CN115002769B - Flow diversion method, core network element, electronic equipment and medium - Google Patents
Flow diversion method, core network element, electronic equipment and medium Download PDFInfo
- Publication number
- CN115002769B CN115002769B CN202210563569.3A CN202210563569A CN115002769B CN 115002769 B CN115002769 B CN 115002769B CN 202210563569 A CN202210563569 A CN 202210563569A CN 115002769 B CN115002769 B CN 115002769B
- Authority
- CN
- China
- Prior art keywords
- network element
- roaming
- upf network
- function
- place
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 50
- 238000005315 distribution function Methods 0.000 claims abstract description 33
- 230000003068 static effect Effects 0.000 claims description 25
- 238000013507 mapping Methods 0.000 claims description 13
- 238000013475 authorization Methods 0.000 claims description 9
- 230000000977 initiatory effect Effects 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 3
- 238000004891 communication Methods 0.000 abstract description 6
- 230000006870 function Effects 0.000 description 64
- 238000010586 diagram Methods 0.000 description 9
- 238000012545 processing Methods 0.000 description 6
- 230000003287 optical effect Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 2
- 230000003190 augmentative effect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
- 238000011144 upstream manufacturing Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- 238000005406 washing Methods 0.000 description 1
- 210000000707 wrist Anatomy 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/14—Reselecting a network or an air interface
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
- H04W76/12—Setup of transport tunnels
Abstract
The embodiment of the disclosure provides a flow diversion method, a core network element, electronic equipment and a medium, and relates to the technical field of communication. The communication method comprises the following steps: the core network element determines whether to start a roaming scene flow distribution function for the UE according to the roaming state of the user equipment UE and the subscription attribute of the UE; if yes, the core network element starts a roaming scenario flow diversion function for the UE according to the subscription attribute of the UE, so that a user plane function UPF network element diverts user access flow through the roaming scenario flow diversion function. The method does not need a user to manually switch DNN, and meets the data flow diversion requirement of the roaming scene of the user.
Description
Technical Field
The disclosure relates to the technical field of communication, and in particular relates to a traffic diversion method, a core network element, electronic equipment and a medium.
Background
5G has penetrated into various industries, and 5G networks provide a variety of service functions for industry applications, wherein data splitting of 5G services is a basic requirement of many enterprise clients, namely, splitting service messages and finally reaching different networks and servers. Currently, 5G data offloading only deploys the local ULCL (Uplink Classifier, upstream classifier) approach. However, the function of local ULCL data offloading only supports a non-roaming manner, and when a user roams to a visited place outside the province and needs to use data offloading, the user is required to configure different DNNs (Data Network Name, data network identifiers) at the terminal and implement user traffic offloading by manually switching the DNNs. For example, the user configures DNN1 and DNN2 at the terminal, where DNN1 is used to access the internet in a visiting place outgoing mode, and DNN2 returns to the home place to access the intranet in a VPDN (Virtual Private Dial Network, virtual private dial-up network) mode, etc. The method has poor user experience, and is difficult to meet the business requirement of users for data distribution of roaming scenes.
It should be noted that the information disclosed in the above background section is only for enhancing understanding of the background of the present disclosure and thus may include information that does not constitute prior art known to those of ordinary skill in the art.
Disclosure of Invention
The embodiment of the disclosure provides a traffic distribution method, a core network element, electronic equipment and a computer readable storage medium, which can solve the problem that a user can realize distribution only by manually switching DNN in a roaming scene in the related technology.
Other features and advantages of the present disclosure will be apparent from the following detailed description, or may be learned in part by the practice of the disclosure.
According to one aspect of the present disclosure, there is provided a flow diversion method, the method comprising: determining whether to start a roaming scene flow distribution function for UE according to the roaming state of User Equipment (UE) and the subscription attribute of the UE; if yes, according to the subscription attribute of the UE, a roaming scene flow diversion function is started for the UE, so that a user plane function UPF network element of the visiting place diverts the user access flow through the roaming scene flow diversion function.
In some embodiments of the present disclosure, determining whether to turn on a roaming scenario traffic offload function for a UE according to a roaming state of the UE and a subscription attribute of the UE includes: determining whether the UE is in a roaming scene according to the roaming state of the UE; determining whether the UE signs up for secondary authentication information, a static IP address and a data network access identifier DNAI at the same time according to the signing attribute of the UE; if the UE is in a roaming scene and the UE signs up for the secondary authentication information, the static IP address and the DNAI at the same time, the UE is determined to start a roaming scene flow distribution function.
In some embodiments of the present disclosure, according to a subscription attribute of the UE, a roaming scenario traffic offload function is started for the UE, including: distributing the static IP address for the UE, and establishing NAT address mapping; initiating a secondary authentication request to an authentication, authorization and accounting (AAA) system according to the secondary authentication information, and receiving an authentication result of the AAA; if the authentication result of the AAA is that the identity authentication of the UE passes, a tunnel between the UPF network element of the visiting place and the UPF network element of the attribution place is established.
In some embodiments of the present disclosure, establishing a tunnel between the UPF network element of the visited place and the UPF network element of the home place includes: determining the IP address and the tunnel identifier of the UPF network element of the attribution; and establishing a tunnel between the UPF network element of the visiting place and the UPF network element of the home place according to the IP address of the UPF network element of the home place and the tunnel identifier.
In some embodiments of the present disclosure, the IP address of the home UPF network element and the tunnel identity are determined according to the authentication result or the DNAI.
In some embodiments of the present disclosure, the splitting, by the UPF network element of the visited place, the user access traffic through a roaming scenario traffic splitting function includes: and the UPF network element of the visiting place forwards the message of the UE accessing the Internet to the Internet through a roaming scene flow diversion function, and forwards the message of the UE accessing the enterprise intranet to the enterprise intranet.
In some embodiments of the present disclosure, the forwarding, by the UPF network element of the visited place through the roaming scenario traffic splitting function, a message of the UE accessing the internet to the internet, and forwarding, by the UE, a message of the UE accessing the intranet to the intranet, includes: the UPF network element of the visiting place obtains the message sent by the UE, and determines the user access direction according to the destination address of the message; if the user access direction is the Internet, the UPF network element forwards the message to the Internet according to the NAT address mapping; if the user access direction is an intranet, the UPF network element forwards the message to the UPF network element of the home location through the tunnel, so that the UPF network element of the home location forwards the message to the intranet.
In some embodiments of the present disclosure, the core network element is a session management function SMF network element.
In some embodiments of the present disclosure, the core network element is the UPF network element.
According to still another aspect of the present disclosure, there is provided a core network element, including a function determining unit configured to determine whether to turn on a roaming scenario traffic offload function for a UE according to a roaming state of a user equipment UE and a subscription attribute of the UE; and the function starting unit is used for starting a roaming scene flow distribution function for the UE according to the subscription attribute of the UE so that a user plane function UPF network element of the visiting place distributes the user access flow through the roaming scene flow distribution function.
In some embodiments of the present disclosure, the function determining unit is further configured to: determining whether the UE is in a roaming scene according to the roaming state of the UE; determining whether the UE signs up for secondary authentication information, a static IP address and a data network access identifier DNAI at the same time according to the signing attribute of the UE; if the UE is in a roaming scene and the UE signs up for the secondary authentication information, the static IP address and the DNAI at the same time, the UE is determined to start a roaming scene flow distribution function.
In some embodiments of the present disclosure, the function starting unit is further configured to: distributing the static IP address for the UE, and establishing NAT address mapping; initiating a secondary authentication request to an authentication, authorization and accounting (AAA) system according to the secondary authentication information, and receiving an authentication result of the AAA; if the authentication result of the AAA is that the identity authentication of the UE passes, a tunnel between the UPF network element of the visiting place and the UPF network element of the attribution place is established.
In some embodiments of the present disclosure, the function starting unit is further configured to: determining the IP address and the tunnel identifier of the UPF network element of the attribution; and establishing a tunnel between the UPF network element of the visiting place and the UPF network element of the home place according to the IP address of the UPF network element of the home place and the tunnel identifier.
In some embodiments of the present disclosure, the function opening unit is further configured to determine an IP address of the home UPF network element and the tunnel identifier according to the authentication result or the DNAI.
In some embodiments of the present disclosure, the function starting unit is further configured to: and controlling the UPF network element of the visiting place to forward the message of the UE accessing the Internet to the Internet through a roaming scene flow diversion function, and forwarding the message of the UE accessing the enterprise intranet to the enterprise intranet.
In some embodiments of the present disclosure, the function starting unit is further configured to: controlling the UPF network element of the visiting place to acquire a message sent by the UE, and determining the user access direction according to the destination address of the message; if the user access direction is the Internet, the UPF network element forwards the message to the Internet according to the NAT address mapping; if the user access direction is an intranet, the UPF network element forwards the message to the UPF network element of the home location through the tunnel, so that the UPF network element of the home location forwards the message to the intranet.
According to still another aspect of the present disclosure, there is provided an electronic device including: one or more processors; and a storage device configured to store one or more programs that, when executed by the one or more processors, cause the one or more processors to implement the flow splitting method described in the above embodiments.
According to yet another aspect of the present disclosure, there is provided a computer readable storage medium storing a computer program which, when executed by a processor, implements the flow splitting method described in the above embodiments.
According to the traffic distribution method provided by the embodiment of the disclosure, whether the roaming scene traffic distribution function needs to be started for the UE or not can be determined according to the roaming state of the UE and the subscription attribute of the UE, and then if the distribution function needs to be started, the roaming scene traffic distribution function can be started for the UE according to the subscription attribute of the UE, so that the UPF network element of the visiting place distributes the access traffic of the user through the roaming scene traffic distribution function, the user can realize distribution without manually switching DNN, the service experience is good, the types of 5G customized network service products are enriched, and the data traffic distribution requirement of the roaming scene of the user is met.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure and do not constitute an undue limitation on the disclosure.
