CN110784391B - Method, device, storage medium and terminal for communication between small base station and gateway - Google Patents

Method, device, storage medium and terminal for communication between small base station and gateway Download PDF

Info

Publication number
CN110784391B
CN110784391B CN201911061663.3A CN201911061663A CN110784391B CN 110784391 B CN110784391 B CN 110784391B CN 201911061663 A CN201911061663 A CN 201911061663A CN 110784391 B CN110784391 B CN 110784391B
Authority
CN
China
Prior art keywords
gateway
ipsec
base station
operator
small base
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911061663.3A
Other languages
Chinese (zh)
Other versions
CN110784391A (en
Inventor
袁林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Eversec Beijing Technology Co Ltd
Original Assignee
Eversec Beijing Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Eversec Beijing Technology Co Ltd filed Critical Eversec Beijing Technology Co Ltd
Priority to CN201911061663.3A priority Critical patent/CN110784391B/en
Publication of CN110784391A publication Critical patent/CN110784391A/en
Application granted granted Critical
Publication of CN110784391B publication Critical patent/CN110784391B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/12Setup of transport tunnels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/08Access point devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/16Gateway arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a method, a device, a storage medium and a terminal for communication between a small base station and a gateway. The method comprises the steps that an IPSEC server or an IPSEC client is judged to operate according to the fact that a communication object is a security gateway of a small base station or an operator; by operating the IPSEC server or the IPSEC client to butt joint the security gateway of the small base station or the operator, the security gateway of the operator is butted in the northbound direction, and a plurality of different operators can be butted at the same time; the southbound direction can be simultaneously butted with a plurality of different small base stations, and mobile phone signaling and data packets of different operators can be routed to the correct real gateway of the operator through the scheme of the embodiment of the invention, so that the real core network of the operator is achieved, and the effect of saving the resources of the real gateway of the operator is achieved.

Description

Method, device, storage medium and terminal for communication between small base station and gateway
Technical Field
The embodiment of the invention relates to the technical field of communication, in particular to a method, a device, a storage medium and a terminal for communication between a small base station and a gateway.
Background
At present, data service flow is increased explosively, spectrum limitation is difficult to break through by a single macro cellular architecture, the requirement of service capacity is difficult to meet efficiently, and the target of user experience is difficult to achieve. And the small base station becomes an important means for meeting the requirements of user data services due to the characteristics of small volume, easy deployment and the like.
In the related technical solution, if the connection between the small base station and the security gateway of the operator is to be implemented, the operator is required to provide a set of IPSEC docking parameters, and only one small base station can be connected to the security gateway of the operator based on the IPSEC docking parameters. If a plurality of small base station devices are required to be docked to the security gateway of the operator, the operator is required to provide a plurality of sets of IPSEC docking parameters, so that each small base station device uses one set, however, the resource waste of the real gateway of the operator is caused by the mode.
Disclosure of Invention
The invention provides a method, a device, a storage medium and a terminal for communication between a small base station and a gateway, which can save the resources of the real gateway of an operator.
In a first aspect, an embodiment of the present invention provides a method for a small cell to communicate with a gateway, where the method includes:
judging to operate an IPSEC server or an IPSEC client according to the fact that a communication object is a security gateway of a small base station or an operator;
and the security gateway of the small base station or the operator is connected by operating an IPSEC server or an IPSEC client.
In a second aspect, an embodiment of the present invention further provides an apparatus for a small cell to communicate with a gateway, where the apparatus includes:
the IPSEC judging module is used for judging to operate an IPSEC server or an IPSEC client according to the fact that a communication object is a security gateway of a small base station or an operator;
and the IPSEC operation module is used for butting the security gateway of the small base station or the operator by operating an IPSEC server or an IPSEC client.
In a third aspect, an embodiment of the present invention further provides a server, where the server includes: a memory, and one or more processors;
the memory arranged to store one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors implement the method for communication between the small cell base station and the gateway according to the embodiment of the present invention.
In a fourth aspect, an embodiment of the present invention further provides a computer storage medium, where the computer storage medium stores a computer program, and the computer program, when executed by a processor, implements the method for communicating between a small cell and a gateway according to the embodiment of the present invention.
The embodiment of the invention provides a scheme for communication between a small base station and a gateway, which is characterized in that an IPSEC server or an IPSEC client is judged to be operated according to the fact that a communication object is a security gateway of the small base station or an operator, the security gateway of the small base station or the operator is butted by operating the IPSEC server or the IPSEC client, the security gateway of the operator is butted in the north direction, and a plurality of different operators can be butted at the same time; the southbound direction can be simultaneously butted with a plurality of different small base stations, and mobile phone signaling and data packets of different operators can be routed to the correct real gateway of the operator through the scheme of the embodiment of the invention, so that the real core network of the operator is achieved, and the effect of saving the resources of the real gateway of the operator is achieved.
Drawings
Fig. 1 is a schematic application scenario diagram of a device for communication between a small cell and a gateway according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for a small cell to communicate with a gateway according to an embodiment of the present invention;
fig. 3 is a block diagram of IPSEC design in a method for communicating a small base station with a gateway according to an embodiment of the present invention;
fig. 4 is a flowchart of another method for communicating between a small cell and a gateway according to an embodiment of the present invention;
fig. 5 is a flowchart of an ID mapping method in an S1AP message in a method for a small cell base station to communicate with a gateway according to an embodiment of the present invention;
fig. 6 is a block diagram of an apparatus for communicating between a small cell and a gateway according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
For convenience of understanding, terms appearing in the embodiments of the present invention are explained as follows.
The south direction refers to a south direction interface of a device communicating with the small cell site and the gateway in the embodiment of the present invention, that is, an interface provided downwards, which provides a management function for other factory network elements. In the embodiment of the invention, the small base station equipment is butted with the south-bound interface.
The north direction refers to a north interface of a device communicating with the small base station and the gateway in the embodiment of the present invention, that is, an interface provided upward, and an interface provided for other manufacturers or operators to access and manage. In the embodiment of the invention, the device is in butt joint with the security gateway of an operator through a northbound interface.
IPSEC is short for IP Security and its purpose is to provide high Security features for IP. IPSec VPN is an application of IPSec. The IPSec VPN includes three application scenarios: Site-to-Site or gateway-to-gateway, End-to-End (End-to-End or PC-to PC: communication between two PCs is protected by IPSec session between two PCs), and End-to-Site (End-to-Site or PC-to-gateway): communications between two PCs are protected by IPSec between the gateway and the foreign PC. In the communication device of the small base station and the gateway, IPSEC exists in the south direction and the north direction, and in the north direction, the communication device is connected with an IPSEC server of a security gateway of a real operator in the form of an IPSEC client; in the south direction, the device is in the form of an IPSEC server for operating IPSEC clients on other real small base stations to interface with the device.
The open source based Strongswan software realizes that one IPSEC server and a plurality of IPSEC clients run on the same server at the same time.
Fig. 1 is a schematic application scenario diagram of a device for communication between a small cell and a gateway according to an embodiment of the present invention. As shown in fig. 1, the device 102 for small base station to gateway communication interfaces with a security gateway 101 of a real LTE operator and 2 real LTE small base stations (105, 106), respectively. The device 102 for communicating with the gateway by using the small base station realizes the functions of simulating the LTE small base station and simulating the LTE gateway. The simulated LTE small base station 103 is docked with the security gateway 101 of the real LTE operator, and from the perspective of the security gateway of the operator, the simulated LTE small base station 103 (which is considered as a real small base station by the operator) is docked therewith. The simulated LTE gateway interfaces all real LTE small base stations (105, 106), and it is realized that from each real small base station, it interfaces with the simulated LTE gateway 104 (which is a real gateway). The method has the advantages that deception is carried out in the south direction and the north direction in a manner similar to a man-in-the-middle manner, and the effect that a plurality of small base station devices can be deployed under the condition that only one set of docking parameters is obtained from an operator is finally achieved.
It should be noted that fig. 1 is only a schematic diagram and is not limited, and the apparatus for communicating between the small cell and the gateway according to the embodiment of the present invention may interface with security gateways of different operators, and may also interface with 2 LTE small cell. The number of the small butt-joint base stations is determined according to the performance index of the device. The security gateway of the real LTE operator is deployed in a machine room in a core area of the operator, the north direction is directly connected with a core network of the operator (plain text), and the south direction is used for docking a plurality of small base stations (the number depends on performance indexes of the gateway). When each small base station is docked, a set of docking parameters needs to be taken from an operator. If a manufacturer or company wants to interface its own small base station equipment to the operator's gateway, perform a laboratory bureau or some special industry applications, and only take one set of interfacing parameters (considering the overall layout of the operator), only one small base station can be deployed.
It should be noted that, for convenience and intuition in description of functions, the analog LTE small base station 103 and the analog LTE gateway 104 are separated in fig. 1, but in a software level, the analog LTE small base station 103 and the analog LTE gateway 104 cannot exist in a decoupled manner, are not independent functional modules, and have no internal interface therebetween. In terms of software implementation, code composition and function steps are mixed, and from the viewpoint of a specific data structure and the operation of a certain function, whether an analog LTE small base station or an analog LTE gateway is in operation cannot be obviously distinguished. The design has the advantages of rapid processing and time delay reduction, and avoids the problem of time delay caused by serious influence on the processing speed of data due to communication between modules or processes through an internal interface or a standard network interface after the modules or processes are designed into independent modules or independent processes.
In the embodiment of the invention, the analog LTE gateway comprises a security gateway, a signaling gateway (signaling plane convergence function) and a data gateway (data plane convergence function). The simulated LTE small base station comprises standard functions of a backhaul link such as S1\ X2 and the like.
The scheme of communication between the small base station and the gateway in the embodiment of the invention can be used in the following scenes: assuming that the real security gateway of the operator only opens one LTE small base station access point (i.e. provides one set of docking parameters), theoretically only one small base station is allowed to access. After the scheme is used, a plurality of small base stations can be connected to a device for communicating the small base stations with the gateway in the south direction at the same time, the purpose that the small base stations are disguised in the north direction to be connected with an operator in an abutting mode is achieved, and the small base stations are disguised in the south direction to be connected with the gateway in an abutting mode, so that other real small base stations are allowed to be connected in the abutting mode. It should be noted that the above scenarios are only examples and are not limiting. The communication scheme between the small cell and the gateway in the embodiment of the present invention may also be used in a small cell experimental office or joint debugging test, or special application in a special scenario, and the embodiment of the present invention is not particularly limited.
Optionally, by the scheme of the embodiment of the present invention, the security gateways of a plurality of different operators can be simultaneously docked in the north direction, and the small base stations of a plurality of different operators can be docked in the south direction, so as to achieve the effect of network sharing.
Fig. 2 is a flowchart of a method for a small cell site to communicate with a gateway, which may be performed by a device for a small cell site to communicate with a gateway, where the device may be implemented by hardware and/or software and is generally integrated in a server. The method comprises the following steps:
step 210, according to the fact that the communication object is a security gateway of a small base station or an operator, judging to operate an IPSEC server or an IPSEC client.
The communication object comprises a small base station and a security gateway of an operator.
Illustratively, in the case where the communication object is at least one small cell, the IPSEC server is operated for interfacing with the IPSEC client operated on the small cell.
In case the communication object is a security gateway of the operator, an IPSEC client is run for interfacing with an IPSEC server of the security gateway of the operator.
Fig. 3 is a block diagram of IPSEC design in a method for communicating between a small cell and a gateway according to an embodiment of the present invention. As shown in fig. 3, the security gateways of three operators, china mobile, china unicom and china telecom, are: a china mobile security gateway 301, a china unicom security gateway 302 and a china telecom security gateway 303. The real small base stations of three operators of China Mobile, China Unicom and China telecom comprise a China Mobile small base station 309, a China Unicom small base station 310 and a China telecom small base station 311. If the scheme of the embodiment of the invention is not used, the small base station of each operator can only be connected to the safety gateway of the operator, and network sharing cannot be realized.
In the embodiment of the invention, one IPSEC server and a plurality of IPSEC clients coexist on the same device, parameters of the IPSEC server and the IPSEC clients can be configured in a database running in the device, and the database interacts with the configuration file of the Strongswan at the background, so that the problem that a user directly modifies the original configuration text file of the Strongswan is avoided, and the method has stronger visibility and operability. As shown in fig. 3, one IPSEC server and 3 IPSEC clients, namely, a first IPSEC client 305, a second IPSEC client 306, a third IPSEC client 307, and an IPSEC server 308 coexist on the same femtocell and gateway communication apparatus 304.
Step 220, the security gateway of the small cell or the operator is connected by operating the IPSEC server or the IPSEC client.
Illustratively, with the IPSEC design block diagram shown in fig. 3, each IPSEC client according to the embodiment of the present invention interfaces with security gateways of different real operators, from which a set of interfacing parameters is obtained, and each operator looks like a regular small base station device. Macroscopically, the embodiment of the invention simulates that the IPSEC clients of three small base stations respectively establish independent IPSECs 312 with the security gateways of three operators. Meanwhile, an IPSEC server 308 is internally operated for docking small base station devices of different operators. The docking parameters are pre-stored in a database. In a macroscopic view, the embodiment of the present invention simulates a security gateway (IPSEC server 308), with which real small base stations of multiple operators (such as china mobile small base station 309, china unicom small base station 310, and china telecom small base station 311) can establish IPSEC 213.
In the north direction, the embodiment of the invention is connected with the IPSEC server of the security gateway of the real operator in the form of an IPSEC client; in a southward direction, the embodiment of the invention exists in the form of an IPSEC server, and is used for operating the IPSEC client on other real small base stations to be connected with the IPSEC server, so that the problem that the traditional IPSEC can only be a server or a client alternatively, if two or more real or virtual network cards exist, only one end of the network card is responsible for transmitting IPSEC messages, and the other end of the network card is used for plaintext transmission (for example, a security gateway of an operator, a core network connected with the operator is plaintext, and the small base station connected with the network card is IPSEC) is solved.
According to the technical scheme of the embodiment, the IPSEC server or the IPSEC client is judged to operate according to the fact that the communication object is the security gateway of the small base station or the operator, the security gateway of the small base station or the operator is connected in a butt joint mode by operating the IPSEC server or the IPSEC client, the security gateway of the operator is connected in a northbound mode, and a plurality of different operators can be connected in a butt joint mode; the southbound direction can be simultaneously butted with a plurality of different small base stations, and mobile phone signaling and data packets of different operators can be routed to the correct real gateway of the operator through the scheme of the embodiment of the invention, so that the real core network of the operator is achieved, and the effect of saving the resources of the real gateway of the operator is achieved.
On the basis of the above technical solution, after the IPSEC server or the IPSEC client is operated to interface the security gateway of the small cell or the operator, the method further includes: acquiring a signaling plane message, and analyzing the signaling plane message to obtain a target parameter; inquiring a preset target parameter mapping table, and determining a replacement parameter corresponding to the target parameter; and replacing the target parameter by the replacement parameter, encapsulating the replaced signaling plane message and forwarding the signaling plane message to the small base station or a security gateway of an operator.
Fig. 4 is a flowchart of another method for communicating between a small cell and a gateway according to an embodiment of the present invention, and as shown in fig. 4, the method includes:
and step 410, acquiring a signaling plane message, and analyzing the signaling plane message to obtain a target parameter.
The signaling plane message comprises an uplink message and a downlink message. In the embodiment of the invention, the uplink message is a message sent by a terminal (such as a mobile phone) to a security gateway of an operator through a real small base station by a device for communication between the small base station and the gateway in the embodiment of the invention; the downlink message is a message sent by a security gateway of an operator to a terminal through a device for communication between the small base station and the gateway in the embodiment of the invention. For example, the signaling plane message may be an S1AP message.
In the embodiment of the invention, the target parameters comprise eNB UE S1AP ID, or the target parameters comprise eNB UE S1AP ID and MME UE S1AP ID. According to the 36.413 standard of 3GPP, eNB UE S1AP ID is allocated to the base station side, and all UEs under the control of the base station cannot be duplicated; the MME UE S1AP ID is allocated for the MME (which is allocated here by the operator' S security gateway), and all UEs under its jurisdiction cannot be duplicated.
It should be noted that, when the S1AP MESSAGE is an initialize UE MESSAGE, the target parameter is only eNB UE S1AP ID. Typically, the first two parameters of each S1AP message are eNB UE S1A PID and MME UE S1AP ID, which may be targeted parameters. In the embodiment of the invention, all parameters in the whole S1AP message do not need to be decoded, and after processing, the parameters are re-encoded and forwarded, and only the first two parameters (namely eNB UE S1AP ID and MME UE S1AP ID) of the S1AP message need to be decoded from the S1AP message. Because, except the first two ID-related parameters, the rest of the parameters in the S1AP message are directly transparent to the devices in the embodiment of the present invention, which communicate with the gateway through the small base station. It should be noted that, when the INITIAL UE MESSAGE is decoded, the obtained target parameter is eNB UE S1AP ID.
Illustratively, a signaling plane message is received, and a first value of a length type byte in the signaling plane message is acquired, where the first value has an association relationship with a value range of a target parameter. And determining the value range of the target parameter according to the first value, and reading the target parameter in the decoded signaling plane message based on the value range. For example, for the eNB UE S1AP ID, the first byte is the length type range of the ID, and is divided into 3 values: 2. 3 and 4, the value 2 represents that the actual value of the S1AP ID of the MME UE which is followed immediately is from 0 to 0 xFF; the value 3 represents that the actual value of the immediately following MME UE S1AP ID is from 0xFF to 0 xFFFF; a value of 4 represents that the actual value of the immediately following MME UE S1AP ID is from 0xFFFF to 0 xFFFFFF. For the MME UE S1AP ID, the first byte is the length type range of the ID, and is divided into 4 values: 2. 3, 4, 5, the value 2 represents that the actual value of the S1AP ID of the immediately following MME UE is from 0 to 0 xFF; the value 3 represents that the actual value of the immediately following MME UE S1AP ID is from 0xFF to 0 xFFFF; the value 4 represents that the actual value of the immediately following MME UE S1AP ID is from 0xFFFF to 0 xFFFFFF; a value of 5 represents that the actual value of the immediately following MME UE S1AP ID is from 0xFFFFFFFF to 0 xFFFFFFFF.
That is, for the eNB UE S1AP ID, if the first value is 3, it may be determined that the value range of the target parameter is 0xFF to 0xFFFF, and for the MME UE S1AP ID, if the first value is 2, it may be determined that the value range of the target parameter is 0xFF to 0xFF, so that the coding lengths of the first two parameters in the S1AP message in the code stream corresponding to the S1AP message may be determined, and further, the first two parameters in the S1AP message may be quickly read.
Step 420, querying a preset target parameter mapping table, and determining a replacement parameter corresponding to the target parameter.
The preset target parameter mapping table is a hash table using identification data redistributed for the terminal as key values.
It should be noted that, if a terminal (UE for short) communicates with a gateway for the first time through a small base station, a preset target parameter mapping table is updated based on the target parameter and the identification data reallocated to the terminal. For example, when the small cell transmits an S1AP MESSAGE INIT UE MESSAGE related to the first uplink UE in the registration procedure, it represents a certain terminal to initiate registration. The device for communication between the small base station and the gateway in the embodiment of the invention redistributes an ID in a jurisdiction range for the terminal, takes the redistributed ID as a key value, and stores the key value and the eNB UE S1AP ID in the INIT UE MESSAGE of the terminal into a preset target parameter mapping table in a key value pair mode. The operator gateway sends a DOWNLINK NAS TRANSPORT message S1AP related to the first DOWNLINK UE, wherein the MME UE S1AP ID allocated by the operator gateway stores the MME UE S1AP ID into a hash table node with the reallocated ID as a key value. The device for communication between the small base station and the gateway in the embodiment of the invention reallocates a new ID to replace the MME UE S1AP ID, and then stores the newly allocated UD into the hash table node with the reallocated ID as a key value.
Illustratively, when the UE communicates with the gateway through the small cell for the first time, the replacement parameter is allocated by the apparatus for communicating with the gateway through the small cell in the embodiment of the present invention (and the above-mentioned identification data for terminal reallocation). For example, in an S1AP MESSAGE INIT UE MESSAGE related to a first uplink UE sent by the small cell, the value of eNB UE S1AP ID is 0, and 0 is a target parameter. The device for communication between the small base station and the gateway in the embodiment of the present invention reallocates an eNB UE S1AP ID for the UE, where the value is 10, that is, 10 is a replacement parameter. And adding the corresponding relation of 10 and 0 to the hash table by taking 10 as a key value. In the gateway of the operator sending the S1AP message DOWNLINK NAS TRANSPORT related to the first DOWNLINK UE, the value of the MME UE S1AP ID is 100, and 100 is the target parameter. The device for communication between the small base station and the gateway in the embodiment of the invention reallocates an MME UE S1AP ID for the UE, and the value is 10, namely 10 is a replacement parameter. With 10 as the key, the correspondence of 10 and 100 is added to the hash table.
When the UE communicates with the gateway through the small base station for the first time, the replacement parameter is determined by inquiring a preset target parameter mapping table (namely, a hash table). For example, the second UPLINK S1AP message UPLINK NAS TRANSPORT sent by the small cell carries the eNB UE S1AP ID and the MME UE S1AP ID, and the value of the eNB UE S1AP ID is 0 and the value of the MME UE S1AP ID is 10. And taking the value of the MME UE S1AP ID (distributed by the server of the invention) as a key to query the hash table and determine the corresponding hash table node. And taking the value of the eNB UE S1AP ID stored in the hash table as 10 and the value of the MME UE S1AP ID as 100 as the replacement parameter.
And 430, replacing the target parameter with the replacement parameter, encapsulating the replaced signaling plane message and forwarding the signaling plane message to the small base station or a security gateway of an operator.
Exemplarily, a second value of the length type byte in the replaced signaling plane message is determined according to the value range of the replacement parameter, wherein the second value has an association relationship with the value range of the replacement parameter; and replacing the first value by the second value, and replacing the target parameter by the replacement parameter. For example, the newly replaced value is 0x11111, and in the range of 0xFFFF to 0xFFFFFF, the length type byte needs to be padded to 4, and then the actual value 0x11111 is refilled.
For example, for the uplink message, assuming that the value of the eNB UE S1AP ID in the target parameter is 0, the value of the MME UE S1AP ID is 10, and the value of the MME UE S1AP ID is key to query the hash table, so as to obtain a replacement parameter, that is, the value of the eNB UE S1AP ID is 10, and the value of the MME UE S1AP ID is 10. If hexadecimal representation is adopted, the value of the eNB UE S1AP ID in the replacement parameter is 0xA, which belongs to the value range of 0 to 0xFF, and further, it can be known that the length type byte is 2, the length type byte in the acquired S1AP message is updated by using the newly determined length type byte, and 10 is adopted to replace the eNB UE S1AP ID (i.e., 0) in the target parameter. If hexadecimal representation is adopted, the value of the MME UE S1AP ID in the replacement parameter is 0x64, and the value belongs to the value range of 0 to 0xFF, so that the length type byte is known to be 2, the newly determined length type byte is adopted to update the length type byte in the acquired S1AP message, 100 is adopted to replace the MME UE S1AP ID (namely 10) in the target parameter, and the replaced S1AP message is packaged and forwarded to the security gateway of the operator.
For downlink messages, assuming that the value of the eNB UE S1AP ID in the target parameter is 10, the value of the MME UE S1AP ID is 100, and the value of the eNB UE S1AP ID is key to query the hash table, so as to obtain a replacement parameter, that is, the value of the eNB UE S1AP ID is 0, and the value of the MME UE S1AP ID is 10. If hexadecimal representation is adopted, the value of the eNB UE S1AP ID in the replacement parameter is 0, which belongs to the value range of 0 to 0xFF, and further, it can be known that the length type byte is 2, the length type byte in the acquired S1AP message is updated by the newly determined length type byte, and 0 is adopted to replace the eNB UE S1AP ID in the target parameter (i.e., 10). If hexadecimal representation is adopted, the value of the S1AP ID of the MME UE in the replacement parameter is 0xA, and the value belongs to the value range of 0 to 0xFF, so that the length type byte is known to be 2, the newly determined length type byte is adopted to update the length type byte in the acquired S1AP message, 10 is adopted to replace the S1 UE 1AP ID (namely 100) of the MME UE in the target parameter, and the replaced S1AP message is packaged and forwarded to the small base station.
In the technical scheme of the embodiment, the target parameters are obtained by analyzing the signaling plane message; inquiring a preset target parameter mapping table, and determining a replacement parameter corresponding to the target parameter; and replacing the target parameter by using the replacement parameter, packaging the replaced signaling plane message and forwarding the signaling plane message to the small base station or the security gateway of the operator to realize an optimized signaling plane mapping and forwarding mode, so that the transmission of the S1AP message between the real small base station and the gateway of the operator is quicker, and the time delay is reduced.
Fig. 5 is a flowchart of an ID mapping method in an S1AP message in a method for a small cell base station to communicate with a gateway according to an embodiment of the present invention. Fig. 5 shows two small base station devices (i.e., eNB1 and eNB2) and an operator's security gateway. For the sake of simplifying the essence of the method, only two small base stations are used as examples in the flow chart, and in fact, the present invention can be used in the scenario of multiple small base stations. The case of a security gateway of only one operator is shown in fig. 5, and in fact, the present invention can also be used in the scenario of security gateways of multiple operators. Fig. 5 also shows the communication device of the small base station and the gateway of the invention, and the communication device of the small base station and the gateway of the invention can be integrated in a server and can be represented by the server of the invention. For simplicity of description, it is illustrated how the eNB UE S1AP ID (abbreviated eNB UE ID in the figure) and MME UE S1AP ID (abbreviated eNB UE ID in the figure) are managed and mapped in the standard S1AP message of UE related point.
In step S501, the eNB1 sends an S1AP MESSAGE INIT UE MESSAGE related to the first UE in the registration procedure to the server of the present invention, and initiates registration on behalf of a certain UE, where the eNB UE ID is 0.
In step S502, after the server receives the INIT UE MESSAGE, the INIT UE MESSAGE includes the eNB UE ID, and a unique ID value in the jurisdiction range is newly allocated to the eNB UE ID. For example, eNB UE ID: 10, and establishing a hash table by taking the value as key. When the INIT UE MESSAGE is decoded, the method only needs to solve the ID of the eNB UE: 0, and storing the solved 0 under a hash table with 10 as key. And replacing the value of the eNB UE ID from 0 to 10, and encapsulating the replaced S1AP message and then sending the message to a security gateway of an operator. In this case, the present invention server has one hash table node, a key of 10 (assigned by the present invention server), and the eNB UE ID whose storage content is the eNB1 side is 0.
In step S503 and step S504, the process is performed similarly to steps S501 and S502. Another UE initiates registration, and eNB1 assigns eNB UE ID 1 to the UE (since it is assigned to the same base station, it is not repeated with 0 in step S501). After receiving the information of the INIT UE, the server redistributes a new ID value. For example, eNB UE ID: 11, adding a hash table node with key 11 and eNB UE ID 1 in the content to the hash table, replacing the value 1 of the eNB UE ID in the received S1AP message with 11, and encapsulating and sending the value to the security gateway of the operator.
In steps S505 and S506, the procedure is performed as in steps S501 and S502, and is similar to steps S503 and S504 except that the UE registration procedure is triggered from another small cell eNB 2. eNB2 allocates eNB UE ID to the UE as 0, and the server of the present invention reallocates a new ID value after receiving INIT UE MESSAGE. For example, eNB UE ID: 12, adding a hash table node with key of 12 and eNB UE ID of 0 in the content to the hash table, replacing the value 0 of the eNB UE ID in the received S1AP message with 12, and sending the value to the security gateway of the operator after encapsulation.
So far, all examples of the first S1AP MESSAGE (uplink INIT UE MESSAGE) of the registration procedure of three UEs initiated from two small cells are introduced. In the hash table of the server of the present invention, there are three hash table nodes, and the contents of each hash table node hold two values, one is an ID (10, 11, 12) assigned by the server of the present invention, and as a key, the other is an ID (0, 1, 0) assigned by the base station side.
In step S507, the security gateway of the operator sends a S1AP message DOWNLINK NAS TRANSPORT related to the first DOWNLINK UE, where the MME UE ID allocated by the operator gateway is 100, and according to the standard, the DOWNLINK NAS TRANSPORT also has an eNB UE ID with a value of 10 sent to the security gateway of the operator in step S502. I.e. the operator's security gateway sends the MME UE ID: 100 and eNB UE ID: 10 to the server of the invention. The server receives DOWNLINK NAS TRANSPORT, and resolves MME UE ID: 100 and eNB UE ID: 10 as target parameter. And inquiring the hash table by using 10 as a key, determining a corresponding hash table node, and storing 100 as an ID allocated by a security gateway of an operator in the hash table node. Thus, the hash table node stores three values, including: the ID allocated by the server is eNB UE ID: 10, the ID allocated by the base station side is eNB UE ID: 0, and the ID allocated by the security gateway of the operator is MME UE ID: 100.
in step S508, the server of the present invention resolves the eNB UE ID from the DOWNLINK NAS TRANSPORT sent by the security gateway of the operator: 10 and MME UE ID: 100 replacement eNB UE ID: 0 (allocated by the base station side in the last uplink message) and MME UE ID: 10 (server allocation of the invention), encapsulating the download NAS TRANSPORT and sending to the base station side.
In steps S509 and S510, similar to steps S507 and S508, the difference is a downlink message for another UE under eNB 1. After receiving the downlink message, the server of the present invention resolves values of two parameters, namely, eNB UE ID and MME UE ID, for example: 11 and MME UE ID: 101. and inquiring the hash table by using 11 as a key, determining a corresponding hash table node, and storing the ID distributed by 101 as a security gateway of the operator into the hash table node. Thus, the hash table node stores three values, including: the ID allocated by the server is eNB UE ID: 11, the ID allocated by the base station side is eNB UE ID: 1, and the ID allocated by the security gateway of the operator is MME UE ID: 101. then, the eNB UE ID in the message is solved to be 11 (allocated by the server of the present invention) and the MME UE ID is solved to be 101 (allocated by the security gateway of the operator), and the eNB UE ID is replaced to be 1 (allocated by the base station side in the previous uplink message) and the MME UE ID is replaced to be 11 (allocated by the server of the present invention), and the obtained message is encapsulated and sent to the base station side.
In steps S511 and S512, similarly to steps S507 and S508, the difference is the first downlink message for one UE under eNB 2. After receiving the first downlink message, the server of the present invention resolves values of two parameters, namely, eNB UE ID and MME UE ID, for example: 12 and MME UE ID: 102. and inquiring the hash table by adopting 12 as a key, determining a corresponding hash table node, and storing the ID distributed by 102 serving as a security gateway of the operator into the hash table node. Thus, the hash table node stores three values, including: the ID allocated by the server is eNB UE ID: 12, the ID allocated by the base station side is eNB UE ID: 0, and the ID allocated by the security gateway of the operator is MME UE ID: 102. then, the eNB UE ID in the message is solved to be 12 (allocated by the server of the present invention) and the MME UE ID is solved to be 102 (allocated by the security gateway of the operator), and the eNB UE ID is replaced to be 0 (allocated by the base station side in the previous uplink message) and the MME UE ID is 12 (allocated by the server of the present invention), and the eNB UE ID and the MME UE ID are encapsulated and transmitted to the base station side.
So far, the examples of the first DOWNLINK S1AP message (DOWNLINK NAS TRANPORT) of the registration procedure of three UEs initiated from the security gateway of the operator have been introduced in their entirety. In the hash table of the server of the present invention, there are three hash table nodes each of which holds three values in its content, one being an ID (10, 11, 12) assigned by the server of the present invention, and as a key, the other being an ID (0, 1, 0) assigned by the base station side, and the other being an ID (100, 101, 102) assigned by the security gateway side of the operator.
In steps S513 and S514, the second UPLINK S1AP message (UPLINK NAS TRANSPORT) transmitted from the base station side is addressed. The second uplink S1AP message carries two IDs, eNB UE ID: 0 and MME UE ID: 10. after receiving the second uplink S1AP message, the server of the present invention resolves the eNB UE ID: 0 and MME UE ID: 10, and with MME UE ID: and 10, querying the hash table as a key to determine a corresponding hash table node. The eNB UE ID stored under the hash table node is adopted: 10 and MME UE ID: 100 replacement eNB UE ID: 0 and MME UE ID: and 10, encapsulating and sending the data to a security gateway of the operator.
In steps S515 and S516, similar to steps S513 and S514, the difference is a second downlink S1AP message for another UE under the eNB 1. The second downlink S1AP message carries two IDs, eNB UE ID: 1 and MME UE ID: 11. after receiving the second uplink S1AP message, the server of the present invention resolves the eNB UE ID: 1 and MME UE ID: 11, and with MME UE ID: 11 as key to inquire the hash table and determine the corresponding hash table node. The eNB UE ID stored under the hash table node is adopted: 11 and MME UE ID: 101 replacement eNB UE ID: 1 and MME UE ID: and 11, encapsulating and sending the data to a security gateway of the operator.
In steps S517 and S518, similar to steps S513 and S514, the difference is a second downlink S1AP message for one UE under the eNB 2. The second downlink S1AP message carries two IDs, eNB UE ID: 0 and MME UE ID: 12. after receiving the second uplink S1AP message, the server of the present invention resolves the eNB UE ID: 0 and MME UE ID: 12, and with MME UE ID: and 12, as a key, inquiring the hash table and determining a corresponding hash table node. The eNB UE ID stored under the hash table node is adopted: 12 and MME UE ID: 102 replacement eNB UE ID: 0 and MME UE ID: and 12, encapsulating and sending the data to a security gateway of the operator.
So far, the second example of the S1AP message (UPLINK NAS TRANSPORT) of the registration procedure of three UEs initiated from two small base stations is fully described.
In the above example, only two IDs in the S1AP message are decoded and mapped, and no time is wasted for interfacing with content that is not of interest, which shortens forwarding time.
Fig. 6 is a block diagram of an apparatus for communicating between a small cell and a gateway according to an embodiment of the present invention. The device can be realized by software and/or hardware, and the effect of saving the resources of the real gateway of an operator is realized by executing the method for communication between the small base station and the gateway. As shown in fig. 6, the apparatus includes:
the IPSEC determining module 610 is configured to determine to operate an IPSEC server or an IPSEC client according to whether a communication object is a security gateway of a small base station or an operator;
and the IPSEC running module 620 is configured to interface the security gateway of the small cell or the operator by running the IPSEC server or the IPSEC client.
The embodiment of the invention provides a device for communication between a small base station and a gateway, which realizes northbound butt joint of a security gateway of an operator and can simultaneously butt joint of a plurality of different operators; the southbound direction can be simultaneously butted with a plurality of different small base stations, and mobile phone signaling and data packets of different operators can be routed to the correct real gateway of the operator through the scheme of the embodiment of the invention, so that the real core network of the operator is achieved, and the effect of saving the resources of the real gateway of the operator is achieved.
Optionally, the method further includes:
the message forwarding module is used for acquiring a signaling plane message after the IPSEC server or the IPSEC client is operated to butt joint the security gateway of the small base station or the operator, and analyzing the signaling plane message to obtain a target parameter;
inquiring a preset target parameter mapping table, and determining a replacement parameter corresponding to the target parameter;
and replacing the target parameter by the replacement parameter, encapsulating the replaced signaling plane message and forwarding the signaling plane message to the small base station or a security gateway of an operator.
Optionally, the method further includes:
and the mapping table updating module is used for reallocating the identification data for the terminal after the target parameter is obtained by analyzing the signaling plane message and if the terminal is communicated with the gateway for the first time through the small base station, and updating a preset target parameter mapping table based on the target parameter and the identification data.
Optionally, the preset target parameter mapping table is a hash table using the identification data as a key value.
Optionally, the target parameters include eNB UE S1AP ID and/or MME UE S1AP ID;
and analyzing the signaling plane message to obtain a target parameter, including:
acquiring a first value of a length type byte in a signaling plane message, wherein the first value and a value range of the target parameter have an association relation;
and determining the value range of the target parameter according to the first value, and reading the target parameter in the decoded signaling plane message based on the value range.
Optionally, replacing the target parameter with the replacement parameter includes:
determining a second value of the length type byte in the replaced signaling plane message according to the value range of the replacement parameter, wherein the second value and the value range of the replacement parameter have an association relationship;
and replacing the first value by the second value, and replacing the target parameter by the replacement parameter.
Optionally, the IPSEC determining module 610 is specifically configured to:
operating an IPSEC server in the case that a communication object is at least one small base station;
in case the communication object is a security gateway of the operator, the IPSEC client is run.
The embodiment of the invention also provides a server, which comprises a memory and one or more processors;
the memory arranged to store one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors implement the method for communication between the small cell base station and the gateway according to the embodiment of the present invention.
The device and the server for communication between the small base station and the gateway provided by the embodiment of the invention can execute the method for communication between the small base station and the gateway provided by any embodiment of the invention, and have corresponding functional modules and beneficial effects of the execution method.
An embodiment of the present invention further provides a storage medium containing computer-executable instructions, which when executed by a computer processor, perform a method for a small cell to communicate with a gateway, the method including:
judging to operate an IPSEC server or an IPSEC client according to the fact that a communication object is a security gateway of a small base station or an operator;
and the security gateway of the small base station or the operator is connected by operating an IPSEC server or an IPSEC client.
It should be noted that all or part of the contents in the technical solutions provided by the embodiments of the present invention may be implemented by computer-executable instructions, and the computer-executable instructions are stored in the Linux system.
Storage medium-any of various types of memory devices or storage devices. The term "storage medium" is intended to include: mounting media such as CD-ROM, floppy disk, or tape devices; computer system memory or random access memory such as DRAM, DDR RAM, SRAM, EDO RAM, Lanbas (Rambus) RAM, etc.; non-volatile memory such as flash memory, magnetic media (e.g., hard disk or optical storage); registers or other similar types of memory elements, etc. The storage medium may also include other types of memory or combinations thereof. In addition, the storage medium may be located in a first computer system in which the program is executed, or may be located in a different second computer system connected to the first computer system through a network (such as the internet). The second computer system may provide program instructions to the first computer for execution. The term "storage medium" may include two or more storage media that may reside in different locations, such as in different computer systems that are connected by a network. The storage medium may store program instructions (e.g., embodied as a computer program) that are executable by one or more processors.
Of course, the storage medium containing the computer-executable instructions provided by the embodiments of the present invention is not limited to the operation of the small cell base station and the gateway communication described above, and may also perform related operations in the method for the small cell base station and the gateway communication provided by any embodiments of the present invention.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (9)

1. A method for a small cell to communicate with a gateway, the method comprising:
operating an IPSEC server in the case that a communication object is a small base station of an operator;
in the case that the communication object is a security gateway of an operator, operating an IPSEC client;
the method comprises the steps of interfacing small base stations of two or more different operators or security gateways of two or more different operators by operating an IPSEC server or an IPSEC client.
2. The method of claim 1, further comprising, after interfacing small base stations of two or more different operators or security gateways of two or more different operators by running an IPSEC server or an IPSEC client:
acquiring a signaling plane message, and analyzing the signaling plane message to obtain a target parameter;
inquiring a preset target parameter mapping table, and determining a replacement parameter corresponding to the target parameter;
and replacing the target parameters by the replacement parameters, encapsulating the replaced signaling plane messages and forwarding the signaling plane messages to the small base stations of two or more different operators or the security gateways of two or more different operators.
3. The method of claim 2, further comprising, after parsing the signaling plane message to obtain target parameters:
and if the terminal communicates with the gateway for the first time through the small base station, reallocating the identification data for the terminal, and updating a preset target parameter mapping table based on the target parameter and the identification data.
4. The method as claimed in claim 3, wherein the predetermined target parameter mapping table is a hash table with the identification data as a key.
5. The method of claim 2, wherein the target parameters comprise an eNB UE S1AP ID and/or an MME UE S1AP ID;
and analyzing the signaling plane message to obtain a target parameter, including:
acquiring a first value of a length type byte in a signaling plane message, wherein the first value and a value range of the target parameter have an association relation;
and determining the value range of the target parameter according to the first value, and reading the target parameter in the decoded signaling plane message based on the value range.
6. The method of claim 5, wherein replacing the target parameter with the replacement parameter comprises:
determining a second value of the length type byte in the replaced signaling plane message according to the value range of the replacement parameter, wherein the second value and the value range of the replacement parameter have an association relationship;
and replacing the first value by the second value, and replacing the target parameter by the replacement parameter.
7. An apparatus for a small cell to communicate with a gateway, comprising:
the IPSEC judging module is used for operating an IPSEC server under the condition that a communication object is a small base station of an operator; in the case that the communication object is a security gateway of an operator, operating an IPSEC client;
the IPSEC operation module is used for butting the small base stations of two or more different operators or the security gateways of two or more different operators by operating the IPSEC server or the IPSEC client.
8. A server, characterized in that the server comprises: a memory, and one or more processors;
the memory arranged to store one or more programs;
when executed by the one or more processors, cause the one or more processors to implement the method of small cell base station to gateway communication of any of claims 1-6.
9. A storage medium, characterized in that the storage medium stores a computer program which, when executed by a processor, implements the method of small cell base station to gateway communication of any of claims 1-6.
CN201911061663.3A 2019-11-01 2019-11-01 Method, device, storage medium and terminal for communication between small base station and gateway Active CN110784391B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911061663.3A CN110784391B (en) 2019-11-01 2019-11-01 Method, device, storage medium and terminal for communication between small base station and gateway

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911061663.3A CN110784391B (en) 2019-11-01 2019-11-01 Method, device, storage medium and terminal for communication between small base station and gateway

Publications (2)

Publication Number Publication Date
CN110784391A CN110784391A (en) 2020-02-11
CN110784391B true CN110784391B (en) 2021-10-15

Family

ID=69388578

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911061663.3A Active CN110784391B (en) 2019-11-01 2019-11-01 Method, device, storage medium and terminal for communication between small base station and gateway

Country Status (1)

Country Link
CN (1) CN110784391B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112218255B (en) * 2020-10-22 2022-10-28 中国联合网络通信集团有限公司 Terminal access method and device based on block chain network and macro base station
CN114039815B (en) * 2021-12-07 2022-12-20 中国电信股份有限公司 Method and system for realizing sharing of small base station

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106028370A (en) * 2016-04-29 2016-10-12 北京北方烽火科技有限公司 Small cell cluster controller, cluster system, centralized management and control method and configuration method
CN108307391A (en) * 2016-09-22 2018-07-20 大唐移动通信设备有限公司 A kind of terminal access method and system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8886164B2 (en) * 2008-11-26 2014-11-11 Qualcomm Incorporated Method and apparatus to perform secure registration of femto access points
JP5831854B2 (en) * 2011-06-10 2015-12-09 ノキア ソリューションズ アンド ネットワークス オサケユキチュア Base station apparatus and base station apparatus communication method
JP6394325B2 (en) * 2014-11-26 2018-09-26 富士通株式会社 Network control method, communication apparatus, and communication system
US10341868B2 (en) * 2016-02-25 2019-07-02 Smart-Edge.Com, Inc. Platform for computing at the mobile edge

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106028370A (en) * 2016-04-29 2016-10-12 北京北方烽火科技有限公司 Small cell cluster controller, cluster system, centralized management and control method and configuration method
CN108307391A (en) * 2016-09-22 2018-07-20 大唐移动通信设备有限公司 A kind of terminal access method and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
LTE家庭基站网关设计与实现;苏敬桓;《中国优秀硕士学位论文全文数据库》;20160515;全文 *

Also Published As

Publication number Publication date
CN110784391A (en) 2020-02-11

Similar Documents

Publication Publication Date Title
CN108353327B (en) X2protocol programmability
EP2893765B1 (en) Minimizing mapping and signaling for data path aggregation
KR102066188B1 (en) How to establish a roaming connection
JP7296993B2 (en) Communication method and communication device
KR102469973B1 (en) Communication method and device
CN110324246B (en) Communication method and device
CN113595908A (en) Message transmission method and device
US8817815B2 (en) Traffic optimization over network link
CN104521249A (en) Methods and apparatus
CN116405461A (en) Data processing method, network element equipment and readable storage medium
WO2022242507A1 (en) Communication method, apparatus, computer-readable medium electronic device, and program product
JP7193060B2 (en) COMMUNICATION METHOD, COMMUNICATION DEVICE, AND COMMUNICATION SYSTEM
CN110784391B (en) Method, device, storage medium and terminal for communication between small base station and gateway
WO2018149342A1 (en) Public network accessing method and device and computer storage medium for user terminal of mobile private network
CN113207191A (en) Session establishment method, device and equipment based on network slice and storage medium
CN112566164A (en) Communication system and service quality control method
WO2022143395A1 (en) Redundant path creating method, apparatus, and system
EP3813481B1 (en) Information transmission methods and system
CN113364660A (en) Data packet processing method and device in LVS load balancing
CN109845329B (en) Communication method, network equipment and application management unit
EP3340046B1 (en) Method for accessing local network, and related device
WO2019074032A1 (en) Apparatus, method and program for transmitting and receiving data to and from iot device
CN115883047B (en) Signaling data transmission method, device, equipment and medium
JP6509413B1 (en) Device, method and program for transmitting and receiving data with IoT device
KR20240050068A (en) Commercial network interlocking base station system for providing 5g specialized network service using commercial network as backhaul and method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant