CN111464251B - Synchronization method, device and system - Google Patents

Synchronization method, device and system Download PDF

Info

Publication number
CN111464251B
CN111464251B CN201910058842.5A CN201910058842A CN111464251B CN 111464251 B CN111464251 B CN 111464251B CN 201910058842 A CN201910058842 A CN 201910058842A CN 111464251 B CN111464251 B CN 111464251B
Authority
CN
China
Prior art keywords
message
gateway
clock
clock server
base station
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910058842.5A
Other languages
Chinese (zh)
Other versions
CN111464251A (en
Inventor
宋丽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Datang Mobile Communications Equipment Co Ltd
Original Assignee
Datang Mobile Communications Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Datang Mobile Communications Equipment Co Ltd filed Critical Datang Mobile Communications Equipment Co Ltd
Priority to CN201910058842.5A priority Critical patent/CN111464251B/en
Publication of CN111464251A publication Critical patent/CN111464251A/en
Application granted granted Critical
Publication of CN111464251B publication Critical patent/CN111464251B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04JMULTIPLEX COMMUNICATION
    • H04J3/00Time-division multiplex systems
    • H04J3/02Details
    • H04J3/06Synchronising arrangements
    • H04J3/0635Clock or time synchronisation in a network
    • H04J3/0638Clock or time synchronisation among nodes; Internode synchronisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04JMULTIPLEX COMMUNICATION
    • H04J3/00Time-division multiplex systems
    • H04J3/02Details
    • H04J3/06Synchronising arrangements
    • H04J3/0635Clock or time synchronisation in a network
    • H04J3/0638Clock or time synchronisation among nodes; Internode synchronisation
    • H04J3/0658Clock or time synchronisation among packet nodes
    • H04J3/0661Clock or time synchronisation among packet nodes using timestamps
    • H04J3/0667Bidirectional timestamps, e.g. NTP or PTP for compensation of clock drift and for compensation of propagation delays
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The application discloses a synchronization method, a synchronization device and a synchronization system, which are used for realizing clock synchronization of a small base station and a clock server based on an IPsec encrypted message. The synchronization method provided by the embodiment of the application comprises the following steps: transmitting a message encrypted by an internet security protocol IPsec between the small base station and the clock server through a gateway; and realizing the clock synchronization of the small base station and a clock server through the message.

Description

Synchronization method, device and system
Technical Field
The present application relates to the field of wireless communications technologies, and in particular, to a synchronization method, apparatus, and system.
Background
With the popularization of Optical broadband applications, Passive Optical Network (PON) networks have become a multi-service user access technology with wider application and higher cost performance. Especially in recent two years, small base station products with low price and simple and convenient installation are gradually popular with operators, and the application of the small base station is further promoted by taking the PON network as a transmission network of the small base station.
When the small base station is applied, the clock synchronization is required as with other types of base stations, and the current synchronization mode includes: the synchronization scheme of 1588V2 applied to the PON network becomes the best choice for operators by comprehensively considering various factors such as cost, technical feasibility and the like.
In the PON network, standard 1588 packet unicast data is sent through 320 ports, but some devices on the network do not support this port, and the packet is discarded. In addition, experimental tests show that uplink and downlink transmission of data in a PON network needs to pass through multiple stages of equipment, delay of each node is difficult to control, and message delay information is too large and inaccurate due to accumulation, so 1588V2 is difficult to be directly used as a synchronization scheme for a small base station in the PON network, and a clock and frequency calibration scheme needs to be improved.
The existing improvement scheme is 1588ACR (1588Adaptive clock recovery) in China telecom:
the 1588ACR standard published by China telecom in 2018 to solve the 1588 synchronization problem on the PON network. 1588ACR frequency synchronization is implemented by a timestamp generated by a synchronization Sync message sent by a Master clock, and a specific synchronization flow is shown in fig. 1, and the flow includes the following steps:
1. the Slave clock periodically sends unicast request messages (Sync-request, synchronous request messages) to request Sync messages from the Master clock;
2. a Master clock sends a message (Sync-grant, synchronization permission) response, and sends a Sync message to a Slave clock;
3. the Master clock sends a Sync message at the time of t1, the Sync message comprises a sending timestamp, and the Slave clock receives the Sync message at the time of t 2;
4. the Master clock sends a Sync message at the time of t1 ', the Sync message comprises a sending timestamp, and the Slave clock receives the Sync message at the time of t 2';
5. the Slave clock adjusts the local clock and frequency according to the t1, t1 ', t2, t 2' timestamps.
The 1588ACR in china telecom encapsulates the protocol in a PTP over UDP over IPv4 protocol encapsulation manner, so as to adapt to the transmission of a data packet on a three-layer network (a hierarchical network architecture model, which is divided into a core layer, a convergence layer, and an access layer) architecture, and the format of the encapsulation of the packet is shown in fig. 2.
The 1588ACR technical scheme has the following disadvantages:
(1) the technical specification of the telecom ACR deletes the messages of the standard specification, and only calculates the clock offset by using the sending time and the receiving time of the synchronous Sync message, so that the calibration precision is not very high. It is also not explicitly specified in the technical specifications of telecommunications how to calculate the clock offset from t1, t1 ', t2, t 2', from which it is difficult to accurately find the offset and delay values.
(2) The problem of compatibility of the 1588 standard exists, the existing scheme needs to modify the 1588 server and the slave clock end equipment from hardware, and the previous 1588 standard becomes a mature business system and is not easy to modify. The need to update already deployed 1588 hardware devices adds cost to the parties and is not cost effective.
In summary, the prior art does not provide a good solution for solving the synchronization problem of 1588V2 in the PON network.
Disclosure of Invention
The embodiment of the application provides a synchronization method, a synchronization device and a synchronization system, which are used for realizing clock synchronization of a small base station and a clock server based on an IPsec encrypted message.
On a small base station side, a synchronization method provided in an embodiment of the present application includes:
transmitting a message encrypted by an internet security protocol IPsec between the small base station and the clock server through a gateway;
and realizing the clock synchronization of the small base station and a clock server through the message.
By the method, message information encrypted by internet security protocol IPsec is transmitted between a small base station and a clock server through a gateway; and realizing the clock synchronization of the small base station and the clock server through the message, thereby realizing the clock synchronization of the small base station and the clock server based on the IPsec encrypted message.
Optionally, the transmitting, between the small cell and the clock server, a message encrypted by using an internet security protocol IPsec through a gateway specifically includes:
and receiving a first message sent by the gateway at a second moment, and decrypting the first message to obtain a synchronous message, wherein the first message is obtained by encrypting the synchronous message after the synchronous message sent by the clock server at the first moment is received by the gateway.
Optionally, the transmitting, between the small cell and the clock server, a message encrypted by using an internet security protocol IPsec through a gateway specifically includes:
receiving a second message sent by a gateway, decrypting the second message to obtain a following message, wherein the second message is obtained by encrypting the following message after the following message sent by a clock server is received by the gateway;
and acquiring the first moment of sending the synchronous message by the clock server from the following message.
Optionally, the transmitting, between the small cell and the clock server, a message encrypted by using an internet security protocol IPsec through a gateway specifically includes:
and sending a third message to a gateway, wherein the third message carries a delay message after IPsec encryption, and the delay message carries a third moment for sending the third message.
Optionally, the transmitting, between the small cell and the clock server, a message encrypted by using an internet security protocol IPsec through a gateway specifically includes:
receiving a fourth message sent by a gateway, and decrypting the fourth message to obtain a delayed response message, wherein the fourth message is obtained by encrypting the delayed response message after the delayed response message sent by a clock server is received by the gateway;
acquiring a fourth moment when the clock server receives a delay message sent by the gateway from the follow-up response message; and the delay message sent by the gateway is obtained by decrypting a third message after the gateway receives the third message.
Optionally, the implementing, by the message, clock synchronization between the small cell and a clock server specifically includes:
and calculating the one-way delay between the small base station and the clock server and the clock deviation of the small base station relative to the clock server through the first time, the second time, the third time and the fourth time, and adjusting the clock of the small base station according to the one-way delay and the clock deviation so that the clocks of the small base station and the clock server are kept consistent.
Optionally, the one-way delay is calculated by using the following formula:
Figure BDA0001953465230000041
calculating the clock bias using the following equation:
Figure BDA0001953465230000042
wherein delay represents the one-way delay, t1First moment, t, of sending a synchronization message for a clock server2Second moment, t, of receiving the first message for the small cell3Third moment, t, of sending a third message for the small cell4The offset represents the clock offset for the fourth time instant when the clock server receives the delay message.
Correspondingly, on the gateway side, a synchronization method provided in the embodiment of the present application includes:
determining the message encrypted by IPsec;
and transmitting the message encrypted by the IPsec between the small base station and the clock server, so that the small base station realizes clock synchronization with the clock server through the message.
By the method, the message encrypted by the IPsec is determined; the method comprises the steps that message information encrypted through the IPsec is transmitted between a small base station and a clock server, so that the small base station realizes clock synchronization with the clock server through the message information, and clock synchronization of the small base station and the clock server based on the IPsec encrypted message is realized.
Optionally, transmitting the IPsec-encrypted message between the small cell and the clock server specifically includes:
receiving a synchronous message sent by a clock server at a first moment, encrypting the synchronous message to obtain a first message, and sending the first message to a small base station, wherein the small base station receives the first message at a second moment.
Optionally, the transmitting the IPsec-encrypted message between the small cell and the clock server specifically includes:
receiving a following message sent by a clock server, encrypting the following message to obtain a second message, and sending the second message to a small base station; and acquiring the first moment of sending the synchronous message by the clock server from the following message.
Optionally, the transmitting the IPsec-encrypted message between the small cell and the clock server specifically includes:
and receiving a third message sent by the small base station at a third moment, decrypting the third message to obtain a delay message, and sending the delay message to the clock server, wherein the third message is obtained by encrypting the delay message by the small base station.
Optionally, the transmitting the IPsec-encrypted message between the small cell and the clock server specifically includes:
receiving a delay response message sent by a clock server, encrypting the delay response message to obtain a fourth message, and sending the fourth message to a small base station; and acquiring the fourth moment when the clock server receives the delay message from the delay response message.
Optionally, the enabling the small cell to implement clock synchronization with a clock server through the message includes:
and calculating the one-way delay between the small base station and the clock server and the clock deviation of the small base station relative to the clock server through the first time, the second time, the third time and the fourth time, and adjusting the clock of the small base station according to the one-way delay and the clock deviation so that the clocks of the small base station and the clock server are kept consistent.
Optionally, the one-way delay is calculated using the following formula:
Figure BDA0001953465230000061
calculating the clock bias using the following equation:
Figure BDA0001953465230000062
wherein delay represents the one-way delay, t1First moment, t, of sending a synchronization message for a clock server2Second moment, t, of receiving the first message for the small cell3Third moment, t, of sending a third message for the small cell4The offset represents the clock offset for the fourth time instant when the clock server receives the delay message.
Accordingly, on the device side, the embodiment of the present application provides a synchronization device, which includes:
the first unit is used for transmitting message information encrypted by internet security protocol IPsec between the small base station and the clock server through a gateway;
and the second unit is used for realizing the clock synchronization of the small base station and the clock server through the message.
On the device side, the synchronization device provided by the embodiment of the application comprises:
a third unit configured to determine a message encrypted by IPsec;
a fourth unit, configured to transmit an IPsec-encrypted message between a small cell and a clock server, so that the small cell realizes clock synchronization with the clock server through the message.
An embodiment of the present application further provides a computing device, including:
a memory for storing program instructions;
and the processor is used for calling the program instructions stored in the memory and executing any one of the methods provided by the embodiment of the application according to the obtained program.
Another embodiment of the present application provides a computer storage medium having stored thereon computer-executable instructions for causing a computer to perform any one of the methods described above.
The embodiment of the application also provides a communication system, which comprises a gateway, a small base station and a clock server; the gateway is connected between the small base station and the clock server;
the gateway is used for transmitting the message encrypted by the IPsec between the small base station and the clock server;
the small base station is used for transmitting message information encrypted by IPsec between the gateway and the clock server; and realizing the clock synchronization of the small base station and the clock server through the message.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic diagram of a synchronization process of 1588ACR in china telecommunications provided in an embodiment of the present application;
fig. 2 is a schematic diagram of a 1588ACR protocol stack for chinese telecommunications provided in an embodiment of the present application;
FIG. 3 is a schematic diagram of a standard 1588V2 synchronization flow provided by the embodiments of the present application;
fig. 4 is a schematic diagram of a synchronization method according to an embodiment of the present application;
fig. 5 is a schematic diagram of a synchronization method according to an embodiment of the present application;
fig. 6 is a schematic diagram of a small cell network topology provided in an embodiment of the present application;
fig. 7 is a schematic diagram of a PTP protocol stack based on IPsec provided in an embodiment of the present application;
fig. 8 is a schematic diagram illustrating a synchronization flow of 1588V2 based on IPsec provided in this embodiment of the present application;
FIG. 9 is a schematic diagram of a synchronization apparatus according to an embodiment of the present application;
FIG. 10 is a schematic diagram of a synchronization apparatus according to an embodiment of the present application;
fig. 11 is a schematic diagram of a synchronization apparatus according to an embodiment of the present application;
fig. 12 is a schematic diagram of a synchronization apparatus according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Various embodiments of the present application will be described in detail below with reference to the accompanying drawings. It should be noted that the display sequence of the embodiment of the present application only represents the sequence of the embodiment, and does not represent the merits of the technical solutions provided by the embodiments.
The IEEE 1588V2 Protocol is called as Precision Clock Synchronization Protocol standard (Precision Clock Synchronization Protocol for network Measurement and Control Systems) of network Measurement and Control system, referred to as Precision Time Protocol (PTP) for short, and is characterized in that Time information is encoded by using a master-slave Clock mode on the basis of network downlink symmetry, and master-slave Synchronization is achieved by using a delay Measurement technology. The master clock periodically issues a PTP time synchronization protocol and time information, the slave clock end receives the timestamp information sent by the master clock end, and the slave clock side can calculate the time delay and the master-slave time difference of the master-slave circuit according to the timestamp information and adjust the local time to be consistent with the master clock side.
A standard 1588V2 flow is shown in fig. 3, and the flow is a Master-Slave synchronization system, in which a Master clock (Master) periodically sends PTP protocol messages to a Slave clock (Slave), where the PTP protocol messages carry Master clock information, and after the Slave receives the Master messages, Master-Slave time delay and Master-Slave clock difference are calculated according to message receiving time points and message sending time information. And adjusting the local clock and the frequency by using the time difference to ensure that the Slave maintains the frequency and the clock phase consistent with the Master.
Referring to fig. 4, for example, on the small base station side, a synchronization method provided in an embodiment of the present application includes:
s101, transmitting a message encrypted by an internet security protocol IPsec between a small base station and a clock server through a gateway;
and S102, realizing the clock synchronization of the small base station and a clock server through the message.
Internet Protocol Security (IPsec) is applied to the third layer of Open System Interconnection (OSI) and is used for protecting Transmission Control Protocol/User Datagram Protocol (TCP/UDP) data.
An IPsec tunnel is established between the small base station and the security gateway, and only the security gateway and the small base station can encrypt and decrypt the IPsec message, so that safe and reliable data information is transmitted between the security gateway and the small base station.
Optionally, the transmitting, between the small cell and the clock server, a message encrypted by using an internet security protocol IPsec through a gateway specifically includes:
and receiving a first message sent by the gateway at a second moment, and decrypting the first message to obtain a synchronous message, wherein the first message is obtained by encrypting the synchronous message after the synchronous message sent by the clock server at the first moment is received by the gateway.
Optionally, the transmitting, between the small cell and the clock server, a message encrypted by using an internet security protocol IPsec through a gateway specifically includes:
receiving a second message sent by a gateway, decrypting the second message to obtain a following message, wherein the second message is obtained by encrypting the following message after the following message sent by a clock server is received by the gateway;
and acquiring the first moment of sending the synchronous message by the clock server from the following message.
Optionally, the transmitting, between the small cell and the clock server, a message encrypted by using an internet security protocol IPsec through a gateway specifically includes:
and sending a third message to a gateway, wherein the third message carries a delay message after IPsec encryption, and the delay message carries a third moment for sending the third message.
Optionally, the transmitting, between the small cell and the clock server, a message encrypted by using an internet security protocol IPsec through a gateway specifically includes:
receiving a fourth message sent by a gateway, and decrypting the fourth message to obtain a delayed response message, wherein the fourth message is obtained by encrypting the delayed response message after the delayed response message sent by a clock server is received by the gateway;
acquiring a fourth moment when the clock server receives a delay message sent by the gateway from the follow-up response message; and the delay message sent by the gateway is obtained by decrypting a third message after the gateway receives the third message.
Optionally, the implementing, by the message, clock synchronization between the small cell and a clock server specifically includes:
and calculating the one-way delay between the small base station and the clock server and the clock deviation of the small base station relative to the clock server through the first time, the second time, the third time and the fourth time, and adjusting the clock of the small base station according to the one-way delay and the clock deviation so that the clocks of the small base station and the clock server are kept consistent.
Optionally, the one-way delay is calculated by using the following formula:
Figure BDA0001953465230000101
calculating the clock bias using the following equation:
Figure BDA0001953465230000102
wherein delay represents the one-way delay, t1First moment, t, of sending a synchronization message for a clock server2Second moment, t, of receiving the first message for the small cell3Third moment, t, of sending a third message for the small cell4The offset represents the clock offset for the fourth time instant when the clock server receives the delay message.
Referring to fig. 5, for example, at the security gateway side, a synchronization method provided in an embodiment of the present application includes:
s201, determining a message encrypted by IPsec;
s202, message information encrypted through IPsec is transmitted between the small base station and the clock server, so that the small base station realizes clock synchronization with the clock server through the message information.
Optionally, transmitting the IPsec-encrypted message between the small cell and the clock server specifically includes:
receiving a synchronous message sent by a clock server at a first moment, encrypting the synchronous message to obtain a first message, and sending the first message to a small base station, wherein the small base station receives the first message at a second moment.
Optionally, the transmitting the IPsec-encrypted message between the small cell and the clock server specifically includes:
receiving a following message sent by a clock server, encrypting the following message to obtain a second message, and sending the second message to a small base station; and acquiring the first moment of sending the synchronous message by the clock server from the following message.
Optionally, the transmitting the IPsec-encrypted message between the small cell and the clock server specifically includes:
and receiving a third message sent by the small base station at a third moment, decrypting the third message to obtain a delay message, and sending the delay message to the clock server, wherein the third message is obtained by encrypting the delay message by the small base station.
Optionally, the transmitting the IPsec-encrypted message between the small cell and the clock server specifically includes:
receiving a delay response message sent by a clock server, encrypting the delay response message to obtain a fourth message, and sending the fourth message to a small base station; and acquiring the fourth moment when the clock server receives the delay message from the delay response message.
Optionally, the enabling the small cell to implement clock synchronization with a clock server through the message includes:
and calculating the one-way delay between the small base station and the clock server and the clock deviation of the small base station relative to the clock server through the first time, the second time, the third time and the fourth time, and adjusting the clock of the small base station according to the one-way delay and the clock deviation so that the clocks of the small base station and the clock server are kept consistent.
Optionally, the one-way delay is calculated using the following formula:
Figure BDA0001953465230000111
calculating the clock bias using the following equation:
Figure BDA0001953465230000112
wherein delay represents the one-way delay, t1First moment, t, of sending a synchronization message for a clock server2Second moment, t, of receiving the first message for the small cell3Third moment, t, of sending a third message for the small cell4The offset represents the clock offset for the fourth time instant when the clock server receives the delay message.
As shown in fig. 6, for the network topology diagram of the small base station provided in the embodiment of the present application, the small base station is located in a public network environment, which may be a home scenario or an enterprise scenario, and the small base station accesses a PON network through a network access device; when the small base station is deployed in a network, compared with a traditional base station, a gateway (the gateway comprises a security gateway and a signaling gateway) device is added in the network, the security gateway is usually deployed in a core machine room, the small base station is accessed to the security gateway through a PON (passive optical network), an IPsec (internet protocol security) tunnel is established between the small base station and the security gateway, and only the security gateway and the small base station can encrypt and decrypt an IPsec message so as to transmit safe and reliable data information, wherein the data has the characteristics of non-repudiation, anti-replay, data integrity, data reliability and authentication. Therefore, data transmitted in the IPsec tunnel are encrypted, only the security gateway and the small cell can correctly analyze compressed data transmitted to each other, and a third-party network node cannot tamper with and discard the data.
1588 the clock server, located at the back end of the security gateway, is usually deployed in the same machine room as the security gateway. A server is connected to the security gateway and the server will output standard 1588V2 protocol messages to the security gateway. The signaling gateway and the EPC are nodes in the current network and are directly accessed to the core network.
As shown in fig. 7, in the PTP protocol stack based on IPsec provided in this embodiment of the application, an IPsec protocol stack is added to a PTP message in a 1588V2 protocol, so as to implement encrypted data transmission between a security gateway and a small cell. The IPsec mainly works on the network side, and the encrypted 1588V2PTP data packet cannot be modified by a third party, so that the PTP message transmitted between the small base station and the gateway cannot be discarded by the equipment of the intermediate node (such as an exchanger) of the PON network.
When the small base station accesses the security gateway, the two parties carry out access authentication, and the authentication modes comprise certificate authentication, AKA authentication and the like. After the security gateway passes the authentication of the small base station, the two parties enter the IPsec tunnel establishment process, and perform a series of configuration processes including configuration of a policy, configuration of a shared key, configuration of a home terminal identifier and the like, and finally complete the establishment of the IPsec tunnel. The data transmitted between the gateway and the base station is transmitted by adopting a key commonly approved by both parties.
As shown in fig. 8, for the 1588V2 synchronization flowchart based on IPsec provided in this embodiment of the application, it can be obtained from the flowchart that a 1588V2 clock server is a master clock, a small base station is a slave clock, t1, t2, t3, and t4 are key timestamps, t1 is a time when a 1588V2 standard server initiates a synchronization packet, t2 is a time when the small base station receives a first packet message, that is, MSG1, t3 is a time when the small base station sends a third packet message, that is, MSG3, and t4 is a time when the 1588V2 standard server receives a delay packet.
The main steps of the 1588V2 synchronization flow chart based on IPsec are as follows:
the 1588V2 standard server initiates a synchronization message (Sync) at time t 1; after receiving the Sync, the security gateway performs IPsec encryption on the Sync to obtain a first message (MSG1), and sends MSG1 to the small base station; the small base station receives the MSG1 at the time t2 and decrypts the Sync;
the 1588V2 standard server initiates a Follow-up message (Follow _ up), wherein the Follow-up message records the measured accurate time t1, after the security gateway receives the Follow _ up, the Follow _ up is subjected to IPsec encryption to obtain a second message (MSG2), and the MSG2 is sent to the small base station; the small base station receives the MSG2, decrypts the Follow _ up and obtains the accurate time that t1 is 1588V2 standard server sends the synchronous message;
the small base station carries out IPsec encryption on the Delay message (Delay _ Req) to obtain a third message (MSG3), and sends the MSG3 to the security gateway at the time t 3; the security gateway receives the MSG3, obtains Delay _ Req after carrying out IPsec decryption on the MSG3, and sends the Delay _ Req to a 1588V2 standard server; the 1588V2 standard server receives a Delay _ Req at a time t4, wherein the measured accurate time t3 is recorded in the Delay _ Req;
the 1588V2 standard server initiates a follow-up response message (Delay _ Resp), wherein the measured accurate receiving time t4 is recorded in the Delay _ Resp; the security gateway receives the Delay _ Resp, packages the Delay _ Resp into a fourth message (MSG4) after carrying out IPsec encryption, and sends the MSG4 to the small base station; the small base station receives the MSG4, decrypts Delay _ Resp and knows t4 as the accurate receiving time.
Calculating the one-way time delay and clock deviation offset of the small base station relative to the 1588V2 standard server according to t1, t2, t3 and t4 to correct the time and frequency of the small base station so as to ensure the synchronization with the 1588V2 standard server;
the calculation formula is as follows:
Figure BDA0001953465230000131
Figure BDA0001953465230000141
according to the embodiment of the application, the problem that PTP unicast packets transmitted by a telecommunication PON network are discarded by an intermediate node is solved by only modifying software of the small base station to support the 1588V2 clock decompression from IPsec, so that the problem of clock synchronization of 1588V2 is solved; the solution provided by the embodiment of the application does not need to modify a clock server, and can be communicated with any existing standard 1588V2 server in the industry; and the 1588V2PTP message encrypted by the IPsec is safe and reliable and cannot be tampered by rebroadcasting.
Accordingly, on the device side, referring to fig. 9, an embodiment of the present application provides a synchronization device, including:
a first unit 11, configured to transmit, between a small cell and a clock server, a message encrypted by an internet security protocol IPsec through a gateway;
a second unit 12, configured to implement clock synchronization between the small cell and the clock server through the message.
On the device side, referring to fig. 10, an embodiment of the present application provides a synchronization device, including:
a third unit 21, configured to determine a message encrypted by IPsec;
a fourth unit 22, configured to transmit an IPsec encrypted message between the small cell and the clock server, so that the small cell realizes clock synchronization with the clock server through the message.
Referring to fig. 11, an embodiment of the present application further provides a synchronization apparatus, including:
the processor 600, for reading the program in the memory 610, executes the following processes:
transmitting a message encrypted by an internet security protocol IPsec between the small base station and the clock server through a gateway;
and realizing the clock synchronization of the small base station and a clock server through the message.
By the device, message information encrypted by internet security protocol IPsec is transmitted between the small base station and the clock server through the gateway; and realizing the clock synchronization of the small base station and the clock server through the message, thereby realizing the clock synchronization of the small base station and the clock server based on the IPsec encrypted message.
Optionally, the transmitting, between the small cell and the clock server, a message encrypted by using an internet security protocol IPsec through a gateway specifically includes:
and receiving a first message sent by the gateway at a second moment, and decrypting the first message to obtain a synchronous message, wherein the first message is obtained by encrypting the synchronous message after the synchronous message sent by the clock server at the first moment is received by the gateway.
Optionally, the transmitting, between the small cell and the clock server, a message encrypted by using an internet security protocol IPsec through a gateway specifically includes:
receiving a second message sent by a gateway, decrypting the second message to obtain a following message, wherein the second message is obtained by encrypting the following message after the following message sent by a clock server is received by the gateway;
and acquiring the first moment of sending the synchronous message by the clock server from the following message.
Optionally, the transmitting, between the small cell and the clock server, a message encrypted by using an internet security protocol IPsec through a gateway specifically includes:
and sending a third message to a gateway, wherein the third message carries a delay message after IPsec encryption, and the delay message carries a third moment for sending the third message.
Optionally, the transmitting, between the small cell and the clock server, a message encrypted by using an internet security protocol IPsec through a gateway specifically includes:
receiving a fourth message sent by a gateway, and decrypting the fourth message to obtain a delayed response message, wherein the fourth message is obtained by encrypting the delayed response message after the delayed response message sent by a clock server is received by the gateway;
acquiring a fourth moment when the clock server receives a delay message sent by the gateway from the follow-up response message; and the delay message sent by the gateway is obtained by decrypting a third message after the gateway receives the third message.
Optionally, the implementing, by the message, clock synchronization between the small cell and a clock server specifically includes:
and calculating the one-way delay between the small base station and the clock server and the clock deviation of the small base station relative to the clock server through the first time, the second time, the third time and the fourth time, and adjusting the clock of the small base station according to the one-way delay and the clock deviation so that the clocks of the small base station and the clock server are kept consistent.
Optionally, the one-way delay is calculated by using the following formula:
Figure BDA0001953465230000161
calculating the clock bias using the following equation:
Figure BDA0001953465230000162
wherein delay represents the one-way delay, t1First moment, t, of sending a synchronization message for a clock server2Second moment, t, of receiving the first message for the small cell3Third moment, t, of sending a third message for the small cell4The offset represents the clock offset for the fourth time instant when the clock server receives the delay message.
Referring to fig. 12, an embodiment of the present application further provides a synchronization apparatus, including:
a processor 800 for reading the program in the memory 810 and executing the following processes:
determining the message encrypted by IPsec;
and transmitting the message encrypted by the IPsec between the small base station and the clock server, so that the small base station realizes clock synchronization with the clock server through the message.
Determining, by the device, a message encrypted via IPsec; the method comprises the steps that message information encrypted through the IPsec is transmitted between a small base station and a clock server, so that the small base station realizes clock synchronization with the clock server through the message information, and clock synchronization of the small base station and the clock server based on the IPsec encrypted message is realized.
Optionally, transmitting the IPsec-encrypted message between the small cell and the clock server specifically includes:
receiving a synchronous message sent by a clock server at a first moment, encrypting the synchronous message to obtain a first message, and sending the first message to a small base station, wherein the small base station receives the first message at a second moment.
Optionally, the transmitting the IPsec-encrypted message between the small cell and the clock server specifically includes:
receiving a following message sent by a clock server, encrypting the following message to obtain a second message, and sending the second message to a small base station; and acquiring the first moment of sending the synchronous message by the clock server from the following message.
Optionally, the transmitting the IPsec-encrypted message between the small cell and the clock server specifically includes:
and receiving a third message sent by the small base station at a third moment, decrypting the third message to obtain a delay message, and sending the delay message to the clock server, wherein the third message is obtained by encrypting the delay message by the small base station.
Optionally, the transmitting the IPsec-encrypted message between the small cell and the clock server specifically includes:
receiving a delay response message sent by a clock server, encrypting the delay response message to obtain a fourth message, and sending the fourth message to a small base station; and acquiring the fourth moment when the clock server receives the delay message from the delay response message.
Optionally, the enabling the small cell to implement clock synchronization with a clock server through the message includes:
and calculating the one-way delay between the small base station and the clock server and the clock deviation of the small base station relative to the clock server through the first time, the second time, the third time and the fourth time, and adjusting the clock of the small base station according to the one-way delay and the clock deviation so that the clocks of the small base station and the clock server are kept consistent.
Optionally, the one-way delay is calculated using the following formula:
Figure BDA0001953465230000171
calculating the clock bias using the following equation:
Figure BDA0001953465230000172
wherein delay represents the one-way delay, t1First moment, t, of sending a synchronization message for a clock server2Second moment, t, of receiving the first message for the small cell3Third moment, t, of sending a third message for the small cell4The offset represents the clock offset for the fourth time instant when the clock server receives the delay message.
In fig. 11 and 12, among other things, the bus architecture may include any number of interconnected buses and bridges, with one or more processors represented by a processor and various circuits of memory represented by memory being linked together. The bus architecture may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. The bus interface provides an interface.
The embodiment of the present application provides a display terminal, which may specifically be a desktop computer, a portable computer, a smart phone, a tablet computer, a Personal Digital Assistant (PDA), and the like. The Display terminal may include a Central Processing Unit (CPU), a memory, an input/output device, etc., the input device may include a keyboard, a mouse, a touch screen, etc., and the output device may include a Display device, such as a Liquid Crystal Display (LCD), a Cathode Ray Tube (CRT), etc.
For different display terminals, the user interfaces 620 and 820 may optionally be interfaces capable of interfacing externally to desired devices, including but not limited to keypads, displays, speakers, microphones, joysticks, and the like.
The processor is responsible for managing the bus architecture and the usual processing, and the memory may store data used by the processor in performing operations.
Alternatively, the processor may be a CPU (central processing unit), an ASIC (Application Specific Integrated Circuit), an FPGA (Field Programmable Gate Array), or a CPLD (Complex Programmable Logic Device).
The memory may include Read Only Memory (ROM) and Random Access Memory (RAM), and provides the processor with program instructions and data stored in the memory. In the embodiments of the present application, the memory may be used for storing a program of any one of the methods provided by the embodiments of the present application.
The processor is used for executing any one of the methods provided by the embodiment of the application according to the obtained program instructions by calling the program instructions stored in the memory.
Embodiments of the present application provide a computer storage medium for storing computer program instructions for an apparatus provided in the embodiments of the present application, which includes a program for executing any one of the methods provided in the embodiments of the present application.
The computer storage media may be any available media or data storage device that can be accessed by a computer, including, but not limited to, magnetic memory (e.g., floppy disks, hard disks, magnetic tape, magneto-optical disks (MOs), etc.), optical memory (e.g., CDs, DVDs, BDs, HVDs, etc.), and semiconductor memory (e.g., ROMs, EPROMs, EEPROMs, non-volatile memory (NAND FLASH), Solid State Disks (SSDs)), etc.
The embodiment of the application also provides a communication system, which comprises a gateway, a small base station and a clock server; the gateway is connected between the small base station and the clock server;
the gateway is used for transmitting the message encrypted by the IPsec between the small base station and the clock server;
the small base station is used for transmitting message information encrypted by IPsec between the gateway and the clock server; and realizing the clock synchronization of the small base station and the clock server through the message.
To sum up, the embodiments of the present application provide a synchronization method, apparatus, and system, which solve the problem that PTP unicast packets transmitted in a telecommunication PON network are discarded by an intermediate node, thereby implementing clock synchronization of a small base station and a clock server based on IPsec encrypted packets; and the 1588V2PTP message encrypted by the IPsec is safe and reliable and cannot be replayed or tampered.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims (9)

1. A method of synchronization, the method comprising:
transmitting a message encrypted by an internet security protocol IPsec between the small base station and the clock server through a gateway;
clock synchronization of the small base station and a clock server is realized through the message;
the method for transmitting the message encrypted by the internet security protocol IPsec through the gateway between the small cell and the clock server specifically includes:
receiving a first message sent by a gateway at a second moment, and decrypting the first message to obtain a synchronous message, wherein the first message is obtained by encrypting the synchronous message after the synchronous message sent by a clock server at the first moment is received by the gateway;
receiving a second message sent by a gateway, decrypting the second message to obtain a following message, wherein the second message is obtained by encrypting the following message after the following message sent by a clock server is received by the gateway;
acquiring a first moment when a clock server sends the synchronous message from the following message;
sending a third message to a gateway, wherein the third message carries a delayed message after IPsec encryption, and the delayed message carries a third moment for sending the third message;
receiving a fourth message sent by a gateway, and decrypting the fourth message to obtain a delayed response message, wherein the fourth message is obtained by encrypting the delayed response message after the delayed response message sent by a clock server is received by the gateway;
acquiring a fourth moment when the clock server receives a delay message sent by the gateway from the follow-up response message; and the delay message sent by the gateway is obtained by decrypting a third message after the gateway receives the third message.
2. The method according to claim 1, wherein the implementing of the clock synchronization between the small cell site and the clock server through the message specifically includes:
and calculating the one-way delay between the small base station and the clock server and the clock deviation of the small base station relative to the clock server through the first time, the second time, the third time and the fourth time, and adjusting the clock of the small base station according to the one-way delay and the clock deviation so that the clocks of the small base station and the clock server are kept consistent.
3. The method of claim 2, wherein the one-way delay is calculated using the following equation:
Figure FDA0003183698720000021
calculating the clock bias using the following equation:
Figure FDA0003183698720000022
wherein delay represents the one-way delay, t1First moment, t, of sending a synchronization message for a clock server2Second moment, t, of receiving the first message for the small cell3Third moment, t, of sending a third message for the small cell4The offset represents the clock offset for the fourth time instant when the clock server receives the delay message.
4. A method of synchronization, the method comprising:
determining the message encrypted by IPsec;
transmitting an IPsec encrypted message between a small base station and a clock server, so that the small base station realizes clock synchronization with the clock server through the message;
the transmission of the IPsec encrypted message between the small cell and the clock server specifically includes:
receiving a synchronous message sent by a clock server at a first moment, encrypting the synchronous message to obtain a first message, and sending the first message to a small base station, wherein the small base station receives the first message at a second moment;
receiving a following message sent by a clock server, encrypting the following message to obtain a second message, and sending the second message to a small base station; acquiring a first moment when a clock server sends the synchronous message from the following message;
receiving a third message sent by the small base station at a third moment, decrypting the third message to obtain a delay message, and sending the delay message to the clock server, wherein the third message is obtained by encrypting the delay message by the small base station;
receiving a delay response message sent by a clock server, encrypting the delay response message to obtain a fourth message, and sending the fourth message to a small base station; and acquiring the fourth moment when the clock server receives the delay message from the delay response message.
5. A synchronization apparatus, characterized in that the apparatus comprises:
the first unit is used for transmitting message information encrypted by internet security protocol IPsec between the small base station and the clock server through a gateway;
a second unit, configured to implement clock synchronization between the small cell and a clock server through the message;
the method for transmitting the message encrypted by the internet security protocol IPsec through the gateway between the small cell and the clock server specifically includes:
receiving a first message sent by a gateway at a second moment, and decrypting the first message to obtain a synchronous message, wherein the first message is obtained by encrypting the synchronous message after the synchronous message sent by a clock server at the first moment is received by the gateway;
receiving a second message sent by a gateway, decrypting the second message to obtain a following message, wherein the second message is obtained by encrypting the following message after the following message sent by a clock server is received by the gateway;
acquiring a first moment when a clock server sends the synchronous message from the following message;
sending a third message to a gateway, wherein the third message carries a delayed message after IPsec encryption, and the delayed message carries a third moment for sending the third message;
receiving a fourth message sent by a gateway, and decrypting the fourth message to obtain a delayed response message, wherein the fourth message is obtained by encrypting the delayed response message after the delayed response message sent by a clock server is received by the gateway;
acquiring a fourth moment when the clock server receives a delay message sent by the gateway from the follow-up response message; and the delay message sent by the gateway is obtained by decrypting a third message after the gateway receives the third message.
6. A synchronization apparatus, characterized in that the apparatus comprises:
a third unit configured to determine a message encrypted by IPsec;
a fourth unit, configured to transmit an IPsec-encrypted message between a small cell and a clock server, so that the small cell realizes clock synchronization with the clock server through the message;
the transmission of the IPsec encrypted message between the small cell and the clock server specifically includes:
receiving a synchronous message sent by a clock server at a first moment, encrypting the synchronous message to obtain a first message, and sending the first message to a small base station, wherein the small base station receives the first message at a second moment;
receiving a following message sent by a clock server, encrypting the following message to obtain a second message, and sending the second message to a small base station; acquiring a first moment when a clock server sends the synchronous message from the following message;
receiving a third message sent by the small base station at a third moment, decrypting the third message to obtain a delay message, and sending the delay message to the clock server, wherein the third message is obtained by encrypting the delay message by the small base station;
receiving a delay response message sent by a clock server, encrypting the delay response message to obtain a fourth message, and sending the fourth message to a small base station; and acquiring the fourth moment when the clock server receives the delay message from the delay response message.
7. A computing device, comprising:
a memory for storing program instructions;
a processor for calling the program instructions stored in the memory and executing the method of any one of claims 1 to 4 according to the obtained program.
8. A computer storage medium having computer-executable instructions stored thereon for causing a computer to perform the method of any one of claims 1 to 4.
9. A communication system is characterized by comprising a gateway, a small base station and a clock server; the gateway is connected between the small base station and the clock server;
the gateway is used for transmitting the message encrypted by the IPsec between the small base station and the clock server;
the small base station is used for transmitting message information encrypted by IPsec between the gateway and the clock server; clock synchronization of the small base station and the clock server is realized through the message;
the transmission of the IPsec encrypted message messages between the gateway and the clock server specifically includes:
receiving a first message sent by a gateway at a second moment, and decrypting the first message to obtain a synchronous message, wherein the first message is obtained by encrypting the synchronous message after the synchronous message sent by a clock server at the first moment is received by the gateway;
receiving a second message sent by a gateway, decrypting the second message to obtain a following message, wherein the second message is obtained by encrypting the following message after the following message sent by a clock server is received by the gateway;
acquiring a first moment when a clock server sends the synchronous message from the following message;
sending a third message to a gateway, wherein the third message carries a delayed message after IPsec encryption, and the delayed message carries a third moment for sending the third message;
receiving a fourth message sent by a gateway, and decrypting the fourth message to obtain a delayed response message, wherein the fourth message is obtained by encrypting the delayed response message after the delayed response message sent by a clock server is received by the gateway;
acquiring a fourth moment when the clock server receives a delay message sent by the gateway from the follow-up response message; and the delay message sent by the gateway is obtained by decrypting a third message after the gateway receives the third message.
CN201910058842.5A 2019-01-22 2019-01-22 Synchronization method, device and system Active CN111464251B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910058842.5A CN111464251B (en) 2019-01-22 2019-01-22 Synchronization method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910058842.5A CN111464251B (en) 2019-01-22 2019-01-22 Synchronization method, device and system

Publications (2)

Publication Number Publication Date
CN111464251A CN111464251A (en) 2020-07-28
CN111464251B true CN111464251B (en) 2021-10-29

Family

ID=71679883

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910058842.5A Active CN111464251B (en) 2019-01-22 2019-01-22 Synchronization method, device and system

Country Status (1)

Country Link
CN (1) CN111464251B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112398567B (en) * 2020-11-17 2021-10-29 珠海格力电器股份有限公司 Clock synchronization method and device in encryption communication process and multi-device system
CN113613326A (en) * 2021-08-30 2021-11-05 麦芯(太仓)科技有限公司 Ad hoc network node synchronization method, device and storage medium
CN114115444A (en) * 2021-11-30 2022-03-01 上海有个机器人有限公司 Robot time axis alignment method and related product

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7836497B2 (en) * 2006-12-22 2010-11-16 Telefonaktiebolaget L M Ericsson (Publ) Apparatus and method for resilient IP security/internet key exchange security gateway
US20100268935A1 (en) * 2009-04-21 2010-10-21 Richard Rodgers Methods, systems, and computer readable media for maintaining flow affinity to internet protocol security (ipsec) sessions in a load-sharing security gateway
CN102123002B (en) * 2011-03-07 2015-03-25 上海华为技术有限公司 Frequency synchronization method based on Internet protocol security protocol (IPsec) and related equipment
CN103618973B (en) * 2013-12-02 2017-02-15 中国联合网络通信集团有限公司 Method and ONU equipment for service data transmission

Also Published As

Publication number Publication date
CN111464251A (en) 2020-07-28

Similar Documents

Publication Publication Date Title
US9900778B2 (en) Method and apparatus for securing timing packets over untrusted packet transport network
CN111464251B (en) Synchronization method, device and system
EP3846522A1 (en) Mec platform deployment method and device
US8504833B2 (en) Relay device, wireless communications device, network system, program storage medium, and method
US11177955B2 (en) Device-to-device messaging protocol
WO2018137352A1 (en) Network verification method, user equipment, network authentication node and system
US20110173435A1 (en) Secure Node Admission in a Communication Network
WO2018201946A1 (en) Anchor key generation method, device and system
JP7410930B2 (en) Securing non-access layer communications in wireless communication networks
WO2020052414A1 (en) Data protection method, device and system
WO2019041809A1 (en) Registration method and apparatus based on service-oriented architecture
WO2020151581A1 (en) Method and apparatus for generating key
WO2017133021A1 (en) Security processing method and relevant device
EP3836639B1 (en) Synchronization cycle determination methods and devices
WO2020221218A1 (en) Information acquisition method and device
WO2018161862A1 (en) Private key generation method, device and system
EP3843438A1 (en) Key generation method, device, and system
Li et al. FLAP: An efficient WLAN initial access authentication protocol
CN113055361A (en) Secure communication method, device and system for DC interconnection
WO2023000926A1 (en) Clock synchronization method and communication apparatus
WO2018202117A1 (en) Key updating method and device
TWI404394B (en) Systems and methods for authorization and data transmission for multicast broadcast services
US20200366474A1 (en) Private key generation method and device
WO2020221019A1 (en) Key agreement method and device
WO2023179238A1 (en) Timing method, communication apparatus, and communication system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant