CN114124618B - Message transmission method and electronic equipment - Google Patents

Message transmission method and electronic equipment Download PDF

Info

Publication number
CN114124618B
CN114124618B CN202111481087.5A CN202111481087A CN114124618B CN 114124618 B CN114124618 B CN 114124618B CN 202111481087 A CN202111481087 A CN 202111481087A CN 114124618 B CN114124618 B CN 114124618B
Authority
CN
China
Prior art keywords
cpe
upf
message
layer vpn
mac address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111481087.5A
Other languages
Chinese (zh)
Other versions
CN114124618A (en
Inventor
彭艺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Technologies Co Ltd Chengdu Branch
Original Assignee
New H3C Technologies Co Ltd Chengdu Branch
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Technologies Co Ltd Chengdu Branch filed Critical New H3C Technologies Co Ltd Chengdu Branch
Priority to CN202111481087.5A priority Critical patent/CN114124618B/en
Publication of CN114124618A publication Critical patent/CN114124618A/en
Application granted granted Critical
Publication of CN114124618B publication Critical patent/CN114124618B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/02Traffic management, e.g. flow control or congestion control
    • H04W28/06Optimizing the usage of the radio link, e.g. header compression, information sizing, discarding information
    • H04W28/065Optimizing the usage of the radio link, e.g. header compression, information sizing, discarding information using assembly or disassembly of packets
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • H04L2012/4629LAN interconnection over a backbone network, e.g. Internet, Frame Relay using multilayer switching, e.g. layer 3 switching

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application provides a message transmission method and electronic equipment. In the application, the 5G CPE and the UPF establish a two-layer VPN tunnel based on the SMF, and forward the message through the two-layer VPN tunnel. Message transmission between the industrial equipment hung under the CPE and other industrial equipment hung under the CPE and a data network accessed under the UPF is realized. And message transmission among industrial devices hung under different CPEs is directly carried out through the UPF under the same UPF, so that the forwarding efficiency is improved.

