As the user's requirement on the wireless access rate is increasingly higher, wireless local area network (WLAN) has emerged, which can provide high-speed wireless data access in a small area. The WLAN includes many different technologies, among which a widely applied technical standard is IEEE 802.11b that adopts a frequency band of 2.4 GHz and has the highest data transmission rate up to 11 Mbps. IEEE 802.11g and Bluetooth technology also adopt this frequency band, and the highest data transmission rate of IEEE 802.11g can be as high as 54 Mbps. Other new technologies such as IEEE 802.11a and ETSI BRAN Hiperlan2 all adopt a frequency band of 5 GHz, and the highest transmission rate thereof can also reach as high as 54 Mbps.
Although there are many different wireless access technologies, most WLAN are used to transmit Internet Protocol (IP) data packets. As for a wireless IP network, the specific WLAN access technology adopted is generally transparent to the upper IP layer. In a basic structure of the wireless IP network, a wireless access of a user terminal is realized through an access point (AP), and network control and connection equipments are connected to constitute an IP transmission network.
With the rising and development of the WLAN technology, an intercommunication between the WLAN and various wireless mobile communication networks such as a global system for mobile communications (GSM), code division multiple access (CDMA), wide-band code division multiple access (WCDMA), time division-synchronous code division multiple access (TD-SCDMA), and CDMA2000 system has become a focus for the current research. In the current universal mobile telecommunication system (UMTS), the user terminal may be connected to the Internet or Intranet through a WLAN access network (AN), or connected to a home network or a visited network of the user through the WLAN AN. Specifically speaking, in the local access, the WLAN user terminal is connected to the home network of the user through the WLAN AN; in a roaming state, the WLAN user terminal is connected to the visited network of the user through the WLAN AN. Some of the entities in the visited network are respectively interconnected with corresponding entities in the home network, for example, an authentication, authorization, and accounting (AAA) proxy in the visited network and an AAA Server in the home network; a WLAN access gateway (WAG) in the visited network and a packet data gateway (PDG) in the home network, and so on. Structural views of an intercommunication system are shown in FIGS. 1, 2, and 3. FIG. 1 is a schematic structural view of an intercommunication system in a non-roaming state. FIG. 2 is a schematic structural view of the intercommunication system in a roaming state. FIG. 3 is a schematic structural view of another intercommunication system in a roaming state.
The PDG plays an important role in the intercommunication system, which is a gateway for the data exchange between a WLAN user equipment (UE) and an external network, functions to control and manage the user data, and meanwhile generates accounting information. The communication between the WLAN UE and the PDG adopts an IPsec-based tunnel. The tunnel between the WLAN UE and the PDG is actually a two-layer logic relation. The information between the WLAN UE and the PDG for tunnel establishment and encryption is guaranteed by an Internet Key Exchange Security Association (IKE SA) established through an Internet Key Exchange version 2 (IKEv2) protocol. One or more IP security protocol-security associations (IPsec SAs) may be established in each IKE SA. Each IPsec SA is one tunnel. The relation between the IKE SA and the IPsec SA may be simply represented in FIG. 4.
In order to control the number of tunnels established for the user, two parameters are defined in the current specification: one is Max number of IPsec SA (I-WLAN tunnels) per IKE configured on the PDG by an operator, which limits the maximum number of tunnels established in each IKE SA; the other is per user count, which is adapted to count a total number of tunnels currently established for the user.
In the above solution, it is decided whether to allow the user to establish more tunnels or not by comparing the parameter of Max number of IPsec SA (I-WLAN tunnels) per IKE with the per user count. For example, if the per user count is larger than the parameter of Max number of IPsec SA (I-WLAN tunnels) per IKE, the user is not allowed to establish more tunnels; otherwise, the user is allowed to establish more tunnels. However, the problem lies in that the parameter of Max number of IPsec SA (I-WLAN tunnels) per IKE and the per user count are not parameters at the same level. For example, as shown in FIG. 5, the parameter of Max number of IPsec SA (I-WLAN tunnels) per IKE configured on the PDG is 3, which means that at most 3 tunnels can be established in each IKE SA. As shown in FIG. 5, two IKE SAs are established between the WLAN UE and the PDG, and two tunnels (IPsec SAs) are established in each IKE SA. At this time, the per user count is 4, which is larger than the Max number of IPsec SA (I-WLAN tunnels) per IKE. If the user requests to establish one more tunnel at this time, the user will be rejected, because 4>3. However, the request for establishing one more tunnel should not be prohibited, because the number of tunnels in each IKE SA is actually 2, which is less than 3. Therefore, setting only one per user count is far from enough.