CN114158074B

CN114158074B - 5G network element address determination method and device, electronic equipment and storage medium

Info

Publication number: CN114158074B
Application number: CN202111437587.9A
Authority: CN
Inventors: 张万春; 张楠; 蔡琳; 田野; 梁彧; 傅强; 王杰; 杨满智; 金红; 陈晓光
Original assignee: Beijing Hengan Jiaxin Safety Technology Co ltd
Current assignee: Beijing Hengan Jiaxin Safety Technology Co ltd
Priority date: 2021-11-29
Filing date: 2021-11-29
Publication date: 2024-03-29
Anticipated expiration: 2041-11-29
Also published as: CN114158074A

Abstract

The embodiment of the invention discloses a 5G network element address determination method, a device, electronic equipment and a storage medium. The 5G network element address determining method comprises the following steps: acquiring network flow data in a 5G network; under the condition that the network traffic data is determined to be of a first target signaling type, determining an IP address of a source network element and an IP address of a destination network element associated with the network traffic data according to the network traffic data; and under the condition that the network traffic data is determined to be of the second target signaling type, determining the IP address of the source network element or the IP address of the destination network element associated with the network traffic data according to the network traffic data. The technical scheme of the embodiment of the invention can improve the identification efficiency of the 5G network element address and save the maintenance cost of the industrial parameter table.

Description

5G network element address determination method and device, electronic equipment and storage medium

Technical Field

The embodiment of the invention relates to the technical field of communication, in particular to a 5G network element address determining method, a device, electronic equipment and a storage medium.

Background

5G (5 th generation mobile networks, fifth generation mobile communication technology) is the latest generation cellular mobile communication technology, and is an extension of fourth generation mobile communication technology, third generation mobile communication technology, and second generation mobile communication technology. The 5G has the advantages of high data rate, low delay, energy conservation, low cost, large system capacity and capability of meeting the requirement of large-scale equipment connection, and the development of the 5G also promotes the realization of rapid development of communication technology. The identification of the network element IP (Internet Protocol, network interconnection protocol) address in the 5G network not only can rapidly locate the flow data to realize accurate capture of the flow data, but also is beneficial to managing and controlling the network, so that the identification of the 5G network element IP address becomes a research hotspot in the field of 5G communication.

At present, the main identification mode of the 5G network element IP address is to compare the source IP address and the destination IP address in the original code stream with the reference table (including configuration information of all network element IPs in the network) provided by the operator, so as to identify the IP address of the network element transmitting the original code stream. However, the 5G network is mainly constructed by taking a province or a region with a larger area as a unit, so that a plurality of 5G networks are deployed nationwide, the information amount of the industrial parameter table corresponding to the 5G network is also huge, and the problem of low efficiency of the traditional 5G network element IP address identification is caused. When the capacity of the 5G network is increased due to the increase of the traffic, the amount of information of the reference table may be increased, resulting in an increase in maintenance cost of the reference table.

Disclosure of Invention

The embodiment of the invention provides a 5G network element address determining method, a device, electronic equipment and a storage medium, which can improve the identification efficiency of the 5G network element address and save the maintenance cost of a industrial parameter table.

In a first aspect, an embodiment of the present invention provides a method for determining an address of a 5G network element, including:

acquiring network flow data in a 5G network;

under the condition that the network traffic data is determined to be of a first target signaling type, determining an IP address of a source network element and an IP address of a destination network element associated with the network traffic data according to the network traffic data;

And under the condition that the network traffic data is determined to be of the second target signaling type, determining the IP address of the source network element or the IP address of the destination network element associated with the network traffic data according to the network traffic data.

In a second aspect, an embodiment of the present invention further provides a 5G network element address determining apparatus, including:

the network flow data acquisition module is used for acquiring network flow data in the 5G network;

a first network element address determining module, configured to determine, according to the network traffic data, an IP address of a source network element and an IP address of a destination network element associated with the network traffic data, when it is determined that the network traffic data is of a first target signaling type;

and the second network element address determining module is used for determining the IP address of the source network element or the IP address of the destination network element associated with the network traffic data according to the network traffic data under the condition that the network traffic data is determined to be of the second target signaling type.

In a third aspect, an embodiment of the present invention further provides an electronic device, including:

one or more processors;

a storage means for storing one or more programs;

the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the 5G network element address determination method provided by any embodiment of the present invention.

In a fourth aspect, an embodiment of the present invention further provides a computer storage medium, where a computer program is stored, where the program when executed by a processor implements the method for determining a 5G network element address provided by any embodiment of the present invention.

The embodiment of the invention obtains the network traffic data in the 5G network, further determines the IP address of the source network element and the IP address of the destination network element associated with the network traffic data according to the network traffic data under the condition that the network traffic data is determined to be of the first target signaling type, and determines the IP address of the source network element or the IP address of the destination network element associated with the network traffic data according to the network traffic data under the condition that the network traffic data is determined to be of the second target signaling type. According to the scheme, the IP address of the source network element and/or the IP address of the destination network element associated with the network flow data can be determined according to the signaling type of the network flow data, comparison with a industrial parameter table with larger data volume is avoided, the IP address of the 5G network element can be determined according to the network flow data and the signaling type of the network flow data, rapid identification of the IP address of the 5G network element is realized, maintenance of the industrial parameter table is not needed, the problems that in the prior art, the identification efficiency of the IP address of the 5G network element is lower and the maintenance cost of the industrial parameter table is larger due to the fact that the IP address of the 5G network element is identified based on the industrial parameter table are solved, the identification efficiency of the 5G network element address can be improved, and the maintenance cost of the industrial parameter table is saved.

Drawings

Fig. 1 is a flowchart of a method for determining a 5G network element address according to a first embodiment of the present invention;

fig. 2 is a flowchart of a method for determining a 5G network element address according to a second embodiment of the present invention;

fig. 3 is a schematic diagram of a DPI and 5G network parallel deployment provided in a second embodiment of the present invention;

fig. 4 is a schematic diagram of a 5G core network architecture according to a second embodiment of the present invention;

fig. 5 is a schematic diagram of a 5G network element address determining apparatus according to a third embodiment of the present invention;

fig. 6 is a schematic structural diagram of an electronic device according to a fourth embodiment of the present invention.

Detailed Description

The invention is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting thereof.

It should be further noted that, for convenience of description, only some, but not all of the matters related to the present invention are shown in the accompanying drawings. Before discussing exemplary embodiments in more detail, it should be mentioned that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart depicts operations (or steps) as a sequential process, many of the operations can be performed in parallel, concurrently, or at the same time. Furthermore, the order of the operations may be rearranged. The process may be terminated when its operations are completed, but may have additional steps not included in the figures. The processes may correspond to methods, functions, procedures, subroutines, and the like.

Example 1

Fig. 1 is a flowchart of a 5G network element address determining method according to an embodiment of the present invention, where the embodiment is applicable to a case of efficiently identifying a 5G network element address, the method may be performed by a 5G network element address determining device, and the device may be implemented by software and/or hardware, and may be generally integrated in an electronic device. Accordingly, as shown in fig. 1, the method includes the following operations:

s110, acquiring network traffic data in the 5G network.

The network traffic data may be traffic data transmitted in a communication network. The 5G network may include, but is not limited to, a 5G core network, which is a key part of the fifth generation mobile communication network, and functions of the core network mainly to provide user connection, management of users, and bearer completion of services, and may be provided as a bearer network to an interface of an external network.

In the embodiment of the invention, the 5G network needing to identify the network element address can be determined first, and then the network traffic data in the 5G network needing to identify the network element address can be obtained.

And S120, under the condition that the network traffic data is determined to be the first target signaling type, determining the IP address of the source network element and the IP address of the destination network element associated with the network traffic data according to the network traffic data.

The first target signaling type may be a type of signaling with a fixed source network element and a destination network element, for determining an IP address of the source network element and an IP address of the destination network element associated with the network traffic data. The source network element may be a network element that transmits network traffic data. The destination network element may be a network element that receives network traffic data sent by the source network element.

In the embodiment of the invention, the network traffic data and the first target signaling type can be matched, and the network traffic data can be further analyzed to obtain the IP address of the source network element for sending the network traffic data and the IP address of the destination network element for receiving the network traffic data under the condition that the network traffic data is the first target signaling type, namely, the IP address of the source network element and the IP address of the destination network element associated with the network traffic data can be determined simultaneously through the network traffic data when the network traffic data is the first target signaling type.

And S130, under the condition that the network traffic data is determined to be of the second target signaling type, determining the IP address of the source network element or the IP address of the destination network element associated with the network traffic data according to the network traffic data.

Wherein the second target signaling type may be a type of signaling with a fixed source or destination network element for determining an IP address of the source or destination network element associated with the network traffic data.

In the embodiment of the invention, the network traffic data and the second target signaling type can be matched, and the network traffic data can be further analyzed to obtain the IP address of the source network element for sending the network traffic data or the IP address of the destination network element for receiving the network traffic data under the condition that the network traffic data is the second target signaling type, namely, when the network traffic data is the second target signaling type, the IP address of the source network element and the IP address of the destination network element associated with the network traffic data can not be determined through the network traffic data at the same time, and only one of the IP address of the source network element and the IP address of the destination network element associated with the network traffic data can be determined.

Example two

Fig. 2 is a flowchart of a 5G network element address determining method according to a second embodiment of the present invention, where the present embodiment is implemented based on the foregoing embodiment, and in the present embodiment, it is given that, in the case where network traffic data is determined to be of a first target signaling type, an IP address of a source network element and an IP address of a destination network element associated with the network traffic data are determined according to the network traffic data; in the case that the network traffic data is determined to be of the second target signaling type, determining an IP address of the source network element or an IP address of the destination network element associated with the network traffic data according to the network traffic data, and detecting the network traffic data. Accordingly, as shown in fig. 2, the method includes the following operations:

s210, acquiring network traffic data in the 5G network.

And S220, under the condition that the network traffic data is determined to be the first target signaling type, determining the IP address of the source network element and the IP address of the destination network element associated with the network traffic data according to the network traffic data.

In an alternative embodiment of the present invention, the first target signaling type may include at least one of NG Setup signaling, PFCP Session Establishment signaling, PFCP Session Modification signaling, and PFCP Ses sion Deletion signaling; in the case that the network traffic data is determined to be of the first target signaling type, determining, according to the network traffic data, an IP address of a source network element and an IP address of a destination network element associated with the network traffic data may include: under the condition that the network flow data is determined to be NG Setup signaling, determining that a source network element associated with the network flow data is a RAN network element and a destination network element associated with the network flow data is an AMF network element; in the case that the network traffic data is determined to be any one of PFCP Session Establishment signaling, PFCP Session Modification signaling and PFCP Session Deletion signaling, the source network element associated with the network traffic data is determined to be an SMF network element, and the destination network element associated with the network traffic data is determined to be a UPF network element.

The NG Setup signaling is a configuration request sent by a RAN (Radio Access Network ) network element to an AMF (access and mobility management function) network element when the RAN first accesses the 5G network. PFCP Session Establishment signaling is signaling sent by an SMF (Session Management Function ) network element to a UPF (User Plane Function, user plane function) network element to establish a PFCP (Packet Forwarding Control Protocol ) session between the control plane and the user plane. PFCP Session Modification signaling may be signaling sent by the SMF network element to the UPF network element to modify the PFCP session. For example, configuring a new rule for a PFCP session, modifying an existing rule, or deleting an existing rule. PFCP Session Deletion signaling may be signaling sent by the SMF network element to the UPF network element to delete an existing PFCP session.

In the embodiment of the present invention, when the first target signaling type includes NG Setup signaling, the network traffic data may be matched with the NG Setup signaling, and if the network traffic data is NG Setup signaling, it may be determined that the network element that sends the network traffic data source is a RAN network element, and the destination network element that receives the network traffic data is an AMF network element. When the first target signaling type includes PFCP Session Establishment signaling, the network traffic data may be matched with PFCP Session Establishment signaling, and if the network traffic data is PFCP Session Establishment signaling, it may be determined that the source network element sending PFCP Session Establishment signaling is an SMF network element, and the destination network element receiving PFCP Session Establishment signaling is a UPF network element. When the first target signaling type includes PFCP Session Modification signaling, the network traffic data may be matched with PFCP Session Modification signaling, and if the network traffic data is PFCP Session Modification signaling, it may be determined that the source network element sending PFCP Session Modification signaling is an SMF network element, and the destination network element receiving PFCP Session Modification signaling is a UPF network element. When the first target signaling type includes PFCP Session Deletion signaling, the network traffic data may be matched with PFCP Session Deletion signaling, and if the network traffic data is PFCP Session Deletion signaling, it may be determined that the source network element sending PFCP Session Deletion signaling is an SMF network element, and the destination network element receiving PFCP Session Deletion signaling is a UPF network element.

In an optional embodiment of the invention, in the case of determining that the network traffic data is the first target signaling type, determining, according to the network traffic data, an IP address of a source network element and an IP address of a destination network element associated with the network traffic data may include: under the condition that the network flow data is determined to be NG Setup signaling, determining that the IP address of a source network element associated with the network flow data is the IP address of a RAN network element according to the network flow data, and determining that the IP address of a destination network element associated with the network flow data is the IP address of an AMF network element; in the case that the network traffic data is determined to be any one of PFCP Session Establishment signaling, PFCP Session Modification signaling and PFCP Session Deletion signaling, the IP address of the source network element associated with the network traffic data is determined to be the IP address of the SMF network element, and the IP address of the destination network element associated with the network traffic data is determined to be the IP address of the UPF network element.

Correspondingly, under the condition that the network traffic data is determined to be NG Setup signaling, the IP address of a source network element for sending the network traffic data and the IP address of a destination network element for receiving the network traffic data can be determined by analyzing the network traffic data, the IP address of the source network element for sending the network traffic data is taken as the IP address of the RAN network element, and the IP address of the destination network element for receiving the network traffic data is taken as the IP address of the AMF network element. In the case that the network traffic data is determined to be any one of PFCP Session Establishment signaling, PFCP Session Modificatio signaling and PFCP Session Deletion signaling, the IP address of the source network element that sends the network traffic data and the IP address of the destination network element that receives the network traffic data may be determined by analyzing the network traffic data, and the IP address of the source network element that sends the network traffic data is taken as the IP address of the SMF network element, and the IP address of the destination network element that receives the network traffic data is taken as the IP address of the UPF network element.

For example, if the network traffic data is NG Setup signaling, the IP address of the source network element is 192.168.198.240, the IP address of the target network element is 56.57.177.178, the IP address of the RAN network element is 192.168.198.240, and the IP address of the amf network element is 56.57.177.178. If the network traffic data is PFCP Session Establishment signaling, the IP address of the source network element is 56.57.146.147, the IP address of the destination network element is 56.57.199.10, the IP address of the SMF network element is 56.57.146.147, and the IP address of the destination network element is 56.57.199.10.

Optionally, after the AMF network element receives the NG Setup signaling, the AMF network element may send NG Setup Ackonwledge signaling to the RAN network element, so as to respond to the request of the NG Setup signaling sent by the RAN network element, that is, when the network traffic data is NG Setup Ackonwledge signaling, the IP address of the AMF and the IP address of the RAN network element may be obtained, where the IP address of the AMF is the IP address of the source network element of the NG Setup Ackonwledge signaling, and the IP address of the RAN network element is the IP address of the destination network element of the NG Setup Ackonwledge signaling.

And S230, under the condition that the network traffic data is determined to be the second target signaling type, determining the IP address of the source network element or the IP address of the destination network element associated with the network traffic data according to the network traffic data.

In an alternative embodiment of the present invention, the second target signaling type may include at least one of Registration signaling, communication N1N2message transfer signaling, pdustion_createsmcontext signaling, and sdm_get signaling; in the case that the network traffic data is determined to be of the second target signaling type, determining, according to the network traffic data, an IP address of a source network element or an IP address of a destination network element associated with the network traffic data may include: under the condition that the network flow data is determined to be Registration signaling, determining that a destination network element which is associated with the network flow data and is communicated with User Equipment (UE) is an AMF network element; under the condition that the network traffic data is determined to be communication N1N2message transfer signaling, determining that a target network element associated with the network traffic data is an AMF network element; under the condition that the network flow data is determined to be PDUSion_CreateSMContext signaling, determining that a destination network element associated with the network flow data is an SMF network element; and under the condition that the network traffic data is determined to be SDM_get signaling, determining the destination network element associated with the network traffic data as a UDM network element.

The Registration signaling is a signaling sent by a UE (User Equipment) to an AMF network element and registered to a network to obtain authorization of a network access service, and the AMF network element that receives the signaling may enable mobility tracking and reachability. The communication N1N2message transfer signaling is a signaling in the Namf service provided by the AMF network element, and is used to send, by NF Service Consumer (service consumer), the F-TEID (Full Qualified TEID, full tunnel endpoint identifier) on the UPF network element side of the N3 interface communication channel to the AMF network element when the N3 interface communication channel between the RAN network element and the UPF network element is established. Illustratively, post./ ue-contexts { ueContextld }/N1-N2-messages (N1N 2 MessageTransferReqdata) may be communication N1N2 MessageTransferSignaling sent by NF Service Consumer to the AMF network element, 202or200 (N1N 2 MessagT ransferRspData) may be a response sent by the AMF network element to NF Service Consumer. The pduse_createsmcontext signaling is a signaling in Nsmf service provided by the SMF network element, and is sent to the SMF network element by NF Service Consumer, for establishing a communication channel of the N3 interface, and after receiving the signaling, the SMF network element sends PFCP Session Establishment signaling to the UPF network element. Illustratively, post./ sm-contexts (SmContextCreateData) may be a pduse_createsmcontext signaling sent by NF Service Consumer to an SMF network element, 201Created (SmContextCre atedData) being the SMF network element's response to NF Service Consumer. The sdm_get signaling is a signaling in Nudm services provided by a UDM (Unified Data Management ) network element, and is sent to the UDM network element by NF Service Consumer, and requests information such as slice selection of a UE and SMF network element selection from the UDM network element. For example, after the UE registers with the core network, the AMF network element may send sdm_get signaling to the UDM network element when the AMF network element needs to query the UE subscription information. Illustratively, get./ { supi }/smf-select-data may be sdm_get signaling sent by NF Service Consumer to the UDM network element, 200OK (SmfSelectionSubscription Data) is the response of the UDM network element to NF Service Consumer.

In the embodiment of the present invention, when the second target signaling type includes Registration signaling, the network traffic data may be matched with the Registration signaling, and if the network traffic data is Registration signaling, it may be determined that the destination network element in communication with the UE and receiving the network traffic data is an AMF network element. When the second target signaling type includes communication N1N2message transfer signaling, the network traffic data may be matched with the communication N1N2message transfer signaling, and if the network traffic data is communication N1N2message transfer signaling, it may be determined that the target network element receiving the network traffic data is an AMF network element. When the second target signaling type includes the pdustion_createsmcontext signaling, the network traffic data may be matched with the pdustion_createsmcontext signaling, and if the network traffic data is the pdustion_createsmcontext signaling, it may be determined that the destination network element receiving the network traffic data is an SMF network element. When the second target signaling type includes sdm_get signaling, the network traffic data may be matched with the sdm_get signaling, and if the network traffic data is sdm_get signaling, it may be determined that the destination network element receiving the network traffic data is a UDM network element.

In an alternative embodiment of the present invention, the second target signaling type may include at least one of Auth signaling, sm-policies signaling, policyAuthorization Create signaling, and nnssf_nsselection signaling; in the case that the network traffic data is determined to be of the second target signaling type, determining, according to the network traffic data, an IP address of a source network element or an IP address of a destination network element associated with the network traffic data may include: under the condition that the network flow data is determined to be Auth signaling, determining a destination network element associated with the network flow data as an AUSF network element of an authentication server function; under the condition that the network flow data is determined to be sm-policies signaling, determining a destination network element associated with the network flow data to be a PCF network element; under the condition that the network traffic data is determined to be PolicyAuthorization Create signaling, determining a source network element associated with the network traffic data as an AF network element; and determining that the destination network element associated with the network traffic data is an NSSF network element under the condition that the network traffic data is determined to be the NSsf_NSSelect signaling.

Wherein, the Auth signaling is one of Naf services of the AUSF (Authentication Server Function ) network element, and is sent to the AUSF network element by NF Service Consumer. For example, auth signaling generally occurs after a UE registers with a core network, and the AMF network element initiates authentication of the UE to the AUSF network element, mainly to verify the identity of the UE. The Auth signaling may specifically comprise four steps: the first step: the AMF network element sends an authentication request to the AUSF network element, wherein the authentication request generally carries the UE identifier, and the method comprises the following steps: and (3) successfully authenticating, returning a location (used for identifying subsequent signaling of the user) to the AMF network element, and performing a third step: the AMF network element carries the location and sends a key (for subsequent decryption) to the AUSF network element, and the fourth step: the AUSF network element key is successfully received. For example, NF Service Consumer may send post to AUSF network element/ue-authentications { Authentication }, after the AUSF network element receives post, feedback 201Created (UEAuthCtx) to NF Service Consumer, and NF Service Consumer send put to AUSF network element/ue-authentications/{ AuthCtxld }/5g-confirmztion (ConfirmationData), after the AUSF network element receives put/ue-AuthCtxld/5 g-confirmztion (ConfirmationData), feedback 200OK to NF Service Consumer.

sm-policies signaling is a signaling in the Nnssf service of the PCF (Policy Control Function ) network element for establishing session management policies. For example, sm-policies signaling may be sent by the SMF network element to the PCF network element. Illustratively, post/sm-polies may be sm-polies signaling sent by the SMF network element to the PCF network element, which may feed back 201Created to the SMF network element after receiving the post. PolicyAuthorization Create signaling creates signaling for an authorization policy in the Npcf service of the AF (Application Function ) network element, carrying information of the user identifier (handset number, etc.). For example, post./ app-sessions may be sent by the AF network element to the PCF. PolicyAuthorization Create the PCF network element may feed back 201 the Created to the AF network element after receiving post. The nssf_nsselection signaling is a signaling in the NSSF service provided by a NSSF (Network Slice Selection Function ) network element, and is triggered when the UE registers with the core network, typically, the AMF network element initiates the signaling to the NSSF network element to obtain network slice information of the UE, and determine what kind of service is to be provided to the UE. Network slicing is a logic added by 5G, which is equivalent to different service standards. Three service standards are currently supported by default: 1) The mobile broadband high-definition video, the holographic technology, the augmented reality/virtual reality and other applications have higher network broadband. 2) The mass sensors of the mass Internet of things are deployed in the fields of measurement, construction, agriculture, logistics, smart cities, families and the like, and support a large number of equipment connections. 3) The method is applied to the fields of unmanned operation, automatic factories, smart grids and the like, and meets the requirements of ultra-low time delay and high reliability.

In the embodiment of the present invention, when the second target signaling type includes Auth signaling, the network traffic data may be matched with the Auth signaling, and if the network traffic data is Auth signaling, it may be determined that the destination network element receiving the network traffic data is an AUSF network element. When the second target signaling type includes sm-policies signaling, the network traffic data may be matched with the sm-policies signaling, and if the network traffic data is sm-policies signaling, the network traffic data may be analyzed to determine that the destination network element receiving the network traffic data is a PCF network element. In the case where the second target signaling type includes PolicyAuthorization Create signaling, the network traffic data may be matched with PolicyAuthorization Create signaling, and if the network traffic data is PolicyAuthorization Create signaling, the network traffic data may be parsed to determine that the source network element sending the network traffic data is an AF network element. In the case where the second target signaling type includes the nssf_nsselection signaling, the network traffic data may be matched with the nssf_nsselection signaling, and if the network traffic data is the nssf_nsselection signaling, it may be determined that the destination network element that receives the network traffic data is the NSSF network element.

In an optional embodiment of the invention, in a case of determining that the network traffic data is the second target signaling type, determining, according to the network traffic data, an IP address of a source network element or an IP address of a destination network element associated with the network traffic data may include: under the condition that the network flow data is determined to be Registration signaling, determining that the IP address of a target network element associated with the network flow data is the IP address of an AMF network element according to the network flow data; under the condition that the network traffic data is determined to be communication N1N2message transfer signaling, determining that the IP address of a destination network element associated with the network traffic data is the IP address of an AMF network element Namf service according to the network traffic data; under the condition that the network traffic data is determined to be PDUSion_CreateSMContext signaling, determining that the IP address of a destination network element associated with the network traffic data is the IP address of SMF network element Nsmf service according to the network traffic data; and under the condition that the network traffic data is SDM_get signaling, determining that the IP address of the destination network element related to the network traffic data is the IP address of the UDM network element Nudm service according to the network traffic data.

Correspondingly, under the condition that the network flow data is determined to be Registration signaling, the network flow data can be analyzed to determine the IP address of the destination network element for receiving the network flow data, and then the IP address of the destination network element for receiving the network flow data is used as the IP address of the AMF network element. Under the condition that the network traffic data is determined to be communication N1N2message transfer signaling, the IP address of a destination network element receiving the network traffic data can be determined by analyzing the network traffic data, and then the IP address of the destination network element receiving the network traffic data is used as the IP address of an AMF network element Namf service. Under the condition that the network traffic data is determined to be the PDUSion_CreateSMContext signaling, the IP address of a destination network element receiving the network traffic data can be determined by analyzing the network traffic data, and then the IP address of the destination network element receiving the network traffic data is used as the IP address of the SMF network element Nsmf service. Under the condition that the network flow data is SDM_get signaling, the network flow data can be analyzed to determine the IP address of a destination network element receiving the network flow data, and then the IP address of the destination network element receiving the network flow data is used as the IP address of the UDM network element Nudm service.

For example, the AMF is taken as a keyword, and the IP of the AMF network element can be queried in the communication N1N2message transfer signaling, such as 240 e:180:301:1:1:1. And inquiring the IP address of the SMF network element in a PDUSion_CreateSMContext signaling by taking the SMF as a keyword, wherein the IP address is expressed as 240 e:180:301:1:1:2. The UDM is used as a keyword, and the IP address of the UDM network element can be queried in the signaling with SDM_get, for example, 240 e:180:300:1:1:8.

In an optional embodiment of the invention, in a case of determining that the network traffic data is the second target signaling type, determining, according to the network traffic data, an IP address of a source network element or an IP address of a destination network element associated with the network traffic data may include: under the condition that the network flow data is determined to be Auth signaling, determining that the IP address of a target network element associated with the network flow data is the IP address of an AUSF network element Nausf service according to the network flow data; under the condition that the network flow data is determined to be sm-policies signaling, determining that the IP address of a destination network element associated with the network flow data is the IP address of the PCF network element Npcf service according to the network flow data; under the condition that the network traffic data is PolicyAuthorization Create signaling, determining that the IP address of the source network element associated with the network traffic data is the IP address of the AF network element Naf service according to the network traffic data; and under the condition that the network traffic data is determined to be Nnssf_NSSelect signaling, determining that the IP address of the destination network element associated with the network traffic data is the IP address of NSSF network element Nnssf service according to the network traffic data.

Correspondingly, under the condition that the network flow data is determined to be Auth signaling, the network flow data can be analyzed to determine the IP address of the destination network element receiving the network flow data, and then the IP address of the destination network element receiving the network flow data is used as the IP address of the AUSF network element Nausf service. Under the condition that the network flow data is determined to be sm-policies signaling, the network flow data can be analyzed to determine the IP address of a destination network element receiving the network flow data, and then the IP address of the destination network element receiving the network flow data is used as the IP address of the PCF network element Npcf service. In the case that the network traffic data is determined to be PolicyAuthorization Create signaling, the network traffic data can be analyzed to determine the IP address of the source network element sending the network traffic data, and then the IP address of the source network element sending the network traffic data is used as the IP address of the AF network element Naf service. In the case that the network traffic data is determined to be the nnssf_nsselection signaling, the network traffic data can be analyzed to determine the IP address of the destination network element receiving the network traffic data, and then the IP address of the destination network element receiving the network traffic data is used as the IP address of the NSSF network element Nnssf service.

Continuing the description by taking the specific example as an example, when the IP address of the UDM network element is 240 e:180:300:1:1:8, the AUSF may be further used as a keyword to query the IP of the AUSF network element in the Auth signaling, and when the IP address of the AUSF network element is 240 e:180:300:1:1:8 and the IP address of the UDM network element is 240 e:180:300:1:1:8, it may be determined that the AUSF network element and the UDM network element use the same resource, because the AUSF network element and the UDM network element are generally co-configured. The PCF is used as a keyword, and the IP of the PCF network element can be queried in sm-policies signaling, such as 240 e:180:300:1:1:5. The AF is taken as a keyword, and the IP address of the AF network element can be queried in PolicyAuthorization Create signaling, such as 2408:8142:60ff:fa02:3901:ff06:0:2. The NSSF is used as a keyword, and the IP address of the NSSF network element can be queried in the signaling of the NSsf_NSSelect, for example 2408:8140:80ff:fa00:10f:ff06:0:1.

S240, detecting network traffic data based on the DPI, the IP address of the source network element and/or the IP address of the destination network element to obtain traffic data to be processed.

The traffic data to be processed may be data meeting detection requirements in the network traffic data. For example, when the detection requirement is to extract the internet traffic data of the same user, the traffic data to be processed may be the internet traffic data belonging to the same user. When the detected demand is to extract traffic data having the same resource locator, the traffic data to be processed may be traffic data having the same resource locator. When the detection requirement is to screen traffic data threatening network security, the traffic data to be processed can be traffic data threatening network security. The embodiment of the invention does not limit the specific detection content of the detection requirement.

In the embodiment of the invention, the network traffic data can be detected according to the detection requirement by DPI (Deep Packet Inspection, packet depth detection technology) according to the IP address of the source network element and/or the IP address of the destination network element, so as to obtain the traffic data to be processed which meets the detection requirement.

S250, determining call identification data associated with the flow data to be processed.

The call identification data may be data for identifying call behavior, and is used for distinguishing different call behaviors.

In the embodiment of the invention, the flow data to be processed can be analyzed, and the call identification data associated with the flow data to be processed is determined, so that the flow data to be processed is deeply analyzed and mined through the call identification data.

Fig. 3 is a schematic diagram of parallel deployment of a DPI and a 5G network according to a second embodiment of the present invention, where, as shown in fig. 3, a 5G DPI detection module is communicatively connected to a 5G core network, and the 5G core network is communicatively connected to a 5G base station. The 5G DPI detection module can access network flow data of the 5G core network through devices such as light splitting, convergence and splitting, and the like, and performs deep analysis on the network flow data to output a call detail list carrying call identification data. The traditional 5G network element IP address identification needs to generally configure the required industrial parameter table in the engine of the DPI detection module, so that engineering implementation workload is great, and when the 5G network element address identification method based on the scheme identifies the 5G network element address, a large amount of data is not required to be stored in the DPI detection module, and the detection efficiency of the DPI detection module can be improved.

In an optional embodiment of the present invention, the 5G network element address determining method may further include: under the condition that the network flow data comprise F-TEID, determining the IP address of the AMF network element according to the F-TEID; wherein the IP address of the AMF network element comprises the IP address of the source network element and/or the IP address of the destination network element associated with the network traffic data.

Correspondingly, under the condition that the network traffic data is neither the first target signaling type nor the second target signaling type, whether the network traffic data comprises the F-TEID can be further judged, if the network traffic data comprises the F-TEID, the IP address of the AMF network element in the network traffic data is determined according to the F-TEID. The determined IP address of the AMF network element may be the IP address of the source network element and/or the IP address of the destination network element associated with the network traffic data, that is, the network element role of the AMF network element determined according to the F-TEID cannot be determined.

For example, the IP address of the AMF network element may be determined by using the AMF as a key word according to the F-TEID message, and the MME (Mobility Management Entity ) as a key word. Assuming that 20.0.120.10 determined by using AMF as a keyword can be used as an IP address of an AMF network element, 20.0.26.10 determined by using MME as a keyword can be used as an IP address of an MME network element.

Fig. 4 is a schematic diagram of a 5G core network architecture according to a second embodiment of the present invention, where, as shown in fig. 4, an NSSF network element communicates with an AMF network element through an N22 interface, an AUSF network element communicates with an AMF network element through an N12 interface, a UDM network element communicates with an AMF network element through an N8 interface, a UDM network element communicates with an SMF network element through an N10 interface, an AUSF network element communicates with a UDM network element through an N13 interface, and two AMF network elements can communicate through an N14 interface. The AMF network element communicates with the SMF network element through an N11 interface, the SMF network element communicates with the PCF network element through an N7 interface, the PCF network element communicates with the AF network element through an N5 interface, and the AMF network element communicates with the PCF network element through an N15 interface. The AMF network element communicates with the UE through an N1 interface, the AMF network element communicates with the RAN network element through an N2 interface, the SMF network element communicates with the UPF network element through an N4 interface, the UE is in communication connection with the RAN network element, the RAN network element communicates with the UPF network element through an N3 interface, the two UPF network elements can communicate through an N9 interface, and the UPF network element is in communication connection with the data network through an N6 interface.

The RAN network element can transmit NG Setup signaling to the AMF network element through an N2 interface, and the MME network element and the AMF network element can transmit F-TEID in the Gtpv2 protocol through an N26 interface. The UE may send Registration signaling to the AMF network element over the N1 interface. The SMF network element may send PFCP Session Establishment signaling, PFCP Session Modificatio signaling, and PFCP Session Deletion signaling to the UPF interface over the N4 interface. The SMF network element may send sm-policies signaling to the PCF network element over the N7 interface. The AF network element may send PolicyAuthorization Create signaling to the PCF network element over the N5 interface. The user plane related interface includes: an N3 interface, an N6 interface and an N9 interface. The N1 interface runs NAS (Non-access stratum) protocol, the N2 interface runs NGAP protocol, the N4 interface runs PFCP protocol, the N26 interface runs Gtpv2 interface, and the interface is an interactive interface between the 4G core network and the 5G core network. The N5 interface, the N7 interface, the N8 interface, the N10 interface, the N11 interface, the N12 interface, the N14 interface, the N15 interface and the N22 interface belong to SBI interfaces, and the Http2 protocol is operated. The GTPv2 protocol consists of a GTPv2 header and several IEs (Information elements ). The F-TEID is an IE, and is composed of a network element role (such as AMF of N26 interface, MME of N26 interface), tunnel identifier, and network element IP.

According to the embodiment of the invention, the network traffic data in the 5G network is obtained, and then the IP address of the source network element and the IP address of the destination network element associated with the network traffic data are determined according to the network traffic data under the condition that the network traffic data are determined to be the first target signaling type, and the IP address of the source network element or the IP address of the destination network element associated with the network traffic data are determined according to the network traffic data under the condition that the network traffic data are determined to be the second target signaling type, so that the network traffic data are detected based on the DPI, the IP address of the source network element and/or the IP address of the destination network element, the traffic data to be processed are obtained, and the call identification data associated with the traffic data to be processed are determined. According to the scheme, the IP address of the source network element and/or the IP address of the destination network element associated with the network flow data can be determined according to the signaling type of the network flow data, comparison with a industrial parameter table with larger data volume is avoided, the IP address of the 5G network element can be determined according to the network flow data and the signaling type of the network flow data, rapid identification of the IP address of the 5G network element is realized, maintenance of the industrial parameter table is not needed, the problems that in the prior art, the identification efficiency of the IP address of the 5G network element is lower and the maintenance cost of the industrial parameter table is larger due to the fact that the IP address of the 5G network element is identified based on the industrial parameter table are solved, the identification efficiency of the 5G network element address can be improved, and the maintenance cost of the industrial parameter table is saved.

It should be noted that any permutation and combination of the technical features in the above embodiments also belong to the protection scope of the present invention.

Example III

Fig. 5 is a schematic diagram of a 5G network element address determining apparatus according to a third embodiment of the present invention, where, as shown in fig. 5, the apparatus includes: a network traffic data acquisition module 310, a first network element address determination module 320, and a second network element address determination module 330, wherein:

a network traffic data acquisition module 310, configured to acquire network traffic data in a 5G network;

a first network element address determining module 320, configured to determine, according to the network traffic data, an IP address of a source network element and an IP address of a destination network element associated with the network traffic data, in a case where the network traffic data is determined to be of a first target signaling type;

the second network element address determining module 330 is configured to determine, according to the network traffic data, an IP address of a source network element or an IP address of a destination network element associated with the network traffic data, in a case where the network traffic data is determined to be of the second target signaling type.

Optionally, the first target signaling type includes at least one of NG Setup signaling, PFCP Session Establishment signaling, PFCP Session Modification, and PFCP Session Deletion signaling; the first network element address determining module 320 is specifically configured to: under the condition that the network flow data is determined to be the NG Setup signaling, determining that a source network element associated with the network flow data is a Radio Access Network (RAN) network element and a destination network element associated with the network flow data is a mobile management function (AMF) network element; in the case that the network traffic data is determined to be any one of the PFCP Session Establishment signaling, the PFCP Session Modification signaling and the PFCP Session Deletion signaling, it is determined that a source network element associated with the network traffic data is a session management function SMF network element, and a destination network element associated with the network traffic data is a user plane function UPF network element.

Optionally, the first network element address determining module 320 is specifically configured to: under the condition that the network flow data is determined to be the NG Setup signaling, determining that the IP address of a source network element associated with the network flow data is the IP address of the RAN network element according to the network flow data, and determining that the IP address of a destination network element associated with the network flow data is the IP address of the AMF network element; and determining that the IP address of the source network element associated with the network traffic data is the IP address of the SMF network element according to the network traffic data, and determining that the IP address of the destination network element associated with the network traffic data is the IP address of the UPF network element under the condition that the network traffic data is determined to be any one of the PFCP Session Establishment signaling, the PFCP Session Modification signaling and the PFCP Session Deletion signaling.

Optionally, the second target signaling type includes at least one of Registration signaling, communication N1N2message transfer signaling, pduse_createsmcontext signaling, and sdm_get signaling; the second network element address determining module 330 is specifically configured to: under the condition that the network flow data is determined to be the Registration signaling, determining that a destination network element which is associated with the network flow data and is communicated with User Equipment (UE) is an AMF network element; under the condition that the network traffic data is determined to be the communication N1N2message transfer signaling, determining a destination network element associated with the network traffic data as the AMF network element; under the condition that the network flow data is determined to be the PDUSion_CreateScontext signaling, determining that a destination network element associated with the network flow data is an SMF network element; and under the condition that the network flow data is determined to be the SDM_get signaling, determining a destination network element associated with the network flow data as a Unified Data Management (UDM) network element.

Optionally, the second target signaling type includes at least one of Auth signaling, sm-policies signaling, policyAuthorization Create signaling, and nnssf_nsselection signaling; the second network element address determining module 330 is specifically configured to: under the condition that the network flow data is determined to be the Auth signaling, determining a target network element associated with the network flow data as an authentication server function AUSF network element; under the condition that the network flow data is determined to be the sm-policies signaling, determining a destination network element associated with the network flow data as a policy control function network element PCF; under the condition that the network traffic data is determined to be the PolicyAuthorization Create signaling, determining a source network element associated with the network traffic data as an application function AF network element; and under the condition that the network traffic data is determined to be the NSsf_NSSelect signaling, determining a destination network element associated with the network traffic data as a network slice selection function NSSF network element.

Optionally, the second network element address determining module 330 is specifically configured to: under the condition that the network flow data is determined to be the Registration signaling, determining that the IP address of a destination network element associated with the network flow data is the IP address of the AMF network element according to the network flow data; under the condition that the network flow data is determined to be the communication N1N2message transfer signaling, determining that the IP address of a destination network element associated with the network flow data is the IP address of the AMF network element Namf service according to the network flow data; under the condition that the network traffic data is determined to be the PDUSion_CreateSMContext signaling, determining that the IP address of a destination network element associated with the network traffic data is the IP address of the SMF network element Nsmf service according to the network traffic data; and under the condition that the network flow data is determined to be the SDM_get signaling, determining that the IP address of a destination network element associated with the network flow data is the IP address of the UDM network element Nudm service according to the network flow data.

Optionally, the second network element address determining module 330 is specifically configured to: under the condition that the network flow data is determined to be the Auth signaling, determining that the IP address of a target network element associated with the network flow data is the IP address of the Nausf service of the AUSF network element according to the network flow data; under the condition that the network flow data is determined to be the sm-policies signaling, determining that the IP address of a destination network element associated with the network flow data is the IP address of the PCF network element Npcf service according to the network flow data; under the condition that the network traffic data is determined to be the PolicyAuthorization Create signaling, determining that the IP address of a source network element associated with the network traffic data is the IP address of the AF network element Naf service according to the network traffic data; and under the condition that the network traffic data is determined to be the NSsf_NSSelect signaling, determining that the IP address of the destination network element associated with the network traffic data is the IP address of the NSSF network element NSsf service according to the network traffic data.

Optionally, the 5G network element address determining device further includes a third network element address determining module, configured to determine, when it is determined that the network traffic data includes an F-TEID, an IP address of an AMF network element according to the F-TEID; wherein the IP address of the AMF network element comprises the IP address of the source network element and/or the IP address of the destination network element associated with the network traffic data.

Optionally, the 5G network element address determining device further includes a call identifier data determining module, configured to detect the network traffic data based on a DPI, an IP address of the source network element, and/or an IP address of the destination network element, to obtain traffic data to be processed; and determining call identification data associated with the flow data to be processed.

The 5G network element address determining device can execute the 5G network element address determining method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the executing method. Technical details which are not described in detail in this embodiment can be referred to the 5G network element address determination method provided in any embodiment of the present invention.

Since the above-described 5G network element address determining apparatus is an apparatus capable of executing the 5G network element address determining method in the embodiment of the present invention, based on the 5G network element address determining method described in the embodiment of the present invention, those skilled in the art can understand the specific implementation of the 5G network element address determining apparatus of the present embodiment and various modifications thereof, so how the 5G network element address determining apparatus implements the 5G network element address determining method in the embodiment of the present invention will not be described in detail herein. The device adopted by the method for determining the 5G network element address in the embodiment of the present invention belongs to the scope of protection intended by the present application.

Example IV

Fig. 6 is a schematic structural diagram of an electronic device according to a fourth embodiment of the present invention. Fig. 6 shows a block diagram of an electronic device 412 suitable for use in implementing embodiments of the invention. The electronic device 412 shown in fig. 6 is only an example and should not be construed as limiting the functionality and scope of use of embodiments of the invention. The electronic device 412 may be, for example, a computer device or a server device, etc.

As shown in fig. 6, the electronic device 412 is in the form of a general purpose computing device. Components of electronic device 412 may include, but are not limited to: one or more processors 416, a storage 428, and a bus 418 that connects the various system components (including the storage 428 and the processors 416).

Bus 418 represents one or more of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, a processor, or a local bus using any of a variety of bus architectures. By way of example, and not limitation, such architectures include industry standard architecture (Industry Standard Architecture, ISA) bus, micro channel architecture (MicroChannel Architecture, MCA) bus, enhanced ISA bus, video electronics standards association (Video Electronics Standards Association, VESA) local bus, and peripheral component interconnect (Peripheral Component Interconnect, PCI) bus.

Electronic device 412 typically includes a variety of computer system readable media. Such media can be any available media that is accessible by electronic device 412 and includes both volatile and nonvolatile media, removable and non-removable media.

The storage 428 may include computer system readable media in the form of volatile memory, such as random access memory (Random Access Memory, RAM) 430 and/or cache memory 432. The electronic device 412 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 434 may be used to read from or write to non-removable, nonvolatile magnetic media (not shown in FIG. 6, commonly referred to as a "hard disk drive"). Although not shown in fig. 6, a disk drive for reading from and writing to a removable nonvolatile magnetic disk (e.g., a "floppy disk"), and an optical disk drive for reading from and writing to a removable nonvolatile optical disk (e.g., a Compact Disc-Read Only Memory (CD-ROM), digital versatile Disc (Digital Video Disc-Read Only Memory, DVD-ROM), or other optical media) may be provided. In such cases, each drive may be coupled to bus 418 via one or more data medium interfaces. Storage 428 may include at least one program product having a set (e.g., at least one) of program modules configured to carry out the functions of embodiments of the invention.

Programs 436 having a set (at least one) of program modules 426 may be stored, for example, in storage 428, such program modules 426 include, but are not limited to, an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment. Program modules 426 typically carry out the functions and/or methods of the embodiments described herein.

The electronic device 412 may also communicate with one or more external devices 414 (e.g., keyboard, pointing device, camera, display 424, etc.), one or more devices that enable a user to interact with the electronic device 412, and/or any device (e.g., network card, modem, etc.) that enables the electronic device 412 to communicate with one or more other computing devices. Such communication may occur through an Input/Output (I/O) interface 422. Also, the electronic device 412 may communicate with one or more networks (e.g., a local area network (Local Area Network, LAN), a wide area network Wide Area Network, a WAN) and/or a public network, such as the internet) via the network adapter 420. As shown, network adapter 420 communicates with other modules of electronic device 412 over bus 418. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 412, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, disk array (Redundant Arrays of Independent Disks, RAID) systems, tape drives, data backup storage systems, and the like.

The processor 416 executes various functional applications and data processing by running a program stored in the storage 428, for example, to implement the 5G network element address determining method provided by the above embodiment of the present invention: acquiring network flow data in a 5G network; under the condition that the network traffic data is determined to be of a first target signaling type, determining an IP address of a source network element and an IP address of a destination network element associated with the network traffic data according to the network traffic data; and under the condition that the network traffic data is determined to be of the second target signaling type, determining the IP address of the source network element or the IP address of the destination network element associated with the network traffic data according to the network traffic data.

Example five

A fifth embodiment of the present invention further provides a computer storage medium storing a computer program, where the computer program when executed by a computer processor is configured to perform the 5G network element address determining method according to any one of the foregoing embodiments of the present invention: acquiring network flow data in a 5G network; under the condition that the network traffic data is determined to be of a first target signaling type, determining an IP address of a source network element and an IP address of a destination network element associated with the network traffic data according to the network traffic data; and under the condition that the network traffic data is determined to be of the second target signaling type, determining the IP address of the source network element or the IP address of the destination network element associated with the network traffic data according to the network traffic data.

The computer storage media of embodiments of the invention may take the form of any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a Read-Only Memory (ROM), an erasable programmable Read-Only Memory ((Erasable Programmable Read Only Memory, EPROM) or flash Memory), an optical fiber, a portable compact disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.

The computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.

Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, radio Frequency (RF), etc., or any suitable combination of the foregoing.

Computer program code for carrying out operations of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).

Note that the above is only a preferred embodiment of the present invention and the technical principle applied. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, while the invention has been described in connection with the above embodiments, the invention is not limited to the embodiments, but may be embodied in many other equivalent forms without departing from the spirit or scope of the invention, which is set forth in the following claims.

Claims

1. A method for determining a 5G network element address, comprising:

acquiring network flow data in a fifth generation mobile communication technology 5G network;

under the condition that the network traffic data is determined to be of a first target signaling type, determining an IP address of a source network element and an IP address of a destination network element associated with the network traffic data according to the network traffic data; wherein the first target signaling type is a type of signaling with a fixed source network element and a destination network element;

under the condition that the network traffic data is determined to be of a second target signaling type, determining an IP address of a source network element or an IP address of a destination network element associated with the network traffic data according to the network traffic data;

The second target signaling type is a type of signaling with a fixed source or destination network element;

the first target signaling type includes at least one of NG Setup signaling, PFCP Session Establishment signaling, PFCP Session Modification, and PFCP Session Deletion signaling;

and under the condition that the network traffic data is determined to be of a first target signaling type, determining the IP address of the source network element and the IP address of the target network element associated with the network traffic data according to the network traffic data, wherein the method comprises the following steps:

under the condition that the network flow data is determined to be the NG Setup signaling, determining that a source network element associated with the network flow data is a Radio Access Network (RAN) network element and a destination network element associated with the network flow data is a mobile management function (AMF) network element;

in the case that the network traffic data is determined to be any one of the PFCP Session Establishment signaling, the PFCP Session Modification signaling and the PFCP Session Deletion signaling, it is determined that a source network element associated with the network traffic data is a session management function SMF network element, and a destination network element associated with the network traffic data is a user plane function UPF network element.

2. The method according to claim 1, wherein, in the case of determining that the network traffic data is of the first target signaling type, determining, from the network traffic data, an IP address of a source network element and an IP address of a destination network element associated with the network traffic data, comprises:

under the condition that the network flow data is determined to be the NG Setup signaling, determining that the IP address of a source network element associated with the network flow data is the IP address of the RAN network element according to the network flow data, and determining that the IP address of a destination network element associated with the network flow data is the IP address of the AMF network element;

and determining that the IP address of the source network element associated with the network traffic data is the IP address of the SMF network element according to the network traffic data, and determining that the IP address of the destination network element associated with the network traffic data is the IP address of the UPF network element under the condition that the network traffic data is determined to be any one of the PFCP Session Establishment signaling, the PFCP Session Modification signaling and the PFCP Session Deletion signaling.

3. The method of claim 1, wherein the second target signaling type comprises at least one of Registration signaling, communication N1N2message transfer signaling, pduse_createsmcontext signaling, and sdm_get signaling;

And under the condition that the network traffic data is determined to be of a second target signaling type, determining the IP address of the source network element or the IP address of the target network element associated with the network traffic data according to the network traffic data, wherein the method comprises the following steps:

under the condition that the network flow data is determined to be the Registration signaling, determining that a destination network element which is associated with the network flow data and is communicated with User Equipment (UE) is an AMF network element;

under the condition that the network traffic data is determined to be the communication N1N2message transfer signaling, determining a destination network element associated with the network traffic data as the AMF network element;

under the condition that the network flow data is determined to be the PDUSion_CreateScontext signaling, determining that a destination network element associated with the network flow data is an SMF network element;

and under the condition that the network flow data is determined to be the SDM_get signaling, determining a destination network element associated with the network flow data as a Unified Data Management (UDM) network element.

4. The method of claim 1, wherein the second target signaling type comprises at least one of Auth signaling, sm-policies signaling, policyAuthorization Create signaling in nnssf_nsselection signaling;

under the condition that the network flow data is determined to be the Auth signaling, determining a target network element associated with the network flow data as an authentication server function AUSF network element;

under the condition that the network flow data is determined to be the sm-policies signaling, determining a destination network element associated with the network flow data as a policy control function network element PCF;

under the condition that the network traffic data is determined to be the PolicyAuthorization Create signaling, determining a source network element associated with the network traffic data as an application function AF network element;

and under the condition that the network traffic data is determined to be the NSsf_NSSelect signaling, determining a destination network element associated with the network traffic data as a network slice selection function NSSF network element.

5. A method according to claim 3, wherein, in the case where the network traffic data is determined to be of the second target signaling type, determining, from the network traffic data, the IP address of the source network element or the IP address of the destination network element associated with the network traffic data comprises:

Under the condition that the network flow data is determined to be the Registration signaling, determining that the IP address of a destination network element associated with the network flow data is the IP address of the AMF network element according to the network flow data;

under the condition that the network flow data is determined to be the communication N1N2message transfer signaling, determining that the IP address of a destination network element associated with the network flow data is the IP address of the AMF network element Namf service according to the network flow data;

under the condition that the network traffic data is determined to be the PDUSion_CreateSMContext signaling, determining that the IP address of a destination network element associated with the network traffic data is the IP address of the SMF network element Nsmf service according to the network traffic data;

and under the condition that the network flow data is determined to be the SDM_get signaling, determining that the IP address of a destination network element associated with the network flow data is the IP address of the UDM network element Nudm service according to the network flow data.

6. The method according to claim 4, wherein, in the case of determining that the network traffic data is of the second target signaling type, determining, from the network traffic data, an IP address of a source network element or an IP address of a destination network element associated with the network traffic data, comprises:

Under the condition that the network flow data is determined to be the Auth signaling, determining that the IP address of a target network element associated with the network flow data is the IP address of the Nausf service of the AUSF network element according to the network flow data;

under the condition that the network flow data is determined to be the sm-policies signaling, determining that the IP address of a destination network element associated with the network flow data is the IP address of the PCF network element Npcf service according to the network flow data;

under the condition that the network traffic data is determined to be the PolicyAuthorization Create signaling, determining that the IP address of a source network element associated with the network traffic data is the IP address of the AF network element Naf service according to the network traffic data;

and under the condition that the network traffic data is determined to be the NSsf_NSSelect signaling, determining that the IP address of the destination network element associated with the network traffic data is the IP address of the NSSF network element NSsf service according to the network traffic data.

7. The method according to claim 1, wherein the method further comprises:

under the condition that the network traffic data comprises a full tunnel endpoint identifier F-TEID, determining an IP address of an AMF network element according to the F-TEID;

Wherein the IP address of the AMF network element comprises the IP address of the source network element and/or the IP address of the destination network element associated with the network traffic data.

8. The method of claim 1, further comprising, after said determining an IP address of a source network element or an IP address of a destination network element associated with said network traffic data:

detecting the network traffic data based on a data packet depth detection technology DPI, the IP address of the source network element and/or the IP address of the destination network element to obtain traffic data to be processed;

and determining call identification data associated with the flow data to be processed.

9. A 5G network element address determining apparatus, comprising:

the network flow data acquisition module is used for acquiring network flow data in the 5G network of the fifth generation mobile communication technology;

a first network element address determining module, configured to determine, according to the network traffic data, an IP address of a source network element and an IP address of a destination network element associated with the network traffic data, when it is determined that the network traffic data is of a first target signaling type; wherein the first target signaling type is a type of signaling with a fixed source network element and a destination network element;

A second network element address determining module, configured to determine, according to the network traffic data, an IP address of a source network element or an IP address of a destination network element associated with the network traffic data, when it is determined that the network traffic data is of a second target signaling type; the second target signaling type is a type of signaling with a fixed source or destination network element;

the first network element address determining module is specifically configured to: under the condition that the network flow data is determined to be the NG Setup signaling, determining that a source network element associated with the network flow data is a Radio Access Network (RAN) network element and a destination network element associated with the network flow data is a mobile management function (AMF) network element; in the case that the network traffic data is determined to be any one of the PFCP Session Establishment signaling, the PFCP Session Modification signaling and the PFCP Session Deletion signaling, it is determined that a source network element associated with the network traffic data is a session management function SMF network element, and a destination network element associated with the network traffic data is a user plane function UPF network element.

10. An electronic device, the electronic device comprising:

one or more processors;

a storage means for storing one or more programs;

the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the 5G network element address determination method of any of claims 1-8.

11. A computer storage medium having stored thereon a computer program, which when executed by a processor implements a 5G network element address determination method according to any of claims 1-8.