CN113938525A - 5G universal terminal access management and resource scheduling platform server, system and method - Google Patents
5G universal terminal access management and resource scheduling platform server, system and method Download PDFInfo
- Publication number
- CN113938525A CN113938525A CN202111007163.9A CN202111007163A CN113938525A CN 113938525 A CN113938525 A CN 113938525A CN 202111007163 A CN202111007163 A CN 202111007163A CN 113938525 A CN113938525 A CN 113938525A
- Authority
- CN
- China
- Prior art keywords
- terminal
- module
- characteristic information
- service characteristic
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 25
- 230000003993 interaction Effects 0.000 claims description 4
- 238000004519 manufacturing process Methods 0.000 description 12
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000010295 mobile communication Methods 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000007796 conventional method Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Abstract
The invention relates to a 5G universal terminal access management and resource scheduling platform server, a system and a method, wherein the method comprises the following steps: the terminal accessed to the 5G network is accessed to the information acquisition module of the universal terminal access server through the application software deployed on the terminal; the information acquisition module returns a password input box and a service characteristic information selection menu to application software of the terminal through the 5G network; the user inputs the password on the terminal and selects the service characteristic information, the data and the terminal network card address are returned to the information acquisition module and submitted to the authentication module by the information acquisition module for authentication, after the authentication is passed, the service characteristic information and the terminal network card address selected by the user are submitted to the strategy routing configuration issuing module, and a strategy routing configuration command is generated to configure the strategy routing module. The invention realizes the management of various terminals of the park accessing the inner net of the park and the automatic scheduling of network resources under the 5GMEC flow dividing framework, and realizes that the 5G terminals access the corresponding park subnets according to the service requirements and the authority.
Description
Technical Field
The invention belongs to the technical field of communication, and particularly relates to a 5G universal terminal access management and resource scheduling platform server, a system and a method.
Background
The fifth generation mobile communication technology (5G) is currently in commercial use, and compared with the previous mobile communication technology, the fifth generation mobile communication technology is more applied to the vertical industry, and the data of the local mobile base station is shunted to a campus network nearby through a Mobile Edge Computing (MEC) by adopting the MEC, so that the data can not go out of the campus, and high-speed interaction with the local data is realized.
Various sensors and mobile terminals are widely used in large parks, particularly industrial parks, and data return and network access are realized through a 5G network. Each type of 5G terminal accesses a 5G network by using a 5G Sim card and a 5G module AMF, 5G network access is realized by authentication of a 5GC core network element AMF (mobile management function) IMSI, an IP address acquired by the terminal is generally issued by an address pool, and the IP address of the terminal presents certain randomness and consistency of an address field. Once authenticated by the AMF, each type of 5G terminal can directly reach the campus network through MEC shunting. However, a large park often has a plurality of different networks, the networks are often independent of each other, a single MEC entrance cannot cover all network entrances, and the networks are communicated with each other and have potential safety hazards. And the access terminals of the large-scale park are various, and each type of terminal is accessed to different types of networks of the park according to the service logic of the terminal. The random 5G terminal IP addresses which belong to the same network segment can not be accessed into different park service networks according to the requirement. Therefore, there is an urgent need to develop a system and method for 5G universal terminal access management and resource scheduling to implement 5G terminal access according to different service requirements in a large-scale park.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides a 5G universal terminal access management and resource scheduling platform server, a system and a method, which realize the management of various terminals of a park access intranet and the automatic scheduling of network resources by the 5G universal terminal access management and resource scheduling platform server under a 5G MEC shunting architecture so as to ensure that the 5G terminal is accessed into a corresponding park service network.
The technical scheme of the invention is realized as follows: the invention discloses a 5G universal terminal access management and resource scheduling platform server, which comprises an information acquisition module, an authentication module and a strategy routing configuration issuing module,
the information acquisition module is used for performing data interaction with application software of the 5G terminal through the 5G network, receiving a password, service characteristic information and a terminal network card address from the application software of the 5G terminal and forwarding the password, the service characteristic information and the terminal network card address to the authentication module;
the authentication module is used for receiving a password, service characteristic information and a terminal network card address sent by 5G terminal application software, verifying the access validity of the 5G terminal through the password, judging whether the service characteristic information and the terminal network card address pass the authentication according to a preset rule, and submitting the service characteristic information and the terminal network card address to the policy routing configuration issuing module if the authentication passes;
the strategy route configuration issuing module is used for generating a strategy route configuration command configuration strategy route module according to the service characteristic information selected by the user and the terminal network card address, and directing the next hop of the strategy route going to the corresponding campus subnet to the internet address of the campus subnet according to the service characteristic information selected by the user, so that the 5G terminal can access the corresponding campus subnet according to the service requirement and the authority of the terminal.
Further, the policy routing configuration issuing module is used for receiving the service characteristic information and the terminal network card address selected by the user and submitted by the authentication module, obtaining a next hop internet address of the corresponding service characteristic information by comparing the service characteristic information with the service characteristic information database, the policy routing configuration issuing module is used for remotely logging in the policy routing module, adding the terminal network card address into an access control list corresponding to the policy routing module, configuring the policy routing of the policy routing module, and pointing the next hop of the access control list corresponding to the terminal network card address to the next hop internet address corresponding to the required service.
Further, if the password obtained by the authentication module is incorrect or the terminal service characteristic information is determined not to be matched with the network card address according to the preset rule of the authentication module, the authentication is not passed, otherwise, the authentication is passed.
The invention also discloses a 5G universal terminal access management and resource scheduling system, which comprises a 5G terminal, a strategy routing module and a 5G universal terminal access management and resource scheduling platform server, the 5G terminal is deployed with application software, the 5G terminal inputs a password and configures service characteristic information and acquires a terminal network card address through the application software, the 5G terminal is accessed into the policy routing module through a network and then is accessed into the 5G general terminal access management and resource scheduling platform server through the policy routing module, the policy routing module is interconnected with the interconnection ports of the plurality of campus subnets at three layers through the physical interfaces of a three-layer switch or a router, the policy routing module supports a remote login mode, and the policy routing module determines the next hop Internet address of the data packet from the 5G terminal by combining the mode of selecting the next hop according to the policy routing and the access control list.
Further, the 5G universal terminal access management and resource scheduling system further comprises a mobile operator base station and an MEC platform, wherein the 5G terminal is used for transmitting the data of the application software to the mobile operator base station and then is connected to the MEC platform through a base station return network, and the MEC platform shunts and transmits the 5G terminal data packets of the park to the policy routing module through a pre-configured local shunting policy.
Furthermore, the strategy routing module is connected with a 5G universal terminal access management and resource scheduling platform server through a local direct connection route; the strategy routing module is a common three-layer switch or a router; the strategy routing configuration issuing module remotely logs in a three-layer switch or router to which the strategy routing module belongs through SSH or Telnet, and adds a terminal network card address to an access control list corresponding to the three-layer switch or router in a command line mode; and the 5G terminal which can not deploy the application software goes to the next hop through the default route on the policy routing module.
The invention also discloses a 5G universal terminal access management and resource scheduling method, which comprises the following steps:
the terminal accessed to the 5G network is accessed to an information acquisition module of a 5G universal terminal access management and resource scheduling platform server through application software deployed on the terminal;
the information acquisition module returns a password input box and a service characteristic information selection menu to the application software of the 5G terminal through the 5G network;
the user inputs a password on the 5G terminal and selects service characteristic information, the data and the terminal network card address are returned to the information acquisition module and submitted to the authentication module by the information acquisition module, the authentication module performs authentication according to a preset rule, if the authentication is not passed, the authentication result is fed back to the terminal application software by the information acquisition module, and if the authentication is passed, the service characteristic information and the terminal network card address selected by the user are submitted to the strategy routing configuration issuing module by the authentication module;
the strategy route configuration issuing module generates a strategy route configuration command according to the service characteristic information selected by the user and the terminal network card address to configure the strategy route module, and points the next hop of the strategy route going to the corresponding campus subnet to the internet address of the campus subnet according to the service characteristic information selected by the user, so that the 5G terminal can access the corresponding campus subnet according to the service requirement and the authority of the terminal.
Further, the policy routing configuration issuing module generates a policy routing configuration command according to the service feature information selected by the user and the network card address of the terminal to configure the policy routing module, and specifically includes: the strategy route configuration issuing module receives the service characteristic information and the terminal network card address selected by the user from the authentication module, compares the service characteristic information with a service characteristic information database to obtain a next hop Internet address of the service characteristic information selected by the user, remotely logs in the strategy routing module by the strategy route configuration issuing module, adds the terminal network card address into an access control list corresponding to the strategy routing module, and simultaneously, the strategy route configuration issuing module also configures the strategy route of the strategy routing module by remote login to point the next hop of the access control list corresponding to the terminal network card address to the next hop Internet address corresponding to the required service.
Furthermore, the 5G terminal accessing the subnet of the campus is authorized by the 5GC core network and accesses the policy routing module after being shunted by the MEC; applying an access control list corresponding to the policy routing module on the interconnection port of the policy routing module and the MEC; the strategy routing module is connected with the 5G universal terminal access management and resource scheduling platform server through a local direct connection route, so that the 5G terminal accessing the subnet of the park can access the 5G universal terminal access management and resource scheduling platform server.
Further, a terminal user logs in application software through a password, configures service characteristic information of terminal equipment through the application software, simultaneously, the 5G terminal application software acquires a terminal network card address, the authentication module receives the password sent by the 5G terminal application software, the service characteristic information and the terminal network card address, verifies the access legality of the 5G terminal through the password, and judges whether the service characteristic information and the terminal network card address pass the authentication according to a preset rule, and the method comprises the following steps: if the password obtained by the authentication module is incorrect or the terminal service characteristic information determined according to the preset rule of the authentication module is not matched with the network card address, the authentication is not passed, otherwise, the authentication is passed.
Further, the 5G terminal which can not deploy the application software goes to the next hop through the default route on the policy routing module.
The invention has at least the following beneficial effects: the system and the method for 5G universal terminal access management and resource scheduling provided by the invention can realize subnet resource access control and scheduling after 5GMEC local shunting according to the service access requirement and the password provided by the 5G terminal. The method has the advantages that the password authentication mode based on the application layer is added on the basis of AMF network element authentication of the SIM card of the 5G terminal, and the corresponding service subnet is automatically selected to be accessed according to the service requirement of the universal terminal, so that the access security of the 5G universal terminal and the resource scheduling flexibility are improved, and the security problem that when the service subnets of different local types are accessed to the unified 5G MEC platform, a transverse routing is required is solved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic architecture diagram of a 5G universal terminal access management and resource scheduling system according to an embodiment of the present invention;
fig. 2 is a schematic diagram of module connections of a 5G universal terminal access management and resource scheduling platform server according to an embodiment of the present invention;
fig. 3 is a flowchart of a 5G universal terminal access management and resource scheduling method according to an embodiment of the present invention;
fig. 4 is a network architecture diagram of a specific application embodiment of 5G universal terminal access management and resource scheduling provided in an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1 and fig. 2, an embodiment of the present invention provides a system for 5G universal terminal access management and resource scheduling, where a topological relationship between the system for 5G universal terminal access management and resource scheduling and a 5G network and a campus network is shown in fig. 1, the system includes a 5G terminal, a policy routing module, and a platform server for 5G universal terminal access management and resource scheduling, where application software is deployed on the 5G terminal, the 5G terminal inputs a password and configures service feature information and obtains a terminal network card address through the application software, the 5G terminal accesses the policy routing module through the network and then accesses the platform server for 5G universal terminal access management and resource scheduling through the policy routing module, the policy routing module is three-tiered interconnected with interconnection ports of a plurality of campus subnets through physical interfaces of a three-tiered switch or router, and the policy routing module supports a remote login manner, and the policy routing module determines the next hop Internet address of the data packet from the 5G terminal by combining the mode of selecting the next hop according to the policy routing and the access control list.
Furthermore, the 5G universal terminal access management and resource scheduling system further comprises a mobile operator base station and an MEC platform, and after the data of the 5G terminal application software is transmitted to the mobile operator base station through a wireless air interface channel, the data is connected to the MEC platform through a base station return network. And the MEC shunts and transmits the 5G terminal data packets of the park to a policy routing module through a local shunting policy configured in advance. The policy routing module is a common three-layer switch or router, supports a remote login mode based on SSH or Telnet, has a policy routing function, and can determine a next hop interconnection address of a data packet according to a source address of the data packet and an access control list. The strategy routing module is interconnected with the interconnection ports of the campus subnets 1 to N in a three-layer mode through physical interfaces of three-layer switches or routers. The strategy routing module is connected with the platform server through a local direct connection route.
And deploying application software on the 5G terminal, enabling a terminal user to log in the application software through a password, configuring service characteristic information of the terminal equipment through the application software, and enabling the 5G terminal application software to acquire a 5G module network card address of the 5G terminal equipment. And the service characteristic information of the terminal equipment configured by the 5G terminal application software and the acquired network card address information of the 5G module are transmitted to an information acquisition module of the 5G universal terminal access management and resource scheduling system through the 5G network.
Referring to fig. 2, an information acquisition module, an authentication module, and a policy routing configuration issuing module software program are deployed on the platform server, and the platform server network card is interconnected with the three-layer switch of the policy routing module or the three-layer port of the router through a direct route.
The information acquisition module carries out data interaction with the application software of the 5G terminal through the 5G network, mainly realizes the function of a communication interface, receives the data from the application software of the 5G terminal and forwards the data to the authentication module. Preferably, the information acquisition module of the 5G universal terminal access management and resource scheduling system and the application software of the 5G terminal transmit the data packet by using an encryption method to prevent information from being intercepted or tampered.
The authentication module receives the password sent by the 5G terminal application software, and the access validity of the terminal is verified through the password. If the password passes the verification, the authentication module further acquires the service characteristic information and the 5G terminal network card address sent by the 5G terminal application software, and submits the service characteristic information and the network card address to the strategy routing configuration issuing module.
The strategy route configuration issuing module receives the 5G terminal service characteristic information and the network card address submitted by the authentication module, and obtains the next hop interconnection IP address of the corresponding service characteristic information by comparing the strategy route configuration issuing module with a service characteristic information database of the strategy route configuration issuing module. The strategy routing configuration issuing module remotely logs in a three-layer switch or a router to which the strategy routing module belongs through SSH or Telnet, and adds the 5G terminal network card address to an access control list corresponding to the three-layer switch or the router in a command line mode, wherein the access control list is applied to an interconnection port between the three-layer switch or the router to which the strategy routing module belongs and the MEC. Meanwhile, the policy routing configuration issuing module configures the policy routing of the three-layer switch or router through remote login, and points the next hop of the access control list corresponding to the 5G terminal network card address to the next hop interconnection IP address corresponding to the service, so that the 5G terminal can access the corresponding subnet resource of the campus.
And the 5G terminal which can not deploy the application software goes to the next hop through the default route on the policy routing module.
Referring to fig. 3, an embodiment of the present invention further provides a 5G universal terminal access management and resource scheduling method, including the following steps:
the terminal accessed to the 5G network is accessed to an information acquisition module of a 5G universal terminal access management and resource scheduling platform server through application software deployed on the terminal;
the information acquisition module returns a password input box and a service characteristic information selection menu to the application software of the 5G terminal through the 5G network;
the user inputs a password on the 5G terminal and selects service characteristic information, the data and the terminal IP address are returned to the information acquisition module and submitted to the authentication module by the information acquisition module for authentication, if the authentication is not passed, the authentication result is fed back to the terminal application software by the information acquisition module, and if the authentication is passed, the service characteristic information and the terminal IP address selected by the user are submitted to the strategy routing configuration issuing module by the authentication module;
the strategy route configuration issuing module generates a strategy route configuration command according to the service characteristic information selected by the user and the terminal IP address to configure the strategy route module, and points the next hop of the strategy route going to the corresponding campus subnet to the Internet address of the campus subnet according to the service characteristic information selected by the user, so that the 5G terminal can access the corresponding campus subnet according to the service requirement and the authority of the terminal.
Further, the policy routing configuration issuing module generates a policy routing configuration command according to the service feature information selected by the user and the network card address of the terminal to configure the policy routing module, and specifically includes: the strategy route configuration issuing module receives the service characteristic information and the terminal network card address selected by the user from the authentication module, compares the service characteristic information with a service characteristic information database to obtain a next hop Internet address of the service characteristic information selected by the user, remotely logs in the strategy routing module by the strategy route configuration issuing module, adds the terminal network card address into an access control list corresponding to the strategy routing module, and simultaneously, the strategy route configuration issuing module also configures the strategy route of the strategy routing module by remote login to point the next hop of the access control list corresponding to the terminal network card address to the next hop Internet address corresponding to the required service.
Furthermore, the 5G terminal accessing the subnet of the campus is authorized by the 5GC core network and accesses the policy routing module after being shunted by the MEC; applying an access control list corresponding to the policy routing module on the interconnection port of the policy routing module and the MEC; the strategy routing module is connected with the 5G universal terminal access management and resource scheduling platform server through a local direct connection route, so that the 5G terminal accessing the subnet of the park can access the 5G universal terminal access management and resource scheduling platform server.
Furthermore, a terminal user logs in the application software through a password, service characteristic information of the terminal equipment is configured through the application software, and meanwhile, the 5G terminal application software acquires a terminal network card address. The authentication module is used for receiving a password sent by 5G terminal application software, verifying the access validity of the 5G terminal through the password, if the password is verified to be passed, the authentication module further acquires service characteristic information and a terminal network card address sent by the 5G terminal application software, and matches a preset rule of the authentication module according to a user name corresponding to the password, the service characteristic information submitted by the terminal and the terminal network card address, if the password user name, the service characteristic information and the terminal network card address of the terminal accord with the preset rule of the authentication module, the authentication is passed, and the authentication module submits the service characteristic information and the terminal network card address to the strategy routing configuration issuing module.
Further, the 5G terminal which can not deploy the application software goes to the next hop through the default route on the policy routing module.
The above technical solution of the present invention will be clearly and completely described by an embodiment of a specific application.
The network structure of the specific application embodiment is shown in fig. 4.
The 5G universal terminal access management resource scheduling system is physically composed of 1 router and 1 platform server, the router and the platform server are connected with each other by using 172.26.10.0/30 network segment three-layer, wherein the interconnection address of the platform server is 172.26.10.1, and the interconnection address of the router is 172.26.10.2. The router is interconnected with two subnets of a certain park at three layers, wherein the address field of the park production network is 10.9.7.0/24, the address field of the park monitoring network is 192.168.10.0/24, and the interconnection addresses are 1.1.1.0/30 and 2.2.2.0/30 respectively.
The 5G network of an operator is shunted to a park through a local MEC, if a traditional mode is adopted, a park production network needs to be communicated with a park monitoring network by three layers at first, then the MEC is communicated with one of the network segments by three layers, so that the 5G terminal can access the whole park network, and the 5G terminal is not limited to access the park network as long as a corresponding SIM card passes through the authorization of a 5GC core network. Meanwhile, the IP address of the 5G terminal is randomly distributed by the 5GC core network, and the campus network cannot be isolated through access control. Therefore, the conventional method cannot effectively manage the access of the 5G terminal, and cannot perform resource scheduling of network access according to the service requirement.
In this embodiment, 2 subnets of the campus are all accessed to a router of the universal terminal access management resource scheduling system in a three-layer interconnection manner, and the router determines to which subnet a next hop of a data packet from the 5G terminal points to in a manner of selecting the next hop by policy routing.
The 5G terminal 172.27.10.5 accessing the production network is authorized by the 5GC core network to access the router after being shunted by the MEC. On the router, since the address of the platform server 172.26.10.1 is directly connected thereto, the 5G terminal accessing the production network can access the platform server 172.26.10.1. The 5G terminal 172.27.10.5 communicates with the information collection module on the 172.26.10.1 server through application software deployed thereon, which communicates back a password entry box and service feature information selection menu to 172.27.10.5.
The user enters the correct password on the 5G terminal 172.27.10.5 and selects the service feature information as "production network" which is transmitted to the authentication module on the 172.26.10.1 server along with the 5G terminal's network card address 172.27.10.5. The authentication module returns an authentication result after comparing with the preset rule (if the user name corresponding to the password does not allow to access the production network according to the preset rule, the authentication fails), and transmits the information of accessing the production network and the information of 172.27.10.5 to the policy routing configuration issuing module. For example, the terminal logs in with a password user name abc and a password 123456, the network card address of the terminal is 192.168.10.5/24, if the preset rule of the authentication module specifies that the terminal address 192.168.10.5/24 of the user abc can access the campus subnet 1 but does not allow to access the campus subnet 2, the authentication is not passed when the terminal selects to access the campus subnet 2. However, if the 5G terminal is also logged in with the cba user, password 123456, the terminal may access the campus subnet 2 if the preset rule of the authentication module specifies that the terminal address 192.168.10.5/24 of the cba user may access the campus subnet 2.
The policy routing configuration issuing module remotely logs in a router 172.26.10.2 in a mode of program call SSH, writes 172.27.10.5 IP into an access control list accesslist 10, creates a policy routing matching accesslist 10 at the same time, and applies the policy routing matching accesslist 10 to an interconnection interface of the router and the MEC. In addition, the next hop of the policy route to 10.9.7.0/24 is directed to the production network internet address 1.1.1.1 based on the returned production network information, thereby enabling interworking of the 5G terminal 172.27.10.5 with the campus production network 10.9.7.0/24.
The other 5G terminal 172.27.10.2 would not have access to the campus production network 10.9.7.0/24 if unauthorized, even though it is in the same segment as 172.27.10.5. However, if the authorization 172.27.10.2 has access to the monitoring network, then a process similar to that described above at 172.27.10.5 is implemented to enable terminal access and allocation of network resources.
The invention can realize that the ubiquitous 5G terminal can be accessed into different types of networks in the park according to the actual service requirements and the authority by applying the 5G ubiquitous terminal access management and resource scheduling system and method, and meanwhile, the important application adopts password secondary authentication, thereby ensuring the service safety. The method can be applied to the scene of visiting an intelligent park or a large-scale enterprise intranet in a 5G MEC mode, and has important practical significance. The method can be applied to the universal terminal access of a 5GC core network, improves the safety and flexibility of the 5G terminal access network, and is beneficial to deriving more intelligent manufacturing application scenes and service requirements.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (10)
1. A5G universal terminal access management and resource scheduling platform server is characterized in that: comprises an information acquisition module, an authentication module and a strategy routing configuration issuing module,
the information acquisition module is used for performing data interaction with application software of the 5G terminal through the 5G network, receiving a password, service characteristic information and a terminal network card address from the application software of the 5G terminal and forwarding the password, the service characteristic information and the terminal network card address to the authentication module;
the authentication module is used for receiving a password, service characteristic information and a terminal network card address sent by 5G terminal application software, verifying the access validity of the 5G terminal through the password, judging whether the service characteristic information and the terminal network card address pass the authentication according to a preset rule, and submitting the service characteristic information and the terminal network card address to the policy routing configuration issuing module if the authentication passes;
the strategy route configuration issuing module is used for generating a strategy route configuration command configuration strategy route module according to the service characteristic information selected by the user and the terminal network card address, and directing the next hop of the strategy route going to the corresponding campus subnet to the internet address of the campus subnet according to the service characteristic information selected by the user, so that the 5G terminal can access the corresponding campus subnet according to the service requirement and the authority of the terminal.
2. The 5G universal terminal access management and resource scheduling platform server of claim 1, wherein: the strategy routing configuration issuing module is used for receiving the service characteristic information and the terminal network card address selected by the user and submitted by the authentication module, obtaining the next hop Internet address of the corresponding service characteristic information by comparing the service characteristic information with a service characteristic information database, adding the terminal network card address into an access control list corresponding to the strategy routing module, configuring the strategy routing of the strategy routing module, and pointing the next hop of the access control list corresponding to the terminal network card address to the next hop Internet address corresponding to the required service;
if the password obtained by the authentication module is incorrect or the terminal service characteristic information is determined not to be matched with the network card address according to the preset rule of the authentication module, the authentication is not passed, otherwise, the authentication is passed.
3. A5G universal terminal access management and resource scheduling system is characterized in that: comprising a 5G terminal, a policy routing module and a 5G generic terminal access management and resource scheduling platform server according to claim 1 or 2, the 5G terminal is deployed with application software, the 5G terminal inputs a password and configures service characteristic information and acquires a terminal network card address through the application software, the 5G terminal is accessed into the policy routing module through a network and then is accessed into the 5G general terminal access management and resource scheduling platform server through the policy routing module, the policy routing module is interconnected with the interconnection ports of the plurality of campus subnets at three layers through the physical interfaces of a three-layer switch or a router, the policy routing module supports a remote login mode, and the policy routing module determines the next hop Internet address of the data packet from the 5G terminal by combining the mode of selecting the next hop according to the policy routing and the access control list.
4. The 5G universal terminal access management and resource scheduling system of claim 3, wherein: the system comprises a mobile operator base station and an MEC platform, wherein the 5G terminal is used for transmitting data of application software to the mobile operator base station and then connecting the data to the MEC platform through a base station return network, and the MEC platform shunts and transmits 5G terminal data packets of the garden to a policy routing module through a local shunting policy configured in advance.
5. The 5G universal terminal access management and resource scheduling system of claim 3, wherein: the policy routing module is connected with a 5G universal terminal access management and resource scheduling platform server through a local direct connection route; the strategy routing module is a common three-layer switch or a router; the strategy routing configuration issuing module remotely logs in a three-layer switch or router to which the strategy routing module belongs through SSH or Telnet, and adds a terminal network card address to an access control list corresponding to the three-layer switch or router in a command line mode; and the 5G terminal which can not deploy the application software goes to the next hop through the default route on the policy routing module.
6. A5G universal terminal access management and resource scheduling method is characterized by comprising the following steps:
a terminal accessed to a 5G network accesses an information acquisition module of a 5G universal terminal access management and resource scheduling platform server according to claim 1 through application software deployed on the terminal;
the information acquisition module returns a password input box and a service characteristic information selection menu to the application software of the 5G terminal through the 5G network;
the user inputs a password on the 5G terminal and selects service characteristic information, the data and the terminal network card address are returned to the information acquisition module and submitted to the authentication module by the information acquisition module, the authentication module performs authentication according to a preset rule, if the authentication is not passed, the authentication result is fed back to the terminal application software by the information acquisition module, and if the authentication is passed, the service characteristic information and the terminal network card address selected by the user are submitted to the strategy routing configuration issuing module by the authentication module;
the strategy route configuration issuing module generates a strategy route configuration command according to the service characteristic information selected by the user and the terminal network card address to configure the strategy route module, and points the next hop of the strategy route going to the corresponding campus subnet to the internet address of the campus subnet according to the service characteristic information selected by the user, so that the 5G terminal can access the corresponding campus subnet according to the service requirement and the authority of the terminal.
7. The 5G universal terminal access management and resource scheduling method of claim 6, wherein: the policy routing configuration issuing module generates a policy routing configuration command according to the service characteristic information selected by the user and the terminal network card address to configure the policy routing module, and specifically comprises the following steps: the strategy route configuration issuing module receives the service characteristic information and the terminal network card address selected by the user from the authentication module, compares the service characteristic information with a service characteristic information database to obtain a next hop Internet address of the service characteristic information selected by the user, remotely logs in the strategy routing module by the strategy route configuration issuing module, adds the terminal network card address into an access control list corresponding to the strategy routing module, and simultaneously, the strategy route configuration issuing module also configures the strategy route of the strategy routing module by remote login to point the next hop of the access control list corresponding to the terminal network card address to the next hop Internet address corresponding to the required service.
8. The 5G universal terminal access management and resource scheduling method according to claim 6 or 7, characterized in that: the 5G terminal accessing the subnet of the park accesses the policy routing module after being authorized by the 5GC core network and shunted by the MEC; applying an access control list corresponding to the policy routing module on the interconnection port of the policy routing module and the MEC; the strategy routing module is connected with the 5G universal terminal access management and resource scheduling platform server through a local direct connection route, so that the 5G terminal accessing the subnet of the park can access the 5G universal terminal access management and resource scheduling platform server.
9. The 5G universal terminal access management and resource scheduling method of claim 6, wherein: the method comprises the following steps that a terminal user logs in application software through a password, configures service characteristic information of terminal equipment through the application software, simultaneously obtains a terminal network card address through 5G terminal application software, receives the password sent by the 5G terminal application software, the service characteristic information and the terminal network card address, verifies the access legality of the 5G terminal through the password, and judges whether the service characteristic information and the terminal network card address pass the authentication according to a preset rule, and the method comprises the following steps: if the password obtained by the authentication module is incorrect or the terminal service characteristic information determined according to the preset rule of the authentication module is not matched with the network card address, the authentication is not passed, otherwise, the authentication is passed.
10. The 5G universal terminal access management and resource scheduling method of claim 6, wherein: and the 5G terminal which can not deploy the application software goes to the next hop through the default route on the policy routing module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111007163.9A CN113938525B (en) | 2021-08-30 | 2021-08-30 | 5G universal terminal access management and resource scheduling platform server, system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111007163.9A CN113938525B (en) | 2021-08-30 | 2021-08-30 | 5G universal terminal access management and resource scheduling platform server, system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113938525A true CN113938525A (en) | 2022-01-14 |
| CN113938525B CN113938525B (en) | 2024-03-19 |
Family
ID=79274875
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111007163.9A Active CN113938525B (en) | 2021-08-30 | 2021-08-30 | 5G universal terminal access management and resource scheduling platform server, system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113938525B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115696332A (en) * | 2022-12-29 | 2023-02-03 | 中国信息通信研究院 | 5G edge computing security access control system and method based on cross-layer zero trust |
| CN117041969A (en) * | 2023-09-28 | 2023-11-10 | 新华三技术有限公司 | Access method, system and device of 5G dual-domain private network and electronic equipment |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105119787A (en) * | 2015-07-21 | 2015-12-02 | 国家计算机网络与信息安全管理中心 | Public Internet access system and public Internet access method based on software definition |
| CN106210034A (en) * | 2016-07-07 | 2016-12-07 | 国网山东省电力公司信息通信公司 | A kind of intelligent terminal's management-control method based on IMS enterprise network and system |
| CN108462752A (en) * | 2018-03-26 | 2018-08-28 | 深信服科技股份有限公司 | It is a kind of to access method, system and the VPC management equipments and readable storage medium storing program for executing for sharing network |
| CN109286567A (en) * | 2018-11-23 | 2019-01-29 | 腾讯科技(深圳)有限公司 | Acquisition methods, device and the equipment of routing strategy |
| CN110324403A (en) * | 2019-05-23 | 2019-10-11 | 平安科技(深圳)有限公司 | Dynamic divides library method for routing, device, server and storage medium |
| US20190319885A1 (en) * | 2018-04-16 | 2019-10-17 | Citrix Systems, Inc. | Policy based service routing |
| CN111600930A (en) * | 2020-04-09 | 2020-08-28 | 网宿科技股份有限公司 | Micro-service request traffic management method, device, server and storage medium |
-
2021
- 2021-08-30 CN CN202111007163.9A patent/CN113938525B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105119787A (en) * | 2015-07-21 | 2015-12-02 | 国家计算机网络与信息安全管理中心 | Public Internet access system and public Internet access method based on software definition |
| CN106210034A (en) * | 2016-07-07 | 2016-12-07 | 国网山东省电力公司信息通信公司 | A kind of intelligent terminal's management-control method based on IMS enterprise network and system |
| CN108462752A (en) * | 2018-03-26 | 2018-08-28 | 深信服科技股份有限公司 | It is a kind of to access method, system and the VPC management equipments and readable storage medium storing program for executing for sharing network |
| US20190319885A1 (en) * | 2018-04-16 | 2019-10-17 | Citrix Systems, Inc. | Policy based service routing |
| CN109286567A (en) * | 2018-11-23 | 2019-01-29 | 腾讯科技(深圳)有限公司 | Acquisition methods, device and the equipment of routing strategy |
| CN110324403A (en) * | 2019-05-23 | 2019-10-11 | 平安科技(深圳)有限公司 | Dynamic divides library method for routing, device, server and storage medium |
| CN111600930A (en) * | 2020-04-09 | 2020-08-28 | 网宿科技股份有限公司 | Micro-service request traffic management method, device, server and storage medium |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115696332A (en) * | 2022-12-29 | 2023-02-03 | 中国信息通信研究院 | 5G edge computing security access control system and method based on cross-layer zero trust |
| CN115696332B (en) * | 2022-12-29 | 2023-04-11 | 中国信息通信研究院 | 5G edge computing security access control system and method based on cross-layer zero trust |
| CN117041969A (en) * | 2023-09-28 | 2023-11-10 | 新华三技术有限公司 | Access method, system and device of 5G dual-domain private network and electronic equipment |
| CN117041969B (en) * | 2023-09-28 | 2024-01-02 | 新华三技术有限公司 | Access method, system and device of 5G dual-domain private network and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113938525B (en) | 2024-03-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP3845086B2 (en) | Controlled multicast system and method of execution | |
| EP2624525B1 (en) | Method, apparatus and virtual private network system for issuing routing information | |
| CN100594476C (en) | Method and apparatus for realizing network access control based on port | |
| US7542572B2 (en) | Method for securely and automatically configuring access points | |
| CN1864390B (en) | Method and apparatus for providing network security using security labeling | |
| EP1529352B1 (en) | A method for grouping 802.11 stations into authorized service sets to differentiate network access and services | |
| CN102469078B (en) | Method and system for accessing campus network to external network | |
| CN105915550B (en) | A kind of Portal/Radius authentication method based on SDN | |
| CN113938525B (en) | 5G universal terminal access management and resource scheduling platform server, system and method | |
| CN104468291B (en) | The method and apparatus of WiFi module communication | |
| CN107196813A (en) | Method and apparatus for two layers of enterprise network infrastructure of self-organizing | |
| CN106790251B (en) | User access method and user access system | |
| CN107241454B (en) | A kind of method, apparatus that realizing address administration, aaa server and SDN controller | |
| CN111371664B (en) | Virtual private network access method and equipment | |
| CN106488525A (en) | A kind of wireless network construction method of IP dynamic binding and corresponding network framework | |
| CN110401951A (en) | Authenticate the methods, devices and systems of terminal in WLAN | |
| CN106027491A (en) | Independent link type communication processing method and system based on isolated IP (Internet Protocol) address | |
| CN100591068C (en) | Method of transmitting 802.1X audit message via bridging device | |
| CN105871782B (en) | Network service processing method, device, business router and platform authentication system | |
| CN117119463A (en) | CPE security authentication method and system for 5G private network | |
| CN114884771B (en) | Identity network construction method, device and system based on zero trust concept | |
| CN108712398A (en) | Port authentication method, server, interchanger and the storage medium of certificate server | |
| CN103002441A (en) | End-to-end wireless security architecture system and method | |
| CN107547336B (en) | Method and device for adding authorized VLAN into authentication port | |
| CN220108019U (en) | Dual-system wireless switch based on WIFI6 |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20240222 Address after: 430080, floor 24-25, 2302-2310, shenguotou center, 1278 Heping Avenue, Qingshan District, Wuhan City, Hubei Province Applicant after: Baoxin software (Wuhan) Co.,Ltd. Country or region after: China Address before: 430000 gate 1, changqian, Qingshan District, Wuhan City, Hubei Province Applicant before: Wuhan WISCO Green City Technology Development Co.,Ltd. Country or region before: China |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |