CN112839078A - Data forwarding method and device for 5G private network environment and electronic equipment - Google Patents
Data forwarding method and device for 5G private network environment and electronic equipment Download PDFInfo
- Publication number
- CN112839078A CN112839078A CN202011611301.XA CN202011611301A CN112839078A CN 112839078 A CN112839078 A CN 112839078A CN 202011611301 A CN202011611301 A CN 202011611301A CN 112839078 A CN112839078 A CN 112839078A
- Authority
- CN
- China
- Prior art keywords
- forwarding
- data packet
- data
- packet information
- edge
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 52
- 238000004364 calculation method Methods 0.000 claims abstract description 27
- 238000005538 encapsulation Methods 0.000 claims description 26
- 238000012545 processing Methods 0.000 claims description 17
- 238000006243 chemical reaction Methods 0.000 claims description 10
- 230000003139 buffering effect Effects 0.000 claims description 2
- 238000004806 packaging method and process Methods 0.000 claims 3
- 238000010586 diagram Methods 0.000 description 20
- 230000005540 biological transmission Effects 0.000 description 11
- 238000004590 computer program Methods 0.000 description 11
- 238000005516 engineering process Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 9
- 230000008569 process Effects 0.000 description 9
- 238000013519 translation Methods 0.000 description 6
- 238000001514 detection method Methods 0.000 description 4
- 238000007726 management method Methods 0.000 description 3
- 238000013507 mapping Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000009466 transformation Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 206010063385 Intellectualisation Diseases 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000011022 operating instruction Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 230000005641 tunneling Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Abstract
The application discloses a data forwarding method and device for a 5G private network environment and electronic equipment. The method of the present application comprises: receiving a data packet sent by a terminal side, and acquiring data packet information from the data packet; performing edge calculation on the data packet information to obtain a forwarding strategy corresponding to the data packet information, wherein the forwarding strategy comprises an edge forwarding strategy and a direct forwarding strategy; and forwarding the data packet according to an edge forwarding strategy or a direct forwarding strategy corresponding to the data packet information. The technical scheme of the application can realize the efficient and rapid forwarding of the data in the 5G private network environment.
Description
Technical Field
The present application relates to the field of data processing technologies, and in particular, to a data forwarding method and apparatus for a 5G private network environment, and an electronic device.
Background
5G will become the general technology of leading the digital transformation, 5G will offer the peak rate at least ten times 4G with brand-new network architecture, the transmission delay of millisecond level and the connecting ability of billions level, open the new era of the wide interconnection of everything, man-machine deep interaction, become the key enabler of the digital transformation of economic society. Due to the fact that the digital television has ultrahigh data rate, higher capacity and shorter time delay, 5G brings new opportunities for multiple applications which change people's lives, including immersive videos, automatic driving automobiles, telemedicine, intelligent factories, smart cities and the like.
5G is an enabler for innovation and development of various industries, and by wide and deep integration with vertical industries such as industry, traffic, agriculture and the like, the novel transformation from supporting mobile internet to supporting comprehensive digitization, networking and intellectualization of various industries is realized, more innovation and application are promoted, and the development of digital economy in the whole society is promoted. In particular, for specific needs of various vertical application industries, private network deployment based on a 5G technology is also paid more and more attention, and how to implement fast and efficient forwarding of data will become a basis for 5G private network deployment.
Disclosure of Invention
The embodiment of the application provides a data forwarding method and device for a 5G private network environment and electronic equipment, so that data in the 5G private network environment can be quickly and efficiently forwarded.
The embodiment of the application adopts the following technical scheme:
in a first aspect, an embodiment of the present application provides a data forwarding method for a 5G private network environment, including:
receiving a data packet sent by a terminal side, and acquiring data packet information from the data packet; performing edge calculation on the data packet information to obtain a forwarding strategy corresponding to the data packet information, wherein the forwarding strategy comprises an edge forwarding strategy and a direct forwarding strategy; and forwarding the data packet according to an edge forwarding strategy or a direct forwarding strategy corresponding to the data packet information.
In a second aspect, an embodiment of the present application further provides a data forwarding apparatus for a 5G private network environment, including:
the receiving unit is used for receiving a data packet sent by a terminal side and acquiring data packet information from the data packet; the computing unit is used for performing edge computation on the data packet information and acquiring a forwarding strategy corresponding to the data packet information, wherein the forwarding strategy comprises an edge forwarding strategy and a direct forwarding strategy; and the forwarding unit is used for forwarding the data packet according to an edge forwarding strategy or a direct forwarding strategy corresponding to the data packet information.
In a third aspect, an embodiment of the present application further provides an electronic device, including: a processor; and a memory arranged to store computer executable instructions that, when executed, cause the processor to perform the data forwarding method.
In a fourth aspect, embodiments of the present application further provide a computer-readable storage medium storing one or more programs that, when executed by an electronic device including a plurality of application programs, cause the electronic device to execute the data forwarding method.
The embodiment of the application adopts at least one technical scheme which can achieve the following beneficial effects:
in the embodiment of the application, in a 5G private network environment, the edge calculation is performed on the received data packet to determine the forwarding strategy of the data packet, and the edge forwarding is performed on the data packet conforming to the edge forwarding strategy, so that the conversion consumption of user mode and kernel mode data is reduced, the kernel protocol stack call chain period is reduced, and the efficient and rapid forwarding of data in the 5G private network environment is realized. The embodiment of the application combines the characteristics of the 5G network and the characteristics of edge calculation, provides a safe and low-delay network for the 5G private network environment, and can provide scene access with large bandwidth and low time delay for applications such as Internet of things, industrial Internet, virtual reality and the like.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a flowchart of a data forwarding method for a 5G private network environment in an embodiment of the present application;
fig. 2 is a schematic diagram of a node performing edge forwarding in a 5G private network environment in an embodiment of the present application;
fig. 3 is a schematic diagram of a data forwarding process in an embodiment of the present application;
fig. 4 is a schematic diagram of a forwarding rule in an embodiment of the present application;
FIG. 5 is a diagram illustrating a data packet transmission process according to an embodiment of the present application;
FIG. 6 is a schematic diagram of an embodiment of the present application;
fig. 7 is a schematic diagram of a NAT in an embodiment of the present application;
fig. 8 is a schematic diagram illustrating control plane data security according to an embodiment of the present application;
fig. 9 is a functional diagram of a data forwarding apparatus for use in a 5G private network environment according to an embodiment of the present application;
fig. 10 is a schematic structural diagram of an electronic device in an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail and completely with reference to the following specific embodiments of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The technical solutions provided by the embodiments of the present application are described in detail below with reference to the accompanying drawings.
Fig. 1 is a flowchart of a data forwarding method for a 5G private network environment in an embodiment of the present application, and as shown in fig. 1, the method of the present embodiment includes:
step S110, receiving a data packet sent by the terminal, and acquiring data packet information from the data packet.
Referring to fig. 2, a User terminal sends a data packet through a 5G base station, and a User Port Function (UPF) receives the data packet and parses the data packet to obtain data packet information. Here, the packet information includes, but is not limited to, an external encapsulation field value of the packet, such as an IP address, a physical address, and other field values, and an internal data value, such as a url carried by a data body.
Step S120, performing edge calculation on the data packet information, and acquiring a forwarding strategy corresponding to the data packet information, wherein the forwarding strategy comprises an edge forwarding strategy and a direct forwarding strategy.
In this embodiment, Edge calculation (MEC) is performed on packet information according to a packet matching rule, after the packet information of a packet is obtained, the packet information is matched with the packet matching rule, a forwarding policy corresponding to the packet information is obtained according to a matching result, if the packet information is matched with the packet matching rule, an Edge forwarding policy corresponding to the packet information is obtained, and if the packet information is not matched with the packet matching rule, a direct forwarding policy corresponding to the packet information is obtained.
Here, the Forwarding policy stipulates a Forwarding rule of a data Packet, and the embodiment implements flow Control of Control plane data based on a Packet Forwarding Control Protocol (PFCP), and supports directional Forwarding and directional delivery. The edge forwarding strategy redefines the forwarding type and the forwarding direction of the data packet, the data packet is sent according to the redefined forwarding type and the redefined forwarding direction, and the direct forwarding strategy stipulates that the data packet is sent according to the forwarding type and the forwarding direction appointed by the data packet.
Step S130, forwarding the data packet according to an edge forwarding policy or a direct forwarding policy corresponding to the data packet information.
As shown in fig. 1, in the embodiment, in the 5G private network environment, edge calculation is performed on a received data packet to determine a forwarding policy of the data packet, and edge forwarding is performed on the data packet conforming to the edge forwarding policy, so that conversion consumption of user-mode and kernel-mode data is reduced, a kernel protocol stack call chain period is reduced, and efficient and fast forwarding of data in the 5G private network environment is realized. In this embodiment, a 5G network characteristic and an edge computing characteristic are combined, a safe and low-delay network is provided for a 5G private network environment, and scene access with large bandwidth and low delay can be provided for applications such as internet of things, industrial internet, virtual reality, and the like.
Fig. 3 is a schematic diagram of a data forwarding process in an embodiment of the application, as shown in fig. 3, a terminal uploads a data packet to a base station, the base station receives the data packet uploaded by the terminal, at this time, wireless data is converted into IP data, after the data conversion, the base station sends the data packet to a network element for edge calculation, fig. 3 exemplarily shows that a UPF is a network element for edge calculation, after the UPF receives the data packet, the UPF obtains data packet information from the data packet, for example, obtains an external encapsulation field value and an internal data value of the data packet, performs rule matching on the obtained data packet information, if a rule is hit, performs edge forwarding on the data packet, for example, forwards the data packet to an edge server for data processing and processing, and if a processing result includes intermediate data that needs to be forwarded to a central service, may also forward the intermediate data to the central. And if the rule is not hit, directly forwarding the data packet, and directly forwarding the data packet to the central service. The central service here can be understood as a central server in a 5G core network.
In one embodiment, a forwarding policy corresponding to packet information is obtained by matching the packet information with a packet matching rule, that is, matching is performed with the packet matching rule according to the external encapsulation field value and/or the internal data value, if the packet information is matched with the packet matching rule, the packet information corresponds to an edge forwarding policy, and if the packet information is not matched with the packet matching rule, the packet information corresponds to a direct forwarding policy.
For example, the packet matching rule in this embodiment associates a first list with preset key field values and a second list with preset key data values, and when matching is performed according to an external encapsulation field value and/or an internal data value and the packet matching rule, it may be detected whether a key field value matching the external encapsulation field value exists in the first list, and/or whether a key data value matching the internal data value exists in the second list; if the first list has a key field value matched with the external encapsulation field value and/or the second list has a key data value matched with the internal data value, the data packet is matched with the message matching rule; and if the first list does not have a key field value matched with the external encapsulation field value, or the second list does not have a key data value matched with the internal data value, the data packet is not matched with the message matching rule.
It should be understood that: the matching process may be determined according to the acquired data packet information, if the acquired data packet information includes an external encapsulation field value, it is only necessary to detect whether a key field value matching the external encapsulation field value exists in the first list, if the key field value matching the external encapsulation field value exists in the first list, for example, a preset key field value in the first list is a key IP address value, if the IP address field value corresponding to the data packet matches the key IP address value in the first list, it is determined that the data packet matches the packet matching rule, and if the IP address field value corresponding to the data packet does not match the key IP address value in the first list, it is determined that the data packet does not match the packet matching rule.
Similarly, if the obtained data packet information includes an internal data value, it is only necessary to detect whether a key data value matching the internal data value exists in the second list, if the key data value matching the internal data value exists in the second list, for example, the preset key data value in the second list is a key url, if the url data value corresponding to the data packet matches the key url in the second list, it is determined that the data packet matches the message matching rule, and if the url data value corresponding to the data packet does not match the key url in the second list, it is determined that the data packet does not match the message matching rule.
If the obtained data packet information includes an external encapsulation field value and an internal data value, the first list may be detected first, if the external encapsulation field value is not matched with the key field value in the first list, the second list may be detected continuously, and if the internal data value is not matched with the key data value in the second list, it is determined that the data packet is not matched with the packet matching rule. Of course, the second list may also be detected, and if the internal data value is not matched with the key data value in the second list, the first list continues to be detected. In addition, if the external packed field value matches the key field value in the first list during the first list detection, the second list detection may not be performed.
In one embodiment, edge calculation is performed on Packet information according to a Packet Detection Rule (PDR), and a Packet is forwarded according to an edge calculation result and a forwarding policy, where the forwarding policy is a Rule for forwarding network data, and the forwarding policy (FAR) in this embodiment includes an edge forwarding policy and a direct forwarding policy.
The message detection rule specifies that the data packet is matched with the message matching rule, namely, specifies the matching mode of the data packet information and the message matching rule. The edge forwarding policy combination defines source data and destination data, including an address of the source data and an address of the destination data, and a protocol type of the source data and a protocol type of the destination data, that is, redefining a forwarding type and a forwarding direction of a data packet through the edge forwarding policy, and instructing the data packet to transmit the data packet according to the redefined forwarding type and forwarding direction; the direct forwarding policy specifies that the data packet is sent according to the forwarding type and the forwarding direction agreed by the data packet itself.
For example, as shown in fig. 4, fig. 4 shows that a data packet is edge-forwarded and directly forwarded, where a terminal (User Equipment, UE) sends the data packet to AN UPF through a base station AN, the UPF performs edge calculation on the data packet according to a PDR under the control of a Session Management Function (SMF), and obtains a forwarding policy corresponding to data packet information according to AN edge calculation result, that is, the forwarding policy is matched with the PDR, the edge forwarding policy is corresponding to the data packet, the forwarding policy is not matched with the PDR, the direct forwarding policy is corresponding to the data packet, and the data packet is forwarded according to the forwarding policy corresponding to the data packet. For ease of illustration, three types of packets are shown in fig. 4, each packet being processed similarly, with reference to the first packet in fig. 4 (i.e. the packet corresponding to the uppermost dashed box in the box where the forwarding rule is located), the source address (UP) and the destination address (DOWN) of the first packet are exemplarily matched with the PDR and the FAR respectively, that is, PDR matching is performed on the source address and the destination address, as described above, the source address and the destination address may be respectively matched with the key IP addresses in the first list, at this time, the source address and the destination address in the first data packet both have matched key IP addresses in the first list, it is determined that PDR matching is successful and an edge forwarding policy corresponding to the first data packet is determined, and then, and then, PAR matching is carried out on the first data packet, and the forwarding type and the forwarding direction corresponding to the first data packet are matched. And thus, the edge forwarding strategy corresponding to the first data packet obtained by matching based on the matching result of the first data packet is obtained, and the first data packet is forwarded to the edge service according to the forwarding type and the forwarding direction obtained by matching.
And respectively matching PDR and FAR for a source address (UP) and a destination address (DOWN) of a second data packet (namely, the data packet corresponding to a dotted line frame at the middle position in a frame where the forwarding rule is positioned), namely, respectively matching PDR for the source address and the destination address of the second data packet, wherein as described above, the source address and the destination address can be respectively matched with the key IP addresses in the first list, and at the moment, the source address and the destination address in the second data packet do not have matched key IP addresses in the first list, determining that PDR matching is unsuccessful and determining that the second data packet corresponds to a direct forwarding strategy, and then, matching the second data packet to resolve the forwarding type and the forwarding direction (at the moment, the forwarding direction is a P-UPF node) agreed by the second data packet. Obtaining a direct forwarding strategy corresponding to the second data packet based on the mismatching result, and forwarding the second data packet to the P-UPF node according to the forwarding type appointed by the second data packet;
similarly, based on the fact that the matching result is a mismatch, a direct forwarding policy corresponding to a third Data packet (i.e., a Data packet corresponding to the bottom dashed frame in the square frame where the forwarding rule is located) is obtained, and the Data packet is forwarded to a Data Network element (DN) according to a forwarding type agreed by the third Data packet itself.
In some application scenarios, after obtaining packet information from a packet, the packet may be further controlled according to a data type corresponding to the packet, where the data type includes, but is not limited to, IMS (IP Multimedia system) data, alarm data, instant messaging data, sensitive data (the sensitive data may be understood as data carrying an illegal value, for example, an IP address is an illegal IP address, and a data body carries an illegal field, etc.), a specific data type (the specific data type is related to a service and is set by a service party, for example, resource access data such as web access data and video access data may be set as a specific data type), and the control processing includes flow rate control, data buffering control, data disabling control, or data security control.
For example, a Quality of Service (QoS) enforcement rule is preset, the QoS enforcement rule provides a gating and control scheme, when a packet corresponds to IMS data, traffic rate control may be performed on a data stream based on the gating and control scheme provided by the QoS enforcement rule, and when the traffic of the data stream exceeds the gating, traffic rate control such as limiting, reducing, and the like is performed on the data stream. Or, presetting an IP forwarding forbidding list, and when the data packet is sensitive data and the IP address corresponding to the data packet hits the IP forwarding forbidding list, implementing data forbidding control on the data packet. Or, presetting a specific IP address and a specific protocol, when the data packet is matched with the specific IP address and the specific protocol, indicating that the data packet is data of a specific type, and encapsulating a specified label to increase the security of data transmission so as to realize data security control. Or presetting a cache operation rule, and specifying how much data to buffer and a notification mode for the control plane through the cache operation rule, and executing data cache control processing on the data packet when the cache operation rule is triggered when the data volume of the data packet is larger.
After determining a forwarding strategy corresponding to a data packet, forwarding the data packet according to an edge forwarding strategy or a direct forwarding strategy corresponding to the data packet information:
if the data packet information corresponds to an edge forwarding strategy, performing edge forwarding on the data packet according to a forwarding type and a forwarding direction corresponding to the data packet information; wherein the forwarding type is stored in a forwarding type table associated with an edge forwarding policy, and the forwarding direction is stored in a forwarding direction table associated with the edge forwarding policy. And if the data packet information corresponds to a direct forwarding strategy, directly forwarding the data packet according to a destination address indicated by the external encapsulation field value.
For example, when determining the edge forwarding policy corresponding to the packet information, the forwarding type and the forwarding direction corresponding to the packet information may be determined from a forwarding type table and a forwarding direction table associated with the edge forwarding policy according to the packet information, for example, the forwarding type table and the forwarding direction table are matched by an IP address in the packet information, and the matched forwarding type and forwarding direction are used as the forwarding type and forwarding direction corresponding to the packet information, so that the packet is edge-forwarded according to the forwarding type and forwarding direction. Of course, other manners may also be used to determine the forwarding type and the forwarding direction corresponding to the packet information, so as to forward the data according to the corresponding edge forwarding policy, which is not limited in this embodiment.
As shown in fig. 5, an Application (Application) of a terminal generates a Data Packet, and in general, the Data Packet carries information such as an IP Address, an SDAP (Service Data Adaptation Protocol), a PDCP (Packet Data Convergence Protocol), an RLC (Radio Link Control, Radio Link layer Control Protocol), an MAC Address (local area network Address), and a PHY (Physical layer). The wireless data packet is uploaded to a gNB (a base station in a 5G communication network is the gNB), the gNB converts the data packet, converts the wireless data packet into an IP data packet, namely adds GTP (GPRS tunneling Protocol), UDP (User Datagram Protocol), L1, L2 and other physical link information in the data packet, after converting the data packet into the IP data packet, sends the data packet to a UPF, the UPF performs edge calculation on the data packet to obtain a forwarding strategy corresponding to the data packet, and if the forwarding strategy corresponds to a direct forwarding strategy, the data packet is directly forwarded to the DN.
It should be noted that, in this embodiment, edge calculation is performed on a data packet based on an edge calculation method, that is, edge calculation is performed on the data packet according to a packet matching rule, and a forwarding measurement corresponding to the data packet is determined according to an edge calculation result, so that edge forwarding is performed on the data packet that can perform edge forwarding, thereby implementing efficient and fast forwarding of the data packet and reducing network delay. The edge calculation is to perform edge calculation on a wireless data packet uploaded by a mobile terminal, and a wired data packet uploaded by a non-mobile terminal generally does not involve edge calculation, so the data packet in this embodiment may be understood as a wired data packet uploaded by a terminal side.
In this process, when the UPF performs edge calculation on the data packet, it performs data unpacking processing on the data packet, as shown in fig. 6, taking HTTP transmission as an example, the HTTP data packet performs data transmission by using GTP, and when the UPF performs data unpacking, the GTP packet at the outermost layer is stripped, and the IP data packet is extracted to perform data packet forwarding.
The data forwarding method of this embodiment is applied to a 5G private network, so that the data forwarding process may involve an intranet address and a non-intranet address (i.e., an extranet address) of a 5G private network environment, and before forwarding the data packet, it should also be obtained whether a destination address to be forwarded by the data packet is the intranet address of the 5G private network environment; if the destination address to be forwarded is an intranet address, forwarding the data packet according to a forwarding strategy; and if the destination address to be forwarded is not the intranet address, performing network address conversion on the destination address to be forwarded, and forwarding the data packet to the address after the network address conversion according to a forwarding strategy.
Here, the destination address to be forwarded by the packet is understood to be: when the data packet corresponds to the edge forwarding policy, the destination address to be forwarded is the destination address redefined by the edge forwarding policy, and is not the destination address of the source data carried by the data packet itself. And when the data packet corresponds to the direct forwarding strategy, the destination address to be forwarded is the destination address of the source data carried by the data packet.
As shown in fig. 7, Address Translation is implemented by using NAT (Network Address Translation) technology, and the Address Translation function includes static Translation (one-to-one correspondence between internal and external Network IPs), dynamic Translation (implementing dynamic mapping between internal and external Network IPs), and port multiplexing (implementing intercommunication between internal and external networks by means of port mapping). The flexible control of data transmission is realized through NAT conversion and IP routing technology, the output forwarding of a directional server is realized by adopting the IP routing technology aiming at IMS data transmission, the internal network intercommunication and the traversal of IP tracking can be realized without changing the source IP through the directional forwarding, the data forwarding of a non-directional server is realized through the NAT technology aiming at the requirement of the access of an external domain network, a uniform IP address is displayed to the outside, and the intercommunication of an internal network and an external network is ensured.
In some embodiments, before obtaining the corresponding forwarding policy according to the packet information, the method further includes: acquiring an encrypted forwarding strategy issued by the SMF, and decrypting the forwarding strategy; and acquiring a corresponding decrypted forwarding strategy according to the data packet information.
Referring to fig. 8, the controlling of the Data plane includes issuing an encrypted forwarding policy by the SMF, performing Authentication Management on the terminal by the SMF and the AMF (Authentication Management Function), and storing the stored user Data and Authentication Data by the UDM (Unified Data Manager) using an asymmetric encryption algorithm with higher security to ensure the secure storage of the Data. The SMF controls the data transmission process, and because the data transmission has dynamic property and session dependency, the simple and quick symmetric encryption can provide data transmission safety and protocol simplicity. Therefore, the data of the control plane is ensured to be safely transmitted in an encryption mode, the safety of data plane control can be ensured, and the controllability of flow forwarding is ensured.
In summary, the embodiment satisfies internal circulation and external visit of data in a 5G private network environment based on the edge computing forwarding technology, that is, efficient forwarding of data is realized through the internal data forwarding part and the NAT mapping part, and security control of data is realized based on control plane encryption.
Fig. 9 is a functional schematic diagram of a data forwarding apparatus used in a 5G private network environment in an embodiment of the present application, and as shown in fig. 9, the apparatus of the present embodiment includes:
a receiving unit 910, configured to receive a data packet sent by a terminal, and acquire data packet information from the data packet;
a calculating unit 920, configured to perform edge calculation on the data packet information, and obtain a forwarding policy corresponding to the data packet information, where the forwarding policy includes an edge forwarding policy and a direct forwarding policy;
a forwarding unit 930, configured to forward the data packet according to an edge forwarding policy or a direct forwarding policy corresponding to the data packet information.
In one embodiment, the receiving unit 910 is further configured to obtain an external encapsulation field value and an internal data value of the data packet from the data packet.
In an embodiment, the calculating unit 920 is configured to match a packet matching rule according to the external encapsulation field value and/or the internal data value, where if the packet matching rule matches the external encapsulation field value and/or the internal data value, the packet information corresponds to an edge forwarding policy, and if the packet matching rule does not match the internal encapsulation field value and/or the internal data value, the packet information corresponds to a direct forwarding policy.
In an embodiment, the calculating unit 920 is configured to obtain a first list of preset key field values associated with the packet matching rule and a second list of preset key data values, detect whether a key field value matching the external encapsulation field value exists in the first list, and/or detect whether a key data value matching the internal data value exists in the second list; if the first list has a key field value matched with the external encapsulation field value and/or the second list has a key data value matched with the internal data value, the data packet is matched with the message matching rule; and if the first list does not have a key field value matched with the external encapsulation field value, or the second list does not have a key data value matched with the internal data value, the data packet is not matched with the message matching rule.
In an embodiment, the apparatus further includes a control unit, configured to perform control processing on the data packet according to a data type corresponding to the data packet after acquiring the data packet information from the data packet, where the control processing includes flow rate control, data buffer control, data disable control, or data security control.
In an embodiment, the forwarding unit 930 is configured to, if the packet information corresponds to an edge forwarding policy, perform edge forwarding on the packet according to a forwarding type and a forwarding direction corresponding to the packet, where the forwarding type is stored in a forwarding type table associated with the edge forwarding policy, and the forwarding direction is stored in a forwarding direction table associated with the edge forwarding policy; and if the data packet information corresponds to a direct forwarding strategy, directly forwarding the data packet according to a destination address indicated by the external encapsulation field value.
In an embodiment, the apparatus further includes an address translation unit, configured to obtain whether a destination address to be forwarded by the data packet is an intranet address of the 5G private network environment before forwarding the data packet according to an edge forwarding policy or a direct forwarding policy corresponding to the data packet information; if the destination address to be forwarded is the intranet address, forwarding the data packet according to the forwarding strategy; and if the destination address to be forwarded is not the intranet address, performing network address conversion on the destination address to be forwarded, and forwarding the data packet to the address after the network address conversion according to the forwarding strategy.
In an embodiment, the receiving unit 910 is further configured to, before obtaining the forwarding policy corresponding to the data packet information, further obtain an encrypted forwarding policy issued by the session control unit, and decrypt the forwarding policy; and acquiring a decrypted forwarding strategy corresponding to the data packet information.
It can be understood that the data forwarding apparatus can implement each step of the data forwarding method provided in the foregoing embodiment, and the related explanations about the data forwarding method are applicable to the data forwarding apparatus, and are not described herein again.
Fig. 10 is a schematic structural diagram of an electronic device according to an embodiment of the present application. Referring to fig. 10, at a hardware level, the electronic device includes a processor, and optionally further includes an internal bus, a network interface, and a memory. The Memory may include a Memory, such as a Random-Access Memory (RAM), and may further include a non-volatile Memory, such as at least 1 disk Memory. Of course, the electronic device may also include hardware required for other services.
The processor, the network interface, and the memory may be connected to each other via an internal bus, which may be an ISA (Industry Standard Architecture) bus, a PCI (Peripheral Component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 10, but this does not indicate only one bus or one type of bus.
And the memory is used for storing programs. In particular, the program may include program code comprising computer operating instructions. The memory may include both memory and non-volatile storage and provides instructions and data to the processor.
The processor reads the corresponding computer program from the nonvolatile memory into the memory and then runs the computer program to form the data forwarding device on the logic level. The processor is used for executing the program stored in the memory and is specifically used for executing the following operations:
receiving a data packet sent by a terminal side, and acquiring data packet information from the data packet;
performing edge calculation on the data packet information to obtain a forwarding strategy corresponding to the data packet information, wherein the forwarding strategy comprises an edge forwarding strategy and a direct forwarding strategy;
and forwarding the data packet according to an edge forwarding strategy or a direct forwarding strategy corresponding to the data packet information.
The method executed by the data forwarding apparatus according to the embodiment shown in fig. 1 of the present application may be applied to a processor, or may be implemented by a processor. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor.
The electronic device may further execute the method executed by the data forwarding apparatus in fig. 1, and implement the functions of the data forwarding apparatus in the embodiment shown in fig. 1, which are not described herein again in this embodiment of the present application.
An embodiment of the present application further provides a computer-readable storage medium, which stores one or more programs, where the one or more programs include instructions, which, when executed by an electronic device including a plurality of application programs, enable the electronic device to perform the method performed by the data forwarding apparatus in the embodiment shown in fig. 1, and are specifically configured to perform:
receiving a data packet sent by a terminal side, and acquiring data packet information from the data packet;
performing edge calculation on the data packet information to obtain a forwarding strategy corresponding to the data packet information, wherein the forwarding strategy comprises an edge forwarding strategy and a direct forwarding strategy;
and forwarding the data packet according to an edge forwarding strategy or a direct forwarding strategy corresponding to the data packet information.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (10)
1. A data forwarding method for a 5G private network environment, the method comprising:
receiving a data packet sent by a terminal side, and acquiring data packet information from the data packet;
performing edge calculation on the data packet information to obtain a forwarding strategy corresponding to the data packet information, wherein the forwarding strategy comprises an edge forwarding strategy and a direct forwarding strategy;
and forwarding the data packet according to an edge forwarding strategy or a direct forwarding strategy corresponding to the data packet information.
2. The method of claim 1, wherein said obtaining packet information from said packet comprises:
an external encapsulation field value and an internal data value of the data packet are obtained from the data packet.
3. The method of claim 2, wherein the performing the edge calculation on the packet information to obtain the forwarding policy corresponding to the packet information comprises:
and matching the external packaging field value and/or the internal data value with a message matching rule, wherein if the external packaging field value and/or the internal data value is matched with the message matching rule, the data packet information corresponds to an edge forwarding strategy, and if the external packaging field value and/or the internal data value is not matched with the message matching rule, the data packet information corresponds to a direct forwarding strategy.
4. The method as claimed in claim 3, wherein said matching according to said external encapsulation field value and/or internal data value with packet matching rules comprises:
acquiring a first list which is associated with the message matching rule and is preset with key field values and a second list which is preset with related key data values;
detecting whether a key field value matching the external packed field value exists in the first list and/or detecting whether a key data value matching the internal data value exists in the second list;
if the first list has a key field value matched with the external encapsulation field value and/or the second list has a key data value matched with the internal data value, the data packet is matched with the message matching rule;
and if the first list does not have a key field value matched with the external encapsulation field value, or the second list does not have a key data value matched with the internal data value, the data packet is not matched with the message matching rule.
5. The method of claim 1, wherein after obtaining packet information from the packet, the method further comprises:
and performing control processing on the data packet according to the data type corresponding to the data packet, wherein the control processing comprises flow rate control, data buffering control, data forbidding control or data safety control.
6. The method as claimed in claim 3, wherein said forwarding the packet according to the edge forwarding policy or the direct forwarding policy corresponding to the packet information comprises:
if the data packet information corresponds to an edge forwarding strategy, performing edge forwarding on the data packet according to a forwarding type and a forwarding direction corresponding to the data packet, wherein the forwarding type is stored in a forwarding type table associated with the edge forwarding strategy, and the forwarding direction is stored in a forwarding direction table associated with the edge forwarding strategy;
and if the data packet information corresponds to a direct forwarding strategy, directly forwarding the data packet according to a destination address indicated by the external encapsulation field value.
7. The method of claim 1, wherein before forwarding the packet according to an edge forwarding policy or a direct forwarding policy corresponding to the packet information, the method further comprises:
acquiring whether a destination address to be forwarded by the data packet is an internal network address of the 5G private network environment;
if the destination address to be forwarded is the intranet address, forwarding the data packet according to the forwarding strategy;
and if the destination address to be forwarded is not the intranet address, performing network address conversion on the destination address to be forwarded, and forwarding the data packet to the address after the network address conversion according to the forwarding strategy.
8. The method of claim 1, wherein before the obtaining the forwarding policy corresponding to the packet information, the method further comprises:
acquiring an encrypted forwarding strategy issued by a session control unit, and decrypting the forwarding strategy;
the obtaining of the forwarding policy corresponding to the data packet information specifically includes: and acquiring a decrypted forwarding strategy corresponding to the data packet information.
9. A data forwarding apparatus for use in a 5G private network environment, the apparatus comprising:
the receiving unit is used for receiving a data packet sent by a terminal side and acquiring data packet information from the data packet;
the computing unit is used for performing edge computation on the data packet information and acquiring a forwarding strategy corresponding to the data packet information, wherein the forwarding strategy comprises an edge forwarding strategy and a direct forwarding strategy;
and the forwarding unit is used for forwarding the data packet according to an edge forwarding strategy or a direct forwarding strategy corresponding to the data packet information.
10. An electronic device, comprising:
a processor; and
a memory arranged to store computer executable instructions which, when executed, cause the processor to perform the method of any of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011611301.XA CN112839078A (en) | 2020-12-30 | 2020-12-30 | Data forwarding method and device for 5G private network environment and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011611301.XA CN112839078A (en) | 2020-12-30 | 2020-12-30 | Data forwarding method and device for 5G private network environment and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112839078A true CN112839078A (en) | 2021-05-25 |
Family
ID=75925461
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011611301.XA Pending CN112839078A (en) | 2020-12-30 | 2020-12-30 | Data forwarding method and device for 5G private network environment and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112839078A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023061275A1 (en) * | 2021-10-12 | 2023-04-20 | 维沃移动通信有限公司 | Communication authorization method and apparatus, network element and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103581765A (en) * | 2012-08-02 | 2014-02-12 | 华为技术有限公司 | Method and equipment for message transmission |
| US20140376367A1 (en) * | 2013-06-24 | 2014-12-25 | Vmware, Inc. | System and method for distribution of policy enforcement point |
| CN112019427A (en) * | 2020-08-28 | 2020-12-01 | 浙江九州云信息科技有限公司 | Wireless side edge gateway of mobile cellular network |
-
2020
- 2020-12-30 CN CN202011611301.XA patent/CN112839078A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103581765A (en) * | 2012-08-02 | 2014-02-12 | 华为技术有限公司 | Method and equipment for message transmission |
| US20140376367A1 (en) * | 2013-06-24 | 2014-12-25 | Vmware, Inc. | System and method for distribution of policy enforcement point |
| CN112019427A (en) * | 2020-08-28 | 2020-12-01 | 浙江九州云信息科技有限公司 | Wireless side edge gateway of mobile cellular network |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023061275A1 (en) * | 2021-10-12 | 2023-04-20 | 维沃移动通信有限公司 | Communication authorization method and apparatus, network element and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9674142B2 (en) | Monitoring network traffic | |
| US10945130B2 (en) | Method for establishing wireless connection for application of user equipment | |
| EP3110081B1 (en) | Methods for controlling service chain of service flow | |
| US20210367896A1 (en) | Service Packet Processing Method, Apparatus, and System | |
| US20220357989A1 (en) | Technologies for multi-tenant automatic local breakout switching and data plane dynamic load balancing | |
| JP2020517132A (en) | Method, apparatus and system for implementing policy control | |
| US20200245136A1 (en) | Method for identifying encrypted data stream, device, storage medium and system | |
| WO2021233208A1 (en) | Method and apparatus for protecting communication | |
| CN110557785B (en) | Data distribution method and device based on MEC | |
| CN107547338B (en) | Message forwarding method and device | |
| EP3942832B1 (en) | Network based media processing security | |
| CN112839078A (en) | Data forwarding method and device for 5G private network environment and electronic equipment | |
| CN112653716B (en) | Service binding method and device | |
| WO2020140842A1 (en) | Data transmission method, device and system | |
| CN116016725A (en) | Information transmission method, computer device and storage medium | |
| WO2014079319A1 (en) | Message forwarding method, and routing device and identification device thereof | |
| US11153806B2 (en) | Access control method and device, computer readable medium and system | |
| CN114374649A (en) | Hybrid routing method, device and network equipment | |
| CN115396537B (en) | Internet of things access control method, device, equipment and medium | |
| WO2023165195A1 (en) | Perception data reporting method and apparatus, information generation method and apparatus, computer-readable storage medium, computer device and computer program product | |
| KR102664180B1 (en) | Network-based media processing security | |
| US20170201596A1 (en) | Achieving balanced in-network content caching freshness | |
| WO2016115913A1 (en) | Data processing method and apparatus | |
| US20140150093A1 (en) | Electronic module for making a message accessible to a targeted operating system | |
| CN116708329A (en) | Message forwarding method and device, storage medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210525 |