Description

Message transmission method and electronic equipment
Technical Field
The present disclosure relates to 5G networks, and in particular, to a method for transmitting a message and an electronic device.
Background
In the existing 5G LAN standard: the UPF and the data network directly transmit messages to realize two-layer intercommunication between the mobile terminal and the data network; the UPFs use a GTPU tunnel to transmit messages, so that two-layer intercommunication of the mobile terminal across the UPFs is realized; and the mobile terminal and the downlink equipment thereof directly transmit messages with the UPF.
However, two-layer interworking of 5G LAN requires that the mobile terminal can directly transmit the message to the mobile network, but no 5G module currently provides ethernet access capability. Therefore, how to combine the IP access capability of the existing 5G module and the 5G LAN capability of the core network to provide mobile ethernet access for the conventional industrial equipment is a problem to be solved.
Disclosure of Invention
The application provides a message transmission method and electronic equipment, which enable a two-layer VPN tunnel to be adopted between a 5G CPE and a UPF to realize the message transmission of industrial equipment, and establish a two-layer intercommunication mobile local area network.
The technical scheme provided by the embodiment of the application comprises the following steps:
a message transmission method is applied to 5G customer premise equipment CPE, and comprises the following steps:
the CPE establishes a two-layer VPN tunnel with a user plane function network element UPF in a 5G core network, the local address of the two-layer VPN tunnel is a WAN port IP address of the CPE, and the remote address is an IP address of a UPF virtual switch configured by the UPF;
and receiving a message to be sent, and packaging the message into a two-layer VPN message and sending the message through the two-layer VPN tunnel when the destination MAC address in the message is related to the UPF.
Optionally, the establishing the two-layer VPN tunnel between the CPE and the user plane function network element UPF in the 5G core network includes:
the CPE obtains tunnel information for establishing a two-layer VPN tunnel between the CPE and the UPF, wherein the tunnel information at least comprises: the IP address, the two-layer VPN type and the VPN mark of the UPF virtual switch;
and the CPE establishes a CPE side two-layer VPN tunnel according to the IP address of the WAN port of the CPE and the IP address of the UPF virtual switch.
Optionally, after the CPE establishes the two-layer VPN tunnel with the user plane function network element UPF in the 5G core network, the method further includes:
the CPE is used as one end of the two-layer VPN tunnel to learn the MAC address and establish an MAC address table; the MAC address table comprises an MAC address and an outgoing interface, wherein when the MAC address is a far-end MAC address, the outgoing interface is the two-layer VPN tunnel, and when the MAC address is a local MAC address, the outgoing interface is an interface of a network device corresponding to the local MAC address, which is accessed to the CPE, on the CPE, the far-end MAC address is the MAC address of other devices accessed under the UPF or the MAC address of a device in a data network connected with the UPF, and the local MAC address is the MAC address of the device hung locally by the CPE.
Optionally, the CPE obtaining tunnel information for establishing a two-layer VPN tunnel between the CPE and the UPF includes:
the CPE sends PDU session establishment request information to a session management function network element SMF in a 5G core network, the PDU session type is indicated to be an IP type, and the information comprises a network slice identifier and a data network name;
the CPE receives a PDU session establishment acceptance message sent by a session management function network element SMF, wherein the PDU session establishment acceptance message comprises the tunnel information;
Or,
the CPE receives the tunnel information input from the outside.
Optionally, associating the destination MAC address in the packet with the UPF includes:
and the destination MAC address in the message is the MAC address of other equipment accessed under the UPF or the MAC address of equipment in the data network connected with the UPF.
The application also provides a message transmission method, which is applied to a user plane function network element UPF in a 5G core network and comprises the following steps:
the UPF establishes a two-layer VPN tunnel with a 5G customer premise equipment CPE, the local address of the two-layer VPN tunnel is the IP address of a UPF virtual switch configured by the UPF, and the remote address is the WAN port IP address of the CPE;
receiving a two-layer VPN message, decapsulating the two-layer VPN message to obtain an original message, and encapsulating the original message into a two-layer VPN message and transmitting the two-layer VPN message through the two-layer VPN tunnel when the original message is a unicast message and the destination MAC address of the original message is equipment accessed under the UPF; or,
when the original message is a multicast or broadcast or unknown unicast message, the original message is packaged into a two-layer VPN message and sent through the two-layer VPN tunnel;
And when receiving a message through a data network or a GTPU tunnel between the data network and other UPFs, and the destination MAC address in the message is the MAC address of equipment in the network hung under the CPE, packaging the message into a two-layer VPN message and sending the message through the two-layer VPN tunnel.
Optionally, the establishing the two-layer VPN tunnel with the UPF and the 5G customer premise equipment CPE includes:
receiving a UE level N4 session establishment request message sent by SMF; the UE level N4 session establishment request message carries the WAN port IP address and the network instance of the CPE;
establishing a two-layer VPN tunnel between the UPF and the CPE by taking the WAN port IP address of the CPE as a far-end address; the two-layer VPN tunnel is bound with the network instance, the two-layer VPN type and the VPN identifier; and sends a UE-level N4 session setup response message to the SMF.
Optionally, the UPF obtains an uplink PDR and a downlink FAR in the process of establishing the two-layer VPN tunnel, where the uplink PDR carries a two-layer VPN type, a VPN identifier, and a two-layer VPN header peeling indication, and the downlink FAR carries a two-layer VPN type, a two-layer VPN identifier, and a two-layer VPN header filling indication.
The application also provides a message transmission method, which is applied to a session management function network element SMF in a 5G core network and comprises the following steps:
The SMF carries the two-layer VPN type, the VPN identifier and the IP address of the UPF end of the two-layer VPN tunnel in a PDU session establishment receiving message sent to the 5G CPE, and indicates the 5G CPE to establish the two-layer VPN tunnel with the UPF by the information;
the SMF carries the two-layer VPN type, the VPN identifier and the IP address of the 5G CPE end of the two-layer VPN tunnel in the UE level N4 session establishment message sent to the UPF, and indicates the UPF to establish the two-layer VPN tunnel with the 5G CPE by using the information;
the two-layer VPN tunnel is used for transmitting messages between CPE and UPF.
The application also provides a message transmission device, which is applied to a 5G customer premise equipment CPE, and comprises:
CPE end tunnel establishment unit: the CPE is used for establishing a two-layer VPN tunnel with a user plane function network element UPF in a 5G core network; the local address of the two-layer VPN tunnel is the WAN port IP address of the CPE, and the remote address is the IP address of the UPF virtual switch configured by the UPF;
CPE message forwarding unit: and when the destination MAC address in the message is associated with the UPF, the message is packaged into a two-layer VPN message and sent through the two-layer VPN tunnel.
Optionally, the establishing unit of the CPE end tunnel establishes a two-layer VPN tunnel between the CPE and a user plane function network element UPF in the 5G core network, including:
The CPE obtains tunnel information for establishing a two-layer VPN tunnel between the CPE and the UPF, wherein the tunnel information at least comprises: the IP address, the two-layer VPN type and the VPN mark of the UPF virtual switch;
and the CPE establishes a CPE side two-layer VPN tunnel according to the IP address of the WAN port of the CPE and the IP address of the UPF virtual switch.
Optionally, after the CPE establishes the two-layer VPN tunnel with the user plane function network element UPF in the 5G core network, the method further includes:
the CPE is used as one end of the two-layer VPN tunnel to learn the MAC address and establish an MAC address table; the MAC address table comprises an MAC address and an outgoing interface, wherein when the MAC address is a far-end MAC address, the outgoing interface is the two-layer VPN tunnel, and when the MAC address is a local MAC address, the outgoing interface is an interface of a network device corresponding to the local MAC address, which is accessed to the CPE, on the CPE, the far-end MAC address is the MAC address of other devices accessed under the UPF or the MAC address of a device in a data network connected with the UPF, and the local MAC address is the MAC address of the device hung locally by the CPE.
Optionally, the obtaining, by the CPE end tunnel establishment unit, tunnel information for establishing a two-layer VPN tunnel between the CPE and the UPF includes:
The CPE sends PDU session establishment request information to the SMF, the PDU session type is indicated to be an IP type, and the information comprises a network slice identifier and a data network name;
the CPE receives a PDU session establishment acceptance message sent by a session management function network element SMF, wherein the PDU session establishment acceptance message comprises the tunnel information;
or,
the CPE receives the tunnel information input from the outside.
Optionally, associating the destination MAC address in the CPE message forwarding unit message with the UPF includes:
and the destination MAC address in the message is the MAC address of other equipment accessed under the UPF or the MAC address of equipment in the data network connected with the UPF.
The application also provides a message transmission device, which is applied to a user plane function network element UPF in a 5G core network, and comprises:
UPF end tunnel establishment unit: the method comprises the steps that a two-layer VPN tunnel is established between the UPF and a 5G Customer Premise Equipment (CPE), the local address of the two-layer VPN tunnel is the IP address of a UPF virtual switch configured by the UPF, and the remote address is the WAN port IP address of the CPE;
UPF end message forwarding unit: the method comprises the steps of receiving a two-layer VPN message, decapsulating the two-layer VPN message to obtain an original message, and encapsulating the original message into the two-layer VPN message and sending the two-layer VPN message through a two-layer VPN tunnel when the original message is a unicast message and a destination MAC address of the original message is equipment accessed under the UPF; or,
When the original message is a multicast or broadcast or unknown unicast message, the original message is packaged into a two-layer VPN message and sent through the two-layer VPN tunnel;
when a message is received through a data network or a GTPU tunnel between the data network and other UPFs, and the destination MAC address in the message is the MAC address of equipment in the network hung under the CPE, the message is packaged into a two-layer VPN message and sent through the two-layer VPN tunnel.
Optionally, the establishing unit of the UPF end tunnel establishes a two-layer VPN tunnel between the present UPF and the CPE of the 5G customer premise equipment includes:
receiving a UE level N4 session establishment request message sent by SMF; the UE level N4 session establishment request message carries the WAN port IP address and the network instance of the CPE;
establishing a two-layer VPN tunnel between the UPF and the CPE by taking the WAN port IP address of the CPE as a far-end address; the two-layer VPN tunnel is bound with the network instance, the two-layer VPN type and the VPN identifier; and sends a UE-level N4 session setup response message to the SMF.
Optionally, after the UPF-end tunnel establishment unit establishes the two-layer VPN tunnel between the present UPF and the 5G customer premise equipment CPE, the UPF-end tunnel establishment unit further includes:
UPF end MAC address table building unit: the UPF is used as one end of the two-layer VPN tunnel to learn the MAC address and establish an MAC address table; when the MAC address is a remote MAC address, the outbound interface is the two-layer VPN tunnel, and when the MAC address is a local MAC address, the outbound interface is an interface of the UPF for accessing network equipment corresponding to the local MAC address, the remote MAC address is the MAC address of equipment in the network hung under the CPE, and the local MAC address is the MAC address of the equipment in the data network connected with the UPF or the MAC address of the equipment accessed under other UPFs.
Optionally, the UPF tunnel establishment unit obtains an uplink PDR and a downlink FAR in the process of establishing the two-layer VPN tunnel, where the uplink PDR carries a two-layer VPN type, a VPN identifier and a two-layer VPN header stripping indication, and the downlink FAR carries a two-layer VPN type, a two-layer VPN identifier and a two-layer VPN header filling indication.
The application also provides a message transmission device, which is applied to a session management function network element (SMF) in a 5G core network, and comprises:
CPE transmitting unit: the SMF is used for carrying a two-layer VPN type, a VPN identifier and an IP address of a UPF virtual switch at a UPF end of a two-layer VPN tunnel in a PDU session establishment receiving message sent to the CPE so that the CPE establishes a two-layer VPN tunnel with the UPF according to the information, and the two-layer VPN tunnel is used for transmitting messages between the CPE and the UPF;
UPF transmitting unit: the SMF carries the two-layer VPN type, the VPN identifier and the WAN port IP address of the CPE end of the two-layer VPN tunnel in the UE level N4 session establishment message sent to the UPF, so that the UPF establishes the two-layer VPN tunnel with the CPE by using the information, and the two-layer VPN tunnel is used for transmitting messages between the CPE and the UPF.
The application also provides an electronic device, which includes:
one or more processors;
A machine-readable storage medium storing one or more computer-readable instructions that, when executed by the one or more processors, cause the one or more processors to implement the method of any of the preceding claims.
According to the technical scheme, in the application, the 5G CPE and the UPF which only have IP access capability are controlled by the SMF to automatically establish a two-layer VPN tunnel, the CPE and the UPF are enabled to perform MAC address learning and establish an MAC address table, and the message is transmitted between the CPE and the UPF through the two-layer VPN tunnel, so that the industrial equipment can directly transmit the message to the mobile network.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure.
FIG. 1 is a flow chart of a method provided in an embodiment of the present application;
FIG. 2 is a flowchart of another method provided in an embodiment of the present application;
FIG. 3 is a flowchart of another method provided in an embodiment of the present application;
fig. 4 is a flowchart for establishing a two-layer VPN tunnel according to an embodiment of the present application;
FIG. 5 is a diagram of MAC address representation provided in an embodiment of the present application;
FIG. 6 is a diagram of another MAC address representation provided in an embodiment of the present application;
FIG. 7 is a block diagram of an apparatus according to an embodiment of the present application;
FIG. 8 is a block diagram of another apparatus according to an embodiment of the present application;
FIG. 9 is a block diagram of another apparatus according to an embodiment of the present application;
fig. 10 is a block diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present application as detailed in the accompanying claims.
The terminology used in the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the present application. As used in this application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
In order to better understand the technical solutions provided by the embodiments of the present application and make the above objects, features and advantages of the embodiments of the present application more obvious, the technical solutions in the embodiments of the present application are described in further detail below with reference to the accompanying drawings.
Some of the terms involved in the present application are first explained,
SMF: session Management Function, a session management function network element in the 5G core network is responsible for PDU session management, IP address allocation, UPF selection and control functions of the mobile terminal.
UPF: user Plane Function, the user plane function network element in the 5G core network is responsible for user plane data transmission, routing and QoS processing of the mobile terminal.
PDU: protocol Data Unit, protocol data unit, represents data messages exchanged between the mobile terminal and the data network.
5G VN group: 5G Virtual Network Group,5G a virtual network group, which represents a group of terminals in the same virtual network, including wired terminals, mobile terminals, and down-hanging terminals for mobile terminals (in the case of ethernet type link, the mobile terminals and the down-hanging terminals are two-layer networks, and the mobile terminals are equivalent to two-layer switches).
GTPU: GPRS Tunneling Protocol User, a tunneling protocol based on UDP/IP encapsulating the original message, is a unidirectional tunnel, identifying the tunnel endpoint by Tunnel Endpoint ID (TEID), currently used only in mobile communication networks.
PDR: packet Detection Rule, the packet detection rule, the UPF matches the received packet with a PDR, which is a combination of N3 interface GTPU tunnel information, network instance, ethernet packet filter (e.g. source MAC address, destination MAC address, etc.) for the Ethernet PDU session type.
FAR: forwarding Action Rule, forwarding action rules, after the UPF matches the packet with the PDR, forwarding the packet according to the FAR bound by the PDR, and indicating how the packet is forwarded by the FAR.
VXLAN: virtual eXtensible LAN, the scalable virtual local area network is a two-layer VPN technology based on an IP network and adopting a "MAC in UDP" encapsulation form. VXLAN can provide two-layer interconnection for decentralized physical sites based on existing service providers or enterprise IP networks, and can provide traffic isolation for different tenants. VXLAN is mainly applied to data center networks.
CPE: customer Premise Equipment customer premises equipment is a device that converts high speed 4G or 5G signals into WiFi signals or wired signals.
AMF: access and Mobility Management Function, an access and mobility management function network element in the 5G core network is responsible for functions such as registration, connection, mobility and access security management of the mobile terminal.
The application provides a message transmission method, which enables a two-layer VPN tunnel to be adopted between a 5G CPE and a UPF to realize the message transmission of industrial equipment.
Referring to fig. 1, fig. 1 is a flowchart of a method provided in an embodiment of the present application. The method is applied to 5G CPE.
As shown in fig. 1, the method may include the steps of:
step S101, the CPE establishes a two-layer VPN tunnel with a user plane function network element UPF in a 5G core network.
In this embodiment, the CPE and the UPF automatically establish a two-layer VPN tunnel under the control of the SMF, where the local address of the two-layer VPN tunnel is the WAN port IP address of the 5G CPE, and the remote address is the IP address of the UPF virtual switch configured by the UPF, and the VPN identifier in the two-layer VPN packet is mapped with the 5G VN group 1:1. The SMF sends the endpoint IP address and the VPN identifier of the two-layer VPN tunnel to the CPE and the UPF, and the CPE and the UPF automatically establish the two-layer VPN tunnel according to the received endpoint information.
In another embodiment, the CPE obtains tunnel information for establishing a two-layer VPN tunnel between the CPE and the UPF, where the tunnel information includes at least: the IP address, the two-layer VPN type and the VPN identifier of the UPF virtual switch;
Optionally, the CPE obtains tunnel information for establishing a two-layer VPN tunnel between the CPE and the UPF by:
the CPE sends PDU session establishment request information to the SMF, the PDU session type is indicated to be an IP type, and the information comprises a network slice identifier and a data network name; optionally, the network slice identifier and the network data name may also be sent to the SMF through an access and mobility management function network element AMF in the 5G core network, where the AMF may check subscription data and obtain a default network slice identifier and a data network name
The CPE receives PDU session establishment acceptance message sent by the SMF, the PDU session establishment acceptance message is the PDU session establishment acceptance message which is filled and replied to the CPE by the SMF according to the existing 5G standard, and meanwhile, the message is newly added with a two-layer VPN type, a two-layer VPN identifier, an IP address of a UPF virtual switch and a message transmission instruction.
Or,
the CPE receives the tunnel information input from the outside. For example, the network administrator knows the IP address of the virtual switch of the UPF in advance, and then the address can be manually configured at the CPE, and the CPE can directly establish the two-layer VPN tunnel when establishing the PDU session.
Further, after the CPE establishes a two-layer VPN tunnel with a user plane function network element UPF in the 5G core network, the CPE performs MAC address learning as one end of the two-layer VPN tunnel and establishes a MAC address table; the MAC address table includes a MAC address and an outgoing interface, where, when the MAC address is a remote MAC address, the outgoing interface is the two-layer VPN tunnel, and when the MAC address is a local MAC address, the outgoing interface is an interface of the CPE, where the network device corresponds to the local MAC address is accessed to the CPE, the remote MAC address is a MAC address of another device accessed under the UPF or a MAC address of a device in a data network connected to the UPF, and the local MAC address is a MAC address of a device locally hung on the CPE.
In this embodiment, the CPE learns the local and remote MAC addresses and builds a MAC address table for a two-layer VPN type network instance, including the MAC address and the egress interface.
The learning method of the local MAC address is as follows: after receiving the message sent by the downlink industrial equipment, the CPE judges the VPN to which the message belongs, and adds the source MAC address in the message into the MAC address table of the VPN example, wherein the output interface corresponding to the MAC address is the interface for receiving the message, namely the interface for accessing the network equipment corresponding to the local MAC address on the CPE.
The learning method of the remote MAC address comprises the following steps: after receiving the two-layer VPN message from the two-layer VPN tunnel established with the UPF, the CPE judges the VPN to which the message belongs according to the VPN identification, decapsulates the message, restores the message, and adds the source MAC address in the data frame into the MAC address table corresponding to the VPN instance to which the message belongs, wherein the output interface corresponding to the MAC address is the two-layer VPN tunnel.
Step S102, receiving a message to be sent, and packaging the message into a two-layer VPN message and sending the message through the two-layer VPN tunnel when a destination MAC address in the message is associated with the UPF.
In this embodiment, when a message sent by the CPE local hooking device is received and a destination MAC address in the message is a local MAC address, the message is sent to the destination MAC address through an interface of the CPE, which is connected to a network device corresponding to the local MAC address; or alternatively, the first and second heat exchangers may be,
When the destination MAC address in the message is a far-end MAC address, after the message is encapsulated into a two-layer VPN message, the two-layer VPN message is sent to the destination MAC address through the two-layer VPN tunnel;
when receiving a two-layer VPN message through the two-layer VPN tunnel, decapsulating the two-layer VPN message to obtain an original message, and sending the message to the destination MAC address through an interface of the CPE, which is accessed to the network equipment corresponding to the local MAC address.
For example, when the CPE receives a message sent by an industrial device that is hung down, it identifies the VPN to which the message belongs, and then searches the MAC address table of the VPN instance for forwarding according to the destination MAC address in the message. When the target MAC address is a local MAC address, the CPE directly forwards the target MAC address locally through an interface of the network equipment corresponding to the local MAC address accessed to the CPE; when the destination MAC address is a remote MAC address, the CPE packages the message into a two-layer VPN message and forwards the two-layer VPN message to the UPF through a two-layer VPN tunnel, the VPN mark at the head of the two-layer VPN message is filled with the VPN mark received in the step S101, the source IP address in the outer IP head of the two-layer VPN message is filled with the WAN port IP address of the CPE, and the destination address in the outer IP head is filled with the IP address of the UPF virtual switch. Optionally, if the 5G CPE and the underhung industrial device adopt VLAN networking, the 5G CPE may encapsulate the messages of different VLANs into two-layer VPN messages corresponding to PDU sessions with a mapping relationship according to configuration.
The CPE receives the message through the two-layer VPN tunnel, wherein the message is a two-layer VPN message, at the moment, the CPE decapsulates the two-layer VPN message to obtain the message and a destination MAC address in the message, and sends the message to the corresponding industrial equipment hung downwards according to the destination MAC address. Optionally, if the CPE and the underhung industrial device adopt VLAN networking, the 5G CPE can forward the messages received by the two-layer VPN corresponding to the different PDU sessions to the VLAN with the mapping relationship according to the configuration.
Thus, the flow shown in fig. 1 is completed.
In this embodiment, the CPE establishes a two-layer VPN tunnel according to the WAN port IP address of the CPE and the IP address of the UPF virtual switch, and then forwards the message through the two-layer VPN tunnel, so as to implement message transmission between the industrial equipment hung under the CPE, the industrial equipment hung under other CPE accessed under the UPF, and the data network.
Further, in this embodiment, the message transmission between the industrial devices hung under different CPEs under the same UPF directly performs local forwarding through the UPF, without bypassing the data network, thereby improving forwarding efficiency.
In another embodiment, the method for transmitting a message provided in the present application may also be applied to UPF.
As shown in fig. 2, the method may include the steps of:
in step S201, the UPF establishes a two-layer VPN tunnel with the 5G customer premise equipment CPE.
In this embodiment, the UPF supports local configuration or obtains an IP address of the virtual switch through the SMF, and uses the IP address as a local address, and the WAN port IP address of the CPE as a remote address establishes a two-layer VPN tunnel with the CPE.
In another embodiment, the tunneling of the two-layer VPN may be established by:
receiving a UE level N4 session establishment request message sent by SMF; the UE level N4 session establishment request message carries the WAN port IP address and the network instance of the CPE; optionally, the message may also carry the IP address of the UPF virtual machine by means of SMF local configuration setting.
Establishing a two-layer VPN tunnel between the UPF and the CPE by taking the WAN port IP address of the CPE as a far-end address; the two-layer VPN tunnel is bound to the network instance and the two-layer VPN type and VPN identity.
And sending a UE level N4 session establishment response message to the SMF. Optionally, if the SMF does not carry the IP address of the UPF virtual switch for UPF to establish the two-layer VPN tunnel in the UE-level N4 session establishment request message, the UPF may bring the IP address of the locally configured UPF virtual switch for UPF to establish the two-layer VPN tunnel to the SMF in the response message.
Further, after the UPF establishes a two-layer VPN tunnel with the CPE, the UPF performs MAC address learning as one end of the two-layer VPN tunnel and establishes a MAC address table; the MAC address table includes a MAC address and an outgoing interface, where, when the MAC address is a remote MAC address, the outgoing interface is the two-layer VPN tunnel, and when the MAC address is a local MAC address, the outgoing interface is an interface on the UPF, where the network device corresponds to the local MAC address, the remote MAC address is a MAC address of a device in a network hung under the CPE, and the local MAC address is a MAC address of a device in a data network connected with the UPF or a MAC address of a device accessed under other UPFs.
In this embodiment, the UPF learns the local and remote MAC addresses and builds a MAC address table for a two-layer VPN type network instance, including the MAC address and the egress interface.
The learning method of the local MAC address is as follows: after the UPF receives the message from the data network or other UPFs, the corresponding network instance can be obtained according to the existing 5G LAN technology, the VPN to which the message belongs is further obtained through the mapping of the network instance, then the source MAC address in the message is added into the MAC address table of the VPN instance, and the output interface corresponding to the MAC address is the interface for receiving the message, namely the interface for accessing the network equipment corresponding to the local MAC address on the UPF.
The learning method of the remote MAC address comprises the following steps: after receiving a two-layer VPN message from a two-layer VPN tunnel established with a CPE, the UPF judges the VPN to which the message belongs according to the VPN identification, decapsulates the two-layer VPN message to obtain a source MAC address in the message, adds the source MAC address into an MAC address table corresponding to the VPN instance and the network instance, and an output interface corresponding to the MAC address is the two-layer VPN tunnel to the CPE.
Step S202, when a two-layer VPN message is received through the two-layer VPN tunnel, the two-layer VPN message is unpackaged to obtain an original message, and when the original message is a unicast message and the destination MAC address of the original message is equipment accessed under the UPF, the original message is packed into the two-layer VPN message and sent through the two-layer VPN tunnel; or,
when the original message is a multicast or broadcast or unknown unicast message, the original message is packaged into a two-layer VPN message and sent through the two-layer VPN tunnel;
when a message is received through a data network or a GTPU tunnel between the data network and other UPFs, and the destination MAC address in the message is the MAC address of equipment in the network hung under the CPE, the message is packaged into a two-layer VPN message and sent through the two-layer VPN tunnel.
In this embodiment, when a two-layer VPN packet is received through the two-layer VPN tunnel, the two-layer VPN packet is decapsulated to obtain an original packet and a VPN identifier, and the VPN identifier is mapped to a network instance, where the network instance is sent from an SMF to a UPF in the tunnel establishment process. When the original message is a unicast message and the target MAC address is the equipment accessed under the UPF, the original message is packaged into a two-layer VPN message, and the two-layer VPN message is sent to the target MAC address through the two-layer VPN tunnel; or,
when the original message is a unicast message and the destination MAC address is equipment accessed under other UPFs, the message is sent to the destination MAC address through a GTPU tunnel between the UPFs; or,
when the original message is a multicast or broadcast or unknown unicast message, the message is sent to a data network belonging to the same network instance or VPN identifier and other UPFs, the original message is packaged into a two-layer VPN message, and the two-layer VPN message is sent to equipment accessed under the UPF through the two-layer VPN tunnel;
when a message is received through a data network or a GTPU tunnel between the data network and other UPFs, and the destination MAC address in the message is a remote MAC address, the message is packaged into a two-layer VPN message, and then the two-layer VPN message is sent to the destination MAC address through the two-layer VPN tunnel.
Taking a two-layer VPN type as a VXLAN as an example, after the UPF receives a VXLAN message sent by a 5G CPE through a two-layer VPN tunnel, stripping the header of the VXLAN message to obtain an original message, mapping the message to a network instance in the 5G LAN, and searching an MAC address table according to a destination MAC address and the network instance in the original message.
If the original message is a unicast message and the destination MAC address is in the UPF, the original message is packaged into a VXLAN message and sent to a 5G CPE to which the destination MAC address belongs, and if the destination MAC address is in a data network or other UPF, forwarding is carried out according to the prior art of the 5G LAN.
If the original message is a broadcast, multicast or unknown unicast message, the original message is packaged into a VXLAN message, and the VXLAN message is sent to all CPEs of the same network instance under the UPF through a VXLAN tunnel, and the message is forwarded to a data network and other UPFs according to the prior art of 5G LAN.
Taking two-layer VPN type as VXLAN as an example, if UPF receives a message of 5GLAN from a data network or other UPFs, the UPF analyzes the message according to the existing 5G LAN technology to obtain an original message and a network instance, and the UPF searches an MAC address table according to a destination MAC address and the network instance in the original message.
And if the original message is a unicast message and if the target equipment is in the UPF, packaging the original message into a VXLAN message and sending the VXLAN message to the CPE to which the target MAC address belongs.
And if the original message is a broadcast, multicast or unknown unicast message, the original message is packaged into a VXLAN message, and the VXLAN message is transmitted to all CPEs of the same network instance under the UPF through a VXLAN tunnel.
In another embodiment, the UPF obtains an upstream PDR and a downstream FAR in the process of establishing the two-layer VPN tunnel, where the upstream PDR carries a two-layer VPN type, a VPN identifier, and a two-layer VPN header stripping indication, and the downstream FAR carries a two-layer VPN type, a two-layer VPN identifier, and a two-layer VPN header filling indication.
For example, when the SMF sends the UE-level N4 session establishment response message in step S201, the filling rule of the cells in the message is: the uplink PDR carries a corresponding protocol field according to the technical requirement of the existing 5G LAN, and additionally carries a two-layer VPN type, a two-layer VPN identifier and a two-layer VPN header stripping instruction, and the uplink FAR carries a corresponding protocol field according to the technical requirement of the existing 5G LAN; the downlink PDR carries corresponding protocol fields according to the technical requirement of the existing 5G LAN, and the downlink FAR carries the two-layer VPN type, the two-layer VPN identifier and the two-layer VPN header filling indication in addition to carrying the corresponding protocol fields according to the technical requirement of the existing 5G LAN.
Thus, the flow shown in fig. 2 is completed.
In this embodiment, the UPF establishes a two-layer VPN tunnel according to the WAN port IP address of the CPE and the IP address of the UPF virtual switch, and forwards a message through the two-layer VPN tunnel, so as to implement message transmission between the industrial equipment hung under the CPE, the industrial equipment hung under other CPE accessed under the UPF, and the data network.
In another embodiment, the method for transmitting a message provided in the present application may also be applied to SMF.
As shown in fig. 3, the method may include the steps of:
step S301, the SMF sends PDU session establishment acceptance message to CPE, the PDU session establishment acceptance message carries two-layer VPN type, VPN mark, IP address of UPF virtual switch of UPF end of two-layer VPN tunnel, and the CPE establishes two-layer VPN tunnel with the two-layer VPN type, VPN mark, IP address of UPF virtual switch of UPF end of two-layer VPN tunnel and the UPF;
in this embodiment, the SMF sends a PDU session establishment acceptance message to the CPE, and indicates that the process of establishing the two-layer VPN tunnel between the CPE and the UPF is consistent with the method of establishing the two-layer VPN tunnel by the CPE in step S101, which is not described herein.
Optionally, if the CPE manually establishes the two-layer VPN tunnel, the SMF may not carry the two-layer VPN related information in the PDU session establishment accept message sent to the 5 GCPE. For example, the network administrator knows the two-layer VPN related information, and then the two-layer VPN related information can be configured at the CPE, and the CPE can directly establish the two-layer VPN tunnel when establishing the PDU session.
Step S302, the SMF sends a UE level N4 session establishment message to the UPF, wherein the UE level N4 session establishment message carries a two-layer VPN type, a VPN identifier and a WAN port IP address of a CPE end of a two-layer VPN tunnel, so that the UPF establishes a two-layer VPN tunnel with the two-layer VPN type, the VPN identifier and the WAN port IP address of the CPE end of the two-layer VPN tunnel.
In this embodiment, the SMF sends a UE-level N4 session establishment message to the UPF, and indicates that the process of establishing the two-layer VPN tunnel between the UPF and the CPE is consistent with the method of establishing the two-layer VPN tunnel by the UPF in step S201, which is not described herein. The two-layer VPN tunnel is used for transmitting messages between CPE and UPF.
Thus, the flow shown in fig. 3 is completed.
In this embodiment, the SMF sends a PDU session establishment acceptance message to the CPE, and instructs the CPE to establish a two-layer VPN tunnel with the two-layer VPN type, the VPN identifier, and the IP address of the two-layer VPN tunnel UPF end and the UPF in the PDU session establishment acceptance message. The SMF sends a UE level N4 session establishment message to the UPF, and indicates the UPF to establish a two-layer VPN tunnel with the IP of the 5G CPE end of the two-layer VPN tunnel and the 5G CPE according to the two-layer VPN type and the VPN identifier in the UE level N4 session establishment message. The method realizes message transmission between the industrial equipment hung under the CPE and other industrial equipment hung under the CPE and the data network, which are accessed under the UPF.
The establishment of a two-layer VPN tunnel is described in detail below by way of a specific example, with VXLAN being an example of a specific VPN type.
Fig. 4 is a block diagram of a CPE and a UPF for establishing a VXLAN tunnel, and as shown in fig. 4, the steps for establishing the VXLAN tunnel are as follows:
s401, CPE sends PDU session establishment request message to SMF, the message indicates PDU session type as IP type, and the message optionally contains network slice identification, data network name and other information. Alternatively, if the CPE and the underhung industrial device employ VLAN networking, the VLAN identifier and the 5G VN group identifier may be 1:1 or N:1, the mapping can be realized by adopting the mapping of VLAN identification, network slice identification and data network name. Depending on the mapping, the 5G CPE will likely initiate multiple PDU session establishment requests, carrying different network slice identification and/or data network name combinations.
S402, the SMF receives the PDU session establishment request message of the CPE, inquires subscription data through a network slice identifier and a data network name, and can obtain the identifier of the 5G VN group which the CPE expects to join, and the SMF judges that the 5G CPE is allowed to transmit an original message in a two-layer VPN mode based on the setting of local configuration or subscription data, so that the SMF maps the 5G VN group identifier to one 5G LAN of a specific network instance identifier according to the technical requirement of the existing 5G LAN, and then newly adds and processes the 5G LAN of the network instance identifier to a VXLAN network of the specific VXLAN ID identifier.
Optionally, if the PDU session establishment request message does not carry a network slice identifier and a network data name, the AMF searches the subscription data, obtains the network slice identifier and the data network name, and sends the network slice identifier and the data network name to the SMF.
S403, SMF selects UPF serving the CPE based on the existing 5G LAN technical requirement, and sends UE level N4 session establishment request message to the UPF, wherein the message carries WAN port IP address and network instance of the CPE, and filling rules of other cells in the message are as follows: the uplink PDR carries corresponding protocol fields according to the existing 5G LAN technical requirement, and additionally carries a two-layer VPN of the VXLAN type, a VXLAN ID of the VXLAN network and a two-layer VPN header stripping instruction, and the uplink FAR carries corresponding protocol fields according to the existing 5G LAN technical requirement; the downstream PDR carries corresponding protocol fields according to the technical requirement of the existing 5G LAN, and the downstream FAR adds two layers of VPNs carrying VXLAN types, VXLAN IDs of the VXLAN networks and two layers of VPN header filling instructions besides carrying corresponding protocol fields according to the technical requirement of the existing 5G LAN. Alternatively, if it is the SMF that assigns the IP address of the UPF virtual switch of the VXLAN tunnel, the SMF will carry in this message the IP address of the UPF virtual switch for the UPF to establish the VXLAN tunnel.
After the UPF receives the foregoing message of the SMF, except processing according to the existing 5G LAN technical requirements, the UPF establishes a VXLAN tunnel with the WAN port IP address of the CPE as a far-end address, binds the tunnel information with the VXLAN type two-layer VPN and VXLAN ID and the network instance, and then replies a UE level N4 session establishment response message to the SMF. Alternatively, if the SMF does not carry the IP address of the UPF virtual switch for UPF to establish the VXLAN tunnel in the UE-level N4 session establishment request message, the UPF may bring the IP address of the locally configured UPF virtual switch for UPF to establish the VXLAN tunnel to the SMF in a response message.
S404, the SMF establishes N4 session of VN group level according to the existing 5G LAN technical requirement and UPF interaction, and the UPF establishes message matching and forwarding rules of cross UPF and Ethernet communication with the data network in the process.
In S405, in addition to the PDU session establishment acceptance message replied to the 5G CPE according to the existing 5G standard, the SMF adds a two-layer VPN carrying the VXLAN type, the VXLAN ID of the VXLAN network, the IP address of the UPF virtual switch, and a message transmission indication in the message, for example, the SMF may carry the above added fields in the extended protocol configuration option field defined in the existing 5G standard.
Optionally, if the CPE receives the foregoing SMF message, a VXLAN tunnel is established according to the two-layer VPN type in the message, the VXLAN ID of the VXLAN network, and the IP address of the UPF virtual switch.
If the 5G CPE establishes the two-layer VPN tunnel manually, the SMF does not carry the two-layer VPN related information in the PDU session establishment acceptance message sent to the 5G CPE.
In order to enable those skilled in the art to better understand the technical solutions provided in this embodiment, the MAC address tables related to the foregoing embodiments are described in further detail below in connection with specific MAC address tables of CPEs, MAC address tables of UPFs, and embodiments.
Referring to fig. 5, taking a MAC address table of a 5G CPE as an example, the 5G CPE and an underhung industrial device are networked by using a VLAN, wherein the devices with MAC addresses of MAC-011 and MAC-012 belong to a local VLAN-500, the devices with MAC addresses of MAC-021 and MAC-022 belong to a remote device, their outgoing interfaces are VXLAN tunnels corresponding to PDU session 1, and the devices all belong to VXLAN networks identified by VXLAN ID-500; the equipment with the MAC address of MAC-031 and MAC-032 belongs to local VLAN-600, the equipment with the MAC address of MAC-041 and MAC-042 belongs to remote equipment, the output interface is a VXLAN tunnel corresponding to PDU session 2, and the equipment belongs to the VXLAN network identified by VXLAN ID-600.
Referring to fig. 6, taking a MAC address table of a UPF as an example, the devices with MAC addresses of MAC-011, MAC-012, MAC-111 and MAC-112 belong to the down-hanging network of the 5G CPE under the present UPF, the devices with MAC addresses of MAC-021 and MAC-022 respectively belong to the data network and other UPFs, and the devices belong to the VXLAN network identified by VXLAN ID-500 and the 5G LAN corresponding to the network instance NS-500; the equipment with MAC addresses of MAC-031, MAC-032, MAC-131 and MAC-132 belongs to the down-hanging network of 5G CPE under the UPF, the equipment with MAC addresses of MAC-041 and MAC-042 respectively belongs to the data network and other UPFs, and the equipment belongs to the VXLAN network identified by VXLAN ID-600 and the 5G LAN corresponding to the network instance NS-600.
Up to this point, an exemplary description of the MAC address table involved in the above method is completed.
The following describes an apparatus provided in this embodiment:
referring to fig. 7, fig. 7 is a message transmission apparatus provided in the present application, where the apparatus is applied to a 5G customer premise equipment CPE, and includes:
CPE-side tunnel establishment unit 701: the CPE is used for establishing a two-layer VPN tunnel with a user plane function network element UPF in a 5G core network; the local address of the two-layer VPN tunnel is the WAN port IP address of the CPE, and the remote address is the IP address of the UPF virtual switch configured by the UPF;
CPE-side packet forwarding unit 702: and when the destination MAC address in the message is associated with the UPF, the message is packaged into a two-layer VPN message and sent through the two-layer VPN tunnel.
In another embodiment, the CPE-side tunnel establishment unit 701 establishes a two-layer VPN tunnel between the CPE and a user plane function network element UPF in the 5G core network, including:
the CPE obtains tunnel information for establishing a two-layer VPN tunnel between the CPE and the UPF, wherein the tunnel information at least comprises: the IP address, the two-layer VPN type and the VPN mark of the UPF virtual switch;
and the CPE establishes a CPE side two-layer VPN tunnel according to the IP address of the WAN port of the CPE and the IP address of the UPF virtual switch.
In another embodiment, after the CPE-side tunnel establishment unit 701 establishes a two-layer VPN tunnel between the CPE and the user plane function network element UPF in the 5G core network, the method further includes:
CPE-side MAC address table establishment unit 703: the CPE is used for performing MAC address learning and establishing an MAC address table by taking the CPE as one end of the two-layer VPN tunnel; the MAC address table comprises an MAC address and an outgoing interface, wherein when the MAC address is a far-end MAC address, the outgoing interface is the two-layer VPN tunnel, and when the MAC address is a local MAC address, the outgoing interface is an interface of a network device corresponding to the local MAC address, which is accessed to the CPE, on the CPE, the far-end MAC address is the MAC address of other devices accessed under the UPF or the MAC address of a device in a data network connected with the UPF, and the local MAC address is the MAC address of the device hung locally by the CPE.
In another embodiment, the CPE-side tunnel establishment unit 701 obtains tunnel information for establishing a two-layer VPN tunnel between the CPE and the UPF, including:
the CPE sends PDU session establishment request information to the SMF, the PDU session type is indicated to be an IP type, and the information comprises a network slice identifier and a data network name;
the CPE receives a PDU session establishment acceptance message sent by a session management function network element SMF, wherein the PDU session establishment acceptance message comprises the tunnel information;
or,
the CPE receives the tunnel information input from the outside.
In another embodiment, associating the destination MAC address in the CPE message forwarding unit message with the UPF includes:
and the destination MAC address in the message is the MAC address of other equipment accessed under the UPF or the MAC address of equipment in the data network connected with the UPF.
The structural description of the apparatus shown in fig. 7 is thus completed.
Referring to fig. 8, fig. 8 is a message transmission apparatus provided in the present application, where the apparatus is applied to a user plane function network element UPF in a 5G core network, and includes:
UPF end tunnel establishment unit 801: the method comprises the steps that a two-layer VPN tunnel is established between the UPF and a 5G Customer Premise Equipment (CPE), the local address of the two-layer VPN tunnel is the IP address of a UPF virtual switch configured by the UPF, and the remote address is the WAN port IP address of the CPE;
UPF end message forwarding unit 802: the method comprises the steps of receiving a two-layer VPN message, decapsulating the two-layer VPN message to obtain an original message, and encapsulating the original message into the two-layer VPN message and sending the two-layer VPN message through a two-layer VPN tunnel when the original message is a unicast message and a destination MAC address of the original message is equipment accessed under the UPF; or,
when the original message is a multicast or broadcast or unknown unicast message, the original message is packaged into a two-layer VPN message and sent through the two-layer VPN tunnel;
when a message is received through a data network or a GTPU tunnel between the data network and other UPFs, and the destination MAC address in the message is the MAC address of equipment in the network hung under the CPE, the message is packaged into a two-layer VPN message and sent through the two-layer VPN tunnel.
In another embodiment, the UPF-end tunnel establishment unit 801 establishes a two-layer VPN tunnel between the present UPF and the 5G customer premise equipment CPE includes:
receiving a UE level N4 session establishment request message sent by SMF; the UE level N4 session establishment request message carries the WAN port IP address and the network instance of the CPE;
establishing a two-layer VPN tunnel between the UPF and the CPE by taking the WAN port IP address of the CPE as a far-end address; the two-layer VPN tunnel is bound with the network instance, the two-layer VPN type and the VPN identifier;
And sending a UE level N4 session establishment response message to the SMF.
In another embodiment, after the UPF-end tunnel establishment unit 801 establishes a two-layer VPN tunnel between the present UPF and the 5G customer premise equipment CPE, the method further includes:
UPF end MAC address table establishment unit 803: the UPF is used as one end of the two-layer VPN tunnel to learn the MAC address and establish an MAC address table; when the MAC address is a remote MAC address, the outbound interface is the two-layer VPN tunnel, and when the MAC address is a local MAC address, the outbound interface is an interface of the UPF for accessing network equipment corresponding to the local MAC address, the remote MAC address is the MAC address of equipment in the network hung under the CPE, and the local MAC address is the MAC address of the equipment in the data network connected with the UPF or the MAC address of the equipment accessed under other UPFs.
In another embodiment, the UPF tunnel establishment unit 801 obtains an uplink PDR and a downlink FAR in the process of establishing the two-layer VPN tunnel, where the uplink PDR carries a two-layer VPN type, a VPN identifier, and a two-layer VPN header peeling indication, and the downlink FAR carries a two-layer VPN type, a two-layer VPN identifier, and a two-layer VPN header filling indication.
The structural description of the apparatus shown in fig. 8 is thus completed.
Referring to fig. 9, fig. 9 is a message transmission device provided in the present application, where the device is applied to SMF, and includes:
CPE transmitting unit 901: the SMF is used for sending PDU session establishment acceptance information to the CPE, wherein the PDU session establishment acceptance information carries a two-layer VPN type, a VPN identifier and an IP address of a UPF virtual switch at a UPF end of a two-layer VPN tunnel, so that the CPE establishes a two-layer VPN tunnel with the two-layer VPN type, the VPN identifier and the IP address of the UPF virtual switch at the UPF end of the two-layer VPN tunnel;
UPF transmitting section 902: the SMF sends a UE level N4 session establishment message to a UPF, wherein the UE level N4 session establishment message carries a two-layer VPN type, a VPN identifier and a WAN port IP address of a CPE end of a two-layer VPN tunnel, so that the UPF establishes the two-layer VPN tunnel with the two-layer VPN type, the VPN identifier and the WAN port IP address of the CPE end of the two-layer VPN tunnel;
the two-layer VPN tunnel is used for transmitting messages between CPE and UPF.
The structural description of the apparatus shown in fig. 9 is thus completed.
The embodiment of the application also provides a hardware structure of the device shown in fig. 7 or fig. 8 or fig. 9. Referring to fig. 10, fig. 10 is a block diagram of an electronic device according to an embodiment of the present application. As shown in fig. 10, the hardware structure may include: one or more processors;
A machine-readable storage medium storing one or more computer-readable instructions that, when executed by the one or more processors, cause the one or more processors to implement the method of any of the preceding claims.
By way of example, the machine-readable storage medium may be any electronic, magnetic, optical, or other physical storage device that can contain or store information, such as executable instructions, data, and the like. For example, a machine-readable storage medium may be: RAM (Radom Access Memory, random access memory), volatile memory, non-volatile memory, flash memory, a storage drive (e.g., hard drive), a solid state drive, any type of storage disk (e.g., optical disk, dvd, etc.), or a similar storage medium, or a combination thereof.
The system, apparatus, module or unit set forth in the above embodiments may be implemented in particular by a computer chip or entity, or by a product having a certain function. A typical implementation device is a computer, which may be in the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email device, game console, tablet computer, wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being functionally divided into various units, respectively. Of course, the functions of each element may be implemented in one or more software and/or hardware elements when implemented in the present application.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present application may take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Moreover, these computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and changes may be made to the present application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc. which are within the spirit and principles of the present application are intended to be included within the scope of the claims of the present application.

Claims (9)

1. The message transmission method is characterized by being applied to a 5G Customer Premise Equipment (CPE), wherein the CPE and the underhung industrial equipment adopt VLAN networking, and VLAN identifiers of the VLAN networking and 5G VN group identifiers 1:1 or N:1 mapping; the method comprises the following steps:
the CPE initiates one or more PDU session establishment requests according to the mapping;
the CPE obtains tunnel information for establishing a two-layer VPN tunnel between the CPE and a user plane function network element UPF in a 5G core network, wherein the tunnel information at least comprises: the IP address, the two-layer VPN type and the VPN identifier of the UPF virtual switch;
the CPE establishes a CPE side two-layer VPN tunnel according to the IP address of the WAN port of the CPE and the IP address of the UPF virtual switch, wherein the local address of the two-layer VPN tunnel is the WAN port IP address of the CPE, and the remote address is the IP address of the UPF virtual switch configured by the UPF;
when receiving a message to be sent, and the destination MAC address in the message is the MAC address of other equipment accessed under the UPF or the MAC address of equipment in a data network connected with the UPF, the CPE packages the messages of different VLANs into a two-layer VPN message corresponding to a PDU session with a mapping relation and sends the two-layer VPN message;
And when the CPE receives the two-layer VPN message through the two-layer VPN tunnel, forwarding the message received by the two-layer VPN corresponding to different PDU sessions to a VLAN with a mapping relation.
2. The method according to claim 1, wherein after the CPE establishes the two-layer VPN tunnel with a user plane function, UPF, in the 5G core network, further comprising:
the CPE is used as one end of the two-layer VPN tunnel to learn the MAC address and establish an MAC address table; the MAC address table comprises an MAC address and an outgoing interface, wherein when the MAC address is a far-end MAC address, the outgoing interface is the two-layer VPN tunnel, and when the MAC address is a local MAC address, the outgoing interface is an interface of a network device corresponding to the local MAC address, which is accessed to the CPE, on the CPE, the far-end MAC address is the MAC address of other devices accessed under the UPF or the MAC address of a device in a data network connected with the UPF, and the local MAC address is the MAC address of the device hung locally by the CPE.
3. The method of claim 1, wherein the CPE obtaining tunnel information for establishing a two-layer VPN tunnel between the CPE and the UPF comprises:
the CPE sends PDU session establishment request information to a session management function network element SMF in a 5G core network, the PDU session type is indicated to be an IP type, and the information comprises a network slice identifier and/or a data network name; the CPE receives a PDU session establishment acceptance message sent by a session management function network element SMF, wherein the PDU session establishment acceptance message comprises the tunnel information;
Or,
the CPE receives the tunnel information input from the outside.
4. The message transmission method is characterized in that the method is applied to a user plane function network element UPF in a 5G core network, and comprises the following steps:
the UPF establishes a two-layer VPN tunnel with a 5G customer premise equipment CPE, wherein the CPE and the underhung industrial equipment adopt VLAN networking, and VLAN identifiers of the VLAN networking and 5G VN group identifiers 1:1 or N:1 mapping; the 5G VN group identification is mapped with a network instance; VPN identification mapping of the network instance and the two-layer VPN tunnel; the local address of the two-layer VPN tunnel is the IP address of the UPF virtual switch configured by the UPF, and the remote address is the WAN port IP address of the CPE;
receiving a two-layer VPN message from the two-layer VPN tunnel, and decapsulating the two-layer VPN message to obtain an original message and the VPN identifier; mapping the VPN identifier to the network instance according to the mapping relation between the VPN identifier and the network instance;
when the original message is a unicast message and the destination MAC address of the original message is the equipment accessed under the UPF, the original message is packaged into a two-layer VPN message and sent through the two-layer VPN tunnel;
When the original message is a multicast or broadcast or unknown unicast message, the original message is packaged into a two-layer VPN message and sent through the two-layer VPN tunnel;
and when receiving a message from a data network or a GTPU tunnel between the data network and other UPFs, acquiring the corresponding network instance, and when the destination MAC address in the message is the MAC address of equipment in the network hung under the CPE, mapping the network instance to the VPN identifier according to the mapping relation between the VPN identifier and the network instance, packaging the message into a two-layer VPN message and transmitting the two-layer VPN message through the two-layer VPN tunnel.
5. The method of claim 4, wherein the UPF establishing a two-layer VPN tunnel with a 5G customer premise equipment CPE comprises:
receiving a UE level N4 session establishment request message sent by SMF; the UE level N4 session establishment request message carries the WAN port IP address and the network instance of the CPE;
establishing a two-layer VPN tunnel between the UPF and the CPE by taking the WAN port IP address of the CPE as a far-end address; the two-layer VPN tunnel is bound with the network instance, the two-layer VPN type and the VPN identifier; and sends a UE-level N4 session setup response message to the SMF.
6. The method of claim 4, wherein after the UPF establishes the two-layer VPN tunnel with the 5G customer premise equipment CPE, further comprising:
the UPF is used as one end of the two-layer VPN tunnel to perform MAC address learning and establish an MAC address table; the MAC address table comprises an MAC address and an outgoing interface, wherein when the MAC address is a far-end MAC address, the outgoing interface is the two-layer VPN tunnel, and when the MAC address is a local MAC address, the outgoing interface is an interface of the UPF for accessing network equipment corresponding to the local MAC address, the far-end MAC address is the MAC address of equipment in a network hung under the CPE, and the local MAC address is the MAC address of the equipment in a data network connected with the UPF or the MAC address of the equipment accessed under other UPFs.
7. The method according to claim 6, wherein: the UPF obtains an uplink PDR and a downlink FAR in the process of establishing the two-layer VPN tunnel, wherein the uplink PDR carries a two-layer VPN type, a VPN identifier and a two-layer VPN header stripping indication, and the downlink FAR carries a two-layer VPN type, a two-layer VPN identifier and a two-layer VPN header filling indication.
8. The message transmission method is characterized in that a session management function network element (SMF) applied to a 5G core network, a 5G Customer Premise Equipment (CPE) and underhung industrial equipment adopt VLAN networking, and the SMF uses a network slice identifier and/or a data network name to enable VLAN identifiers of the VLAN networking to be matched with a 5G VN group identifier 1:1 or N:1 mapping; the SMF maps the 5G VN group identifier with a network instance, and maps the network instance with a VPN identifier; the method comprises the following steps:
The SMF sends PDU session establishment acceptance information to the CPE, wherein the PDU session establishment acceptance information carries a two-layer VPN type, a VPN mark and an IP address of a UPF virtual switch at a user plane function network element UPF end in a 5G core network of a two-layer VPN tunnel, so that the CPE establishes a two-layer VPN tunnel with the UPF by the two-layer VPN type, the VPN mark and the IP address of the UPF virtual switch at the UPF end of the two-layer VPN tunnel, and the two-layer VPN tunnel is used for transmitting messages between the CPE and the UPF;
the SMF sends a UE level N4 session establishment message to the UPF, wherein the UE level N4 session establishment message carries a two-layer VPN type, a VPN identifier, a WAN port IP address of a CPE end of a two-layer VPN tunnel and the network instance, so that the UPF establishes a two-layer VPN tunnel with the two-layer VPN type, the VPN identifier, the WAN port IP address of the CPE end of the two-layer VPN tunnel and the network instance and the CPE, and binds the two-layer VPN tunnel with the network instance and the VPN identifier; the two-layer VPN tunnel is used for transmitting messages between the CPE and the UPF.
9. An electronic device, comprising:
one or more processors;
a machine-readable storage medium storing one or more computer-readable instructions that, when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1-8.
CN202111481087.5A 2021-12-06 2021-12-06 Message transmission method and electronic equipment Active CN114124618B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111481087.5A CN114124618B (en) 2021-12-06 2021-12-06 Message transmission method and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111481087.5A CN114124618B (en) 2021-12-06 2021-12-06 Message transmission method and electronic equipment

Publications (2)

Publication Number Publication Date
CN114124618A CN114124618A (en) 2022-03-01
CN114124618B true CN114124618B (en) 2024-01-23

Family

ID=80367287

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111481087.5A Active CN114124618B (en) 2021-12-06 2021-12-06 Message transmission method and electronic equipment

Country Status (1)

Country Link
CN (1) CN114124618B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023211355A1 (en) * 2022-04-29 2023-11-02 Telefonaktiebolaget Lm Ericsson (Publ) Methods, network nodes, media for providing vn group communication support for vlan
CN115190087B (en) * 2022-07-06 2024-03-26 北京东土军悦科技有限公司 Data transmission method, device, equipment and medium based on two-layer intermediate equipment
CN115086276B (en) * 2022-07-14 2023-04-25 中国联合网络通信集团有限公司 Address management method, device, equipment and system
CN115426723B (en) * 2022-10-28 2023-03-24 新华三技术有限公司 VPN tunnel establishment method and device and electronic equipment
CN115942375A (en) * 2023-02-28 2023-04-07 新华三技术有限公司 Data transmission method, system and device based on 5G air interface redundancy and electronic equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107547325A (en) * 2017-09-27 2018-01-05 新华三技术有限公司 Message forwarding method and device
CN110677345A (en) * 2018-07-02 2020-01-10 华为技术有限公司 User message transmission method and communication equipment
CN112468384A (en) * 2020-11-24 2021-03-09 新华三技术有限公司 Communication method, device, switch, AP and AC
CN113114617A (en) * 2021-02-25 2021-07-13 深圳艾灵网络有限公司 Communication method, system and storage medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109429363B (en) * 2017-06-20 2021-04-20 华为技术有限公司 Session management method and device
US11277282B2 (en) * 2020-01-19 2022-03-15 Cisco Technology, Inc. Micro and macro segmentation in enterprise networks without a per segment layer-3 domain

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107547325A (en) * 2017-09-27 2018-01-05 新华三技术有限公司 Message forwarding method and device
CN110677345A (en) * 2018-07-02 2020-01-10 华为技术有限公司 User message transmission method and communication equipment
CN112468384A (en) * 2020-11-24 2021-03-09 新华三技术有限公司 Communication method, device, switch, AP and AC
CN113114617A (en) * 2021-02-25 2021-07-13 深圳艾灵网络有限公司 Communication method, system and storage medium

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
"C4-211817_was211695_was211401_pCR on key issue of support VxLAN tunneling (L3L2 conversion) on UPF".《3GPP tsg_ct\wg4_protocollars_ex-cn4》.2021,全文. *
China Mobile.Discussion on Support of VxLAN Tunnelling.《3GPP TSG-SA WG2 Meeting#144E S2-2102600》.2021,第1-3页. *
Discussion on Support of VxLAN Tunnelling;China Mobile;《3GPP TSG-SA WG2 Meeting#144E S2-2102600》;20210406;第1-3页 *
Pseudo-CR solution of support VxLAN tunneling (L3L2 conversion) on UPF;China Mobile;《3GPP TSG-CT WG4 Meeting#102e C4-211403》;20210226;第2-5页 *

Also Published As

Publication number Publication date
CN114124618A (en) 2022-03-01

Similar Documents

Publication Publication Date Title
CN114124618B (en) Message transmission method and electronic equipment
AU2022205146B2 (en) Interactions between a broadband network gateway and a fifth generation core
JP7274582B2 (en) Method and apparatus for supporting local area networks (LANs)
US9173244B2 (en) Methods for establishing and using public path, M2M communication method, and systems thereof
US9622143B1 (en) Access point name mappings for a layer two wireless access network
US20210044456A1 (en) Method for implementing gre tunnel, access point and gateway
WO2020024881A1 (en) Communication method and device
WO2022012468A1 (en) Routing configuration method and apparatus
CN104022936A (en) Method and device for establishing tunnel
CN107547340A (en) A kind of message forwarding method and device
JP7483123B2 (en) Route setting method and device
WO2019242525A1 (en) Data transmission method, related device and system
CN114125995A (en) Data transmission method and device
CN106789534B (en) A kind of data transmission method and device based on wireless network
CN114697999A (en) Redundant path creating method, device and system
CN108934058B (en) Communication method and device
WO2022142905A1 (en) Packet forwarding method and apparatus, and network system
US10674565B2 (en) Communication method
WO2022007749A1 (en) Data transmission method and apparatus
WO2018121443A1 (en) Message transmission method and device
CN115277720A (en) Multicast group management method, device, equipment and storage medium
WO2014169590A1 (en) Data service communication method, device, and system
CN110620999B (en) User plane data processing method and device
CN115426723B (en) VPN tunnel establishment method and device and electronic equipment
WO2022247679A1 (en) Method and apparatus for establishing mobile communication local area network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant