CN113098705B - Authorization method and device for life cycle management of network service - Google Patents

Authorization method and device for life cycle management of network service Download PDF

Info

Publication number
CN113098705B
CN113098705B CN201911342710.1A CN201911342710A CN113098705B CN 113098705 B CN113098705 B CN 113098705B CN 201911342710 A CN201911342710 A CN 201911342710A CN 113098705 B CN113098705 B CN 113098705B
Authority
CN
China
Prior art keywords
nfvo device
nfvo
data
authorization
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911342710.1A
Other languages
Chinese (zh)
Other versions
CN113098705A (en
Inventor
李世涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201911342710.1A priority Critical patent/CN113098705B/en
Priority to PCT/CN2020/137364 priority patent/WO2021129520A1/en
Publication of CN113098705A publication Critical patent/CN113098705A/en
Application granted granted Critical
Publication of CN113098705B publication Critical patent/CN113098705B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/04Network management architectures or arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0894Policy-based network configuration management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/34Signalling channels for network management communication
    • H04L41/342Signalling channels for network management communication between virtual entities, e.g. orchestrators, SDN or NFV entities

Abstract

The utility model discloses an authorization method and device for life cycle management of network service, which relates to the field of network function virtualization and solves the problem of how a global NFVO determines whether to authorize the operation of a local NFVO on a nested NS. The first NFVO device receives the authorization request from the second NFVO device, and sends an authorization response to the second NFVO device to authorize the first operation on the second NS if the first NFVO device determines that the resource of the first NS satisfies the first operation on the second NS. And after receiving the authorization response from the first NFVO device, the second NFVO device performs a first operation on the second NS. The authorization response is to indicate that the first operation is to be performed on the second NS.

Description

Authorization method and device for life cycle management of network service
Technical Field
The present application relates to the field of network function virtualization, and in particular, to an authorization method and apparatus for lifecycle management of a network service.
Background
Network Function Virtualization (NFV) technology is a virtualization technology that virtualizes functions of dedicated devices in a conventional network into independent applications, and is flexibly deployed on a unified infrastructure platform constructed based on other devices such as standard computing hardware, storage hardware, and network hardware. In the NFV system, an NFV orchestrator (NFVO) is mainly responsible for processing of Life Cycle Management (LCM) of virtualized Network traffic (NS), allocation and scheduling of virtual resources in a virtual infrastructure and NFV infrastructure layer (NFVI), and the like. In some embodiments, the NSs managed by the global NFVO may include at least one nested NS (nested NS), the nested NS may be managed by the local NFVO, and the global NFVO and the local NFVO may communicate. When the local NFVO performs lifecycle management on the nested NS, the local NFVO may send an authorization request to the global NFVO, and execute a corresponding operation after receiving an authorization response. However, how the global NFVO identifies whether the operation of the local NFVO on the nested NS has an effect on the NS managed by the global NFVO and whether the operation of the local NFVO on the nested NS is authorized does not have a corresponding solution at present.
Disclosure of Invention
The application provides an authorization method and device for life cycle management of network services, which solve the problem of how a global NFVO determines whether to authorize the operation of a local NFVO on a nested NS.
In order to achieve the purpose, the technical scheme is as follows:
in a first aspect, an authorization method for lifecycle management of network traffic is provided, which is applicable to a first NFVO device. The method comprises the following steps: the first NFVO device receives an authorization request from the second NFVO device, the authorization request is used for requesting authorization to perform a first operation on the second NS, and the first operation is an operation of performing life cycle management on the second NS by the second NFVO device. And if the first NFVO device determines that the resources of the first NS meet the requirement of performing the first operation on the second NS, sending an authorization response to the second NFVO device so as to authorize the first operation on the second NS.
According to the method for authorizing the life cycle management of the network service, the first NFVO device authorizes the life cycle management of the second NS only when the first NFVO device determines that the resource of the first NS meets the requirement of the life cycle management of the second NS. Therefore, the problem of management negotiation among NFVO devices when the life cycle management is carried out on the nested NS is solved, and the influence on the NS managed by the global NFVO is reduced.
Optionally, if the first NFVO device determines that the resource of the first NS does not satisfy the first operation on the second NS, a failure response is sent to the second NFVO device, where the failure response is used to indicate that the first operation on the second NS is not allowed. Therefore, the influence on the first NS, which is generated by performing life cycle management on the second NS under the condition that the resource of the first NS does not meet the requirement of performing first operation on the second NS, is avoided.
In a possible implementation manner, the first operation is a capacity expansion operation, and the determining, by the first NFVO device, whether a resource of the first NS satisfies a first operation on the second NS includes: the first NFVO device acquires first data and second data and judges whether the first data is larger than the second data; if the first data is larger than the second data, the first NFVO device determines that the resource of the first NS meets the requirement of performing first operation on the second NS; if the first data is less than or equal to the second data, the first NFVO device determines that the resource of the first NS does not satisfy the first operation on the second NS. The first data is data traffic related to a second NS in the first NS, and the second data is predicted data traffic after a first operation is performed on the second NS. Since the second NS is nested within the first NS, the second NS has an association relationship with the first NS. And determining whether the first NS supports capacity expansion of the second NS by using the data traffic related to the second NS in the first NS so as to facilitate the capacity expansion operation of the second NS. Therefore, the problem of management negotiation among NFVO devices when the life cycle management is carried out on the nested NS is solved, and the influence on the NS managed by the global NFVO is reduced.
In one possible design, the second data may be passively received by the first NFVO device. For example, the authorization request includes the second data.
In another possible design, the second data may be actively acquired by the first NFVO device. For example, the authorization request includes a first address indicating an address for storing second data, and the first NFVO device obtains the second data, including: the first NFVO device sends a first acquisition request to the second NFVO device, and receives second data from the second NFVO device through a first address included in the first acquisition request. The first obtaining request is used for requesting the second NFVO device to feed back the second data.
In another possible implementation, the method further includes: the first NFVO device performs a first operation on a virtual connection within the first NS that is connected to a second NS. Therefore, the first NS supports capacity expansion operation of the second NS.
In another possible implementation manner, the method further includes: and the first NFVO device sends a first authorization policy to the second NFVO device, wherein the first authorization policy is used for indicating acquisition of data traffic of the second NS. Therefore, the second NFVO device reports the relevant information of the capacity expansion operation on the second NS, so that the first NFVO device determines whether the resource of the first NS meets the capacity expansion operation on the second NS according to the relevant information, and whether the capacity expansion operation on the second NS is authorized.
In another possible implementation manner, the determining, by the first NFVO device, whether the resource of the first NS satisfies the first operation on the second NS includes: the first NFVO device judges whether the first NS and the second NS have a dependency relationship; if the first NS and the second NS have no dependency relationship, the first NFVO device determines that the resource of the first NS satisfies a first operation on the second NS. Since the second NS is nested within the first NS, the second NS has an association relationship with the first NS. And determining whether the first NS supports deleting the second NS by using the dependency relationship between the first NS and the second NS so as to facilitate deleting operation on the second NS. Therefore, the problem of management negotiation among NFVO devices when the life cycle management is carried out on the nested NS is solved, and the influence on the NS managed by the global NFVO is reduced.
Optionally, the method further comprises: if the first NS and the second NS have a dependency relationship, the first NFVO device determines that the resource of the first NS does not satisfy the first operation on the second NS.
In another possible implementation manner, if the first NS and the second NS have a dependency relationship, the method further includes: the first NFVO device determines whether a third NS is successfully deployed within a first time length, wherein the third NS is used for providing services of a second NS, and the first time length is a predicted time length for providing the services of the second NS. And if the third NS is deployed successfully within the first time period, the first NFVO device sends an authorization response to the second NFVO device. And if the third NS fails to be deployed within the first time period, the first NFVO device sends a failure response to the second NFVO device. Therefore, the third NS is deployed to replace the second NS, the service of the second NS is continuously provided, and the influence of deleting the second NS on the first NS is avoided.
In one possible design, the first time duration may be passively received by the first NFVO device. For example, the authorization request includes a first duration.
In another possible design, the first duration may be actively acquired by the first NFVO device. For example, the authorization request includes a second address, the second address indicating an address storing the first duration, the method further comprising: the first NFVO device sends a second acquisition request to the second NFVO device, and receives a first time length from the second NFVO device. The second obtaining request is used for requesting the second NFVO device to feed back the first duration, and the second obtaining request includes the second address.
In another possible implementation manner, the method further includes: and the first NFVO device sends a second authorization policy to the second NFVO device, wherein the second authorization policy is used for indicating the second NFVO device to predict the first duration. Therefore, the second NFVO device reports the relevant information of the deletion operation performed on the second NS, so that the first NFVO device determines whether the second NS can be deleted according to the relevant information, and whether the deletion operation performed on the second NS can be authorized.
In a second aspect, an authorization method for lifecycle management of network traffic is provided, which is applicable to a second NFVO device. The method comprises the following steps: the second NFVO device sends an authorization request to the first NFVO device, wherein the authorization request is used for requesting authorization to perform first operation on the second NS, and the first operation is the operation of performing life cycle management on the second NS by the second NFVO device; and after receiving the authorization response from the first NFVO device, the second NFVO device performs a first operation on the second NS. The authorization response is to indicate that the first operation is to be performed on the second NS.
According to the method for authorizing the life cycle management of the network service, after the second NFVO device sends the authorization request to the first NFVO device, the first NFVO device authorizes the life cycle management of the second NS only when determining that the resource of the first NS meets the requirement of the life cycle management of the second NS, and the second NFVO device performs the first operation on the second NS. Therefore, the problem of management negotiation among NFVO devices when the life cycle management is carried out on the nested NS is solved, and the influence on the NS managed by the global NFVO is reduced.
Optionally, the method further comprises: the second NFVO device receives a failure response from the first NFVO device, where the failure response indicates that the second NFVO device is not allowed to perform the first operation on the second NS. Therefore, the influence on the first NS, which is generated by performing life cycle management on the second NS under the condition that the resource of the first NS does not meet the requirement of performing first operation on the second NS, is avoided.
In a possible implementation manner, before the first operation is a capacity expansion operation and the second NFVO device sends the authorization request to the first NFVO device, the method further includes: and the second NFVO device acquires the data traffic of the second NS and determines second data according to the data traffic of the second NS, wherein the second data is predicted data traffic after the first operation is performed on the second NS.
In one possible design, the authorization request includes the second data.
In one possible design, the authorization request includes a first address indicating an address where the second data is stored, and the method further includes: the second NFVO device receives the first get request from the first NFVO device, and sends second data to the first NFVO device. The first get request is used for requesting the second NFVO device to feed back the second data, and the first get request includes the first address.
In another possible implementation manner, the method further includes: the second NFVO device receives a first authorization policy from the first NFVO device, where the first authorization policy is used to instruct the second NFVO device to collect data traffic of a second NS. Therefore, the second NFVO device reports the relevant information of the capacity expansion operation on the second NS, so that the first NFVO device determines whether the resource of the first NS meets the capacity expansion operation on the second NS according to the relevant information, and whether the capacity expansion operation on the second NS is authorized.
In another possible implementation manner, before the first operation is a delete operation and the second NFVO device sends the authorization request to the first NFVO device, the method further includes: the second NFVO device determines a first time duration that is a predicted time duration for the second NS to provide service.
In one possible design, the authorization request includes a first duration.
In another possible design, the authorization request includes a second address, and the second address is used to indicate an address storing the first duration, and the method further includes: the second NFVO device receives a second obtaining request from the first NFVO device, and sends the first time length to the first NFVO device, where the second obtaining request is used to request the second NFVO device to feed back the first time length, and the second obtaining request includes a second address.
In another possible implementation manner, the method further includes: the second NFVO device receives a second authorization policy from the first NFVO device, where the second authorization policy is used to instruct the second NFVO device to predict the first duration. Therefore, the second NFVO device reports the relevant information of the deletion operation performed on the second NS, so that the first NFVO device determines whether the second NS can be deleted or not according to the relevant information, and whether the deletion operation performed on the second NS can be authorized or not.
In a third aspect, a communication device is provided for implementing the method described in the first aspect. The communication device may be a first NFVO device. For example, the apparatus includes: a transceiving unit and a processing unit. The transceiver unit is configured to receive an authorization request from a second NFVO device, where the authorization request is used to request authorization to perform a first operation on a second NS, and the first operation is an operation of performing lifecycle management on the second NS by the second NFVO device. If the processing unit determines that the resource of the first NS satisfies the first operation on the second NS, the transceiver unit is further configured to send an authorization response to the second NFVO device to authorize the first operation on the second NS.
Optionally, if the processing unit determines that the resource of the first NS does not satisfy the first operation on the second NS, the transceiver unit is further configured to send a failure response to the second NFVO device, where the failure response is used to indicate that the first operation on the second NS is not allowed. Therefore, the influence of the operation of the second NFVO device on the life cycle management of the second NS on the first NS is avoided.
In a possible implementation manner, the first operation is a capacity expansion operation, and the processing unit is configured to obtain first data and second data, and determine whether the first data is larger than the second data; if the first data is larger than the second data, the processing unit is used for determining that the resource of the first NS meets the requirement of performing first operation on the second NS; and if the first data is less than or equal to the second data, the processing unit is used for determining that the resources of the first NS do not meet the requirement of performing the first operation on the second NS. The first data is data traffic related to a second NS in the first NS, and the second data is predicted data traffic after a first operation is performed on the second NS.
In one possible design, the authorization request includes the second data.
In another possible design, the authorization request includes a first address, where the first address is used to indicate an address where the second data is stored, and the transceiver unit is further configured to send the first get request to the second NFVO device and receive the second data from the second NFVO device. The first get request is used for requesting the second NFVO device to feed back the second data, and the first get request includes the first address.
In another possible implementation manner, the processing unit is further configured to perform a first operation on a virtual connection within the first NS that is connected to the second NS.
In another possible implementation manner, the transceiver unit is further configured to send a first authorization policy to the second NFVO device, where the first authorization policy is used to instruct to collect data traffic of the second NS.
In another possible implementation manner, the first operation is a delete operation, and the processing unit is configured to determine whether the first NS and the second NS have a dependency relationship, and if the first NS and the second NS do not have a dependency relationship, determine that a resource of the first NS satisfies the first operation on the second NS.
Optionally, if the first NS and the second NS have a dependency relationship, the processing unit is configured to determine that the resource of the first NS does not satisfy the first operation performed on the second NS.
In another possible implementation manner, if the first NS and the second NS have a dependency relationship, the processing unit is further configured to determine whether a third NS is successfully deployed within a first time duration, where the third NS is used to provide a service of the second NS, and the first time duration is a predicted time duration for the second NS to provide the service; if the third NS is successfully deployed within the first time period, the transceiver unit is configured to send an authorization response to the second NFVO device; if the third NS fails to be deployed within the first time period, the transceiver unit is configured to send a failure response to the second NFVO device.
In one possible design, the authorization request includes a first duration.
In another possible design, the authorization request includes a second address, where the second address is used to indicate an address storing the first duration, and the transceiver unit is further configured to send a second obtaining request to the second NFVO device, and receive the first duration from the second NFVO device. The second obtaining request is used for requesting the second NFVO device to feed back the first duration, and the second obtaining request comprises a second address; a first NFVO device.
In another possible implementation manner, the transceiver unit is further configured to send a second authorization policy to the second NFVO device, where the second authorization policy is used to instruct the second NFVO device to predict the first duration.
In a fourth aspect, a communication device is provided for implementing the method described in the second aspect above. The communication device may be a second NFVO device. For example, an apparatus includes: a transceiving unit and a processing unit. The receiving and sending unit is configured to send an authorization request to a first NFVO device, where the authorization request is used to request authorization to perform a first operation on a second NS, and the first operation is an operation of performing life cycle management on the second NS by a second NFVO device; the transceiver unit is further configured to receive an authorization response from the first NFVO device, and the processing unit is configured to perform a first operation on the second NS. The authorization response is to indicate that the first operation is to be performed on the second NS.
Optionally, the transceiver unit is further configured to receive a failure response from the first NFVO device, where the failure response is used to indicate that the second NFVO device is not allowed to perform the first operation on the second NS.
In a possible implementation manner, the first operation is a capacity expansion operation, the processing unit is further configured to collect data traffic of a second NS, and determine second data according to the data traffic of the second NS, where the second data is predicted data traffic after the first operation is performed on the second NS.
In one possible design, the authorization request includes the second data.
In one possible design, the authorization request includes a first address indicating an address where the second data is stored, and the transceiver unit is further configured to receive a first get request from the first NFVO device and send the second data to the first NFVO device. The first get request is used for requesting the second NFVO device to feed back the second data, and the first get request includes the first address.
In another possible implementation manner, the transceiver unit is further configured to receive a first authorization policy from the first NFVO device, where the first authorization policy is used to instruct the second NFVO device to collect data traffic of the second NS.
In another possible implementation manner, the first operation is a delete operation, and the processing unit is further configured to determine a first duration, where the first duration is a predicted duration for the second NS to provide the service.
In one possible design, the authorization request includes a first duration.
In another possible design, the authorization request includes a second address, where the second address is used to indicate an address storing the first duration, and the transceiver unit is further configured to receive a second acquisition request from the first NFVO device and send the first duration to the first NFVO device. The second obtaining request is used for requesting the second NFVO device to feed back the first duration, and the second obtaining request includes the second address.
In another possible implementation manner, the transceiver unit is further configured to receive a second authorization policy from the first NFVO device, where the second authorization policy is used to instruct the second NFVO device to predict the first duration.
It should be noted that the functional modules in the third aspect and the fourth aspect may be implemented by hardware, or may be implemented by hardware to execute corresponding software. The hardware or software includes one or more modules corresponding to the above-described functions. E.g. a transceiver for performing the functions of the receiving unit and the transmitting unit, a processor for performing the functions of the processing unit, a memory for the processor to process the program instructions of the methods of the present application. The processor, transceiver and memory are connected by a bus and communicate with each other. Specifically, reference may be made to the functions of the behaviors of the NFVO device in the method of the first aspect to the method of the second aspect.
In a fifth aspect, the present application further provides a communication device for implementing the method described in the first aspect. The communication device includes a system-on-chip. For example the communication device comprises a processor for implementing the functions in the method described in the first aspect above. The communication device may also include a memory for storing program instructions and data. The memory is coupled to the processor, and the processor may call and execute the program instructions stored in the memory, so as to implement the functions of the method described in the above first aspect. The communication apparatus may further include a communication interface for the communication apparatus to communicate with other devices. Illustratively, the communication device is a first NFVO device, and the other device is a second NFVO device.
In one possible arrangement, the communication interface may be a transceiver. A transceiver for receiving the authorization request and sending an authorization response. The processor is configured to determine whether the resource of the first NS satisfies the first operation on the second NS, which may specifically refer to the descriptions of the foregoing aspects and is not described herein again.
In a sixth aspect, the present application further provides a communication device for implementing the method described in the second aspect. The communication device includes a system-on-chip. For example the communication device comprises a processor for implementing the functions in the method described in the second aspect above. The communication device may also include a memory for storing program instructions and data. The memory is coupled to the processor, and the processor can call and execute the program instructions stored in the memory to implement the functions in the method described in the second aspect. The communication device may further comprise a communication interface for the communication device to communicate with other devices. For example, if the communication apparatus is a second NFVO device, the other device is a first NFVO device.
In one possible arrangement, the communication interface may be a transceiver. A transceiver for transmitting an authorization request and receiving an authorization response. The processor is configured to perform the first operation on the second NS, which may specifically refer to the descriptions of the above aspects and is not described in detail.
In a seventh aspect, the present application further provides a computer-readable storage medium, including: computer software instructions; the computer software instructions, when executed in the communication device, cause the communication device to perform the method of the first or second aspect described above.
In an eighth aspect, the present application also provides a computer program product comprising instructions which, when run in a communication apparatus, cause the communication apparatus to perform the method of the first or second aspect.
In a ninth aspect, the present application provides a chip system, which includes a processor and may further include a memory, and is configured to implement the functions of the NVFO device in the foregoing method. The chip system may be formed by a chip, and may also include a chip and other discrete devices.
In a tenth aspect, the present application further provides a communication system, where the communication system includes the first NFVO device described in the third aspect and the second NFVO device described in the fourth aspect; or the communication system comprises the first NFVO device described in the fifth aspect and the second NFVO device described in the sixth aspect.
In addition, the technical effects brought by the design manners of any aspect can be referred to the technical effects brought by the different design manners in the first aspect and the second aspect, and are not described herein again.
Drawings
Fig. 1 is a diagram illustrating an NFV system architecture according to an embodiment of the present application;
fig. 2A is a schematic structural diagram of a VNFD according to an embodiment of the present application;
fig. 2B is a schematic structural diagram of a VNF obtained after deployment according to the VNFD described above;
FIG. 2C is a schematic diagram of NS _1 including a plurality of VNFs;
fig. 3 is a flowchart of an authorization method for lifecycle management of a network service according to an embodiment of the present application;
fig. 4 is a flowchart of an authorization method for lifecycle management of a network service according to an embodiment of the present application;
fig. 5 is a flowchart of an authorization method for lifecycle management of a network service according to an embodiment of the present application;
fig. 6 is a flowchart of an authorization method for lifecycle management of a network service according to an embodiment of the present application;
fig. 7 is a flowchart of an authorization method for lifecycle management of a network service according to an embodiment of the present application;
fig. 8 is a flowchart of an authorization method for lifecycle management of a network service according to an embodiment of the present application;
fig. 9 is a flowchart of an authorization method for lifecycle management of a network service according to an embodiment of the present application;
fig. 10 is a flowchart of an authorization method for lifecycle management of network services according to an embodiment of the present application;
fig. 11 is a schematic diagram illustrating a communication device according to the present application;
fig. 12 is a schematic diagram of another communication device provided in the present application.
Detailed Description
The terms "first," "second," and "third," etc. in the description and claims of this application and the above-described drawings are used for distinguishing between different objects and not for limiting a particular order.
In the embodiments of the present application, words such as "exemplary" or "for example" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "such as" is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word "exemplary" or "such as" is intended to present concepts related in a concrete fashion.
For clarity and conciseness of the following description of various embodiments, a brief introduction to the related art is first given:
conventional telecommunication systems are composed of various dedicated hardware devices, and different functions employ different hardware devices. As the size of networks grows, telecommunication systems become more complex, presenting a number of challenges. For example, the development of the new service is online, and the operation and maintenance of the system and the resource utilization rate are used. In order to meet these challenges and utilize virtualization technology and cloud computing technology in the Internet Technology (IT) industry, 13 major telecommunications carriers all over the world jointly issue NFV white papers, and announce that the European Telecommunications Standards Institute (ETSI) is established as NFV Industry Specification Group (ISG), which makes NFV demand and technical framework push the development of NFV.
The NFV technology utilizes virtualization technology to pool and virtualize resources of infrastructure hardware devices (e.g., computing devices, storage devices, network devices), provide virtual resources for upper layer applications, and implement software and hardware decoupling. When a new service is developed, hardware equipment does not need to be deployed independently, and the service is virtualized into an independent application (such as VNF) by adopting a virtualization technology, so that the online time of the new service is greatly shortened, and the virtual resource supply speed is greatly increased.
The NFV technology utilizes the cloud computing technology, can realize elastic expansion of application, realizes matching of virtual resources and service loads, improves utilization efficiency of the virtual resources, and improves response rate of an NFV system.
Fig. 1 is a diagram illustrating an NFV system architecture according to an embodiment of the present disclosure. The NFV system may be used in various networks, for example implemented in a data center network, operator network, or local area network. The NFV system includes an NFV management and orchestration system (NFV MANO)101, an NFV infrastructure layer (NFVI) 102, a plurality of Virtual Network Functions (VNFs) 103, a plurality of Element Management (EM)104, and an operation support system (operation-support system/business support system (OSS/BSS) 105.
Among other things, NFV MANO 101 is used to perform monitoring and management of NFVI 102 and VNF 103. The NFV management and orchestration system 101 includes an NFV orchestrator (NFV orchestrator, NFVO)1011, one or more VNF managers (VNFM) 1012, and a Virtualized Infrastructure Manager (VIM) 1013.
NFVO1011 is mainly responsible for handling lifecycle management of virtualized NS, allocation and scheduling of virtual resources in virtual infrastructure and NFVI, etc. NFVO1011 may also perform resource-related requests (e.g., requests to obtain VNFDs) from one or more VNFMs 1012, send configuration information (e.g., VNFDs, VNF modification information requests, and VNF instantiation requests) to VNFM 1012, and collect status information of VNF 103. The VNFD may be stored on the NFVO, or may be stored in a database managed by the NFVO, so that the NFVO may obtain the VNFD and feed the VNFD back to the VNFM, and the VNFM deploys the VNF according to the VNFD. The NFVO may store VNFDs corresponding to VNFs of multiple functions. Additionally, NFVO1011 may communicate with VIM 1013 to enable allocation and/or reservation of resources and exchange configuration and status information of virtualized hardware resources.
VNFM 1012 is primarily responsible for lifecycle management of one or more VNFs 103. Such as instantiating (updating), updating (updating), querying, scaling (scaling), terminating (terminating) VNF103, etc. VNFM 1012 may communicate with VNF103 to complete VNF103 lifecycle management and exchange configuration and status information. There may be multiple VNFMs 1012 in the NFV system, which are responsible for lifecycle management for different types of VNFs.
The VIM 1013 may perform functions for resource management, such as managing allocation of infrastructure resources (e.g., adding resources to virtual containers) and operational functions (e.g., collecting NFVI fault information). VNFM 1012 and VIM 1013 may communicate with each other for resource allocation and exchange configuration and status information for virtualized hardware resources. For example, VNF103 interacts with computing hardware 1021, storage hardware 1022, networking hardware 1023, virtual computing (virtual computing)1024, virtual storage 1025, and virtual network 1026.
NFVI 102 includes a hardware resource layer, a virtualization layer (virtualization layer), and a virtual resource layer. NFVI 102 includes hardware resources, software resources, or a combination of both to complete the deployment of the virtualized environment. In other words, the hardware resources and virtualization layer are used to provide virtualized resources, e.g., as virtual machines and other forms of virtual containers, for VNF 103. The hardware resource layer includes computing hardware 1021, storage hardware 1022, and networking hardware 1023. The computing hardware 1021 may be commercially available hardware and/or custom hardware to provide processing and computing resources. The storage hardware 1022 may be storage capacity provided within a network or storage capacity resident within the storage hardware 1022 itself (local memory located within a server). In one implementation, the resources of computing hardware 1021 and storage hardware 1022 may be pooled together. Network hardware 1023 may be a switch, router, and/or any other network device configured with switching functionality. Network hardware 1023 may span multiple domains and may include multiple networks interconnected by one or more transport networks. A virtualization layer inside NFVI 102 may abstract hardware resources from the physical layer and decouple VNF103 in order to provide virtualized resources to VNF 103. Virtual resource layers include virtual compute 1024, virtual storage 1025, and virtual network 1026. Virtual compute 1024 and virtual storage 1025 may be provided to VNF103 in the form of virtual machines, and/or other virtual containers. For example, one or more VNFs 103 may be deployed on one Virtual Machine (VM). Virtualization layer abstracts the network hardware 1023 to form a virtual network 1026, which may include a virtual switch (virtual switch) to provide connectivity between the virtual machine and other virtual machines. In addition, the transport network in the network hardware 1023 can be virtualized using a centralized control plane and a separate forwarding plane (e.g., a software defined network).
In hardware, the computing hardware 1021, storage hardware 1022, and network hardware 1023 may comprise multiple subracks, or multiple racks, or even multiple rooms. There may be one VIM 1013 or multiple VIMs in software, each managing different hardware resources.
VNF103 is a virtualized network function instance.
The device management system (EM)104 is a system for configuring and managing devices in a conventional network, and in the NFV system, the EM 104 may also be used to configure and manage the VNF103, and initiate lifecycle management operations such as instantiation of a new VNF103 to the VNFM 1012.
An operation Support System (Operations Support System and Business Support System, OSS/BSS)105 supports various end-to-end telecommunication services. The management functions supported by OSS include: network configuration, service provisioning, fault management, etc. The BSS processes orders, pays, revenues, etc., supporting product management, order management, revenue management, and customer management.
In the NFV system, the virtualized NS may be an IP Multimedia Subsystem (IMS) network service, or a next generation mobile Core network (EPC) network service, etc. Several VNFs may be included in one NS. The party that initiates the instantiating VNF request may be referred to as the virtualized traffic requestor. The party receiving the instantiated VNF request and deploying the VNF according to the instantiated VNF request may be referred to as a virtualized service provider. When performing virtualization deployment on an NS, a virtualization Service provider needs to obtain description information of the Service, i.e., a Network Service template (NSD), from a virtualization Service requester. The NSD mainly describes topology information of the service and description information of each VNF included, that is, the VNFD. In the topology information, a Virtual Link Descriptor (VLD) may be used to describe the connection between VNFs. The virtualized service requestor may be an NFVO or sender (sender). The sender may specifically be an OSS/BSS.
Fig. 2A is a schematic structural diagram of a VNFD provided in the present application. Fig. 2B is a schematic structural diagram of a VNF obtained after deployment according to the VNFD described above. Fig. 2C is a schematic structural diagram of NS _1 including several VNFs.
As shown in fig. 2A, the VNFD includes information such as a Virtual Deployment Unit (VDU) 1, a VDU2, a Connection Point (CP) _ A, CP _ B, and a Virtual Link (VL). The VDU represents application software that needs to be deployed onto a virtual machine. The CP represents connection information of the VNF, such as virtual network card information, which may be represented by an IP address or a MAC address. VL is a virtual connection within the VNF that connects multiple VDUs and may be represented by information such as connection type, bandwidth, etc.
As shown in fig. 2B, the VNFM is deployed using the VNFD, and the VNF obtained after deployment includes a Virtualized Network Function Component (VNFC) 1, a VNFC2, a CP _ a instance, a CP _ B instance, and a VL instance. The VDU1 in the VNFD generates VNFC1 after deployment, and the VDU2 in the VNFD generates VNFC2 after deployment.
As shown in fig. 2C, NS _1 includes VNF _1, VNF _2, VNF _3, VNF _4, and VNF _ 5. VNF _1 and VNF _2 are connected to VNF _3 via VL _1 instances, respectively. VNF _3 is connected to a Service Access Point (SAP) through VL _2 instance. The SAP may also be referred to as a service connection point. SAP is the external connection point for nested NS _ 2. VNF _4 is connected with SAP. VNF _4 can communicate with VNFs outside of the nested NS _2 via SAPs. VNF _4 is connected to VNF _5 via VL _3 instance. VNF _4 and VNF _5 belong to VNFs within nested NS _ 2. Global NFVO performs lifecycle management for NS _ 1. The local NFVO is lifecycle management for nested NS _ 2. A communication interface, such as an or-or interface, is arranged between the global NFVO and the local NFVO.
When the local NFVO performs life cycle management on the nested NS _2, for example, the nested NS _2 is expanded elastically, and the nested NS _2 is terminated when running, the local NFVO sends an authorization request to the global NFVO, and after the global NFVO authorizes the local NFVO to perform life cycle management on the nested NS _2, the local NFVO performs life cycle management on the nested NS _ 2.
In order to solve the problem of how the global NFVO determines whether to authorize the operation of the local NFVO on the nested NS, an embodiment of the present application provides an authorization method for lifecycle management of a network service, where the method includes: the first NFVO device receives an authorization request from the second NFVO device, the authorization request is used for requesting authorization to perform a first operation on the second NS, and the first operation is an operation of performing life cycle management on the second NS by the second NFVO device. And if the first NFVO device determines that the resources of the first NS meet the requirement of performing the first operation on the second NS, sending an authorization response to the second NFVO device so as to authorize the first operation on the second NS. And after receiving the authorization response from the first NFVO device, the second NFVO device performs a first operation on the second NS. The authorization response is to indicate that the first operation is to be performed on the second NS. Therefore, under the condition that the second NFVO device performs lifecycle management on the second NS, the problem of management negotiation between the second NFVO device and the first NFVO device is solved, and the influence of the second NFVO device on the first NS during lifecycle management on the second NS is reduced.
Herein, it is assumed that the first NFVO device is used to implement the functions of the global NFVO, e.g., the first NFVO device is used to perform lifecycle management for the first NS. The second NFVO device is configured to implement a function of a local NFVO, for example, the second NFVO device is configured to perform lifecycle management for the second NS. The first NFVO device is connected with the second NFVO device. The second NS is nested within the first NS. For example, as shown in fig. 2C, the first NS may be NS _ 1. The second NS may be NS _ 2.
Next, embodiments of the present application will be described in detail with reference to the drawings.
Fig. 3 is a flowchart of an authorization method for lifecycle management of a network service according to an embodiment of the present application. As shown in fig. 3, the method may include:
s301, the second NFVO device sends an authorization request to the first NFVO device, requesting to authorize a first operation on the second NS.
Understandably, the first operation is that the second NFVO device performs lifecycle management on the second NS.
In some embodiments, the first operation may be a capacity expansion operation of the second NFVO device to the second NS. For example, since the number of users using the service provided by the second NS increases, and the resources of the service provided by the second NS cannot carry so many users, network congestion may be caused, and thus, the user carrying capacity of the second NS may be increased, and network congestion may be avoided.
In other embodiments, the first operation may be a delete operation of the second NS by the second NFVO device. For example, because the number of users using the service provided by the second NS is reduced or other reasons that the service provided by the second NS is not required to be provided are reduced, the second NFVO device may delete the second NS, release resources used by the second NS for deployment, reduce resource waste managed by the second NFVO device, and improve resource utilization.
Optionally, the second NFVO device may send the authorization request to the first NFVO device through an or-or interface.
S302, the first NFVO device receives an authorization request from the second NFVO device.
The authorization request is used for requesting authorization to perform a first operation on the second NS, where the first operation is an operation of performing lifecycle management on the second NS by the second NFVO device. For a detailed explanation of the first operation, reference may be made to the description of S301, which is not repeated. Optionally, the second NFVO device may send the authorization request to the first NFVO device through an or-or interface.
S303, the first NFVO device determines whether the resource of the first NS satisfies a first operation on the second NS.
Since the second NS is nested within the first NS, the second NS has an association relationship with the first NS. If the second NFVO device performs the first operation on the second NS, the first NS may affect whether the first operation performed on the second NS by the second NFVO device is successful, and therefore, the first NFVO device determines whether the resource of the first NS satisfies the first operation performed on the second NS.
If the first NFVO device determines that the resource of the first NS meets the first operation on the second NS, S304 is executed; if the first NFVO device determines that the resource of the first NS does not satisfy the first operation on the second NS, S307 is executed.
And S304, the first NFVO device sends an authorization response to the second NFVO device to authorize the first operation on the second NS.
The authorization response is to indicate that the first operation is to be performed on the second NS.
S305, the second NFVO device receives the authorization response from the first NFVO device.
And S306, the second NFVO device performs a first operation on the second NS.
For example, the second NFVO device performs a capacity expansion operation on the second NS. For another example, the second NFVO device performs a delete operation on the second NS.
S307, the first NFVO device sends a failure response to the second NFVO device, and does not allow the first operation to be performed on the second NS.
Optionally, the failure response may also include a failure reason. For example, if the second NFVO device performs capacity expansion operation on the second NS, the data traffic on the second NS may increase after the capacity of the second NS is expanded, and since the second NS is nested in the first NS and the second NS has an association relationship with the first NS, the data traffic on a network in the first NS connected to the second NS also increases. If the increased data traffic exceeds the processing capacity of the first NS on the network connected to the second NS, the capacity expansion of the second NS fails. Therefore, the first NFVO device does not allow the capacity expansion operation on the second NS, and the failure reason may be that the first NS does not support the capacity expansion operation on the second NS.
For another example, if the second NFVO device performs a delete operation on the second NS, the first NS and the second NS still have a dependency relationship, which results in a failure to delete the second NS. Therefore, the first NFVO device does not allow the deletion operation on the second NS, and the failure reason may be that the first NS does not support the deletion operation on the second NS.
S308, the second NFVO device receives the failure response from the first NFVO device.
The failure response indicates that the first operation is not allowed on the second NS. For example, the second NFVO device does not perform a capacity expansion operation on the second NS. For another example, the second NFVO device does not perform a delete operation on the second NS. Optionally, the second NFVO device may further determine whether to perform other lifecycle management on the second NS when determining that the first operation is not performed on the second NS.
In a first possible implementation manner, the first operation may be a capacity expansion operation of the second NFVO device on the second NS. If the second NFVO device performs capacity expansion operation on the second NS, the data volume of data processed by the second NS is increased, and external data traffic of the second NS is improved. As shown in fig. 4, S303 may include the following detailed steps S3031 and 3032.
S3031, the first NFVO device acquires the first data and the second data.
The first data is data traffic related to the second NS in the first NS. The second data is predicted data traffic after the capacity expansion operation is performed on the second NS.
In some embodiments, the first NFVO device may collect, as the first data, data traffic of a network connected to the SAP within the second NS. For example, as shown in fig. 2C, the SAP in NS _2 is connected to the VL _2 instance in NS _1, the VL _2 instance may serve as a network connected to the SAP in NS _2, and the first NFVO device may collect data traffic on the VL _2 instance as the first data. Alternatively, the "network" herein may also be referred to as a virtual network or virtual connection.
In one possible design, the second data may be passively received from the first NFVO device. For example, the first NFVO device receives an authorization request from the second NFVO device that includes the second data. The first NFVO device may obtain the second data from the authorization request. The second data is predicted data traffic on the SAP connected with the first NS after the capacity expansion operation is performed on the second NS. For example, as shown in FIG. 2C, the second data may be the predicted data flow on SAP connected to VL _2 instance in NS _ 1.
In another possible design, the second data may be actively acquired from the first NFVO device. For example, the authorization request includes a first address indicating an address where the second NFVO device stores the second data. As shown in fig. 5, the first NFVO device may obtain the second data from the second NFVO device according to the first address.
S501, the first NFVO device sends a first obtaining request to the second NFVO device, where the first obtaining request includes a first address.
The first obtaining request is used for requesting the second NFVO device to feed back the second data.
S502, the second NFVO device receives the first get request from the first NFVO device.
And S503, the second NFVO device sends the second data to the first NFVO device.
And after receiving the first obtaining request, the second NFVO device obtains second data according to the storage position indicated by the first address, and feeds the second data back to the first NFVO device.
S504, the first NFVO device receives second data from the second NFVO device.
After the first NFVO device acquires the first data and the second data, S3032 is executed.
S3032, the first NFVO device determines whether the first data is greater than the second data.
If the first data is greater than the second data, it indicates that the bandwidth of the network connected to the second NS in the first NS meets the requirement after the capacity expansion operation is performed on the second NS, and the first NFVO device determines that the resource of the first NS meets the capacity expansion operation on the second NS, and then S304 is executed; if the first data is less than or equal to the second data, it indicates that the bandwidth of the network connected to the second NS in the first NS does not meet the requirement after the capacity expansion operation is performed on the second NS, and the first NFVO device determines that the resource of the first NS does not meet the capacity expansion operation on the second NS, and then S307 is executed.
For example, assume that the data traffic on VL _2 instances is 1 Gigabyte (GB) and the predicted data traffic on SAP is 400 kilobytes (Kilobyte, KB). The 400KB is smaller than 1GB, and therefore, the first NFVO device determines that the resource of the first NS satisfies the capacity expansion operation on the second NS.
As another example, assume that the data traffic on VL _2 instance is 600KB and the predicted data traffic on SAP is 1 GB. The 600KB is less than 1GB, and therefore, the first NFVO device determines that the resource of the first NS does not satisfy the capacity expansion operation on the second NS.
In other embodiments, the first NFVO device may further indicate, to the second NFVO device, information required for the capacity expansion operation. As shown in fig. 6, before the second NFVO device sends an authorization request to the first NFVO device, i.e., S301, the method further includes the following steps.
S601, the first NFVO device sends a first authorization policy to the second NFVO device, and the first NFVO device instructs to collect data traffic of the second NS.
Optionally, the first authorization policy is used to instruct the second NFVO device to collect external data traffic of the second NS when determining to perform a capacity expansion operation on the second NS. For example, as shown in fig. 2C, the second NFVO device may collect data traffic on the SAP connected to VL _2 instance in NS _ 1.
Optionally, the first authorization policy is used to instruct the second NFVO device to determine the predicted data traffic of the second NS when determining to perform capacity expansion operation on the second NS.
S602, the second NFVO device receives the first authorization policy from the first NFVO device.
In a possible implementation manner, before the second NFVO device sends the authorization request to the first NFVO device, the second NFVO device may further perform the following S603 and S604.
And S603, the second NFVO device collects data traffic of the second NS.
In some embodiments, the second NFVO device may send a request message to the VIM requesting the VIM to feed back the data traffic outbound from the second NS. Optionally, the VIM may feed back the external data traffic of the second NS to the second NFVO device through the VNFM.
And S604, the second NFVO device determines second data according to the data traffic of the second NS.
In some embodiments, the second NFVO device may analyze the external data traffic of the second NS by using an Artificial Intelligence (Artificial Intelligence) technique or a data analysis technique (e.g., a big data analysis technique) to obtain a predicted data traffic of the second NS after performing a capacity expansion operation on the second NS.
Optionally, the second NFVO device may also report the external data traffic of the second NS to the first NFVO device, and the first NFVO device determines the predicted data traffic of the second NS according to the external data traffic of the second NS.
Optionally, if the first NFVO device determines that the resource of the first NS does not satisfy the capacity expansion operation on the second NS, the first NFVO device may also perform the capacity expansion operation on the first NS, so that the resource of the first NS satisfies the capacity expansion operation on the second NS. Illustratively, as shown in fig. 6, the method further includes S605.
S605, the first NFVO device performs a first operation on a virtual connection in the first NS, which is connected to the second NS.
Optionally, the first NFVO device may perform capacity expansion operation on a virtual connection connected to the second NS in the first NS according to the predicted data traffic of the second NS.
For example, assume that the data traffic on VL _2 instance is 600KB and the predicted data traffic on SAP is 1 GB. The 600KB is less than 1GB, and therefore, the first NFVO device determines that the resource of the first NS does not satisfy the capacity expansion operation on the second NS. The first NFVO device may perform capacity expansion operation on the VL _2 instance, so that data traffic on the VL _2 instance is 1GB, so that the VL _2 instance supports the capacity expansion operation on the second NS.
Optionally, if the first operation is a capacity reduction operation of the second NFVO device on the second NS. The first NFVO device may perform a capacity reduction operation on a virtual connection connected to the second NS within the first NS, thereby reducing resource waste managed by the first NFVO device.
Therefore, under the condition that the second NFVO device performs capacity expansion operation on the second NS, the problem of management negotiation between the second NFVO device and the first NFVO device is solved, and the influence on the first NS when the second NFVO device performs capacity expansion operation on the second NS is reduced.
In a second possible implementation manner, the first operation is a deletion operation of the second NFVO device to the second NS. Since the second NS is nested within the first NS, the second NS has an association relationship with the first NS. If the second NFVO device performs a delete operation on the second NS, the second NS cannot provide services. For example, data transmission is also required between the second NS and the first NS, and if the second NFVO device deletes the second NS, data transmission cannot be performed between the second NS and the first NS. Therefore, the first NFVO device may determine whether the resource of the first NS satisfies the deletion operation on the second NS by determining whether the first NS and the second NS have a dependency relationship. As shown in fig. 7, S303 may include the following detailed step S3033.
S3033, the first NFVO device determines whether the first NS and the second NS have a dependency relationship.
If the first NS and the second NS have no dependency relationship (e.g., no data transmission exists between the first NS and the second NS), the first NFVO device determines that the resources of the first NS satisfy the first operation on the second NS, and then S304 is performed. If the first NS and the second NS have a dependency relationship (e.g., there is data transmission between the first NS and the second NS), the first NFVO device determines that the resource of the first NS does not satisfy the first operation on the second NS, and then S307 is executed.
Optionally, if the first NS and the second NS have a dependency relationship, the first NFVO device determines that the resource of the first NS does not satisfy the first operation on the second NS, and the first NFVO device may deploy a third NS, so that the third NS provides the service of the second NS, the third NS establishes a connection with the first NS, and the third NS performs data transmission with the first NS. As shown in fig. 8, the method further comprises the following steps.
And S801, the first NFVO device judges whether a third NS is successfully deployed within a first time length, wherein the third NS is used for providing services of a second NS.
It is to be appreciated that the first duration is a predicted duration that the second NS can continue to provide service. In some embodiments, the first NFVO device may deploy the third NS within the first time period, and if the third NS is successfully deployed within the first time period, which indicates that the third NS may replace the second NS to continue providing services, for example, the third NS performs data transmission with the first NS, the first NFVO device sends an authorization response to the second NFVO device, that is, S304 is performed, and the second NFVO device deletes the second NS; if the third NS fails to be deployed within the first time period, which means that no other NS can replace the second NS to continue providing services, the first NFVO device sends a failure response to the second NFVO device, that is, S307 is executed, and the second NFVO device is not allowed to delete the second NS.
In one possible design, the first duration may be passively received from the first NFVO device. For example, the authorization request from the second NFVO device received by the first NFVO device includes the first duration. The first NFVO device may obtain the first duration from the authorization request. For example, as shown in fig. 2C, the first duration may be a predicted duration that NS _2 may continue to provide service.
In another possible design, the first time period may be actively obtained from the first NFVO device. For example, the authorization request includes a second address that indicates that the second NFVO device stores an address for the first duration. As shown in fig. 9, before the first NFVO device determines whether the third NS is successfully deployed within the first duration, that is, before S801, the first NFVO device may obtain the first duration from the second NFVO device according to the second address.
S901, the first NFVO device sends a second obtaining request to the second NFVO device, where the second obtaining request includes a second address.
The second obtaining request is used for requesting the second NFVO device to feed back the first duration.
S902, the second NFVO device receives a second get request from the first NFVO device.
And S903, sending a first time length to the first NFVO device by the second NFVO device.
And after receiving the second obtaining request, the second NFVO device obtains the first time length according to the storage position indicated by the second address, and feeds the first time length back to the first NFVO device.
S904, the first NFVO device receives the first duration from the second NFVO device.
In other embodiments, the first NFVO device may further instruct the second NFVO device to report information required for the delete operation. As shown in fig. 10, before the second NFVO device sends an authorization request to the first NFVO device, i.e., S301, the method further includes the following steps.
And S1001, the first NFVO device sends a second authorization policy to the second NFVO device, and the second NFVO device is indicated to predict the first time length.
Optionally, the second authorization policy is used to instruct the second NFVO device to predict the first duration after determining to perform the delete operation on the second NS. For example, as shown in fig. 2C, the second NFVO device may predict a duration for which NS _2 may continue to provide service.
Optionally, the second authorization policy may further include a reason for the second NFVO device to determine to perform the deletion operation on the second NS. After determining the deletion operation of the second NS, the second NFVO device may carry a reason for performing the deletion operation of the second NS in the authorization request sent to the first NFVO device.
S1002, the second NFVO device receives the second authorization policy from the first NFVO device.
In a possible implementation manner, before the second NFVO device sends the authorization request to the first NFVO device, the second NFVO device may further perform the following S1003.
And S1003, the second NFVO device determines a first time length.
In some embodiments, the second NFVO device determines the first duration after determining to delete the second NS. In some embodiments, the second NFVO device may send a request message to the VIM requesting the VIM to feed back the first duration. Optionally, the VIM may feed back the first duration to the second NFVO device through the VNFM.
Therefore, under the condition that the second NFVO device deletes the second NS, the problem of management negotiation between the second NFVO device and the first NFVO device is solved, and the influence of the second NFVO device on the first NS when the second NFVO device deletes the second NS is reduced.
It is to be understood that, in order to implement the functions in the foregoing embodiments, the first NFVO device and the second NFVO device include corresponding hardware structures and/or software modules for performing the respective functions. Those of skill in the art will readily appreciate that the various illustrative elements and method steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is performed in hardware or computer software driven hardware depends on the specific application scenario and design constraints of the solution.
Fig. 11 and 12 are schematic structural diagrams of a possible communication device provided in an embodiment of the present application. These communication devices can be used to implement the functions of the first NFVO device or the second NFVO device in the above method embodiments, and therefore, the beneficial effects of the above method embodiments can also be achieved. In the embodiment of the present application, the communication apparatus may be a global NFVO or a local NFVO as shown in fig. 2C, or may be a module (e.g., a chip) applied to the first NFVO device or the second NFVO device.
As shown in fig. 11, the communication device 1100 includes a processing unit 1110 and a transceiving unit 1120. The communication apparatus 1100 is configured to implement the functions of the first NFVO device or the second NFVO device in the method embodiment shown in any one of fig. 3 to fig. 10.
When the communication apparatus 1100 is used to implement the function of the first NFVO device in the method embodiment shown in fig. 3: the transceiver 1120 is configured to perform S302, S304, and S307; the processing unit 1110 is configured to execute S303.
When the communication apparatus 1100 is used to implement the function of the second NFVO device in the method embodiment shown in fig. 3: the transceiving unit 1120 is configured to perform S301, S305, and S308; the processing unit 1110 is configured to execute S306.
When the communication apparatus 1100 is used to implement the function of the first NFVO device in the method embodiment shown in fig. 4: the transceiver 1120 is configured to perform S302, S304, and S307; the processing unit 1110 is configured to execute S3031 and S3032.
When the communication apparatus 1100 is used to implement the function of the second NFVO device in the method embodiment shown in fig. 4: the transceiving unit 1120 is configured to perform S301, S305, and S308; the processing unit 1110 is configured to execute S306.
When the communication apparatus 1100 is used to implement the function of the first NFVO device in the method embodiment shown in fig. 5: the transceiver 1120 is configured to perform S302, S304, S307, S501, and S504; the processing unit 1110 is configured to execute S3031 and S3032.
When the communication apparatus 1100 is used to implement the function of the second NFVO device in the method embodiment shown in fig. 5: the transceiver 1120 is configured to perform S301, S305, S308, S502, and S503; the processing unit 1110 is configured to execute S306.
When the communication apparatus 1100 is used to implement the function of the first NFVO device in the method embodiment shown in fig. 6: the transceiver 1120 is configured to perform S302, S304, S307, S501, S504, and S601; the processing unit 1110 is configured to execute S3031, S3032, and S605.
When the communication apparatus 1100 is used to implement the function of the second NFVO device in the method embodiment shown in fig. 6: the transceiver 1120 is configured to perform S301, S305, S308, S502, S503, and S602; the processing unit 1110 is configured to execute S306, S603, and S604.
When the communication apparatus 1100 is used to implement the function of the first NFVO device in the method embodiment shown in fig. 7: the transceiver 1120 is configured to perform S302, S304, and S307; the processing unit 1110 is configured to execute S3033.
When the communication apparatus 1100 is used to implement the function of the second NFVO device in the method embodiment shown in fig. 7: the transceiving unit 1120 is configured to perform S301, S305, and S308; the processing unit 1110 is configured to execute S306.
When the communication apparatus 1100 is used to implement the function of the first NFVO device in the method embodiment shown in fig. 8: the transceiver 1120 is configured to perform S302, S304, and S307; the processing unit 1110 is configured to execute S3033 and S801.
When the communication apparatus 1100 is used to implement the function of the second NFVO device in the method embodiment shown in fig. 8: the transceiving unit 1120 is configured to perform S301, S305, and S308; the processing unit 1110 is configured to execute S306.
When the communication apparatus 1100 is used to implement the function of the first NFVO device in the method embodiment shown in fig. 9: the transceiver 1120 is configured to perform S302, S304, S307, S901, and S904; the processing unit 1110 is configured to execute S3033 and S801.
When the communication apparatus 1100 is used to implement the function of the second NFVO device in the method embodiment shown in fig. 9: the transceiver 1120 is configured to perform S301, S305, S308, S902, and S903; the processing unit 1110 is configured to execute S306.
When the communication apparatus 1100 is used to implement the function of the first NFVO device in the method embodiment shown in fig. 10: the transceiver 1120 is configured to perform S302, S304, S307, S901, S904, and S1001; the processing unit 1110 is configured to execute S3033 and S801.
When the communication apparatus 1100 is used to implement the function of the second NFVO device in the method embodiment shown in fig. 10: the transceiver 1120 is configured to perform S301, S305, S308, S902, S903, and S1002; the processing unit 1110 is configured to execute S306 and S1003.
The more detailed description of the processing unit 1110 and the transceiver 1120 can be directly obtained by referring to the related description in the method embodiments shown in fig. 3 to fig. 10, which is not repeated herein.
As shown in fig. 12, the communication device 1200 includes a processor 1210 and an interface circuit 1220. The processor 1210 and the interface circuit 1220 are coupled to each other. It is understood that the interface circuit 1220 may be a transceiver or an input-output interface. Optionally, the communication device 1200 may further include a memory 1230 for storing instructions executed by the processor 1210 or storing input data required by the processor 1210 to execute the instructions or storing data generated by the processor 1210 after executing the instructions.
When the communication apparatus 1200 is used to implement the methods shown in fig. 3 to 10, the processor 1210 is configured to perform the functions of the processing unit 1110, and the interface circuit 1220 is configured to perform the functions of the transceiving unit 1120.
When the communication device is a chip applied to a terminal device, the terminal device chip implements the functions of the terminal device in the above method embodiment. The terminal device chip receives information from other modules (such as a radio frequency module or an antenna) in the terminal device, wherein the information is sent to the terminal device by the network device; or, the terminal device chip sends information to other modules (such as a radio frequency module or an antenna) in the terminal device, where the information is sent by the terminal device to the network device.
When the communication device is a chip applied to a network device, the network device chip implements the functions of the network device in the above method embodiments. The network device chip receives information from other modules (such as a radio frequency module or an antenna) in the network device, wherein the information is sent to the network device by the terminal device; alternatively, the network device chip sends information to other modules (such as a radio frequency module or an antenna) in the network device, and the information is sent by the network device to the terminal device.
It is understood that the Processor in the embodiments of the present Application may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a transistor logic device, a hardware component, or any combination thereof. The general purpose processor may be a microprocessor, but may be any conventional processor.
The method steps in the embodiments of the present application may be implemented by hardware, or may be implemented by software instructions executed by a processor. The software instructions may be comprised of corresponding software modules that may be stored in Random Access Memory (RAM), flash Memory, Read-Only Memory (ROM), Programmable ROM (PROM), Erasable PROM (EPROM), Electrically EPROM (EEPROM), registers, a hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. Of course, the storage medium may also be integral to the processor. The processor and the storage medium may reside in an ASIC. In addition, the ASIC may reside in a network device or a terminal device. Of course, the processor and the storage medium may reside as discrete components in a network device or a terminal device.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer programs or instructions. When the computer program or instructions are loaded and executed on a computer, the processes or functions described in the embodiments of the present application are performed in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, a network appliance, a user device, or other programmable apparatus. The computer program or instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer program or instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by wire or wirelessly. The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that integrates one or more available media. The usable medium may be a magnetic medium, such as a floppy disk, a hard disk, a magnetic tape; or optical media such as Digital Video Disks (DVDs); it may also be a semiconductor medium, such as a Solid State Drive (SSD).
In the embodiments of the present application, unless otherwise specified or conflicting with respect to logic, the terms and/or descriptions in different embodiments have consistency and may be mutually cited, and technical features in different embodiments may be combined to form a new embodiment according to their inherent logic relationship.
In the present application, "at least one" means one or more, "a plurality" means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone, wherein A and B can be singular or plural. In the description of the text of the present application, the character "/" generally indicates that the former and latter associated objects are in an "or" relationship; in the formula of the present application, the character "/" indicates that the preceding and following related objects are in a relationship of "division".
It is to be understood that the various numerical references referred to in the embodiments of the present application are merely for descriptive convenience and are not intended to limit the scope of the embodiments of the present application. The sequence numbers of the above processes do not mean the execution sequence, and the execution sequence of the processes should be determined by the functions and the inherent logic.

Claims (19)

1. An authorization method for lifecycle management of a network service NS, comprising:
a first Network Function Virtualization Orchestrator (NFVO) device receives an authorization request from a second NFVO device, wherein the authorization request is used for requesting authorization to perform a first operation on a second NS, and the first operation is an operation of performing life cycle management on the second NS by the second NFVO device;
the first NFVO device judges whether the resource of a first NS meets the requirement of performing the first operation on the second NS;
and if the first NFVO device determines that the resources of the first NS meet the first operation on the second NS, sending an authorization response to the second NFVO device to authorize the first operation on the second NS.
2. The method of claim 1, further comprising:
if the first NFVO device determines that the resources of the first NS do not meet the requirement for performing the first operation on the second NS, a failure response is sent to the second NFVO device, where the failure response is used to indicate that the first operation on the second NS is not allowed.
3. The method of claim 2, wherein the first operation is a capacity expansion operation, and wherein the determining, by the first NFVO device, whether the first operation on the second NS is satisfied by the resources of the first NS includes:
the first NFVO device acquires first data and second data, wherein the first data is data traffic related to the second NS in the first NS, and the second data is predicted data traffic after the first operation is performed on the second NS;
the first NFVO device judges whether the first data is larger than the second data;
if the first data is larger than the second data, the first NFVO device determines that the resource of the first NS satisfies a first operation on the second NS;
if the first data is less than or equal to the second data, the first NFVO device determines that the resources of the first NS do not satisfy the first operation on the second NS.
4. The method of claim 3, wherein the authorization request comprises the second data.
5. The method according to claim 3, wherein the authorization request includes a first address indicating an address for storing the second data, and wherein the obtaining of the second data by the first NFVO device includes:
the first NFVO device sends a first obtaining request to the second NFVO device, where the first obtaining request is used to request the second NFVO device to feed back the second data, and the first obtaining request includes the first address;
the first NFVO device receives the second data from the second NFVO device.
6. The method according to any one of claims 2-5, further comprising:
the first NFVO device performs the first operation on a virtual connection within the first NS that is connected to the second NS.
7. The method according to any one of claims 1-5, further comprising:
and the first NFVO device sends a first authorization policy to the second NFVO device, wherein the first authorization policy is used for indicating to collect the data traffic of the second NS.
8. The method of claim 2, wherein the first operation is a delete operation, and wherein the determining, by the first NFVO device, whether the first operation on the second NS is satisfied by the resources of the first NS comprises:
the first NFVO device judges whether the first NS and the second NS have a dependency relationship;
if the first NS and the second NS have no dependency relationship, the first NFVO device determines that the resource of the first NS satisfies a first operation on the second NS.
9. The method of claim 8, further comprising:
if the first NS and the second NS have a dependency relationship, the first NFVO device determines that the resource of the first NS does not satisfy the first operation on the second NS.
10. The method of claim 9, wherein if the first NS is dependent on the second NS, the method further comprises:
the first NFVO device judges whether a third NS is successfully deployed within a first time length, wherein the third NS is used for providing services of the second NS, and the first time length is a predicted time length for providing the services of the second NS;
the sending, by the first NFVO device, an authorization response to the second NFVO device includes:
if the third NS is successfully deployed within a first time period, the first NFVO device sends an authorization response to the second NFVO device;
the sending, by the first NFVO device, a failure response to the second NFVO device includes:
if the third NS fails to be deployed within the first time period, the first NFVO device sends a failure response to the second NFVO device.
11. A method for authorizing the lifecycle management of a Network Service (NS), the method comprising:
a second NFVO device sends an authorization request to a first NFVO device, wherein the authorization request is used for requesting authorization to perform a first operation on a second NS, and the first operation is an operation of performing life cycle management on the second NS by the second NFVO device;
when the resources of a first NS managed by the first NFVO device meet the first operation on the second NS, the second NFVO device receives an authorization response from the first NFVO device, wherein the authorization response is used for indicating the first operation on the second NS;
the second NFVO device performs the first operation on the second NS.
12. The method of claim 11, further comprising:
when the resources of a first NS managed by the first NFVO device do not satisfy the first operation on the second NS, the second NFVO device receives a failure response from the first NFVO device, wherein the failure response is used for indicating that the first operation on the second NS is not allowed.
13. The method of claim 12, wherein the first operation is a capacity expansion operation, and before the second NFVO device sends an authorization request to the first NFVO device, the method further comprises:
the second NFVO device collects data traffic of the second NS;
and the second NFVO device determines second data according to the data traffic of the second NS, wherein the second data is predicted data traffic after the first operation is performed on the second NS.
14. The method of claim 13, wherein the authorization request comprises the second data.
15. The method of claim 13, wherein the authorization request includes a first address indicating an address at which the second data is stored, the method further comprising:
the second NFVO device receives a first get request from the first NFVO device, where the first get request is used to request the second NFVO device to feed back the second data, and the first get request includes the first address;
the second data sent by the second NFVO device to the first NFVO device.
16. The method according to any one of claims 11-15, further comprising:
the second NFVO device receives a first authorization policy from the first NFVO device, where the first authorization policy is used to instruct to collect data traffic of the second NS.
17. The method according to claim 11 or 12, wherein the first operation is a delete operation, and before the second NFVO device sends an authorization request to the first NFVO device, the method further comprises:
and the second NFVO device determines a first time length, wherein the first time length is a predicted time length for providing services by the second NS.
18. A communications apparatus, comprising: at least one processor, a memory, a bus and an interface circuit, wherein the memory is for storing a computer program such that the computer program, when executed by the at least one processor, implements the method of any one of claims 1 to 10 or implements the method of any one of claims 11 to 17.
19. A computer-readable storage medium having stored thereon: computer software instructions;
the computer software instructions, when run in a communication device or a chip built in a communication device, cause the communication device to perform the method of any one of claims 1 to 10 or to implement the method of any one of claims 11 to 17.
CN201911342710.1A 2019-12-23 2019-12-23 Authorization method and device for life cycle management of network service Active CN113098705B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201911342710.1A CN113098705B (en) 2019-12-23 2019-12-23 Authorization method and device for life cycle management of network service
PCT/CN2020/137364 WO2021129520A1 (en) 2019-12-23 2020-12-17 Authorization method and apparatus for life cycle management of network service

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911342710.1A CN113098705B (en) 2019-12-23 2019-12-23 Authorization method and device for life cycle management of network service

Publications (2)

Publication Number Publication Date
CN113098705A CN113098705A (en) 2021-07-09
CN113098705B true CN113098705B (en) 2022-08-26

Family

ID=76573672

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911342710.1A Active CN113098705B (en) 2019-12-23 2019-12-23 Authorization method and device for life cycle management of network service

Country Status (2)

Country Link
CN (1) CN113098705B (en)
WO (1) WO2021129520A1 (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108156095A (en) * 2016-12-02 2018-06-12 中兴通讯股份有限公司 Resource determining method and device, NFVO

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10116571B1 (en) * 2015-09-18 2018-10-30 Sprint Communications Company L.P. Network Function Virtualization (NFV) Management and Orchestration (MANO) with Application Layer Traffic Optimization (ALTO)
KR20180110095A (en) * 2016-02-08 2018-10-08 노키아 솔루션스 앤드 네트웍스 오와이 Controlling resource placement of network virtualization scenarios
CN107135192B (en) * 2016-02-26 2020-04-21 中国移动通信集团公司 Resource authorization method for deploying VNF, VNFM and NFVO
CN109074288B (en) * 2016-03-15 2022-04-26 诺基亚通信公司 Conflict resolution in network virtualization scenarios
WO2018006401A1 (en) * 2016-07-08 2018-01-11 Telefonaktiebolaget Lm Ericsson (Publ) Methods and devices for selective network service deployment in the cloud environment
CN111917571B (en) * 2017-01-25 2022-09-23 华为技术有限公司 Policy management method, device and system
CN109587024B (en) * 2017-09-29 2020-12-22 华为技术有限公司 Resource processing method and related device

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108156095A (en) * 2016-12-02 2018-06-12 中兴通讯股份有限公司 Resource determining method and device, NFVO

Also Published As

Publication number Publication date
WO2021129520A1 (en) 2021-07-01
CN113098705A (en) 2021-07-09

Similar Documents

Publication Publication Date Title
US10481953B2 (en) Management system, virtual communication-function management node, and management method for managing virtualization resources in a mobile communication network
US10481935B2 (en) Management system, overall management node, and management method for managing virtualization resources in a mobile communication network
US10942786B2 (en) Network management
CN109428764B (en) Virtual network function instantiation method
CN112583615B (en) VNF instantiation method, NFVO, VIM, VNFM and system
WO2021181408A1 (en) System and method for dynamically creating end to end network slices
US20220182851A1 (en) Communication Method and Apparatus for Plurality of Administrative Domains
CN107426109B (en) Traffic scheduling method, VNF module and traffic scheduling server
WO2021143183A1 (en) Method for deploying virtual machine, and related apparatus
CN116724543A (en) Container cluster management method and device
CN113098705B (en) Authorization method and device for life cycle management of network service
CN112306625B (en) Method and related device for deploying virtual machine
CN112087311B (en) Virtual network function VNF deployment method and device
CN112889247B (en) VNF service instantiation method and device
CN112015515A (en) Virtual network function instantiation method and device
WO2018120222A1 (en) Vnffg management method, device and system
US20230409371A1 (en) Method for creating network service ns and related apparatus
WO2022141293A1 (en) Elastic scaling method and apparatus
CN111581203B (en) Information processing method, device and storage medium
US20230327959A1 (en) Method for establishing network connection and apparatus
CN117278461A (en) Method, device and system for planning service flow path
CN117278415A (en) Information processing and service flow path planning method, device and system
CN115733743A (en) Network service deployment method, NFVO (network function virtualization) and NFV (network function virtualization) system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant