CN117354089A - Data transmission method, device and readable storage medium - Google Patents

Data transmission method, device and readable storage medium Download PDF

Info

Publication number
CN117354089A
CN117354089A CN202311434544.4A CN202311434544A CN117354089A CN 117354089 A CN117354089 A CN 117354089A CN 202311434544 A CN202311434544 A CN 202311434544A CN 117354089 A CN117354089 A CN 117354089A
Authority
CN
China
Prior art keywords
address
request message
vpn
data request
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311434544.4A
Other languages
Chinese (zh)
Inventor
鹿如强
牟超宇
丁国仁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN202311434544.4A priority Critical patent/CN117354089A/en
Publication of CN117354089A publication Critical patent/CN117354089A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a data transmission method, a data transmission device and a readable storage medium, relates to the technical field of communication, and is used for improving data transmission efficiency and applied to a user plane function UPF network element; a UPF network element having a plurality of virtual private network VPNs configured therein, different VPNs being used to link different networks, the method comprising: receiving a first data request message of the terminal equipment, wherein the first data request message comprises a destination Internet Protocol (IP) address; determining a target VPN in the VPNs according to the destination IP address; the network linked by the target VPN is the same as the network corresponding to the target IP address; and sending a second data request message to the destination IP address through the target VPN, wherein the second data request message is a message which is identifiable by a network linked by the target VPN, and the second data request message is obtained by converting the first data request message.

Description

Data transmission method, device and readable storage medium
Technical Field
The embodiments of the present application relate to the field of communications technologies, and in particular, to a data transmission method, a data transmission device, and a readable storage medium.
Background
With the development of communication technology, application scenarios of private networks (also referred to as local area networks, customer intranets, private networks) are increasing (such as enterprise networks/campus networks/library networks, etc.) in addition to public networks (also referred to as metropolitan area networks, public networks).
In the related art, uplink data is typically split by a user plane function (User Plane Function, UPF) network element uplink classifier (Uplink Classifier, UL CL), and is sent to the public network through a first UPF PDU session anchor point (PDU Session Anchor, PSA) connected to the public network when the destination internet protocol (Internet Protocol Address, IP) address of the uplink data is a public network IP address; in the case where the destination internet protocol (Internet Protocol Address, IP) address of the upstream data is a private network IP address, the upstream data is sent to the private network via a second UPF PSA connected to the private network. However, multiple types of UPF network elements are required to be used for networking, so that the network architecture is complex, and the data transmission efficiency is poor.
Disclosure of Invention
The application provides a data transmission method, a data transmission device and a readable storage medium, which are used for improving data transmission efficiency.
In order to achieve the above purpose, the present application adopts the following technical scheme:
in a first aspect, a data transmission method is provided, which is applied to a user plane function UPF network element; a UPF network element having a plurality of virtual private network VPNs configured therein, different VPNs being used to link different networks, the method comprising: receiving a first data request message of the terminal equipment, wherein the first data request message comprises a destination Internet Protocol (IP) address; determining a target VPN in the VPNs according to the destination IP address; the network linked by the target VPN is the same as the network corresponding to the target IP address; and sending a second data request message to the destination IP address through the target VPN, wherein the second data request message is a message which is identifiable by a network linked by the target VPN, and the second data request message is obtained by converting the first data request message.
Optionally, the network includes a public network and a private network, and determining a target VPN of the multiple VPNs according to the destination IP address includes: under the condition that the destination IP address is a private network IP address, determining that the target VPN is a first VPN; the first VPN is used for linking a private network; under the condition that the destination IP address is a public network IP address, determining that the target VPN is a second VPN; the second VPN is used to link the public network.
Optionally, a firewall is further disposed between the UPF network element and the network, and when the target VPN is the first VPN, sending, by the target VPN, a second data request message to the destination IP address, including: packaging the first data request message to obtain a second data request message; and sending the second data request message to the firewall through the first VPN, so that the firewall sends the second data request message to the destination IP address through the first VPN.
Optionally, a firewall is further disposed between the UPF network element and the network, the first data request message further includes a source IP address, and when the target VPN is the second VPN, the second data request message is sent to the destination IP address through the target VPN, including: converting the source IP address into a public network IP address, and updating the public network IP address converted by the source IP address into a first data request message to obtain a second data request message; and sending the second data request message to the firewall through the second VPN, so that the firewall sends the second data request message to the destination IP address through the public network IP address and the second VPN.
Optionally, the method further comprises: matching the destination IP address with a preset routing table; the preset routing table comprises a private network routing table and a public network routing table; under the condition that the destination IP address is matched with the private network routing table, determining the destination IP address as the private network IP address; and under the condition that the destination IP address is matched with the public network routing table, determining that the destination IP address is the public network IP address.
Based on the technical scheme provided by the application, the UPF network element can determine a target VPN in a plurality of VPNs according to the target IP address under the condition of receiving the first data request message of the terminal equipment, and send the second data request message to the target IP address through the target VPN. Because the network linked by the target VPN is the same as the network corresponding to the target IP address, the second data request message is a message which can be identified by the network linked by the target VPN, so that the transmission of different types of uplink data of the terminal equipment can be realized through a single UPF network element without networking by using a plurality of types of UPF network elements, the network architecture is simplified, nodes of a data transmission path are reduced, the data transmission efficiency is improved, and the construction cost of the network architecture is reduced.
In a second aspect, a data transmission device is provided, which is applied to a user plane function UPF network element; the UPF network element is configured with a plurality of virtual private network VPNs, different VPNs being used for linking different networks, the apparatus comprising: the device comprises a receiving unit, a determining unit and a transmitting unit; a receiving unit, configured to receive a first data request message of a terminal device, where the first data request message includes a destination internet protocol IP address; a determining unit configured to determine a target VPN among the plurality of VPNs according to the destination IP address; the network linked by the target VPN is the same as the network corresponding to the target IP address; and the sending unit is used for sending a second data request message to the destination IP address through the target VPN, wherein the second data request message is a message which is identifiable to the network linked by the target VPN, and the second data request message is obtained by converting the first data request message.
Optionally, the network includes a public network and a private network, and the determining unit is specifically configured to: under the condition that the destination IP address is a private network IP address, determining that the target VPN is a first VPN; the first VPN is used for linking a private network; under the condition that the destination IP address is a public network IP address, determining that the target VPN is a second VPN; the second VPN is used to link the public network.
Optionally, a firewall is further disposed between the UPF network element and the network, and the sending unit is specifically configured to: packaging the first data request message to obtain a second data request message; and sending the second data request message to the firewall through the first VPN, so that the firewall sends the second data request message to the destination IP address through the first VPN.
Optionally, a firewall is further disposed between the UPF network element and the network, the first data request message further includes a source IP address, and the sending unit is specifically configured to: converting the source IP address into a public network IP address, and updating the public network IP address converted by the source IP address into a first data request message to obtain a second data request message; and sending the second data request message to the firewall through the second VPN, so that the firewall sends the second data request message to the destination IP address through the public network IP address and the second VPN.
Optionally, the apparatus further comprises a processing unit; the processing unit is used for matching the destination IP address with a preset routing table; the preset routing table comprises a private network routing table and a public network routing table; the determining unit is further used for determining that the destination IP address is the private network IP address under the condition that the destination IP address is matched with the private network routing table; and the determining unit is also used for determining the destination IP address as the public network IP address under the condition that the destination IP address is matched with the public network routing table.
In a third aspect, a data transmission device is provided, where the data transmission device may implement the functions performed by the data transmission device in the above aspects or in each possible design, and the functions may be implemented by hardware, for example: in one possible design, the data transmission device may include: a processor and a communication interface, the processor being operable to support the data transmission apparatus to carry out the functions referred to in the above-described first aspect or any of the possible designs of the first aspect.
In yet another possible design, the data transmission device may further include a memory for holding computer-executable instructions and data necessary for the data transmission device. The processor executes the computer-executable instructions stored by the memory when the data transmission apparatus is operating to cause the data transmission apparatus to perform any one of the possible data transmission methods of the first aspect or the first aspect described above.
In a fourth aspect, a computer readable storage medium is provided, which may be a readable non-volatile storage medium, storing computer instructions or a program which, when run on a computer, cause the computer to perform the first aspect or any one of the possible data transmission methods of the aspects.
In a fifth aspect, there is provided a computer program product comprising instructions which, when run on a computer, cause the computer to perform the data transmission method of the first aspect or any of the possible designs of the aspects.
In a sixth aspect, an electronic device is provided that includes one or more processors and one or more memories. The one or more memories are coupled with the one or more processors, the one or more memories being for storing computer program code comprising computer instructions which, when executed by the one or more processors, cause the electronic device to perform a data transmission method as described above in the first aspect or any of the possible designs of the first aspect.
In a seventh aspect, a chip system is provided, comprising a processor and a communication interface, which chip system may be used to implement the functions performed by the data transmission device in the first aspect or any of the possible designs of the first aspect. In one possible design, the chip system further includes a memory for holding program instructions and/or data. The chip system may be composed of a chip, or may include a chip and other discrete devices, without limitation.
Drawings
Fig. 1 is a schematic structural diagram of a data transmission system according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of still another data transmission system according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a data transmission device according to an embodiment of the present application;
fig. 4 is a flow chart of a data transmission method according to an embodiment of the present application;
fig. 5 is a flow chart of another data transmission method according to an embodiment of the present application;
fig. 6 is a flowchart of another data transmission method according to an embodiment of the present application;
fig. 7 is a flowchart of another data transmission method according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of another data transmission device according to an embodiment of the present application.
Detailed Description
In order to enable those skilled in the art to better understand the technical solutions of the present disclosure, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings.
It should be noted that the terms "first," "second," and the like in the description and claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the disclosure described herein may be capable of operation in sequences other than those illustrated or described herein. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with aspects of embodiments of the present application as detailed in the accompanying claims.
It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, and/or components.
With the development of communication technology, application scenarios of private networks (such as enterprise networks/campus networks/library networks) are increasing in addition to public networks. In the related art, upstream data is typically split by a user plane function (UPF, user Plane Function, UPF) network element upstream classifier (Uplink Classifier, UL CL), and upstream data with a destination internet protocol (Internet Protocol Address, IP) address being a public network IP address is sent to the public network through a first UPF PDU session anchor (PDU Session Anchor, PSA) connected to the public network, and upstream data with a destination IP address being a private network IP address is sent to the private network through a second UPF PSA connected to the private network. However, this requires the use of multiple types of UPF network elements for networking, which is complex in network architecture and costly.
In other diversion techniques, the mobile edge calculation may also be performed according to a vehicle terminal signal diverted by the first base station disposed on the road side; judging whether the distance between the vehicle and the first base station is not smaller than the distance between the vehicle and the second base station according to the vehicle position information obtained by calculating the moving edge; if yes, a base station switching command is issued to the first base station; the second base station is arranged at the downstream of the first base station along the running direction of the vehicle. Therefore, the base station splits the signals to reduce transmission delay, realize local splitting of data flow and relieve the data transmission pressure of the core network; and the communication switching between the vehicle running at high speed and the base station is realized by carrying out mobile edge calculation on the split signals, so that the switching success rate is improved, and the continuity and stability of the communication between the vehicle and the base station are ensured. However, this also requires the use of multiple types of UPF network element networks, which is complex in network architecture and costly.
In view of this, the embodiment of the present application provides a data transmission method applied to a user plane function UPF network element; a UPF network element having a plurality of virtual private network VPNs configured therein, different VPNs being used to link different networks, the method comprising: receiving a first data request message of the terminal equipment, wherein the first data request message comprises a destination Internet Protocol (IP) address; determining a target VPN in the VPNs according to the destination IP address; the network linked by the target VPN is the same as the network corresponding to the target IP address; and sending a second data request message to the destination IP address through the target VPN, wherein the second data request message is a message which is identifiable by a network linked by the target VPN, and the second data request message is obtained by converting the first data request message.
The method provided in the embodiments of the present application will be described in detail below with reference to the accompanying drawings.
It should be noted that, the network system described in the embodiments of the present application is for more clearly describing the technical solution of the embodiments of the present application, and does not constitute a limitation on the technical solution provided in the embodiments of the present application, and those skilled in the art can know that, with the evolution of the network system and the appearance of other network systems, the technical solution provided in the embodiments of the present application is applicable to similar technical problems.
Fig. 1 is a schematic diagram of a data transmission system 10 (which may also be referred to as a dual domain network architecture) according to an embodiment of the present application. As shown in fig. 1, the data transmission system 10 may include a UPF network element 11, a terminal device 12, a public network 13, and a private network 14. The UPF network element 11 is connected to the terminal device 12, the public network 13, and the private network 14, respectively.
The UPF network element 11 in the embodiment of the present application is configured to link a private network through a first VPN and link a public network through a second VPN.
The terminal device 12 is a device providing a network communication service, and the terminal device 12 may be configured to request target data through a data request message. The terminal device 12 according to the embodiments of the present application may also be referred to as a terminal, a Mobile Station (MS), a Mobile Terminal (MT), or the like, and is a device that provides voice and/or data connectivity to a user, and for example, the terminal device 12 may be a handheld device, an in-vehicle device, or the like that has a wireless connection function. The method specifically comprises the following steps: a smart phone (mobile phone), a pocket computer (pocket personal computer, PPC), a palm top computer, a personal digital assistant (personal digital assistant, PDA), a notebook computer, a tablet computer, a wearable device, or an in-vehicle device, etc. The embodiments of the present application are not limited to the specific technology, specific number, and specific device configuration employed by the terminal device 12.
The public network 13 is used to provide a public network for the terminal device 12. Private network 14 is used to provide a private network (also referred to as a customer intranet) for terminal device 12. For example, the public network 13 and the private network 14 may be servers, and the servers may be a single server or may be a server cluster composed of a plurality of servers. In some implementations, the server cluster may also be a distributed cluster. The embodiments of the present application do not limit the specific technology, specific number and specific device configuration of the server.
In some embodiments, as shown in fig. 2, the data transmission system 10 may further include a firewall 15 and a base station 16 connected to the UPF network element.
Wherein the firewall 15 may be used to filter anomalous data in the dual-domain network architecture. The number of firewalls 15 may be set as desired. For example, the firewall 15 may include a primary firewall, a secondary firewall (also referred to as a backup firewall).
The firewall 15 may be connected to the UPF network element through a preset interface. For example, an N6 interface is possible.
Wherein the base station 16 may provide network services for the terminal devices. For example, it may be: an evolved node b (eNB), a home base station, an Access Point (AP) in a wireless fidelity (wireless fidelity, WIFI) system, a wireless relay node, a wireless backhaul node, a transmission point (transmission point, TP), or a transmission reception point (transmission and reception point, TRP), and the like. In the embodiments of the present application, the specific technology and the specific device configuration adopted by the base station 16 are not limited.
It should be noted that fig. 2 is only an exemplary frame diagram, and names of the devices included in fig. 1 are not limited, and other nodes may be included in addition to the functional nodes shown in fig. 1, which is not limited in the embodiment of the present application.
In particular, each of the devices of fig. 1 and 2 may employ the constituent structure shown in fig. 3 or include the components shown in fig. 3. Fig. 3 is a schematic diagram of a data transmission device 200 according to an embodiment of the present application, where the data transmission device 200 may be a server, or the data transmission device 200 may be a chip or a system on a chip in the server. As shown in fig. 3, the data transmission device 200 includes a processor 201, a communication interface 202, and a communication line 203.
Further, the data transmission device 200 may further include a memory 204. The processor 201, the memory 204, and the communication interface 202 may be connected by a communication line 203.
The processor 201 is a CPU, general-purpose processor, network processor (network processor, NP), digital signal processor (digital signal processing, DSP), microprocessor, microcontroller, programmable logic device (programmable logic device, PLD), or any combination thereof. The processor 201 may also be other devices with processing functions, such as, without limitation, circuits, devices, or software modules.
Communication interface 202 is used to communicate with other devices or other communication networks. The communication interface 202 may be a module, a circuit, a communication interface, or any device capable of enabling communication.
Communication line 203 for transmitting information between the components included in data transmission device 200.
Memory 204 for storing instructions. Wherein the instructions may be computer programs.
The memory 204 may be, but is not limited to, a read-only memory (ROM) or other type of static storage device capable of storing static information and/or instructions, a random access memory (random access memory, RAM) or other type of dynamic storage device capable of storing information and/or instructions, an EEPROM, a CD-ROM (compact disc read-only memory) or other optical disk storage, an optical disk storage (including compact disk, laser disk, optical disk, digital versatile disk, blu-ray disk, etc.), a magnetic disk storage medium or other magnetic storage device, etc.
It should be noted that the memory 204 may exist separately from the processor 201 or may be integrated with the processor 201. Memory 204 may be used to store instructions or program code or some data, etc. The memory 204 may be located inside the data transmission device 200 or outside the data transmission device 200, without limitation. The processor 201 is configured to execute instructions stored in the memory 204 to implement a data transmission method provided in the following embodiments of the present application.
In one example, processor 201 may include one or more CPUs, such as CPU0 and CPU1 in fig. 3.
As an alternative implementation, the data transmission device 200 comprises a plurality of processors, e.g. in addition to the processor 201 in fig. 3, a processor 205 may be included.
It should be noted that the constituent structures shown in fig. 3 do not constitute limitations of the respective apparatuses in fig. 1 and 2, and that the respective apparatuses in fig. 1 and 2 may include more or less components than those shown in fig. 3, or may combine some components, or may be arranged differently, in addition to those shown in fig. 3.
In the embodiment of the application, the chip system may be formed by a chip, and may also include a chip and other discrete devices.
Further, actions, terms, etc. referred to between embodiments of the present application may be referred to each other without limitation. In the embodiment of the present application, the name of the message or the name of the parameter in the message, etc. interacted between the devices are only an example, and other names may also be adopted in the specific implementation, and are not limited.
In order to clearly describe the technical solutions of the embodiments of the present application, in the embodiments of the present application, the words "first", "second", etc. are used to distinguish the same item or similar items having substantially the same function and effect. It will be appreciated by those of skill in the art that the words "first," "second," and the like do not limit the amount and order of execution, and that the words "first," "second," and the like do not necessarily differ.
In this application, the terms "exemplary" or "such as" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "for example" should not be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion.
In the present application, "at least one" means one or more, and "a plurality" means two or more. "and/or", describes an association relationship of an association object, and indicates that there may be three relationships, for example, a and/or B, and may indicate: a alone, a and B together, and B alone, wherein a, B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b, or c may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or plural.
The data transmission method provided in the embodiment of the present application is described below with reference to the data transmission system shown in fig. 1.
Fig. 4 is a schematic diagram of a data transmission method according to an embodiment of the present application, which is applied to a user plane function UPF network element, and may also be applied to a device in the UPF network element, such as a chip. For example, the UPF network element may be UPF network element 11 in fig. 1.
Wherein, a plurality of virtual private network VPN are configured in the UPF network element, and different VPN are used for linking different networks.
The embodiment of the present application is illustrated by taking an application to a UPF network element as an example, and as shown in fig. 4, the method includes the following steps S301 to S303:
s301, a first data request message of the terminal equipment is received.
Wherein the first data request message (which may also be referred to as upstream data) comprises the destination internet protocol IP address. The first data request message may be used to request target data. For example, the target data may be image data, audio data, video data, text data, or the like.
As a possible implementation manner, the terminal device may send, in response to the control instruction, a first data request message to the UPF network element through the base station. Correspondingly, the UPF network element receives a first data request message of the terminal equipment.
It should be noted that the control instruction may refer to an instruction generated in response to a control operation by an operator. For example, the control command may be a control command input by an operator through an input device (such as a keyboard) of the terminal apparatus.
S302, determining a target VPN in the VPNs according to the destination IP address.
Wherein the network linked by the target VPN is the same as the network corresponding to the target IP address.
As a possible implementation manner, the UPF network element may determine that the target VPN is the first VPN when the destination IP address is a private IP address; and determining the target VPN as a second VPN when the destination IP address is the public network IP address.
It should be noted that, the first VPN is used for linking to the private network, and the second VPN is used for linking to the public network.
S303, sending a second data request message to the destination IP address through the target VPN.
Wherein the second data request message is a message identifiable to the network linked to the target VPN, and the second data request message is converted according to the first data request message.
As a possible implementation manner, in the case that the destination IP address is a private network IP address, the UPF network element may send the second data request message to the destination IP address through the first VPN configured in the UPF network element; in the case that the destination IP address is a public network IP address, the UPF network element may send a second data request message to the destination IP address through a second VPN configured in the UPF network element.
The following describes a procedure for sending the second data request message to the destination IP address in detail, where the destination IP address is a private network IP address and the destination IP address is a public network IP address, respectively.
1. The destination IP address is a private network IP address:
in one example, the UPF network element may encapsulate the first data request message to obtain a second data request message, and send the second data request message to the destination IP address through the first VPN.
It should be noted that, the UPF network element may encapsulate the first data request message through a preset tool. For example, the preset tool may be a generic routing encapsulation (gre tunnel) tool.
Thus, through GRE tunnel encapsulation, a target GRE tunnel can be established. The starting point of the target GRE tunnel is a UPF network element, and the end point of the GRE tunnel is an access device of a private network.
In some embodiments, if the source IP address is a next generation IP protocol (Internet Protocol Version, IPV 6) address, the UPF network element may encapsulate the IP address format of the data request message into a public network generic format in order to avoid the device between the UPF network element and the private network access device from being able to identify the IPV6 source IP address. For example, the public network generic format may be the gre_ipv6_over_ipv4 format.
In yet another example, the UPF network element may encapsulate the first data request message to obtain a second data request message, and send the second data request message to the firewall through the first VPN, so that the firewall sends the second data request message to the destination IP address through the first VPN.
Therefore, the first data request message can be screened through forwarding the first data request message by the firewall, so that the intrusion of abnormal data to the data transmission system is avoided, and the security of network data transmission is improved.
In some embodiments, the first VPN may be a VPN intranet and the second VPN may be a VPN internet.
2. The destination IP address is a public network IP address:
in an example, the UPF network element may convert the source IP address to a public network IP address, and update the public network IP address to the first data request message to obtain the second data request message; further, a second data request message is sent to the destination IP address via the public network IP address and the second VPN.
It should be noted that, the UPF network element may convert the source IP address into the public network IP address through a preset conversion tool. For example, the preset translation tool may be a network address translation (Network Address Translator, NAT) board.
In yet another example, the UPF network element may convert the source IP address to a public IP address, and update the public IP address to the first data request message to obtain the second data request message; further, a second data request message is sent to the firewall through the second VPN such that the firewall sends the second data request message to the destination IP address through the public network IP address and the second VPN.
In some embodiments, if the source IP address is a next generation IP protocol (Internet Protocol Version, IPV 6) address, the UPF network element may send the data request message directly to the destination IP address via the IPV6 source IP address and the second VPN.
Based on the technical scheme provided by the application, the UPF network element can determine a target VPN in a plurality of VPNs according to the target IP address under the condition of receiving the first data request message of the terminal equipment, and send the second data request message to the target IP address through the target VPN. Because the network linked by the target VPN is the same as the network corresponding to the target IP address, the second data request message is a message which can be identified by the network linked by the target VPN, so that the transmission of different types of uplink data of the terminal equipment can be realized through a single UPF network element without networking by using a plurality of types of UPF network elements, the network architecture is simplified, nodes of a data transmission path are reduced, the data transmission efficiency is improved, and the construction cost of the network architecture is reduced.
In a possible embodiment, as shown in fig. 5, in the case where the destination IP address is a private IP address, in order to send the target data to the terminal device, the data transmission method of the present application may further include the following S401 to S403.
S401, receiving the encapsulated data reply message from the destination IP address.
The data reply message includes the destination data and the source IP address, and may further include the destination IP address.
As a possible implementation manner, the destination terminal corresponding to the destination IP address may encapsulate the data reply message by using a gre tunnel tool, and send the encapsulated data reply message to the UPF network element through the first VPN. Correspondingly, the UPF network element receives the encapsulated data reply message from the destination IP address.
As a possible implementation manner, the destination terminal corresponding to the destination IP address may encapsulate the data reply message by using a gre tunnel tool, and send the encapsulated data reply message to the firewall through the first VPN. Further, the firewall queries the first VPN routing table, and sends the encapsulated data reply message to the UPF network element through the first VPN routing table. Correspondingly, the UPF network element receives the encapsulated data reply message.
It should be noted that, after the terminal device sends the first data request message, the first VPN may automatically generate the first VPN routing table.
S402, analyzing the packaged data reply message to obtain target data and a source IP address.
As a possible implementation manner, the UPF network element may match the local gre configuration, and parse the encapsulated data reply message according to the gre configuration to obtain the target data and the source IP address.
S403, determining a target path pointing to the terminal equipment according to the first mapping relation and the source IP address, and sending target data to the terminal equipment through the target path.
The first mapping relation comprises different IP addresses and corresponding target paths.
As a possible implementation manner, the UPF network element may determine a target path having a mapping relationship with the source IP address from the first mapping relationship, and send target data to the terminal device through the target path.
It should be noted that the first mapping relationship may be stored in the UPF network element in advance. For example, may be stored in a user VPN (which may also be referred to as VPN user).
In a possible embodiment, as shown in fig. 6, in the case where the destination IP address is a public network IP address, in order to send the target data to the terminal device, the data transmission method of the present application may further include the following S501-S503.
S501, receiving a data reply message from a destination IP address.
The data reply message comprises a public network IP address and target data.
As a possible implementation manner, the destination terminal corresponding to the destination IP address may send a data reply message to the UPF network element through the second VPN. Correspondingly, the UPF network element receives the data reply message from the destination IP address.
As a possible implementation manner, the destination terminal corresponding to the destination IP address may send a data reply message to the firewall through the second VPN. Further, the firewall queries a second VPN routing table and sends a data reply message to the UPF network element through the second VPN routing table. Correspondingly, the UPF network element receives the data reply message.
It should be noted that, after the terminal device sends the data request message, the second VPN may automatically generate the second VPN routing table.
S502, converting the public network IP address into a source IP address.
As a possible implementation manner, the UPF network element may determine a source IP address corresponding to the public network IP address by querying a NAT session table, and convert the public network IP address into the source IP address by using a preset conversion tool.
It should be noted that the NAT session table includes different public network IP addresses and corresponding source IP addresses and identities of the terminal devices.
S503, determining a target path pointing to the terminal equipment according to the first mapping relation and the source IP address, and sending target data to the terminal equipment through the target path pointing to the terminal equipment.
The first mapping relation comprises different IP addresses and corresponding paths.
As a possible implementation manner, the UPF network element may determine a path having a mapping relationship with the source IP address from the first mapping relationship, and send the target data to the terminal device through the target path.
In one possible embodiment, as shown in fig. 7, in order to determine the type of the destination IP address, the data transmission method of the present application may further include the following S601-S603.
S601, matching the destination IP address with a preset routing table.
The preset routing table comprises a private network routing table and a public network routing table, and the private network routing table and the public network routing table comprise a plurality of IP addresses.
As a possible implementation, the UPF network elements may be matched with the preset routing table in a preset order.
For example, the predetermined order may be a public network routing table-private network routing table, or the predetermined order may be a private network routing table-public network routing table.
S602, determining the destination IP address as the private network IP address under the condition that the destination IP address is matched with the private network routing table.
As a possible implementation manner, the UPF network element may determine that the destination IP address matches the private network routing table when the destination IP address belongs to the private network routing table, and further determine that the destination IP address is a private network IP address.
The private network routing table may be stored in a VPN user.
S603, determining the destination IP address as the public network IP address under the condition that the destination IP address is matched with the public network routing table.
As a possible implementation manner, the UPF network element may determine that the destination IP address matches the public network routing table under the condition that the destination IP address belongs to the public network routing table, so as to determine that the destination IP address is a public network IP address.
The various schemes in the embodiments of the present application may be combined on the premise of no contradiction.
The embodiment of the present application may divide the functional modules or functional units of the data transmission apparatus according to the above method example, for example, each functional module or functional unit may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The integrated modules may be implemented in hardware, or in software functional modules or functional units. The division of the modules or units in the embodiments of the present application is merely a logic function division, and other division manners may be implemented in practice.
In the case of dividing the respective functional modules by the respective functions, fig. 8 shows a schematic structural diagram of a data transmission device 700, which may be a UPF network element, or may be a chip applied in the UPF network element, where a plurality of virtual private network VPNs are configured, and different VPNs are used to link different networks, and the data transmission device 700 may be used to perform the functions of the UPF network element as referred to in the foregoing embodiments. The data transmission apparatus 700 shown in fig. 8 may include: a receiving unit 701, a determining unit 702, and a transmitting unit 703; a receiving unit 701, configured to receive a first data request message of a terminal device, where the first data request message includes a destination internet protocol IP address; a determining unit 702, configured to determine a target VPN from the multiple VPNs according to the destination IP address; the network linked by the target VPN is the same as the network corresponding to the target IP address; a sending unit 703, configured to send, to the destination IP address through the target VPN, a second data request message, where the second data request message is a message identifiable by the network linked to the target VPN, and the second data request message is converted according to the first data request message.
Optionally, the network includes a public network and a private network, and the determining unit 702 is specifically configured to: under the condition that the destination IP address is a private network IP address, determining that the target VPN is a first VPN; the first VPN is used for linking a private network; under the condition that the destination IP address is a public network IP address, determining that the target VPN is a second VPN; the second VPN is used to link the public network.
Optionally, a firewall is further disposed between the UPF network element and the network, and the sending unit 703 is specifically configured to: packaging the first data request message to obtain a second data request message; and sending the second data request message to the firewall through the first VPN, so that the firewall sends the second data request message to the destination IP address through the first VPN.
Optionally, a firewall is further disposed between the UPF network element and the network, and the first data request message further includes a source IP address, where the sending unit 703 is specifically configured to: converting the source IP address into a public network IP address, and updating the public network IP address converted by the source IP address into a first data request message to obtain a second data request message; and sending the second data request message to the firewall through the second VPN, so that the firewall sends the second data request message to the destination IP address through the public network IP address and the second VPN.
Optionally, the apparatus further comprises a processing unit 704; a processing unit 704, configured to match the destination IP address with a preset routing table; the preset routing table comprises a private network routing table and a public network routing table; the determining unit 702 is further configured to determine that the destination IP address is a private network IP address if the destination IP address matches the private network routing table; the determining unit 702 is further configured to determine that the destination IP address is a public network IP address if the destination IP address matches the public network routing table.
Embodiments of the present application also provide a computer-readable storage medium. All or part of the flow in the above method embodiments may be implemented by a computer program to instruct related hardware, where the program may be stored in the above computer readable storage medium, and when the program is executed, the program may include the flow in the above method embodiments. The computer readable storage medium may be an internal storage unit of the data transmission apparatus (including the data transmitting end and/or the data receiving end) of any of the foregoing embodiments, for example, a hard disk or a memory of the data transmission apparatus. The computer readable storage medium may be an external storage device of the terminal apparatus, for example, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) card, a flash card (flash card), or the like, which are provided in the terminal apparatus. Further, the computer readable storage medium may further include both an internal storage unit and an external storage device of the data transmission apparatus. The computer-readable storage medium is used for storing the computer program and other programs and data required by the data transmission device. The above-described computer-readable storage medium may also be used to temporarily store data that has been output or is to be output.
It should be noted that the terms "first" and "second" and the like in the description, claims and drawings of the present application are used for distinguishing between different objects and not for describing a particular sequential order. Furthermore, the terms "comprise" and "have," as well as any variations thereof, are intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those listed steps or elements but may include other steps or elements not listed or inherent to such process, method, article, or apparatus.
It should be understood that, in the present application, "at least one (item)" means one or more, "a plurality" means two or more, "at least two (items)" means two or three and three or more, "and/or" for describing an association relationship of an association object, three kinds of relationships may exist, for example, "a and/or B" may mean: only a, only B and both a and B are present, wherein a, B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b or c may represent: a, b, c, "a and b", "a and c", "b and c", or "a and b and c", wherein a, b, c may be single or plural.
From the foregoing description of the embodiments, it will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of functional modules is illustrated, and in practical application, the above-described functional allocation may be implemented by different functional modules according to needs, i.e. the internal structure of the apparatus is divided into different functional modules to implement all or part of the functions described above.
In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of modules or units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another apparatus, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and the parts shown as units may be one physical unit or a plurality of physical units, may be located in one place, or may be distributed in a plurality of different places. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a readable storage medium. Based on such understanding, the technical solution of the embodiments of the present application may be essentially or a part contributing to the prior art or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium, including several instructions to cause a device (may be a single-chip microcomputer, a chip or the like) or a processor (processor) to perform all or part of the steps of the methods of the embodiments of the present application. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk, etc.
The foregoing is merely a specific embodiment of the present application, but the protection scope of the present application is not limited thereto, and any changes or substitutions within the technical scope of the present disclosure should be covered in the protection scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (12)

1. The data transmission method is characterized by being applied to a user plane function UPF network element; the UPF network element is configured with a plurality of virtual private network VPNs, and different VPNs are used for linking different networks, and the method comprises:
receiving a first data request message of a terminal device, wherein the first data request message comprises a destination Internet Protocol (IP) address;
determining a target VPN in the plurality of VPNs according to the destination IP address; the network linked by the target VPN is the same as the network corresponding to the target IP address;
and sending a second data request message to the destination IP address through the target VPN, wherein the second data request message is a message which can be identified by a network linked with the target VPN, and the second data request message is obtained by converting the first data request message.
2. The method of claim 1, wherein the network comprises a public network and a private network, wherein the determining a target VPN of the plurality of VPNs according to the destination IP address comprises:
Determining that the target VPN is a first VPN under the condition that the target IP address is a private network IP address; the first VPN is used for linking the private network;
under the condition that the destination IP address is a public network IP address, determining that the target VPN is a second VPN; the second VPN is configured to link the public network.
3. The method according to claim 2, wherein a firewall is further disposed between the UPF network element and the network, and wherein, in the case that the target VPN is the first VPN, the sending, by the target VPN, the second data request message to the destination IP address includes:
encapsulating the first data request message to obtain the second data request message;
and sending the second data request message to the firewall through the first VPN, so that the firewall sends the second data request message to the destination IP address through the first VPN.
4. The method according to claim 2, wherein a firewall is further disposed between the UPF network element and the network, the first data request message further includes a source IP address, and the sending the second data request message to the destination IP address through the target VPN if the target VPN is the second VPN includes:
Converting the source IP address into a public network IP address, and updating the public network IP address converted by the source IP address into the first data request message to obtain the second data request message;
and sending the second data request message to the firewall through the second VPN, so that the firewall sends the second data request message to the destination IP address through the public network IP address and the second VPN.
5. The method according to any one of claims 1-4, further comprising:
matching the destination IP address with a preset routing table; the preset routing table comprises a private network routing table and a public network routing table;
under the condition that the destination IP address is matched with a private network routing table, determining the destination IP address as a private network IP address;
and under the condition that the destination IP address is matched with the public network routing table, determining that the destination IP address is a public network IP address.
6. A data transmission device, characterized in that it is applied to a user plane function UPF network element; the UPF network element is configured with a plurality of virtual private network VPNs, and different VPNs are used for linking different networks, and the device comprises: the device comprises a receiving unit, a determining unit and a transmitting unit;
The receiving unit is configured to receive a first data request message of a terminal device, where the first data request message includes a destination internet protocol IP address;
the determining unit is used for determining a target VPN in the plurality of VPNs according to the destination IP address; the network linked by the target VPN is the same as the network corresponding to the target IP address;
the sending unit is configured to send, to the destination IP address through the target VPN, a second data request message, where the second data request message is a message identifiable by a network linked to the target VPN, and the second data request message is converted according to the first data request message.
7. The apparatus according to claim 6, wherein the network comprises a public network and a private network, and the determining unit is specifically configured to:
determining that the target VPN is a first VPN under the condition that the target IP address is a private network IP address; the first VPN is used for linking the private network;
under the condition that the destination IP address is a public network IP address, determining that the target VPN is a second VPN; the second VPN is configured to link the public network.
8. The apparatus of claim 7, wherein a firewall is further disposed between the UPF network element and the network, and the sending unit is specifically configured to:
Encapsulating the first data request message to obtain the second data request message;
and sending the second data request message to the firewall through the first VPN, so that the firewall sends the second data request message to the destination IP address through the first VPN.
9. The apparatus of claim 7, wherein a firewall is further disposed between the UPF network element and the network, the first data request message further includes a source IP address, and the sending unit is specifically configured to, in a case where the target VPN is the second VPN:
converting the source IP address into a public network IP address, and updating the public network IP address converted by the source IP address into the first data request message to obtain the second data request message;
and sending the second data request message to the firewall through the second VPN, so that the firewall sends the second data request message to the destination IP address through the public network IP address and the second VPN.
10. The apparatus according to any one of claims 6-9, further comprising a processing unit;
The processing unit is used for matching the target IP address with a preset routing table; the preset routing table comprises a private network routing table and a public network routing table;
the determining unit is further configured to determine that the destination IP address is a private network IP address if the destination IP address matches with a private network routing table;
the determining unit is further configured to determine that the destination IP address is a public network IP address if the destination IP address matches with a public network routing table.
11. A computer readable storage medium having instructions stored therein which, when executed, implement the method of any of claims 1-5.
12. A data transmission apparatus, comprising: a processor, a memory, and a communication interface; wherein the communication interface is used for the data transmission device to communicate with other equipment or network; the memory is configured to store one or more programs, the one or more programs comprising computer-executable instructions that, when executed by the data transmission device, cause the processor to execute the computer-executable instructions stored by the memory to cause the data transmission device to perform the method of any of claims 1-5.
CN202311434544.4A 2023-10-31 2023-10-31 Data transmission method, device and readable storage medium Pending CN117354089A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311434544.4A CN117354089A (en) 2023-10-31 2023-10-31 Data transmission method, device and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311434544.4A CN117354089A (en) 2023-10-31 2023-10-31 Data transmission method, device and readable storage medium

Publications (1)

Publication Number Publication Date
CN117354089A true CN117354089A (en) 2024-01-05

Family

ID=89361280

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311434544.4A Pending CN117354089A (en) 2023-10-31 2023-10-31 Data transmission method, device and readable storage medium

Country Status (1)

Country Link
CN (1) CN117354089A (en)

Similar Documents

Publication Publication Date Title
US10541836B2 (en) Virtual gateways and implicit routing in distributed overlay virtual environments
TWI744359B (en) Method for data transmission and network equipment
US10461958B2 (en) Packet transmission method and apparatus
EP3437259A1 (en) Interworking between physical network and virtual network
CN107547665B (en) Method, equipment and system for allocating DHCP (dynamic host configuration protocol) address
CN109547350B (en) Route learning method and gateway equipment
CN107733930B (en) Method and system for forwarding Internet Protocol (IP) packets at multiple WAN network gateways
CN107483369B (en) Message processing method and virtual switch
CN112272134B (en) IPSec tunnel establishment method and device, branch equipment and center-end equipment
WO2019157476A1 (en) Binding osi layer 3 ip connections to osi layer 2 for mesh networks
CN110784391B (en) Method, device, storage medium and terminal for communication between small base station and gateway
CN114389967A (en) Link detection method, device, equipment and storage medium
CN109525479B (en) Message processing method and device
CN110351394B (en) Network data processing method and device, computer device and readable storage medium
CN117354089A (en) Data transmission method, device and readable storage medium
CN114567616B (en) Method, system and equipment for traversing VxLAN NAT
WO2018028592A1 (en) Method and device for receiving and sending messages
CN112242943B (en) IPSec tunnel establishment method and device, branch equipment and center-end equipment
CN116828024A (en) Service connection identification method, device, system and storage medium
CN114513485A (en) Method, device, equipment and system for obtaining mapping rule and readable storage medium
CN106656786B (en) Flow protection method and device
CN113098954B (en) Message forwarding method and device, computer equipment and storage medium
CN116319514B (en) Data processing method and related device
EP4243383A1 (en) Message transmission method and system, and network device and storage medium
WO2023169364A1 (en) Routing generation method and apparatus, and data message forwarding method and apparatus

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination