IP address/port number of the signaling control function entity, converting the source IP address/port number to the IP address of the media forwarding function entity, and using the destination IP address/port number Signaling packets are forwarded to signaling control functions Can be an entity.
  • the signaling control function entity After receiving the signaling packet, the signaling control function entity parses and processes the signaling packet, and determines the correspondence between the user identity identifier and the IP address/port number of the media forwarding function entity, that is, the user The device has been successfully registered, so the signaling message is sent directly to the functional entity in network B.
  • the address of the SBC signaling control function entity configured by the access user is an address on the media forwarding function entity, and the access signaling flow passes through the media forwarding function entity, so the SBC letter
  • the control function entity only needs to have a domain address, such as an administrative domain or an address domain address.
  • the NAT entry of the signaling packet that has been established on the media forwarding function entity is used as a signaling channel to initiate or accept a call, and the network A is seen in the signaling control function entity.
  • the user address/port number will also be the address/port information on the media forwarding function entity.
  • the signaling static transformation entity is an independent independent entity
  • the implementation process is the same as that in the foregoing embodiment, and details are not described herein again.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Multimedia (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Description

一种具有会话边界控制器的通信系统及其传输信令的方法 技术领域
本发明涉及通信技术领域, 特别是指一种具有会话边界控制器
( SBC ) 的通信网络及其信令传输的方法。 发明背景
SBC是互联网工作组织(IETF ) 中提出^概念, 全称为会话边界控 制器( Session Border Controller, SBC ), 用于解决在下一代网络( NGN ) 中边界会话业务的边界控制问题, 如接入网 核心骨干网的边界控制、 核心骨干网与核心骨干网的边界控制或不同的管理域 /地址域之间的边 界控制, 用于解决由于不同管理域、 地址域之间的互通及网絡安全、 服 务质量(QoS )控制等问题, 如由于不同的网络(接入网、 骨干网等) 之间的地址域不一样, 在 IP网上不能直接互通, 或由于管理域不一样, 需要在边界点进行控制, 以及出于安全需要, '将其它网络过来的报文终 结, 并对外隐藏本网的 IP地址、 拓朴结构、 服务器等, 防止攻击。 图 1 所示的组网结构中, 接入网和骨干网之间采用接入 SBC进行边界控制, 而两个不同的骨干网之间采用互通 SBC进行 界控制。
图 2所示为两个网络之间采用 SBC进行互通的组网示意图。参见图 2所示, 该通信系统包括网络 A、 网络 B以及 SBC, 网络 A和网络 B分 别与 SBC相连, SBC又进一步包括信令控制功能实体和媒体转发功能 实体。 信令控制功能实体和媒体转发功能实体分別具有两个接口, 每个 实体利用自身的这两个接口与网络 A和网络 B相连。信令控制功能实体 完成会话信令面的处理, 如信令报文的接纳、 终结、 信令报文中媒体信 息的处理, 以及根据信令报文中的会话状态实现对媒体流的转发控制 (拒绝 /允许等)等功能, 媒体转发功能实体则在信令控制功能实体的控 制下完成会话媒体流的转发。
参见图 3所示, 信令控制功能实体利用两个 IP地址, 即 IP地址 1 和 IP地址 Γ , 分别与网络 A中的用户设备和网络 B中的功能实体进行 通信, 媒体转发功能实体利用两个 IP地址, 即 IP地址 2和 IP地址 2、 , 分别与网络 A中的用户设备和网络 B中的功能实体进行通信。并且,对 于网络 A中的每个用户设备所看到的 SBC信令面地址和媒体面地址是 不相同的, 这两个地址分别属于网络 A的地址域和网络 B的地址域。
参见图 4所示, 网络 A中的用户设备与网络 B中的功能实体进行信 令交互的具体过程如下:
步骤 401: 网络 A中的用户设备向 SBC†的信令控制功能实体发送 用户注册请求的信令报文。 . '. ,
步驟 402 ~ 403: 信令控制功能实体 ^到该注册请求后, 分析处理该 信令 ^=艮文, 实现某种信令控制功能, 然后再向网络 B中的功能实体发送 该用户设备的注册请求。
步驟 404: 网络 B中的功能实体对该用户设备进行鉴权, 如果鉴权 通过, 则向信令控制功能实体发送鉴权成功的回应信令报文, 如果鉴权 失败, 则向信令控制功能实体发送鉴权失败的回应信令报文。
步驟 405: 信令控制功能实体收到该回应信令报文后, 再将该信令 报文发送给网络 A中的该用户设备。
步據 406 ~ 410: 网络 A中的用户设备收到该信 ^艮文后, 即注册成 功后,再次通过信令控制功能实体向网络 B中的功能实体发送信令报文; 同样,网络 B中的功能实体也利用信令控制功能实体向网络 A中的该用 户设备发送信令报文。
目前, 从上述过程中可以看出, 图 3所示的组网方案能解决由于不 同地址域或管理域等不同网络之间的互通, 但在实际应用中在部分组网 情况下存在如下问题:
由于信令控制功能实体用于信令面的处理, 媒体转发功能实体用于 媒体面的处理, 这两个实体的功能特点和处理模型不一样, 而且两者的 要求也不一样, 信令面的处理通常单个设备能处理很大的容量, 而媒体 面的处理由于受转发能力的限制, 使得支持的并发端口数有限, 因此媒 体面的功能实体容量相比于信令面的设备容量来说较小, 因此一个信令 面的信令控制功能实体可能会控制多个媒体转发功能实体; 另一方面, 信令面通常会集中处理, 如信令面设备可能位于运营商网络的中心机 房, 而媒体面设备则是分布式的 , 靠近用户端, 如位于用户所处的小区 物业机房。 因此, 上述组网应用模式具有如下缺点:
( 1 )集中式的大容量信令控制功能实体直接暴露给了接入用户,如 上述网络 A或 B中有一方是接入网络,接入的是不可控的有安全威胁可 能的最终用户, 因此存在一定的安全隐患, 一旦集中式的大容量信令控 制功能实体被攻击瘫痪, 则利用该信令控制功能实体接入的所有用户都 无法进行会话业务。
( 2 ) 集中布置的信令控制功能实体和分布式布置媒体转发功能实 体, 使得上述组网模式在实际网络中很难部署, 如位于运营商中心机房 的信令控制功能实体不是处在网络 B和网络 A之间的边缘,通常是媒体 转发功能实体位于边缘,所以信令控制功能实体和网络 A很难直接有接 口 (除非从网络 A中拉专线直接连到信令控制功能实体, 这种方式在实 际应用中既不方便, 成本也很高, 运营商不会考虑), 故信令控制功能 实体无法配置在网络 A中的 IP地址, 在网络 A中的接入用户也就无法 直接与信令控制功能实体直接通信, 结果使得上述模型在实际组网中无 法应用。 目前, 也有将信令控制功能实体和媒体转发功能实体在一个设备上 实现, 即 IP地址 1和 IP地址 2合一, 即信令控制功能实体和媒体转发 功能实体不分开。 这种方案没有考虑到信令面和媒体面处理特点的不 同, 由于信令面在技术上更多要求通用 CPU的处理能力, 而媒体面在技 术上则更多要求专业 CPU或直接通过特定用途集成电路(ASIC ) 芯片 提供的硬件转发能力, 因此将两者分开处理更符合未来网络中信令处理 和媒体转发分离的技术特点。 发明内容
有鉴于此,本发明的目的在于提供一种具有 SBC的通信网络及其传 输信令的方法, 使大容量的集中式信令控制功能实体对接入用户设备屏 蔽, 減小信令控制功能实体安全隐患, 同时解决上述实际组网中无法应 用的问题。
为了达到上述目的,本发明提供了一种在具有 SBC的通信系统中传 输信令的方法, 该方法是这样实现的: 该通信系统至少包括第一网络、 第二网络以及 SBC, 并且该 SBC至少包括信令静态变换功能实体和信 令控制功能实体, 该方法包括以下步骤:
A. 第一网络中的用户设备向信令静态变换功能实体发送注册请求 的信令报文, 其中该信令报文的目的 IP地址 /端口号为信令静态变换功 能实体在第一网络的 IP地址 /端口号,源 IP地址 /端口号为该用户设备在 第一网络中的 IP地址 /端口号; '
B. 信令静态变换功能实体收到该用户设备的信令报文后, 将该信 令报文的目的 IP地址 /端口号修改为信令控制功能实体的 IP地址 /端口 号, 源 IP地址 /端口号修改为信令静态变换功能实体自己分配的 IP地址
/端口号, 并将该信令报文发送给信令控制功能实体; C. 信令控制功能实体收到该信令报文后 , 对该信令拫文进行分析 处理, 并将该信令报文发送给第二网络中的功能实体。
步骤 B可以进一步包括:
Bl、 设置该用户设备的信令报文的 NAT表项, 该表项为该用户设 备在第一网络中的 IP地址 /端口号与信令静态变换功能实体自己分配的 IP地址 /端口号的对应关系。
步骤 B1设置该用户设备的信令报文的 NAT表项的步骤包括:
Bll、 信令静态变换功能实体收到该用户设备的信令报文后, 获取 该信令报文中的源 IP地址 /端口号;
B12、 信令静态变换功能实体为该用户设备分配一个信令静态变换 功能实体的 IP地址 /端口号, 并保存该用户设备在第一网络中的 IP地址 /端口号与信令静态变换功能实体自己分配的 IP 地址 /端口号的对应关 系。
步骤 B中所述信令控制功能实体的 IP地址 /端口号可以利用所述信 令报文中目的 IP地址 /端口号, 从预先设置的信令静态变换功能实体在 第一网络的 IP地址 /端口号和信令控制功能实体的 IP地址的映射关系中 获取的。
所述信令静态变换功能实体在第一网络的 IP地址 /端口号和信令控 制功能实体的 IP地址的映射关系可以预先设置在信令静态变换功能实 体中, 或设置在能与信令静态变换功能实体能通信的功能实体中。
所述信令静态变换功能实体在第一网络的 IP地址 /端口号和信令控 制功能实体的 IP地址的映射关系可以是随机配置的,或才艮据一定算法配 置的, 或根据预先定义的机制配置的。
步骤 C可以进一步包括:
Cl、 信令控制功能实体收到信令报文后, 获取信令报文中用户身份 标识以及该信令报文的源 IP地址 /端口号,所述源 IP地址 /端口号为所述 信令静态变换功能实体自己分配的 IP地址 /端口号, 信令控制功能实体 记录该用户身份标识与所述信令静态变换功能实体自己分配的 IP地址 / 端口号的对应关系。
在步骤 C之后可以进一步包括:
如果信令控制功能实体收到第二网络功能实体的鉴权成功的回应信 令报文, 则通知信令静态变换功能实体鉴权成功, 信令静态变换功能实 体永久维护所述信令 4艮文的 NAT表项;
如果信令控制功能实体收到第二网络功能实体的鉴权失败的回应信 令报文, 则通知信令静态变换功能实体鉴权失败, 信令静态变换功能实 体删除所述信令报文的 NAT表项。
在步骤 B将该信令报文发送给信令控制功能实体的同时, 可以进一 步包括:
启动定时器, 并且如果在定时器超时前, 信令静态变换功能实体收 到信令控制功能实体发送的鉴权成功的通知, 则取消定时器, 继续执行 后续处理步骤, 如果在定时器超时前没有收到鉴权成功的通知, 则信令 静态变换功能实体删除所述对应 NAT表项。
在步骤 C之后, 该方法可以进一步包括: 当信令控制功能实体收到 来自第二网络的注销该用户的命令后, 向信令静态变换功能实体发送删 除该用户的信令 NAT表项的命令, 信令静态变换功能实体收到该命令 后, 删除所述该用户设备的信令报文的 NAT表项。
在步骤 C之后可以进一步包括:
Dll、 信令控制功能实体收到第二网络中功能实体的信令^ =艮文, 对 该信令报文进行分析处理, 并从信令报文中获取用户身份标识, 根据步 骤 C1 中所述对应关系, 获取该用户身份标识对应的信令静态变换功能 实体的 IP地址 /端口号,并根据该 IP地址 /端口号将该信令报文转发给该 信令静态变换功能实体;
D12、 信令静态变换功能实体利用所述信令报文 NAT表项, 将来自 信令控制功能实体的信令报文进行 NAT地址转换,并将转换地址后的信 令报文发送至第一网络中的该用户设备。
在步骤 C之后, 该方法可以进一步包括:
D21、 第一网络中该用户设备发送信令报文至信令静态变换功能实 体;
D22、 信令静态变换功能实体根据所述信令报文的 NAT表项, 将该 信令报文的源和目的地址 /端口号进行静态的 NAT地址变换, 再将该信 令报文转发给信令控制功能实体;
D23、 信令控制功能实体收到该信令报文后 , 解析并处理该信令报 文, 并在确定该用户设备已成功注册后 , 将该信令报文发送给第二网络 中的功能实体。
步骤 B可以进一步包括:
B2、 设置该用户设备的信令报文的 NAT表项, 该表项为该用户设 备在第一网络中的 IP地址 /端口号与信令静态变换功能实体自己分配的 IP地址 /端口号的对应关系, 以及第一网络的 IP地址 /端口号和信令控制 功能实体的 IP地址的映射关系。
信令静态变换功能实体收到第一网络中该用户设备或信令控制功能 实体的信令报文后,利用步驟 B21中所述 NAT表项将信令表项进行 NAT 地址转换后, 发送给信令控制功能实体或第一网络中该用户设备。
所述通信系统为国际电信联盟( ITU-T )、 ETSI的 NGN网络标准电 信和互联网融合业务以及高级网絡协议 ( TISPAN ) 定义的具有 SBC功 能的 NGN网络,或满足互联网工作組( IETF ,)中 SBC模型的通信网络。 当所述通信系统为 ITU-T定义的具有 SBC功能的 NGN网络时, SBC 为业务控制代理功能 ( SCPF )和边界网关功能 ( BGF ); 当所述通信系 统为 TISPAN定义的具有 SBC功能的 NGN网络时, SBC为应用功能 ( AF )和接入边界网关 (A-BGF ); 所述接入网络为多种数字用户线路 ( xDSL )、 无线局域网 (Wlan )、 电缆(Cable )、 全球微波接入互操作 ( WiMax )及各种无线和有线接入方式的网络。 所述第一网络采用互联 网协议第 4版(IPv4 )地址格式或互联网协议第 6版(IPv6 )地址格式, 所述第二网络采用 IPv4地址格式或 IPv6地址格式。
所述信令静态变换功能实体可以设置在 SBC 中的媒体转发功能实 体中, 或作为一个独立的物理实体存在。
为了达到上述目的, 本发明提供了一种具有 SBC的通信系统, 该系 统包含: 该系统至少包括第一网络、 第二网络和 SBC, 所述 SBC至少 包括信令静态变换功能实体和信令控制功能实体, 信令静态变换功能实 体与笫一网络和信令控制功能实体相连, 信令控制功能实体与第二网络 和信令静态变换功能实体相连, 其中,
信令静态变换功能实体,用于接收第一网络中用户设备的信令报文, 并将该信令报文目的 IP地址 /端口号修改为信令控制功能实体的 IP地址 /端口号, 将源 IP地址 /端口号修改为信令静态变换功能实体自己分配的 IP地址 /端口号, 再将该信令报文发送给信令控制功能实体;
信令控制功能实体, 用于接收信令静态变换功能实体的信令报文, 对该信令报文进行分析处理, 并将该信令报文发送给第二网絡中的功能 实体。
所述信令静态变换功能实体, 进一步用于在首次接收到第一网络用 户设备的信令报文后, 获取该信令报文的源 IP地址 /端口号 , 为该用户 设备选择信令控制功能实体的 IP地址 /端口号,所述源 IP地址 /端口号为 该用户设备在第一网络中的 IP地址 /端口号, 并设置该用户设备在第一 网络中的 IP地址 /端口号与信令静态变换功能实体自己分配的 IP地址 / 端口号的对应关系,
所述信令控制功能实体, 进一步用于在首次接收到信令静态变换功 能实体的信令报文后, 保存该信令报文中携带的用户身份标识与信令报 文的源 IP地址 /端口号的对应关系,所述源 IP地址 /端口号为该信令静态 变换功能实体自己分配的 IP地址 /端口号。
所述信令静态变换功能实体, 进一步用于在非首次接受到第一网络 用户设备的信令报文时, 根据所述该用户设备在笫一网絡中的 IP地址 / 端口号与信令静态变换功能实体自己分配的 IP地址 /端口号的对应关系 , 将该信令报文进行静态地址转换, 并将转换后的信令报文发送给信令控 制功能实体。
所述信令控制功能实体, 还用于接收来自第二网络的信令报文, 并 根据自身保存的用户身份标识以及源 IP地址 /端口号之间的对应关系, 确定对应的信令静态变换功能实体自己分配的 IP地址 /端口号, 再将该 信令报文发送给信令静态变换功能实体;
所述信令静态变换功能实体, 还用于接收到来自信令控制功能实体 的信令报文,并根据自身保存的信令报文的 NAT表项,将该信令报文的 地址进行转换后发送给第二网络的用户设备。
所述通信系统为 ITU-T, TISPAN定义的具有 SBC功能的 NGN网络, 或满足 IETF中 SBC模型的通信网络,
当所述通信系统为 ITU-T定义的具有 SBC功能的 NGN网络时, SBC 为 SCPF和 BGF;
当所述通信系统为 TISPAN定义的具有 SBC功能的 NGN网络时, SBC为 AF和 A-BGF; 所述接入网络为 xDSL、 Wlan、 Cable WiMax及无线接入方式的网 络。
所述信令静态变换功能实体为 SBC 中媒体转发功能实体中的逻辑 实体, 或为独立的物理实体。
从上述本发明技术方案可以看出, 应用本发明的系统及方法, 可以 在集中布置信令控制功能实体和分布式布置媒体转发功能实体中, 针对 第一网络中的用户只提供媒体转发功能实体的地址, 解决了实际组网配 置问题。 在本发明中, 由于信令控制功能实体与第二网络相连, 不直接 与第一网络相连, 因此用户的信令报文必须经过媒体转发功能实体或信 令静态变换功能实体, 才能到达信令控制功能实体。 因此, 用户只能对 某个媒体转发功能实体或信令静态变换功能实体进行攻击, 但对整个系 统的影响要小得多, 进而可以有效防止用户恶意攻击, 使整个系统更加 安全。同时,本发明还能很灵活的适应实际各种组网中复杂的地址情况, 满足不同运营商的组网需求。 附图简要说明
图 1为 SBC组网模型示意图;
图 2为现有技术中具有 SBC的网络模型示意图;
图 3为现有技术中典型的具有 SBC的网络模型示意图;
图 4为基于图 3所示的网络模型的信令传输流程示意图;
图 5包括图 5A和图 5B, 其中图 5A为实现本发明系统的組网模型 示意图, 图 5B为本发明系统的具体实施例组网示意图;
图 6为实现本发明方法的流程示意图;
图 7为基于 5B所示系统实现本发明方法的具体实施例流程示意图。 实施本发明的方式
为使本发明的目的、 技术方案和优点更加清楚, 下面结合附图对本 发明作进一步的详细描述。
参见图 5A所示, 实现本发明的通信系统包括: 第一网絡、 第二网 络以及 SBC。 SBC又进一步包括信令控制功能实体和若干个信令静态变 换功能实体。 图 5A中示出的网络 A为笫一网络, 网络 B为第二网络。 其中, 信令控制功能实体与网络 B、 信令静态变换功能实体相连, 每个 信令静态变换功能实体与网络八、 网络 B以及信令控制功能实体相连。 信令静态变换功能实体可以为媒体转发功能实体中的逻辑实体, 也可以 是独立的物理实体。
本发明的通信系统可以为 ITU-T或 TISPAN定义的具有 SBC功能的 NGN网络, 当通信系统为 ITU-T定义的具有 SBC功能的 NGN网络时, SBC为 SCPF和 BGF; 当通信系统为 TISPAN定义的具有 SBC功能的 NGN网络时, SBC为 AF和 A-BGF。 一般情况下, 网络 A为接入网络, 网络 B 为核心网。 而且接入网络可以为 xDSL、 Wlan、 Cable, WiMax 及其它有线、 无线等多种接入方式中任何一种接入网络。 上述网络中的 IP地址可以采用 IPv4地址格式, 也可以是 IPv6地址格式, 地址转换包 括 IPv4-IPv4, IPv4-IPv6, IPv6-IPv6, IPv6-IPv4等各种情况下的地址格 式转换。
信令静态变换功能实体, 用于转发网络 A与信令控制功能实体间的 信令报文。 当信令静态变换功能实体首次转发网絡 A中一个用户设备的 信令报文时, 即网络 A中一个用户设备的注册请求时, 需要动态创建网 络 A中该用户设 ^言令报文的网络地址转换(NAT )表项, 如: 该用户 设备在第一网络中的 IP地址 /端口号与信令静态变换功能实体自己分配 的 IP地址 /端口号的对应关系, 用于对此后接收到的来自第一网络或信 令功能控制实体的信令报文进行 NAT地址转换,进而实现信令报文的转 发。 也就是说, 当信令静态变换功能实体接收网络 A中非首次发送的信 令报文时,要根据所述信令报文的 NAT表项,将信令报文进行静态地址 变换后转发给信令控制功能实体; 当信令静态变换功能实体接收来自信 令控制功能实体的信令报文, 同样也需要将信令报文进行静态地址变换 后, 转发给网絡 A中的用户设备。 同时, 信令静态变换功能实体中会配 置或通过其它方式获取媒体转发报文上的信令地址和信令控制功能实 体的地址之间的映射关系,用于转换网络 A中用户设备发过来的信令报 文的目的地址, 或信令控制功能实体发过来的报文的源地址。
信令控制功能实体用于对接收到的信令报文进行分析处理, 并与网 络 B中的功能实体进行信令交互。 当信令控制功能实体接收到信令静态 变换功能实体转发来的注册请求的信令报文后, 获取信息报文中用户身 份标识, 并保存用户身份标识与该信令报文中源 IP地址 /端口号的对应 关系, 这里, 源 IP地址 /端口号即为信令静态变换功能实体自己分配的 IP地址 /端口号。 此后, 当信令控制功能实体收到来自网络 B中功能实 体发给第一网络中用户设备的信令报文后 , 可以从信令报文中获取用户 身份标识, 并从该用户身份标识和源地址 /端口号的对应关系, 获得该用 户身份标识对应的信令静态变换功能实体自己分配的 IP地址 /端口号, 然后根据该 IP地址 /端口号将该信令报文转发给信令静态变换功能实体。
因此, 在基于上述具有 SBC的通信系统中, 如果笫一网络中的用户 设备需要与第二网络中的功能实体进行信令传输, 该用户设备配置的或 第二网络给用户分配的信令控制功能实体的地址是信令静态变换功能 实体的地址,用户直接将该信令报文发送给 SBC中的信令静态变换功能 实体, 由该信令静态变换功能实体将该信令报文通过信令控制功能实体 转发给第二网络中的功能实体。 同样, 笫二网络中的功能实体需要与第 一网络中的用户设备进行信令交互时, 则通过信令控制功能实体将该信 令报文发送给信令静态变换功能实体, 再由信令静态变换功能实体将该 信令报文发送给第一网络中的用户设备。
参见图 6所示, 实现本发明的方法包括以下步骤:
步骤 601 : 第一网络中的用户设备向信令静态变换功能实体发送注 册请求的信令报文, 其中该信令报文的目的 IP地址 /端口号为信令静态 变换功能实体在第一网络的 IP地址 /端口号,源 ΓΡ地址 /端口号为该用户 设备在第一网络中的 ΓΡ地址 /端口号。
步驟 602: 信令静态变换功能实体收到该用户设备的信令报文后, 将该信令报文的目的 IP地址 /端口号修改为信令控制功能实体的 IP地 址, 源 IP地址 /端口号修改为信令静态变换功能实体自己分配的 IP地址
/端口号, 并将该信令报文发送给信令控制功能实体。
需要说明的是,步骤 602中信令静态变换功能实体自己分配的 IP地 址 /端口号可以是媒体转发实体随机选择的,也可以是按照某种优先级选 择的,也可以是按照某种算法选择的,或者其它预先定义的机制选择的。
选择信令控制功能实体 IP地址 /端口号可以有多种方式。
如果在信令静态变换功能实体中或与信令静态变换功能实体能实现 通信的功能实体中配置信令静态变换功能实体的信令 IP地址 /端口号和 信令控制功能实体的 IP地址的映射关系,当信令静态变换功能实体收到 来自第一网络的信令报文后, 可以利用信令报文中目的 IP地址 /端口号 从上述映射关系中获取信令控制功能实体的 IP地址 /端口号。 所述信令 静态变换功能实体的信令的 IP地址 /端口号和信令控制功能实体的 IP地 址的映射关系可以按运营商的需求进行配置。
而如果没有预先配置信令静态变换功能实体的信令 IP地址 /端口号 和信令控制功能实体的 IP地址的映射关系,此时也可以随机、按照某种 优先级或按照某种算法选择。
步骤 603: 信令控制功能实体收到该信令报文后, 对该信令 4艮文进 行分析处理, 并将该信令报文发送给第二网络中的功能实体。 这里, 对 该信令报文进行分析处理的过程与现有技术可以相同, 也可以不同, 其 如何处理并不影响本发明的保护范围。
进一步地, 为了在该用户注册成功后, 信令静态变换功能实体能正 确转发该用户设备发送的后续信令报文 , 以及第二网络给该用户设备发 送的信令 4艮文,可以在步骤 602中进一步动态创建一个 NAT表项,用于 对收到的信令报文进行静态地址变换, 从而达到正确转发。 信令报文的 NAT表项可以包括以下两种情况:
情况 1: 如果已经预先配置了信令静态变换功能实体的信令 IP地址 /端口号和信令控制功能实体的 IP地址的映射关系, 则该表项可以只包 括该用户设备在笫一网络中的 IP地址 /端口号与信令静态变换功能实体 自己分配的 IP地址 /端口号的对应关系。 这样, 可以采用如下方式设置 该用户设备的信令报文的 NAT表项:
信令静态变换功能实体收到该用户设备首次发送的信令报文后, 即 注册请求报文后, 获取该信令报文中的源 IP地址 /端口号; 信令静态变 换功能实体为该用户设备分配一个信令静态变换功能实体的 IP地址 /端 口号, 并保存该用户设备在第一网络中的 IP地址 /端口号与信令静态变 换功能实体自己分配的 IP地址 /端口号的对应关系, 该对应关系即为该 用户设备对应的信令报文的 NAT表项。
情况 2: 如果没有预先配置信令静态变换功能实体的信令 IP地址 / 端口号和信令控制功能实体的 IP地址的映射关系,则该用户设备的信令 报文的 NAT表项可以包括: 该用户设备在第一网络中的 IP地址 /端口号 与信令静态变换功能实体自己分配的 IP地址 /端口号的对应关系, 以及 第一网络的 IP地址 /端口号和信令控制功能实体的 IP地址的对应关系。 因此, 可以采用如下方式获取 NAT表项:
信令静态变换功能实体收到该用户设备首次发送的信令报文后, 即 注册请求 4艮文后, 获取该信令艮文中的源 IP地址 /端口号和目的 IP地址 /端口号,并且信令静态变换功能实体为该用户设备分配一个信令静态变 换功能实体的 IP地址 /端口号, 以及选择一个信令控制功能实体的 IP地 址 /端口号, 保存该用户设备在第一网络中的 IP地址 /端口号与信令静态 变换功能实体自己分配的 IP地址 /端口号的对应关系, 以及第一网络的 IP地址 /端口号和信令控制功能实体的 IP地址的对应关系, 这两组对应 关系即为信令报文的 NAT表项。
上述信令报文的 NAT表项可以在用户注销后、 用户注册失败时删 除。
另外, 此后为了实现第二网络中功能实体向信令静态变换功能实体 发送信令报文, 在上述步骤 603信令控制功能实体收到信令报文后, 可 以获取信令报文中用户身份标识以及该信令报文的源 IP地址 /端口号, 该源 IP地址 /端口号为步骤 602中信令静态变换功能实体自己分配的 IP 地址 /端口号,信令控制功能实体记录该用户身份标识与所述信令静态变 换功能实体自己分配的 IP地址 /端口号的对应关系。 因此, 当收到第二 网絡中功能实体发送给第一网络中用户设备的信令报文时, 信令控制功 能实体根据被叫用户号码从该对应关系中获得信令静态变换功能实体 自己分配的 IP地址 /端口号,并按照该 IP地址 /端口号转发给信令静态变 换功能实体。
下面以信令静态变换功能实体为媒体转发功能实体中的逻辑实体为 例, 说明本发明的技术方案。
参见图 5B所示, 本实施例的通信系统包括第一网络、 第二网络以 及 SBC。 SBC又进一步包括信令控制功能实体和媒体转发功能实体。 图 5B中示出的网络 A为第一网络, 网络 B为第二网絡。 其中, 信令控制 功能实体与网络 B和媒体转发功能实体相连,媒体转发功能实体与网络 A、 网络 B以及信令控制功能实体相连。
本发明的通信系统可以为 ITU-T、 TISPAN定义的具有 SBC功能的 NGN网络, 当通信系统为 ITU-T定义的具有 SBC功能的 NGN网络时, SBC为 SCPF和 BGF; 当通信系统为 TISPAN定义的具有 SBC功能的 NGN网络时, SBC为 AF和 A-BGF。 一般情况下, 网络 A为接入网络, 网络 B 为核心网。 而且接入网络可以为 xDSL、 Wlan、 Cable、 WiMax 及其它有线、 无线等多种接入方式中任何一种接入网络。 上述网络中的 IP地址可以采用 IPv4地址格式, 也可以是 IPv6地址格式, 地址转换包 括 IPv4-IPv4, IPv4-IPv6, IPv6-IPv6, IPv6-IPv4等各种情况下的地址格 式转换。
媒体转发功能实体,不仅可以用于转发网络 A和网络 B之间的数据 报文, 还可以用于转发网络 A与信令控制功能实体间的信令报文。 当媒 体转发功能实体首次转发网络 A中一个用户设备的信令报文时, 即网络 A中一个用户设备的注册请求时,需要动态创建网络 A中该用户设备信 令报文的 NAT表项, 即该用户设备在第一网络中的 IP地址 /端口号与媒 体转发功能实体自己分配的 IP地址 /端口号的对应关系, 用于对此后接 收到的来自第一网络或信令功能控制实体的信令报文进行 NAT地址转 换, 进而实现信令报文的转发。 也就是说, 当媒体转发功能实体接收网 络 A中非首次发送的信令报文时, 要根据所述信令报文的 NAT表项, 将信令4艮文进行静态地址变换后转发给信令控制功能实体; 当媒体转发 功能实体接收来自信令控制功能实体的信令报文, 同样也需要将信令报 文进行静态地址变换后, 转发给媒体转发功能实体。 同时, 媒体转发功 能实体中会配置或通过其它方式获取媒体转发报文上的信令地址和信 令控制功能实体的地址之间的映射关系,用于转换网络 A中用户设备发 过来的信令^ ^艮文的目的地址, 或信令控制功能实体发过来的报文的源地 址。
信令控制功能实体用于对接收到的信令报文进行分析处理, 并与网 络 B中的功能实体进行信令交互。 当信令控制功能实体接收到媒体转发 功能实体转发来的注册请求的信令报文后, 获取信息报文中用户身份标 识,并保存用户身份标识与该信令报文中源 IP地址 /端口号的对应关系, 这里,源 IP地址 /端口号即为媒体转发功能实体自己分配的 IP地址 /端口 号。 此后, 当信令控制功能实体收到来自网络 B中功能实体发给第一网 络中用户设备的信令报文后, 可以从信令报文中获取用户身份标识, 并 从该用户身份标识和源地址 /端口号的对应关系,获得该用户身份标识对 应的媒体转发功能实体自己分配的 IP地址 /端口号, 然后根据该 IP地址
/端口号将该信令报文转发给媒体转发功能实体。
参见图 7所示, 本实施例实现本发明方法的具体步骤如下: 步骤 701: 网络 A中的用户设备向媒体转发功能实体发送注册请求 的信令报文, 该信令报文中含有接入请求信息和用户信息 , 并且该信令 报文的目的 IP地址为媒体转发功能实体的 IP地址, 源 IP地址为用户设 备在网络 A中的 IP地址。
步骤 702 ~ 703: 媒体转发功能实体收到该信令报文后, 获取该信令 报文的源 IP地址 /端口号和目的 IP地址 /端口号,并分配一个媒体转发功 能实体自己的 IP地址 /端口号, 然后, 动态创建该用户设备的信令报文 的 NAT表项,该表项为该用户设备在网络 A中的 IP地址 /端口号与媒体 转发功能实体自己分配的 IP地址 /端口号的对应关系, 再根据该信令报 文的 NAT表项, 将信令报文的源 IP地址 /端口号设置为媒体转发功能实 体自己分配的 IP地址 /端口号; 同时根据自身预先设置的第一网络的 IP 地址 /端口号和信令控制功能实体的 IP地址 /端口号的映射关系, 获取对 应的信令控制功能实体的 IP地址 /端口号, 将该信 ^艮文的目的 ip地址 转换为信令控制功能实体的 IP地址 /端口号, 最后将该信令报文转发给 信令控制功能实体。
步骤 704 ~ 705: 信令控制功能实体收到该信令 ^=艮文后, 解析并处理 该信令报文, 获取用户身份标识以及源 IP地址 /端口号, 该源 IP地址为 媒体转发功能实体的 IP地址 /端口号, 保存用户身份标识与所述媒体转 发功能实体自己分配的 IP地址的对应关系,并将该信令报文发送给网络 B中的功能实体。
步骤 706: 网络 B中设备收到该信令报文后, 根据其中含有的用户 身份标识对该用户设备进行鉴权, 如果鉴权通过, 则向信令控制功能实 体发送鉴权通过的回应信令报文, 如果鉴权没有通过, 则向信令功能控 制实体发送鉴权失败的回应信令报文。
步骤 707 - 708: 信令控制功能实体收到该回应信令报文后, 获取其 中的用户身份标识, 并按照步骤 704中所述对应关系获取该用户身份标 识对应的媒体转发功能实体自己分配的 IP地址 /端口号, 然后将该信令 报文的目的 IP地址设置为所述媒体转发功能实体的 IP地址 /端口号, 源 IP地址 /端口号为信令控制功能实体自身的 IP地址, 将该信令报文发送 给媒体转发功能实体。
步骤 709 710: 媒体转发功能实体收到该信令报文后, 获取该信令 报文的源 IP地址, 即信令控制功能实体的 IP地址 /端口号, 并按照步骤 702中所述信令报文的 NAT表项, 获取该信令控制功能实体的 IP报文 对应的网络 A中用户设备的 IP地址 /端口号, 然后将该信令报文的目的 IP地址修改为网络 A中用户设备的 IP地址 /端口号, 再根据自身预先设 置的媒体转发功能实体在第一网络的 IP地址 /端口号和信令控制功能实 体的 IP地址 /端口号的映射关系,将源 IP地址 /端口号改为自身的媒体转 发功能实体在第一网络中的 IP地址 /端口号, 并将该信令报文发送给第 一网终中的用户设备。
并且, 在步骤 707中, 如果信令控制功能实体收到的回应信令报文 是鉴权成功的信令报文, 则信令控制功能实体需要通知媒体转发功能实 体永久保存并维护该用户设备对应的 NAT表项 ,即媒体转发功能实体的 IP地址 /端口号与信令控制功能实体的 IP地址 /端口号的对应关系, 直到 该用户注销后, 信令控制功能实体通知媒体转发功能实体删除该表项。 如果回应信令报文是鉴权失败的信令报文, 则信令控制功能实体通知媒 体转发功能实体删除该用户设备对应的信令报文的 NAT表项。
当然, 在实际操作过程中, 例如在步骤 704中媒体转发功能实体将 该信令报文向网络 B中的功能实体发送信令报文的同时,可以启动一个 定时器, 如果在定时器超时前没有收到信令控制功能实体发过来的鉴权 成功的通知报文, 则在定时器超时后删除该用户设备对应的 NAT表项。 当然, 当媒体转发功能实体收到信令控制功能实体发送的用户注销的命 令后, 也需要删除该信令报文的 NAT表项。
在注册成功之后, 还可以进一步接受或发起会话请求, 如执行步骤 711至步骤 715和 /或步骤 716至步骤 719。 需要注意的是, 步骤 711至 步驟 715的流程与步骤 716至步骤 719的流程是相互独立, 可以只执行 其中一个流程,也可以执行两个流程,并且它们之间没有先后次序之分, 下面分别描述这两个流程。
步驟 711 ~ 715: 网络 B中的功能实体依次通过信令控制功能实体、 媒体转发功能实体与网络 A中的用户设备发送信令报文。 此时, 在信令 控制功能实体中需要获取信令报文中携带的用户身份标识所对应的媒 体转发功能实体的 IP地址,在媒体转发功能实体中, 需要根据信令报文 的 NAT表项对信令报文进行地址转换后发送出去。此处与步骤 706 ~ 710 相同。 .
步骤 716 ~ 719: 当网络 A中的用户设备在首次泉送信令报文, 即接 入请求报文, 并获得鉴权成功的回应信令报文后, 再次需要与网络 B进 行交互, 网络 A中的用户设备可以通过依次通过媒体转发功能实体、信 令控制功能实体与网络 B中的功能实体进行信令交互。 此时, 媒体转发 功能实体转换信令的源 IP地址 /端口号需要利用 NAT表项实现, 转换目 的 IP地址 /端口号需要查找媒体转发实体中已配置的媒体转发功能实体 在第一网络中的 IP地址 /端口号与信令控制功能实体 IP地址 /端口号的映 射关系, 查找获得对应的信令控制功能实体 IP地址 /端口号。
另夕卜,如果信令报文的 NAT表项设置为包括该用户设备在第一网络 中的 IP地址 /端口号与媒体转发功能实体自己分配的 IP地址 /端口号的对 应关系, 以及第一网絡的 IP地址 /端口号和信令控制功能实体的 IP地址 的映射关系。 那么, 在用户已注册成功后, 第一网络中该用户设备与信 令控制功能实体之间的信令报文到达媒体转发功能实体后, 媒体转发功 能实体即可利用该信令报文的 NAT表项将信令表项进行 NAT地址转换 后, 发送给信令控制功能实体或第一网络中该用户设备。 具体如下: 网络 A中该用户设备向媒体转发功能实体发送信令报文, 该 IP报 文的目的 IP地址 /端口号为媒体转发功能实体的 IP地址 /端口号, 源 IP 地址 /端口号为网络 A中该用户设备的 IP地址 /端口号;媒体转发功能实 体直接将该信令报文利用信令报文的 NAT表项 ,对该信令报文进行静态 的 NAT地址变换, 即该信令报文的目的 IP地址转换为信令控制功能实 体的 IP地址 /端口号,源 IP地址 /端口号转换为所述媒体转发功能实体的 IP地址, 并按照该目的 IP地址 /端口号将该信令报文转发给信令控制功 能实体。信令控制功能实体收到该信令报文后 ,解析并处理该信令报文, 并且确定自身已保存用户身份标识与所述媒体转发功能实体 IP地址 /端 口号的对应关系, 即该用户设备已成功注册, 因此直接将该信令报文发 送给网络 B中的功能实体。
从上述过程可以看出, 在本实施例中, 由于接入用户配置的 SBC信 令控制功能实体的地址为媒体转发功能实体上的地址, 接入信令流经过 媒体转发功能实体,因此 SBC信令控制功能实体的对外只需要有一个域 地址,如一个管理域或地址域的地址。 并且,在用户设备在注册成功后, 将通过在媒体转发功能实体上已建立的信令报文的 NAT表项作为信令 通道发起或接受呼叫, 在信令控制功能实体上看到网络 A 中用户地址 / 端口号也将是媒体转发功能实体上地址 /端口信息。
另外, 当信令静态变换实体为独立的独立实体时, 其实现过程与上 述实施例一样, 这里不再赘述。
总之, 以上所述仅为本发明的较佳实施例而已 , 并非用于限定本发 明的保护范围。

Claims

权利要求书
1、 一种在具有会话边界控制器 SBC的通信系统中传输信令报文的 方法,其特征在于,该通信系统至少包括第一网络、第二网络以及 SBC, 并且该 SBC至少包括信令静态变换功能实体和信令控制功能实体,该方 法包括以下步骤:
A. 第一网络中的用户设备向信令静态变换功能实体发送注册请求 的信令报文, 其中该信令报文的目的 IP地址 /端口号为信令静态变换功 能实体在第一网络的 IP地址 /端口号,源 IP地址 /端口号为该用户设备在 第一网络中的 IP地址 /端口号;
B. 信令静态变换功能实体收到该用户设备的信令报文后, 将该信 令报文的目的 IP地址 /端口号修改为信令控制功能实体的 IP地址 /端口 号, 源 IP地址 /端口号修改为信令静态变换功能实体自己分配的 IP地址
/端口号, 并将该信令报文发送给信令控制功能实体;
C. 信令控制功能实体收到该信令报文后 , 对该信令报文进行分析 处理, 并将该信令报文发送给第二网络中的功能实体。
2、 根据权利要求 1所述的方法, 其特征在于: 步骤 B进一步包括: Bl、 设置该用户设备的信令报文的网络地址转换 NAT表项, 该表 项为该用户设备在第一网络中的 IP地址 /端口号与信令静态变换功能实 体自己分配的 IP地址 /端口号的对应关系。
3、 根据权利要求 2所述的方法, 其特征在于: 步骤 B1设置该用户 设备的信令报文的 NAT表项的步骤包括:
Bll、 信令静态变换功能实体收到该用户设备的信令报文后, 获取 该信令报文中的源 IP地址 /端口号;
B12、 信令静态变换功能实体为该用户设备分配一个信令静态变换 功能实体的 IP地址 /端口号, 并保存该用户设备在第一网络中的 IP地址
/端口号与信令静态变换功能实体自己分配的 IP 地址 /端口号的对应关 系。
4、 居权利要求 2所述的方法, 其特征在于: 步驟 B中所述信令 控制功能实体的 IP地址 /端口号是利用所述信令报文中目的 IP地址 /端口 号, 从预先设置的信令静态变换功能实体在第一网络的 IP地址 /端口号 和信令控制功能实体的 IP地址的映射关系中获取的。
5、根据权利要求 4所述的方法, 其特征在于: 所述信令静态变换功 能实体在第一网絡的 IP地址 /端口号和信令控制功能实体的 IP地址的映 射关系预先设置在信令静态变换功能实体中 , 或设置在能与信令静态变 换功能实体能通信的功能实体中。
6、根据权利要求 5所述的方法, 其特征在于: 所述信令静态变换功 能实体在第一网络的 IP地址 /端口号和信令控制功能实体的 IP地址的映 射关系是随机配置的, 或根据一定算法配置的, 或根据预先定义的机制 配置的。
7、 居权利要求 2所述的方法, 其特征在于: 步骤 C进一步包括: Cl、 信令控制功能实体收到信令报文后, 获取信令报文中用户身份 标识以及该信令报文的源 IP地址 /端口号,所述源 IP地址 /端口号为所述 信令静态变换功能实体自己分配的 IP地址 /端口号, 信令控制功能实体 记录该用户身份标识与所述信令静态变换功能实体自己分配的 IP地址 / 端口号的对应关系。
8、 根据权利要求 2所述的方法, 其特征在于: 在步骤 C之后进一 步包括:
如果信令控制功能实体收到第二网络功能实体的鉴权成功的回应信 令报文, 则通知信令静态变换功能实体鉴权成功, 信令静态变换功能实 体永久维护所述信令艮文的 NAT表项;
如果信令控制功能实体收到第二网络功能实体的鉴权失败的回应信 令报文, 则通知信令静态变换功能实体鉴权失败, 信令静态变换功能实 体删除所述信令报文的 NAT表项。
9、 根据权利要求 2所述的方法, 其特征在于: 在步骤 B将该信令 报文发送给信令控制功能实体的同时进一步包括:
启动定时器, 并且如果在定时器超时前, 信令静态变换功能实体收 到信令控制功能实体发送的鉴权成功的通知, 则取消定时器, 继续执行 后续处理步骤, 如果在定时器超时前没有收到鉴权成功的通知, 则信令 静态变换功能实体删除所述对应 NAT表项。
10、 根据权利要求 9所述的方法, 其特征在于: 在步骤 C之后, 该 方法进一步包括: 当信令控制功能实体收到来自第二网络的注销该用户 的命令后,向信令静态变换功能实体发送删除该用户的信令 NAT表项的 命令, 信令静态变换功能实体收到该命令后, 删除所述该用户设备的信 令报文的 NAT表项。
11、 根据权利要求 7所述的方法, 其特征在于, 在步骤 C之后进一 步包括:
Dll、 信令控制功能实体收到第二网络中功能实体的信令报文, 对 该信令报文进行分析处理, 并从信令报文中获取用户身份标识, 根据步 骤 C1 中所述对应关系, 获取该用户身份标识对应的信令静态变换功能 实体的 IP地址 /端口号 ,并根据该 IP地址 /端口号将该信令报文转发给该 信令静态变换功能实体;
D12、 信令静态变换功能实体利用所述信令报文 NAT表项, 将来自 信令控制功能实体的信令报文进行 NAT地址转换,并将转换地址后的信 令报文发送至第一网络中的该用户设备。
12、 根据权利要求 7所述的方法, 其特征在于: 在步驟 C之后, 该 方法进一步包括:
D21、 第一网络中该用户设备发送信令报文至信令静态变换功能实 体;
D22、 信令静态变换功能实体根据所述信令报文的 NAT表项 , 将该 信令报文的源和目的地址 /端口号进行静态的 NAT地址变换, 再将该信 令报文转发给信令控制功能实体;
D23、 信令控制功能实体收到该信令报文后 , 解析并处理该信令才艮 文, 并在确定该用户设备已成功注册后, 将该信令报文发送给第二网络 中的功能实体。
13、根据权利要求 2所述的方法,其特征在于: 步骤 B进一步包括: B2、 设置该用户设备的信令报文的 NAT表项, 该表项为该用户设 备在第一网络中的 IP地址 /端口号与信令静态变换功能实体自己分配的 IP地址 /端口号的对应关系 , 以及第一网络的 IP地址 /端口号和信令控制 功能实体的 IP地址的映射关系。
14、 根据权利要求 13所述的方法, 其特征在于: 在步骤 C之后, 信令静态变换功能实体收到第一网络中该用户设备或信令控制功能实 体的信令报文后, 利用步骤 B2中所述 NAT表项将信令表项进行 NAT 地址转换后, 发送给信令控制功能实体或第一网络中该用户设备。
15、 根据权利要求 1所述的方法, 其特征在于:
所述通信系统为国际电信联盟 ITU-T, 电信和互联网融合业务以及 高级网絡协议 TISPAN的下一代网絡 NGN标准中定义的具有 SBC功能 的下一代 NGN网络, 或互联网工作组 IETF中定义的 SBC通信网络, 当所述通信系统为 ITU-T定义的具有 SBC功能的 NGN网络时, SBC 为业务控制代理功能 SCPF和边界网关功能 BGF; 当所述通信系统为 TISPAN定义的具有 SBC功能的 NGN网络时, SBC为应用功能 AF和接入边界网关功能 A-BGF,当 AF为 IP多媒体子 系统 IMS时, AF为代理呼叫会话控制功能 P-CSCF;
所述第一网络为接入网络, 所述接入网络为多种数字用户线路 xDSL、 无线局域网 Wlan、 电缆 Cable, 全球微波接入互操作 WiMax接 入方式的网络;
所述第一网络采用互联网协议第 4版 IPv4地址格式或互联网协议第 6版 IPv6地址格式,
所述笫二网络采用 IPv4地址格式或 IPv6地址格式。
16、 根据权利要求 1 ~ 15中任意一项所述的方法, 其特征在于: 所 述信令静态变换功能实体设置在 SBC中的媒体转发功能实体中,或为独 立的物理实体。
17、一种具有 SBC的通信系统, 该系统至少包括第一网络、 第二网 络和 SBC, 其特征在于: 所述 SBC至少包括信令静态变换功能实体和 信令控制功能实体, 信令静态变换功能实体与第一网络和信令控制功能 实体相连, 信令控制功能实体与第二网络和信令静态变换功能实体相 连, 其中,
信令静态变换功能实体,用于接收第一网络中用户设备的信令报文, 并将该信令报文目的 IP地址 /端口号修改为信令控制功能实体的 IP地址 /端口号, 将源 IP地址 /端口号修改为信令静态变换功能实体自己分配的 IP地址 /端口号, 再将该信令艮文发送给信令控制功能实体;
信令控制功能实体, 用于接收信令静态变换功能实体的信令报文, 对该信令报文进行分析处理 , 并将该信令报文发送给第二网络中的功能 实体。
18、 根据权利要求 17所述的系统, 其特征在于: 所述信令静态变换功能实体, 进一步用于在首次接收到第一网络用 户设备的信令报文后, 获取该信令报文的源 IP地址 /端口号, 为该用户 设备选择信令控制功能实体的 IP地址 /端口号,所述源 IP地址 /端口号为 该用户设备在第一网络中的 IP地址 /端口号, 并设置该用户设备在第一 网络中的 IP地址 /端口号与信令静态变换功能实体自己分配的 IP地址 / 端口号的对应关系,
所述信令控制功能实体, 进一步用于在首次接收到信令静态变换功 能实体的信令报文后, 保存该信令报文中携带的用户身份标识与信令报 文的源 IP地址 /端口号的对应关系,所述源 IP地址 /端口号为该信令静态 变换功能实体自己分配的 IP地址 /端口号。
19、 根据权利要求 18所述的系统, 其特征在于:
所述信令静态变换功能实体, 进一步用于在非首次接受到第一网络 用户设备的信令报文时, 根据所述该用户设备在第一网絡中的 IP地址 / 端口号与信令静态变换功能实体自己分配的 IP地址 /端口号的对应关系 , 将该信令报文进行静态地址转换, 并将转换后的信令报文发送给信令控 制功能实体。
20、 根据权利要求 18所述的系统, 其特征在于:
所述信令控制功能实体, 还用于接收来自第二网络的信令报文, 并 根据自身保存的用户身份标识以及源 IP地址 /端口号之间的对应关系, 确定对应的信令静态变换功能实体自己分配的 IP地址 /端口号, 再将该 信令报文发送给信令静态变换功能实体;
所述信令静态变换功能实体, 还用于接收到来自信令控制功能实体 的信令报文,并根据自身保存的信令报文的 NAT表项,将该信令报文的 地址进行转换后发送给第二网络的用户设备。
21、 居权利要求 17所述的系统, 其特征在于: 所述通信系统为 ITU-T、 TISPAN定义的具有 SBC功能的 NGN网 络, 或 IETF中定义的 SBC通信网络,
当所述通信系统为 ITU-T定义的具有 SBC功能的 NGN网络时, SBC 为 SCPF和 BGF;
当所述通信系统为 TISPAN定义的具有 SBC功能的 NGN网络时,
SBC为 AF和 A-BGF;
所述接入网络为 xDSL、 Wlan、 Cable, WiMax及无线接入方式的网 络。
22、根据权利要求 17 ~ 21中任意一项所述的系统, 其特征在于: 所 述信令静态变换功能实体为 SBC中媒体转发功能实体中的逻辑实体 ,或 为独立的物理实体。
PCT/CN2006/000523 2005-04-27 2006-03-28 A communication system with session border controller and a method for the transmission of the signaling WO2006114037A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200510068227.0 2005-04-27
CN2005100682270A CN1856163B (zh) 2005-04-27 2005-04-27 一种具有会话边界控制器的通信系统及其传输信令的方法

Publications (1)

Publication Number Publication Date
WO2006114037A1 true WO2006114037A1 (en) 2006-11-02

Family

ID=37195886

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2006/000523 WO2006114037A1 (en) 2005-04-27 2006-03-28 A communication system with session border controller and a method for the transmission of the signaling

Country Status (2)

Country Link
CN (1) CN1856163B (zh)
WO (1) WO2006114037A1 (zh)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109561164A (zh) * 2017-09-27 2019-04-02 华为技术有限公司 Nat表项的管理方法、装置及nat设备
CN112615839A (zh) * 2020-12-10 2021-04-06 帝信科技股份有限公司 一种数据的传输系统、传输方法及传输装置

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101212405B (zh) * 2006-12-29 2011-09-21 中国移动通信集团公司 媒体路由控制方法
CN100546285C (zh) * 2007-05-09 2009-09-30 华为技术有限公司 实现互通网关应用层路由的方法、系统及会话边界控制器
CN101115232B (zh) * 2007-08-28 2010-12-08 中国联合网络通信集团有限公司 通过sbc接入ip多媒体子系统网络的漫游控制方法及系统
CN101420368B (zh) * 2007-10-23 2011-07-13 中兴通讯股份有限公司 Sbc实现媒体直通的方法
CN101222343B (zh) * 2008-01-30 2011-11-30 中兴通讯股份有限公司 一种策略与计费控制系统及对媒体网关的控制方法
CN102917342B (zh) * 2008-09-28 2015-11-25 华为技术有限公司 用户设备活动信息通知方法、系统及网元设备、服务器
CN101715173B (zh) * 2008-10-06 2013-06-05 华为技术有限公司 用户设备活动信息通知方法、系统及网元设备、服务器
JP5164879B2 (ja) * 2009-02-17 2013-03-21 沖電気工業株式会社 通信中継装置、プログラム及び方法、並びにネットワークシステム
CN101980485B (zh) * 2010-10-18 2015-09-16 中兴通讯股份有限公司 路由器和传输数据的方法
CN102957756B (zh) * 2011-08-23 2017-10-17 中兴通讯股份有限公司 数据报文的处理方法及接入服务路由器
CN102523358A (zh) * 2012-01-12 2012-06-27 江苏电力信息技术有限公司 一种基于ngn软交换网语音集中接入的呼叫中心通信接入系统
CN103067414A (zh) * 2013-01-30 2013-04-24 北京天地互连信息技术有限公司 一种解决IMS网络中IPv4过渡到IPv6互通方法
CN104158806B (zh) * 2014-08-13 2018-02-23 大唐移动通信设备有限公司 会话连接建立方法及设备、会话边界控制网元
CN106128463A (zh) * 2016-06-07 2016-11-16 张巍 一种基于云计算的人工同声传译方法及系统

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1384644A (zh) * 2001-04-27 2002-12-11 冲电气工业株式会社 用于连接网络的方法和装置
CN1503526A (zh) * 2002-11-26 2004-06-09 ������������ʽ���� 地址转换装置和地址转换规则的管理方法
CN1547354A (zh) * 2003-12-17 2004-11-17 港湾网络有限公司 网络地址转换规则配置的优化方法
US6862267B1 (en) * 2000-05-08 2005-03-01 Nortel Networks Limited Determining network addresses and ports using table from a description file

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1516409A (zh) * 2003-08-26 2004-07-28 中兴通讯股份有限公司 一种使媒体流穿越网络地址转换器的方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6862267B1 (en) * 2000-05-08 2005-03-01 Nortel Networks Limited Determining network addresses and ports using table from a description file
CN1384644A (zh) * 2001-04-27 2002-12-11 冲电气工业株式会社 用于连接网络的方法和装置
CN1503526A (zh) * 2002-11-26 2004-06-09 ������������ʽ���� 地址转换装置和地址转换规则的管理方法
CN1547354A (zh) * 2003-12-17 2004-11-17 港湾网络有限公司 网络地址转换规则配置的优化方法

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109561164A (zh) * 2017-09-27 2019-04-02 华为技术有限公司 Nat表项的管理方法、装置及nat设备
CN109561164B (zh) * 2017-09-27 2021-02-09 华为技术有限公司 Nat表项的管理方法、装置及nat设备
CN112615839A (zh) * 2020-12-10 2021-04-06 帝信科技股份有限公司 一种数据的传输系统、传输方法及传输装置
CN112615839B (zh) * 2020-12-10 2023-08-22 帝信科技股份有限公司 一种数据的传输系统、传输方法及传输装置

Also Published As

Publication number Publication date
CN1856163B (zh) 2011-05-18
CN1856163A (zh) 2006-11-01

Similar Documents

Publication Publication Date Title
WO2006114037A1 (en) A communication system with session border controller and a method for the transmission of the signaling
KR101280281B1 (ko) 일련의 경계 게이트웨이들을 통하는 ip 멀티미디어 베어러 경로 최적화를 위한 개선된 방법 및 시스템
US6801528B2 (en) System and method for dynamic simultaneous connection to multiple service providers
JP6884818B2 (ja) Vxlan実装方法、ネットワークデバイス、および通信システム
CN100586138C (zh) 在安全网络和非安全网络之间连接分组电话呼叫的方法和装置
US7366894B1 (en) Method and apparatus for dynamically securing voice and other delay-sensitive network traffic
EP1876754B1 (en) Method system and server for implementing dhcp address security allocation
US9112909B2 (en) User and device authentication in broadband networks
KR101454502B1 (ko) 종단 대 종단 미디어 경로를 식별하는 방법 및 시스템
CN102036227B (zh) 一种数据业务的用户标识获取方法、系统及装置
US8346943B2 (en) Method and apparatus for controlling a multimedia gateway comprising an IMSI
US9756011B2 (en) System and method for logging communications
WO2007045157A1 (fr) Procede de prestation de service et systeme de celui-ci
WO2009129707A1 (zh) 局域网之间发送、接收信息的方法和装置以及通信的系统
US8769623B2 (en) Grouping multiple network addresses of a subscriber into a single communication session
WO2010054561A1 (zh) 一种媒体流代理方法、语音交换机及通信系统
JP5261432B2 (ja) 通信システム、パケット転送方法、ネットワーク交換装置、アクセス制御装置、及びプログラム
WO2012075768A1 (zh) 身份位置分离网络的监听方法和系统
WO2008003214A1 (fr) Procédé, dispositif et système de passage de flux multimédia à travers la traduction d'adresse de réseau
WO2012075770A1 (zh) 身份位置分离网络的阻断方法和系统
WO2012075779A1 (zh) 一种保证移动节点服务质量的方法及系统
CA2502321C (en) A security management method for an integrated access device of network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

NENP Non-entry into the national phase

Ref country code: RU

WWW Wipo information: withdrawn in national office

Country of ref document: RU

122 Ep: pct application non-entry in european phase

Ref document number: 06722175

Country of ref document: EP

Kind code of ref document: A1

WWW Wipo information: withdrawn in national office

Ref document number: 6722175

Country of ref document: EP