FIG. 1 schematically illustrates a flow diagram of a flow diversion method of one embodiment of the present disclosure;
FIG. 2 schematically illustrates an application diagram of a flow diversion method of an embodiment of the present disclosure;
FIG. 3 schematically illustrates a flow chart of a flow diversion method of yet another embodiment of the present disclosure;
fig. 4 shows a schematic structural diagram of a core network element according to an embodiment of the disclosure;
fig. 5 shows a block diagram of an electronic device in an embodiment of the disclosure.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments may be embodied in many forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus a repetitive description thereof will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in software or in one or more hardware modules or integrated circuits or in different networks and/or processor devices and/or microcontroller devices.
In a 5G communication network, a user equipment UE accesses a UPF network element through a radio access network RAN (Radio Access Network) and then connects with a data network DN (Data Network). The UE is connected to the SMF network element through an access management function AMF (Access Management Function) network element, and the SMF network element is connected to the UPF network element through an N4 interface. When the UE roams to the outside of the province and needs to use the flow distribution function, a user is required to configure DNN1 and DNN2 at the terminal, the DNN1 is used for accessing the Internet in an outbound mode of a visit place, and the DNN2 is returned to the home place to access the enterprise intranet in a VPDN (Virtual Private Dial Network, virtual private dial-up network) mode and the like. This way increases the interactive flow of the user and the user experience is poor. In order to simplify the interaction flow of a user, improve the user experience and reduce the flow splitting difficulty, the flow splitting method in the embodiment of the disclosure judges whether a roaming scene flow splitting function needs to be started for the UE according to the subscription attribute of the UE through the SMF network element or the UPF network element, and if the roaming scene flow splitting function needs to be started for the UE, the roaming scene flow splitting function is started for the UE, so that the flow of the UE accessing the public network and the flow of the UE accessing the enterprise intranet can be forwarded to the internet and the enterprise intranet respectively.
Fig. 1 schematically illustrates a flow diagram of a flow diversion method of an embodiment of the present disclosure. The flow diversion method can be applied to core network elements in the 5G network.
As shown in fig. 1, the flow diversion method includes:
step 101: the core network element determines whether to start a roaming scene flow distribution function for the UE according to the roaming state of the user equipment UE and the subscription attribute of the UE.
The roaming state of the UE is used to indicate whether the UE is currently in a roaming scenario, that is, whether the UE is currently located at a location outside the network signal coverage of the home location. When the UE is in a location outside the home network signal coverage, the UE is indicated to be in a roaming scenario. The subscription attribute of the UE is used to indicate whether the UE subscribes to the roaming scenario traffic offload function. When the UE is determined to be in the roaming scenario according to the roaming state of the UE and the UE signs a subscription to the roaming scenario traffic offload function according to the subscription attribute, the core network element may determine that the roaming scenario traffic offload function needs to be started for the UE.
When the UE is determined to be in the roaming scene according to the roaming state of the UE, the core network element is the core network element of the visited place of the UE. That is, when the user is in the roaming scenario, the core network element of the visiting place needs to determine whether to start the roaming scenario traffic distribution function for the UE, and also needs to start the roaming scenario traffic distribution function for the UE, so as to realize the access traffic distribution for the user.
In the embodiment of the present disclosure, the user equipment UE may be a mobile phone, a tablet (Tablet Personal Computer), a Laptop (Laptop Computer) or a terminal-side Device called a notebook, a personal digital assistant (Personal Digital Assistant, PDA), a palmtop, a netbook, an ultra-mobile personal Computer (ultra-mobile personal Computer, UMPC), a mobile internet appliance (Mobile Internet Device, MID), an augmented reality (augmented reality, AR)/Virtual Reality (VR) Device, a robot, a Wearable Device (VUE), a vehicle-mounted Device (VUE), a pedestrian terminal (PUE), a smart home (home Device with a wireless communication function such as a refrigerator, a television, a washing machine, or furniture), a game machine, a personal Computer (personal Computer, PC), a teller machine, or a self-service machine, and the Wearable Device includes: intelligent wrist-watch, intelligent bracelet, intelligent earphone, intelligent glasses, intelligent ornament (intelligent bracelet, intelligent ring, intelligent necklace, intelligent anklet, intelligent foot chain etc.), intelligent wrist strap, intelligent clothing etc.. It should be noted that, the embodiments of the present disclosure are not limited to a specific type of user equipment.
Step 102: if yes, the core network element starts a roaming scenario flow diversion function for the UE according to the subscription attribute of the UE, so that a user plane function UPF network element of the visiting place diverts the user access flow through the roaming scenario flow diversion function.
In the embodiment of the disclosure, the subscription attribute of the UE is used not only to indicate whether the UE signs up for the offloading function in the roaming scenario, but also to indicate a specific manner of offloading traffic in the case of signing up for the offloading function in the roaming scenario, so when it is determined that the offloading function of traffic in the roaming scenario needs to be started for the UE, the core network element of the visited place starts the offloading function for the visited place according to the subscription attribute of the UE.
After the core network element of the visiting place opens the roaming scenario traffic distribution function for the UE, the UPF network element of the visiting place can distribute the access traffic of the user according to the roaming scenario traffic distribution function, that is, the traffic of the visiting public network (also known as wide area network, external network, internet) is forwarded to the internet, and the traffic of the visiting enterprise intranet (also known as intranet, local area network, referred to as local internet created under the router or the switch) is forwarded to the enterprise intranet.
The embodiment of the disclosure provides a traffic distribution method in a roaming scenario, in which a user equipment UE only needs to sign up a DNN, when a user is in the roaming scenario, for example, roams outside a province, a core network element of a visiting place opens a traffic distribution function in the roaming scenario for the user according to a sign attribute of the user, and then forwards traffic of the user accessing a public network and traffic of an enterprise intranet to the internet and the enterprise intranet respectively. Compared with the method for realizing the distribution of service data under the roaming scene by using two DNNs in the related technology, the method for distributing the service data under the roaming scene by using the DNNs in the embodiment of the disclosure has the advantages that the DNNs are not required To be manually switched by users, the service experience is good, the types of 5G customized network service products are enriched, and the data flow distribution requirement of the roaming scene of the 2B (namely To B) user is met.
The core network element in the above embodiment may be a session management function SMF (Session Management Function) network element, that is, the SMF network element determines whether to start the roaming scenario traffic splitting function for the UE according to the roaming state and subscription attribute of the UE, and starts the roaming scenario traffic splitting function for the UE when the roaming scenario traffic splitting function for the UE is required. The SMF network element is the SMF network element of the visiting place of the UE.
The core network element in the above embodiment may also be a user plane function UPF (User Plane Function) network element, that is, the UPF network element determines, according to the roaming state and subscription attribute of the UE, whether to start the roaming scenario traffic splitting function for the UE, and starts the roaming scenario traffic splitting function for the UE when the roaming scenario traffic splitting function is required to be started for the UE. The UPF network element is an SMF network element of a UE visit place.
In an alternative embodiment, the procedure of determining whether to turn on the roaming scenario traffic offload function for the UE in step 101 includes:
the core network element determines whether the UE is in a roaming scene according to the roaming state of the UE; the roaming state of the UE may include roaming and non-roaming states;
the core network element determines whether the UE signs a contract for the secondary authentication information, a static IP address and a data network access identifier DNAI according to the signing attribute of the UE; the secondary authentication information is used for indicating to perform secondary authentication on the related information of the UE; the static IP address is also called a fixed IP address, is an IP address which is allocated to a computer or network equipment for a long time and is allocated to the UE when the roaming scene traffic distribution function needs to be started for the UE in the embodiment of the disclosure;
if the UE is in a roaming scene and the UE signs up for the secondary authentication information, the static IP address and DNAI at the same time, the core network element determines that the UE starts a roaming scene flow distribution function. That is, when the user is in the roaming scenario and has contracted the secondary authentication, the static IP address and the DNAI attribute at the same time, it is determined that the roaming scenario traffic splitting function needs to be started for the user.
In the embodiment of the present disclosure, if the user has a requirement for traffic diversion in a roaming scenario, the user needs to sign up for the secondary authentication information, the static IP address and the DNAI at the same time. When the user is online in the 5G network, the core network element judges whether the roaming scene flow distribution function needs to be started according to the roaming state and the signing attribute of the user, and when the user is in the roaming scene and signs up with the secondary authentication, the static IP address and the DNAI attribute at the same time, the core network element judges that the roaming scene flow distribution function needs to be started for the user. Further, the embodiment of the disclosure performs secondary verification on the UE with the flow diversion requirement in the roaming scene (namely, the UE with the requirement of accessing the enterprise intranet) through secondary authentication, so that the data security of the enterprise intranet is ensured, and the security and confidentiality requirements of the 2B vertical industry are met.
In an optional embodiment, the process of the core network element opening the roaming scenario traffic splitting function for the UE according to the subscription attribute of the UE includes:
the core network element allocates the static IP address to the UE and establishes NAT (Network Address Translation) address mapping;
the core network element initiates a secondary authentication request to an authentication, authorization and accounting (AAA) system according to the secondary authentication information, and receives an authentication result of the AAA;
if the authentication result of the AAA is that the identity authentication of the UE passes, the core network element establishes a tunnel between the UPF network element of the visiting place and the UPF network element of the attribution place.
In this embodiment, the core network element allocates a static IP address in the subscription attribute to the UE, and establishes NAT address mapping to forward traffic accessing the public network to the internet. Meanwhile, the core network element initiates a secondary authentication request to an authentication, authorization and accounting (AAA) system (also called an AAA server) according to the secondary authentication information so as to authenticate the identity of the UE. The secondary authentication request may include a unique identification of the UE, such as a phone number. Then, the core network element receives an authentication result of the AAA system, and establishes a tunnel between the UPF network element of the visiting place and the UPF network element of the home place under the condition that the authentication result is that the identity authentication of the UE passes, so that the access flow of the UE visiting the enterprise intranet is forwarded to the UPF network element of the home place through the tunnel, and then forwarded to the enterprise intranet by the UPF network element of the home place.
The process of establishing the tunnel between the UPF network element of the visiting place and the UPF network element of the attribution place by the core network element of the visiting place comprises the following steps:
the core network element determines the IP address and the tunnel identifier of the UPF network element of the attribution; the IP address and the tunnel identifier (Tunnel endpoint ID) of the UPF network element of the home location can be determined according to the authentication result of the secondary authentication and also can be determined according to DNAI;
and the core network element establishes a tunnel between the UPF network element of the visiting place and the UPF network element of the home place according to the IP address of the UPF network element of the home place and the tunnel identifier.
After establishing NAT address mapping and a tunnel between a UPF network element of a visiting place and a UPF network element of the attribution place, the UPF network element of the visiting place forwards a message of the UE accessing the Internet to the Internet according to the NAT address, and forwards the message of the UE accessing the enterprise network to the enterprise intranet through the tunnel. Specifically, the process includes:
the UPF network element of the visit place obtains the message sent by the UE, and determines the user access direction according to the destination address of the message;
if the user access direction is the Internet, the UPF network element forwards the message to the Internet according to the NAT address mapping;
if the user access direction is an intranet, the UPF network element forwards the message to the UPF network element of the home location through the tunnel, so that the UPF network element of the home location forwards the message to the intranet.
Fig. 2 schematically illustrates an application diagram of the flow splitting method of the embodiment of the present disclosure, and fig. 3 schematically illustrates a flowchart of the flow splitting method of the embodiment of the present disclosure.
With reference to fig. 2 and 3, the flow diversion method includes:
step 301: when a user is online in a 5G network, the SMF network element or the UPF network element of the visiting place judges whether a roaming scene flow distribution function needs to be started according to the roaming state of User Equipment (UE) and the subscription attribute of the UE. And when the user signs up for the secondary authentication information, the static IP address and the DNAI attribute at the same time in the roaming state, judging that the roaming scene flow distribution function is required to be started for the user.
Step 302: the SMF network element or UPF network element of the visit place distributes the signed static IP address for the user;
step 303: and establishing NAT address mapping for the static IP address.
Step 304: and the SMF network element or UPF network element of the visiting place initiates a secondary authentication request to an authentication, authorization and accounting (AAA) system according to the signed secondary authentication information, and receives an authentication result returned by the AAA. The secondary authentication request includes a unique identifier of the UE, such as a mobile phone number. The authentication result returned by the AAA comprises that the UE identity authentication passes or the UE identity authentication does not pass, and the authentication result can also comprise the IP address and the tunnel identification of the UPF network element of the attribution place of the UE under the condition that the UE identity authentication passes.
Step 305: and establishing a tunnel from the UPF network element of the visiting place to the UPF network element of the attribution place according to the authentication result returned by the AAA.
Step 306: the UPF network element of the visit place shunts the user flow according to the destination address of the UE visit message:
(1) The user accesses the traffic of the public network and connects with the Internet from the N6 port after NAT address conversion.
(2) And the user accesses the traffic of the enterprise intranet, and the tunnel forwarding attribution UPF is connected with the enterprise intranet.
According to the traffic distribution method, the roaming scene traffic distribution function is determined to be started for the UE according to the roaming state of the UE and the subscription attribute of the UE, and then the roaming scene traffic distribution function is started for the UE according to the subscription attribute of the UE, so that the UPF network element of the visiting place distributes the access traffic of the user through the roaming scene traffic distribution function, the user can realize distribution without manually switching DNN, the service experience is good, the 5G customized network service product types are enriched, and the 2B user roaming scene data traffic distribution requirement is met.
Fig. 4 schematically illustrates a structural diagram of a core network element 400 according to an embodiment of the disclosure. The core network element may be an SMF network element or a UPF network element. As shown in fig. 4, the core network element 400 includes
A function determining unit 401, configured to determine whether to start a roaming scenario traffic offload function for the UE according to the roaming state of the UE and the subscription attribute of the UE;
the function opening unit 402 is configured to open a roaming scenario traffic splitting function for the UE according to the subscription attribute of the UE, so that the UPF network element splits the user access traffic through the roaming scenario traffic splitting function.
In some embodiments of the present disclosure, the function determining unit is further configured to: determining whether the UE is in a roaming scene according to the roaming state of the UE; determining whether the UE signs up for secondary authentication information, a static IP address and a data network access identifier DNAI at the same time according to the signing attribute of the UE; if the UE is in a roaming scene and the UE signs up for the secondary authentication information, the static IP address and the DNAI at the same time, the UE is determined to start a roaming scene flow distribution function.
In some embodiments of the present disclosure, the function starting unit is further configured to: distributing the static IP address for the UE, and establishing NAT address mapping; initiating a secondary authentication request to an authentication, authorization and accounting (AAA) system according to the secondary authentication information, and receiving an authentication result of the AAA; if the authentication result of the AAA is that the identity authentication of the UE passes, a tunnel between the UPF network element of the visiting place and the UPF network element of the attribution place is established.
In some embodiments of the present disclosure, the function starting unit is further configured to: determining the IP address and the tunnel identifier of the UPF network element of the attribution; and establishing a tunnel between the UPF network element of the visiting place and the UPF network element of the home place according to the IP address of the UPF network element of the home place and the tunnel identifier.
In some embodiments of the present disclosure, the function opening unit is further configured to determine an IP address of the home UPF network element and the tunnel identifier according to the authentication result or the DNAI.
In some embodiments of the present disclosure, the function starting unit is further configured to: and controlling the UPF network element of the visiting place to forward the message of the UE accessing the Internet to the Internet through a roaming scene flow diversion function, and forwarding the message of the UE accessing the enterprise intranet to the enterprise intranet.
In some embodiments of the present disclosure, the function starting unit is further configured to: controlling the UPF network element of the visiting place to acquire a message sent by the UE, and determining the user access direction according to the destination address of the message; if the user access direction is the Internet, the UPF network element forwards the message to the Internet according to the NAT address mapping; if the user access direction is an intranet, the UPF network element forwards the message to the UPF network element of the home location through the tunnel, so that the UPF network element of the home location forwards the message to the intranet.
Fig. 5 shows a block diagram of an electronic device in an embodiment of the disclosure. An electronic device 500 according to such an embodiment of the application is described below with reference to fig. 5. The electronic device 500 shown in fig. 5 is merely an example, and should not be construed as limiting the functionality and scope of use of embodiments of the present application.
As shown in fig. 5, the electronic device 500 is embodied in the form of a general purpose computing device. The components of electronic device 500 may include, but are not limited to: the at least one processing unit 510, the at least one memory unit 520, a bus 530 connecting the different system components (including the memory unit 520 and the processing unit 510), and a display unit 540.
Wherein the storage unit stores program code that is executable by the processing unit 510 such that the processing unit 510 performs steps according to various exemplary embodiments of the present application described in the above section of the "exemplary method" of the present specification.
The storage unit 520 may include readable media in the form of volatile storage units, such as Random Access Memory (RAM) 5201 and/or cache memory unit 5202, and may further include Read Only Memory (ROM) 5203.
The storage unit 520 may also include a program/utility 5204 having a set (at least one) of program modules 5205, such program modules 5205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.
Bus 530 may be one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 500 may also communicate with one or more external devices 570 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 500, and/or with any device (e.g., router, modem, etc.) that enables the electronic device 500 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 550. Also, electronic device 500 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet, through network adapter 560. As shown, network adapter 560 communicates with other modules of electronic device 500 over bus 530. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 500, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
In an exemplary embodiment of the present disclosure, a computer-readable storage medium having stored thereon a program product capable of implementing the method described above in the present specification is also provided. In some possible embodiments, the various aspects of the application may also be implemented in the form of a program product comprising program code for causing a terminal device to carry out the steps according to the various exemplary embodiments of the application as described in the "exemplary methods" section of this specification, when said program product is run on the terminal device.
A program product for implementing the above-described method according to an embodiment of the present application may employ a portable compact disc read-only memory (CD-ROM) and include program code, and may be run on a terminal device such as a personal computer. However, the program product of the present application is not limited thereto, and in this document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable signal medium may include a data signal propagated in baseband or as part of a carrier wave with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
It should be noted that although in the above detailed description several modules or units of a device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit in accordance with embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.
Furthermore, although the steps of the methods in the present disclosure are depicted in a particular order in the drawings, this does not require or imply that the steps must be performed in that particular order or that all illustrated steps be performed in order to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform, etc.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, including several instructions to cause a computing device (may be a personal computer, a server, a mobile terminal, or a network device, etc.) to perform the method according to the embodiments of the present disclosure.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any adaptations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It is to be understood that the present disclosure is not limited to the precise arrangements and instrumentalities shown in the drawings, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.
Claims (12)
1. A method for traffic splitting, the method being applied to a core network element, the method comprising:
determining whether to start a roaming scenario traffic distribution function for UE according to the roaming state of User Equipment (UE) and the subscription attribute of the UE, wherein the subscription attribute of the UE is used for indicating whether the UE is subscribed with secondary authentication information, a static IP address and a data network access identifier DNAI at the same time, and the secondary authentication information is information for initiating a secondary authentication request to an Authentication Authorization Accounting (AAA) system;
if yes, according to the subscription attribute of the UE, a roaming scene flow diversion function is started for the UE, so that a user plane function UPF network element of the visiting place diverts the user access flow through the roaming scene flow diversion function.
2. The method of claim 1, wherein determining whether to turn on a roaming scenario traffic offload function for the UE based on the roaming state of the UE and the subscription attribute of the UE comprises:
determining whether the UE is in a roaming scene according to the roaming state of the UE;
determining whether the UE signs up for the secondary authentication information, the static IP address and the data network access identifier DNAI at the same time according to the signing attribute of the UE;
if the UE is in a roaming scene and the UE signs up for the secondary authentication information, the static IP address and the DNAI at the same time, the UE is determined to start a roaming scene flow distribution function.
3. The method of claim 2, wherein starting a roaming scenario traffic offload function for the UE according to the subscription attribute of the UE comprises:
distributing the static IP address for the UE, and establishing NAT address mapping;
initiating a secondary authentication request to an authentication, authorization and accounting (AAA) system according to the secondary authentication information, and receiving an authentication result of the AAA system;
if the authentication result of the AAA system is that the identity authentication of the UE passes, a tunnel between the UPF network element of the visiting place and the UPF network element of the attribution place is established.
4. A method according to claim 3, wherein establishing a tunnel between the UPF network element of the visited place and the UPF network element of the home place comprises:
determining the IP address and the tunnel identifier of the UPF network element of the attribution;
and establishing a tunnel between the UPF network element of the visiting place and the UPF network element of the home place according to the IP address of the UPF network element of the home place and the tunnel identifier.
5. The method of claim 4, wherein the IP address of the home UPF network element and the tunnel identity are determined based on the authentication result or the DNAI.
6. A method according to claim 3, wherein the UPF network element of the visited place splits the user access traffic by means of a roaming scenario traffic splitting function, comprising:
and the UPF network element of the visiting place forwards the message of the UE accessing the Internet to the Internet through a roaming scene flow diversion function, and forwards the message of the UE accessing the enterprise intranet to the enterprise intranet.
7. The method of claim 6, wherein the visited UPF network element forwarding the message of the UE accessing the internet to the internet and forwarding the message of the UE accessing the intranet to the intranet through a roaming scenario traffic offload function, comprises:
the UPF network element of the visiting place obtains the message sent by the UE, and determines the user access direction according to the destination address of the message;
if the user access direction is the Internet, the UPF network element of the visit place forwards the message to the Internet according to the NAT address mapping;
if the user access direction is an enterprise intranet, the UPF network element of the visiting place forwards the message to the UPF network element of the home place through the tunnel, so that the UPF network element of the home place forwards the message to the enterprise intranet.
8. A method according to any one of claims 1 to 7, characterized in that the core network element is a session management function, SMF, network element.
9. A method according to any one of claims 1 to 7, wherein the core network element is a UPF network element of the visited place.
10. A core network element comprising:
the function determining unit is used for determining whether to start a roaming scene traffic distribution function for the UE according to the roaming state of the UE and the subscription attribute of the UE, wherein the subscription attribute of the UE is used for indicating whether the UE is subscribed with secondary authentication information, a static IP address and a data network access identifier DNAI at the same time, and the secondary authentication information is information for initiating a secondary authentication request to an Authentication Authorization Accounting (AAA) system;
and the function starting unit is used for starting the roaming scene flow distribution function for the UE according to the subscription attribute of the UE under the condition that the roaming scene flow distribution function is determined to be started for the UE, so that the UPF network element of the visiting place distributes the user access flow through the roaming scene flow distribution function.
11. An electronic device, comprising:
one or more processors;
storage means configured to store one or more programs which, when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1 to 9.
12. A computer readable storage medium storing a computer program, characterized in that the computer program when executed by a processor implements the method according to any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210563569.3A CN115002769B (en) | 2022-05-23 | 2022-05-23 | Flow diversion method, core network element, electronic equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210563569.3A CN115002769B (en) | 2022-05-23 | 2022-05-23 | Flow diversion method, core network element, electronic equipment and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115002769A CN115002769A (en) | 2022-09-02 |
| CN115002769B true CN115002769B (en) | 2023-11-14 |
Family
ID=83026707
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210563569.3A Active CN115002769B (en) | 2022-05-23 | 2022-05-23 | Flow diversion method, core network element, electronic equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115002769B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117750348A (en) * | 2022-09-20 | 2024-03-22 | 中国移动通信集团设计院有限公司 | Data distribution method, dual-domain private network system, equipment and storage medium |
| CN115802303B (en) * | 2022-11-21 | 2023-08-01 | 广州爱浦路网络技术有限公司 | Edge computing charging method, core network and medium in 5G roaming scene |
| CN116528397B (en) * | 2023-06-29 | 2023-09-19 | 新华三技术有限公司 | Method and device for realizing 5G (fourth generation) dual-domain private network and 5G dual-domain private network system |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103179544A (en) * | 2011-12-26 | 2013-06-26 | 中国电信股份有限公司 | Mobile data international roaming user access method and network device |
| CN108702679A (en) * | 2016-02-25 | 2018-10-23 | 瑞典爱立信有限公司 | It can realize the roaming for belonging to the wireless terminal of home communication network to access communication network |
| CN109429272A (en) * | 2017-08-31 | 2019-03-05 | 华为技术有限公司 | Shunt method and relevant device under a kind of roaming scence |
| WO2019157873A1 (en) * | 2018-02-13 | 2019-08-22 | 中兴通讯股份有限公司 | Charging method and device and session management entity |
| CN111542005A (en) * | 2020-05-22 | 2020-08-14 | 中国联合网络通信集团有限公司 | Charging method, device, equipment and storage medium |
| CN111800777A (en) * | 2019-04-08 | 2020-10-20 | 华为技术有限公司 | Roaming data processing method, device and system |
| CN113543056A (en) * | 2021-07-14 | 2021-10-22 | 中国电信股份有限公司 | 5G charging method and device for home routing scene |
| CN114423010A (en) * | 2020-10-09 | 2022-04-29 | 中国移动通信集团设计院有限公司 | Network access control method, device, electronic equipment and storage medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10708318B2 (en) * | 2018-03-21 | 2020-07-07 | Ofinno, Llc | Supporting termination access domain selection for a dual registered wireless device |
| EP3850797A1 (en) * | 2018-09-10 | 2021-07-21 | Koninklijke KPN N.V. | Connecting to a home area network via a mobile communication network |
| KR20230054505A (en) * | 2019-01-15 | 2023-04-24 | 오피노 엘엘씨 | Control plane based configuration for time sensitive networking |
| US20210385283A1 (en) * | 2020-06-09 | 2021-12-09 | Peyman TALEBI FARD | Multimedia Priority Service |
-
2022
- 2022-05-23 CN CN202210563569.3A patent/CN115002769B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103179544A (en) * | 2011-12-26 | 2013-06-26 | 中国电信股份有限公司 | Mobile data international roaming user access method and network device |
| CN108702679A (en) * | 2016-02-25 | 2018-10-23 | 瑞典爱立信有限公司 | It can realize the roaming for belonging to the wireless terminal of home communication network to access communication network |
| CN109429272A (en) * | 2017-08-31 | 2019-03-05 | 华为技术有限公司 | Shunt method and relevant device under a kind of roaming scence |
| WO2019157873A1 (en) * | 2018-02-13 | 2019-08-22 | 中兴通讯股份有限公司 | Charging method and device and session management entity |
| CN111800777A (en) * | 2019-04-08 | 2020-10-20 | 华为技术有限公司 | Roaming data processing method, device and system |
| CN111542005A (en) * | 2020-05-22 | 2020-08-14 | 中国联合网络通信集团有限公司 | Charging method, device, equipment and storage medium |
| CN114423010A (en) * | 2020-10-09 | 2022-04-29 | 中国移动通信集团设计院有限公司 | Network access control method, device, electronic equipment and storage medium |
| CN113543056A (en) * | 2021-07-14 | 2021-10-22 | 中国电信股份有限公司 | 5G charging method and device for home routing scene |
Non-Patent Citations (2)
| Title |
|---|
| Huawei, HiSilicon.S2-178827 "Roaming mode consideration for HO procedure between 3GPP access and non-3GPP access".3GPP tsg_sa\WG2_Arch.2017,(第TSGS2_124_Reno期),全文. * |
| T-Mobile USA INC.S2-175763 "Roaming and Proxy Function".3GPP tsg_sa\WG2_Arch.2017,(第TSGS2_122BIS_Sophia_Antipolis期),全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115002769A (en) | 2022-09-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN115002769B (en) | Flow diversion method, core network element, electronic equipment and medium | |
| CN112291363B (en) | Method, apparatus, electronic device, and computer-readable storage medium for wireless communication | |
| JP2000092236A (en) | Information providing system | |
| CN111221451B (en) | Cloud mobile phone shortcut creation method and system | |
| CN112202744B (en) | Multi-system data communication method and device | |
| CN113206753A (en) | Information configuration method and management unit | |
| CN114745724B (en) | Access processing method and device, electronic equipment and computer readable medium | |
| CN113055470B (en) | Service request distribution method and system | |
| EP2974159B1 (en) | Method, device and system for voice communication | |
| WO2023115913A1 (en) | Authentication method and system, and electronic device and computer-readable storage medium | |
| US7496349B1 (en) | Device driven system for activating a wireless device | |
| CN113645127A (en) | Message routing method, message routing device, electronic equipment and computer-readable storage medium | |
| CN112995005B (en) | Virtual network data exchange method and device | |
| CN114980262B (en) | Access gateway selection method and device, storage medium and electronic equipment | |
| CN115174558B (en) | Cloud network end integrated identity authentication method, device, equipment and storage medium | |
| CN113497764B (en) | Service routing method, system, computer storage medium and electronic device | |
| CN113541981B (en) | Member management method and system for network slice | |
| CN113133072B (en) | Method and device for controlling terminal, terminal and storage medium | |
| CN115801299A (en) | Meta-universe identity authentication method, device, equipment and storage medium | |
| CN112836201A (en) | Method, device, equipment and computer readable medium for multi-platform information intercommunication | |
| CN115460000B (en) | Session processing method, network device, terminal device and medium | |
| CN116545777B (en) | User category switching method and device, storage medium and electronic equipment | |
| CN115174062B (en) | Cloud service authentication method, device, equipment and storage medium | |
| CN113691545B (en) | Routing control method and device, electronic equipment and computer readable medium | |
| CN114978702B (en) | Account management method, platform and system, computing device and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |