Application influenced policy
First Claim
1. A method of filtering and gating data flow in a QoS connection between a remote host and user equipment in a packet data network using policy control mechanisms, the method comprising the steps of:
- initiating, by one of the remote host and the user equipment, an application, supported by an application server within the network, and a corresponding session between the remote host and the user equipment via the application server;
requesting, to a gateway support node of the network by the user equipment, establishment of a network bearer service between the user equipment and the remote host, said network bearer service being differentiated by allowing different degrees of QoS;
receiving, by a corresponding policy control function in a policy server, from the application server, filtering data derived from session data received by the application server from the user equipment and remote host during the session, said filtering data being processed by the policy control function to derive corresponding policy control filtering data;
interrogating, by the gateway support node, the corresponding policy control function in the policy server to determine whether the establishment of the network bearer service is permitted; and
if the establishment of the network bearer service is permitted, then establishing a gate at the gateway support node, said gate being initialized with the policy control filtering data received either as a result of the gateway support node'"'"'s interrogation of the policy control function or as a result of the policy control filtering data being pushed by the policy server to the gateway support node, wherein said gate is initialized to filter the data flow in the QoS connection.
4 Assignments
0 Petitions
Accused Products
Abstract
A method of filtering and gating data flow in a QoS connection between a remote host and user equipment in a packet data network using policy control mechanisms includes a remote host initiating an application in an application server and a corresponding session between the remote host and the user equipment (“UE”) via the application server. The UE requests, to a gateway support node (“GGSN”) of the network, establishment of a network bearer service between the UE and the remote host. A corresponding policy control function (“PCF”) in a policy server receives, from the application server, filtering data derived from session data received by the application server during the session. The GGSN interrogates the corresponding PCF in the policy server to initialize a gate using policy control filtering data at the GGSN. The gate then filters the data flow in the QoS connection according to the policy control filtering data.
-
Citations
41 Claims
-
1. A method of filtering and gating data flow in a QoS connection between a remote host and user equipment in a packet data network using policy control mechanisms, the method comprising the steps of:
-
initiating, by one of the remote host and the user equipment, an application, supported by an application server within the network, and a corresponding session between the remote host and the user equipment via the application server;
requesting, to a gateway support node of the network by the user equipment, establishment of a network bearer service between the user equipment and the remote host, said network bearer service being differentiated by allowing different degrees of QoS;
receiving, by a corresponding policy control function in a policy server, from the application server, filtering data derived from session data received by the application server from the user equipment and remote host during the session, said filtering data being processed by the policy control function to derive corresponding policy control filtering data;
interrogating, by the gateway support node, the corresponding policy control function in the policy server to determine whether the establishment of the network bearer service is permitted; and
if the establishment of the network bearer service is permitted, then establishing a gate at the gateway support node, said gate being initialized with the policy control filtering data received either as a result of the gateway support node'"'"'s interrogation of the policy control function or as a result of the policy control filtering data being pushed by the policy server to the gateway support node, wherein said gate is initialized to filter the data flow in the QoS connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
sending, by the application server, an event trigger(s) to the policy server to request a gate opening;
sending, by the policy server, a corresponding gate open command to the gateway support node to open the gate, said gate opening initiating the data flow in the QoS connection; and
filtering, by the gate, the data flow in the QoS connection according to the policy control filtering data.
-
-
3. The method of claim 2, comprising the additional steps of:
-
sending, by the application server, an event trigger(s) to the policy server to request a gate closing;
sending, by the policy server, a corresponding gate close command to the gateway support node to close the gate;
closing the gate to end the data flow in response to the gate close command;
terminating the session with the user equipment by the application server; and
terminating the network bearer service.
-
-
4. The method of claim 1, wherein the application server is an SIP proxy server.
-
5. The method of claim 4, wherein said SIP proxy server exchanges information with the policy server over an open interface.
-
6. The method of claim 1, wherein the application server is a Real-Time Streaming Protocol (“
- RTSP”
) server.
- RTSP”
-
7. The method of claim 6, wherein said RTSP server exchanges information with the policy server over an open interface.
-
8. The method of claim 1, wherein the application server supports any type of IP based application, said IP based application being controlled by end-to-end signaling.
-
9. The method of claim 8, wherein said IP based application server exchanges information with the policy server over an open interface.
-
10. The method of claim 1, wherein said gateway support node exchanges information with the policy server over an open interface.
-
11. The method of claim 1, wherein the filtering data includes traffic descriptors.
-
12. The method of claim 1, wherein the gate receives objects included in the policy control filtering data, said objects containing the specification of the gate parameters that are being set or returned in a response, said objects including Direction, Source IP address, Destination IP address, Source Port, Destination Port, Protocol, Action, DSCP Field, and Flowspec.
-
13. The method of claim 1, wherein the user equipment establishes a QoS enabled GPRS radio bearer service for the connection during the session establishment between the remote host and the user equipment, said QoS enabled GPRS radio bearer service being used for the QoS enabled transport of IP packets between the user equipment and the gateway support node as one segment of an end-to-end transport between the user equipment and the remote host.
-
14. The method of claim 13, wherein the QoS enabled GPRS radio service bearer is translated to a detailed description of an IP service that is being provided for use in the gateway support node.
-
15. The method of claim 14, wherein the gateway support node determines the usage of the QoS enabled radio bearer service based on usage information received from the user equipment and the gateway support node rejects a request for the radio bearer service when the usage does not comply with policy decisions established in the gateway support node.
-
16. The method of claim 1, wherein the policy control function applies rules that restrict the use of specific access bearers depending on the filtering data.
-
17. The method of claim 1, wherein the gate, as part of a policy enforcement within the gateway support node, filters the data flow by one of discarding data or ending the network bearer service when unauthorized data is detected.
-
18. The method of claim 1, wherein a COPS protocol is used to transfer policy decisions from the policy control function to the gateway support node, the policy control function acting as a COPS policy decision point and the gateway support node acting as a COPS policy enforcement point, said policy enforcement point controlling access to QoS for a given set of IP packets that match a packet classifier.
-
19. The method of claim 18, wherein the policy decisions are either pushed to the gateway support node by the policy control function, or the gateway support node requests policy information from the policy control function upon receipt of an IP bearer resource request.
-
20. The method of claim 18, wherein the policy control function and gateway support node exchange at least the following types of COPS information and procedures:
- Client-Open/Client-Accept/Client-Close, Request, Decision, Report State, Delete Request State, Keep Alive, Synchronize State Request/Synchronize State Complete.
-
21. The method of claim 18, wherein the policy control function and gateway support node exchange at least the following policy related radio network specific elements:
- authorization token, command/response, one or more gate specs, event generation information, endpoint identifiers, max gates.
-
22. The method of claim 21, wherein the commands include at least commands to:
- allocate an authorization token, authorize QoS resources for one or more media flows, commit QoS resources, revoke authorization of QoS resources, get parameters/information associated with an authorization token, and the responses include an acknowledgment and/or an error response to each of these commands.
-
23. The method of claim 21, wherein the event generation information includes information related to usage recording used for IP QoS bearers, the information including a billing identifier to correlate event records from the gateway support node with event records from a proxy Call State Control Function, so that all records relating to the same session can be associated.
-
24. The method of claim 21, wherein the endpoint identifier and the max gates fields are used to prevent a user equipment initiated denial of service attack attempting to set up an excessive number of simultaneous sessions that result in the allocation of multiple gates, the endpoint identifier containing an identity of the endpoint associated with an authorization token, while the max gates field contains the maximum number of gates that can be allocated to this particular endpoint.
-
25. The method of claim 21, wherein one gateway support node request for policy information from the policy control function (a pull request), upon receipt of an IP bearer resource request, may be followed by few policy control function decisions and where an asynchronous notification will allow the policy control function to notify the policy enforcement point in the gateway support node whenever necessary to change earlier decisions or generate errors, and where pull requests may be used at network bearer setup and at network bearer modification and in subsequent phases the policy decisions are pushed to the gateway support node by the policy control function.
-
26. The method of claim 21, wherein the authorization token uniquely identifies policy information corresponding to one or more gates at the gateway support node and is used to correlate resource reservation requests from the user equipment with authorization commands from the policy control function, the authorization token being included the network bearer request message, in the messages used over a policy control interface between the policy control function and the gateway support node used when the decision is forwarded from the policy control function to the gateway support node, and in SIP signaling messages between the application server, being an SIP proxy server, and the user equipment, the authorization token containing a unique identifier for one or more gates initiated in the gateway support node and being a binding of the radio bearer under establishment to the decision made by the policy control function, said decisions being forwarded to the gateway support node from the policy control function in a message.
-
27. The method of claim 26, wherein the network bearer request is a QoS enabled GPRS radio bearer service carrying the authorization token in GPRS activation/modification request messages.
-
28. The method of claim 26, wherein the authorization token supports multiple policy control functions that may be providing policy control of a gateway support node.
-
29. The method of claim 1, wherein the gate is described by at least a Packet classifier, Authorized envelope, Action, Resource identifier, and Reserved envelope.
-
30. The method of claim 29, wherein the packet classifier associated with each gate is described by at least a Direction, Source IP address, Destination IP address, Source port, Destination port, and Protocol.
-
31. The method of claim 1, wherein the packet data network is a UMTS network.
-
32. The method of claim 1, wherein the session is an SIP session.
-
33. The method of claim 1, wherein the connection is an end-to-end IP QoS connection.
-
34. A method of filtering and gating packet data flow in a packet data network using policy control mechanisms, the method comprising the steps of:
-
initiating an application, supported by an application server within the network, and a corresponding session between a remote host and user equipment via the application server;
requesting, to a gateway support node of the network by the user equipment, establishment of a network bearer service between the user equipment and the remote host;
receiving, by a corresponding policy control function in a policy server, from the application server, filtering data derived from session data received by the application server from the user equipment and remote host during the session, said filtering data being processed by the policy control function to derive corresponding policy control filtering data; and
establishing the network bearer service and initializing a gate at the gateway support node according to the policy control filtering, wherein said gate is initialized to filter the packet data flow in the network. - View Dependent Claims (35, 36, 37)
sending, by the application server, an event trigger(s) to the policy server to request a gate opening;
sending, by the policy server, a corresponding gate open command to the gateway support node to open the gate, said gate opening initiating the data flow in the QoS connection; and
filtering, by the gate, the data flow in the QoS connection according to the policy control filtering data.
-
-
36. The method of claim 35, comprising the additional steps of:
-
sending, by the application server, an event trigger(s) to the policy server to request a gate closing;
sending, by the policy server, a corresponding gate close command to the gateway support node to close the gate;
closing the gate to end the data flow in response to the gate close command;
terminating the session with the user equipment by the application server; and
terminating the network bearer service.
-
-
37. The method of claim 34, wherein the application server is a SIP proxy server.
-
38. A method of filtering and gating data flow in a end-to-end IP QoS connection between a remote host and user equipment in a UMTS network using policy control mechanisms, the method comprising the steps of:
-
initiating, by one of the remote host and the user equipment, an application, supported by a proxy server, and a corresponding session between the remote host and the user equipment via the proxy server;
requesting, to a gateway support node of the network by the user equipment, establishment of a network bearer service between the user equipment and the remote host, said network bearer service being differentiated by allowing different degrees of QoS;
receiving, by a corresponding policy control function in a policy server, from the proxy server running the application, filtering data derived from session data received by the proxy server from the user equipment and remote host during the session, said filtering data being processed by the policy control function to derive corresponding policy control filtering data;
interrogating, by the gateway support node, the corresponding policy control function in the policy server to determine whether the establishment of the network bearer service is permitted; and
if the establishment of the network bearer service is permitted, then establishing a gate at the gateway support node, said gate being initialized with the policy control filtering data received either as a result of the gateway support node'"'"'s interrogation of the policy control function or as a result of the policy control filtering data being pushed by the policy server to the gateway support node, wherein said gate is initialized to filter the data flow in the end-to-end IP QoS connection. - View Dependent Claims (39, 40, 41)
sending, by the proxy server, an event trigger(s) to the policy server to request a gate opening;
sending, by the policy server, a corresponding gate open command to the gateway support node to open the gate, said gate opening initiating the data flow in the QoS connection; and
filtering, by the gate, the data flow in the QoS connection according to the policy control filtering data.
-
-
40. The method of claim 39, comprising the additional steps of:
-
sending, by the proxy server, an event trigger(s) to the policy server to request a gate closing;
sending, by the policy server, a corresponding gate close command to the gateway support node to close the gate;
closing the gate to end the data flow in response to the gate close command;
terminating the session with the user equipment by the application server; and
terminating the network bearer service.
-
-
41. The method of claim 38, wherein the proxy server is an SIP proxy server.
Specification