CN115002803A - Terminal management method and device and electronic equipment - Google Patents
Terminal management method and device and electronic equipment Download PDFInfo
- Publication number
- CN115002803A CN115002803A CN202210515676.9A CN202210515676A CN115002803A CN 115002803 A CN115002803 A CN 115002803A CN 202210515676 A CN202210515676 A CN 202210515676A CN 115002803 A CN115002803 A CN 115002803A
- Authority
- CN
- China
- Prior art keywords
- network
- vlan
- vpn
- customized
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W24/00—Supervisory, monitoring or testing arrangements
- H04W24/02—Arrangements for optimising operational condition
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
Abstract
The embodiment of the invention provides a method, a device and electronic equipment for terminal management, which are applied to a UPF network element, and the method comprises the following steps: receiving first configuration information; according to the first configuration information, configuring a first VLAN and a first VPN in the server and the network equipment so that the UPF network element transmits data from a network management system forwarded by an external network and/or transmits data to the network management system in the external network through the first VLAN and the first VPN; receiving second configuration information; and configuring a target number of second VLANs and a target number of second VPNs in the server and the network equipment according to the second configuration information, so that the UPF network element transmits data forwarded by the customized network through the target number of second VLANs and the target number of second VPNs from the terminal equipment and/or transmits data to the terminal equipment in the customized network. The UPF network element is used for getting through the connection between the network management system in the external network and the terminal equipment in the customized network, so that the management difficulty of the terminal equipment in the customized network is reduced.
Description
Technical Field
The embodiment of the invention relates to the technical field of mobile communication, in particular to a method and a device for terminal management and electronic equipment.
Background
With the development of mobile communication technology, people rely more and more on networks for information transfer. In particular, the advent of customized nets provides more convenience to customers. The customized network is a network specially customized for a customer, and terminal equipment in the customized network can communicate with equipment in a customer intranet. Communication through customization net and intranet realization, not only the security performance is high, has had the partial performance of extranet communication simultaneously concurrently to can satisfy more demands of customer.
At present, terminal equipment in a customized network can be directly accessed to an external network, so that the terminal equipment in the customized network can be managed by deploying a network management system in the external network.
However, with the continuous improvement of the security requirement, the terminal device in the customized network needs to be isolated from the external network, which causes that the network management system in the external network cannot directly access the terminal device in the customized network, thereby increasing the difficulty in managing the terminal device in the customized network.
Disclosure of Invention
In view of the above problems, embodiments of the present invention are proposed to provide a method, an apparatus and an electronic device for terminal management that overcome or at least partially solve the above problems.
In a first aspect, an embodiment of the present invention provides a method for terminal management, which is applied to a UPF (User Port Function) Network element, where the UPF Network element includes a server and a Network device, where the Network device is in communication connection with a terminal device accessing to a target number of customized networks, the Network device is in communication connection with a Network management system accessing to an external Network through the external Network, and both the server and the Network device are accessed to each VPN (Virtual Private Network) in a first set and each VLAN (Virtual Local Area Network) in a second set;
the method comprises the following steps:
receiving first configuration information, wherein the first configuration information comprises: configuration information for a first VLAN in the first set and configuration information for a first VPN in the second set;
configuring the first VLAN and the first VPN in the server and the network equipment according to the first configuration information so that the UPF network element transmits data forwarded by the external network from the network management system and/or transmits data to the network management system in the external network through the first VLAN and the first VPN;
receiving second configuration information, wherein the second configuration information comprises: configuration information for the target number of second VLANs in the first set and configuration information for the target number of second VPNs in the second set;
and configuring the target number of second VLANs and the target number of second VPNs in the server and the network device according to the second configuration information, so that the UPF network element transmits data from the terminal device forwarded by the customized network and/or transmits data to the terminal device in the customized network through the target number of second VLANs and the target number of second VPNs.
Optionally, the configuring the first VLAN and the first VPN in the server and the network device comprises:
configuring the first VLAN and the first VPN in a first network interface of the network device;
adding a target proxy service in the server, and configuring the first VLAN and the first VPN in the target proxy service, wherein the type of the target proxy service comprises: a virtual machine or a container.
Optionally, the server includes the target number of customized web services, where the type of the customized web service includes: a virtual machine or container;
configuring, in the server and the network device, the target number of second VLANs and the target number of second VPNs when the target number is plural, including:
determining the second VLAN and the second VPN corresponding to each customized network, wherein the second VLAN and the second VPN corresponding to different customized networks are completely different;
configuring the second VLAN and the second VPN corresponding to one customized network in each second network interface of the network device;
configuring the second VLAN and the second VPN corresponding to one customized network in each customized network service of the server.
Optionally, after configuring the target number of second VLANs and the target number of second VPNs in the server and the network device, the method further includes:
and setting a first prohibition parameter and a second prohibition parameter, wherein the first prohibition parameter is used for prohibiting the intercommunication among the VPNs in the first set, and the second prohibition parameter is used for prohibiting the intercommunication among the VLANs in the second set.
Optionally, after configuring the target number of second VLANs and the target number of second VPNs in the server and the network device according to the second configuration information, the method further includes:
under the condition that the network equipment receives a management instruction from the network management system forwarded by the external network, transmitting the management instruction to the server through the first VLAN and the first VPN;
controlling the server to transmit the management instruction to the network device via the second VLAN and the second VPN;
and controlling the network equipment to transmit the management instruction to the terminal equipment in the customized network so that the terminal equipment executes the management instruction under the condition of receiving the management instruction.
Optionally, after configuring the target number of second VLANs and the target number of second VPNs in the server and the network device according to the second configuration information, the method further includes:
under the condition that the network equipment receives equipment information from the terminal equipment forwarded by the customized network, the equipment information is transmitted to the server through the second VLAN and the second VPN;
controlling the server to transmit the device information to the network device via the first VLAN and the first VPN;
and controlling the network equipment to transmit the equipment information to the network management system in the external network.
In a second aspect, an embodiment of the present invention further provides an apparatus for terminal management, where the apparatus includes:
a first receiving module, configured to receive first configuration information, where the first configuration information includes: configuration information for a first VLAN in the first set and configuration information for a first VPN in the second set;
a first configuration module, configured to configure the first VLAN and the first VPN in the server and the network device according to the first configuration information, so that a UPF network element transmits data from the network management system forwarded by the external network and/or transmits data to the network management system in the external network through the first VLAN and the first VPN;
a second receiving module, configured to receive second configuration information, where the second configuration information includes: configuration information for the target number of second VLANs in the first set and configuration information for the target number of second VPNs in the second set;
a second configuration module, configured to configure, in the server and the network device, the target number of second VLANs and the target number of second VPNs according to the second configuration information, so that the UPF network element transmits, through the target number of second VLANs and the target number of second VPNs, data from the terminal device forwarded by the customized network and/or transmits data to the terminal device in the customized network.
Optionally, the first configuration module includes:
a first configuration unit configured to configure the first VLAN and the first VPN in a first network interface of the network device;
a second configuration unit, configured to add a target proxy service in the server, and configure the first VLAN and the first VPN in the target proxy service, where a type of the target proxy service includes: a virtual machine or a container.
Optionally, the server includes the target number of customized web services, wherein the type of the customized web service includes: a virtual machine or container;
the second configuration module comprising:
a determining unit, configured to determine the second VLAN and the second VPN corresponding to each customized network, where the second VLAN and the second VPN corresponding to different customized networks are completely different;
a third configuration unit, configured to configure the second VLAN and the second VPN corresponding to one customized network in each second network interface of the network device;
a fourth configuration unit, configured to configure the second VLAN and the second VPN corresponding to one customized network in each customized network service of the server.
Optionally, the apparatus further comprises:
and the parameter setting module is used for setting a first prohibition parameter and a second prohibition parameter, wherein the first prohibition parameter is used for prohibiting the intercommunication among the VPNs in the first set, and the second prohibition parameter is used for prohibiting the intercommunication among the VLANs in the second set.
Optionally, the apparatus further comprises:
a first transmission module, configured to transmit, when the network device receives a management instruction from the network management system forwarded by the external network, the management instruction to the server through the first VLAN and the first VPN;
a second transmission module, configured to control the server to transmit the management instruction to the network device through the second VLAN and the second VPN;
a third transmission module, configured to control the network device to transmit the management instruction to the terminal device in the customized network, so that the terminal device executes the management instruction when receiving the management instruction.
Optionally, the apparatus further comprises:
a fourth transmission module, configured to transmit the device information to the server through the second VLAN and the second VPN when the network device receives the device information from the terminal device forwarded by the customized network;
a fifth transmission module, configured to control the server to transmit the device information to the network device through the first VLAN and the first VPN;
and a sixth transmission module, configured to control the network device to transmit the device information to the network management system in the external network.
In a third aspect, an embodiment of the present invention further provides an electronic device, including: a processor, a memory and a computer program stored on the memory and executable on the processor, the processor implementing the above method of terminal management when executing the program.
In a fourth aspect, an embodiment of the present invention further provides a readable storage medium, where when an instruction in the storage medium is executed by a processor of an electronic device, the electronic device is enabled to execute the above method for managing a terminal.
In the embodiment of the invention, the method is applied to the UPF network element, and the UPF network element comprises a server for providing UPF and network equipment. Firstly, receiving first configuration information, and configuring a first VLAN and a first VPN in a server and network equipment according to the first configuration information, so that a UPF network element transmits data forwarded by an external network from a network management system and/or transmits data to the network management system in the external network through the first VLAN and the first VPN, and the transmission of the data from and/or to the network management system in the external network in the UPF network element is realized; and then receiving second configuration information, and configuring a target number of second VLANs and a target number of second VPNs in the server and the network device according to the second configuration information, so that the UPF network element transmits data from the terminal device forwarded by the customized network and/or transmits data to the terminal device in the customized network through the target number of second VLANs and the target number of second VPNs, thereby realizing the transmission of the data from and/or to the terminal device in the customized network in the UPF network element, and further getting through the connection between the network management system in the external network and the terminal device in the customized network through the UPF network element. Therefore, the network management system can be deployed in the external network to realize the management of the terminal equipment in the customized network, thereby reducing the management difficulty of the terminal equipment in the customized network.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive labor.
Fig. 1 is a flowchart illustrating steps of a method for managing a terminal according to an embodiment of the present invention;
fig. 2 is a schematic view of an application architecture of a method for terminal management according to an embodiment of the present invention;
fig. 3 is a block diagram of a terminal management apparatus according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without inventive step based on the embodiments of the present invention, are within the scope of protection of the present invention.
It should be appreciated that reference throughout this specification to "one embodiment" or "an embodiment" means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, the appearances of the phrases "in one embodiment" or "in an embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
In various embodiments of the present invention, it should be understood that the sequence numbers of the following processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
Referring to fig. 1, an embodiment of the present invention provides a terminal management method, which is applied to a UPF network element, where the UPF network element includes a server for providing a UPF and a network device, where the network device is in communication connection with a terminal device accessing a customized network through a target number of customized networks, the network device is in communication connection with a network management system accessing an external network through the external network, and both the server and the network device access each VPN in a first set and access each VLAN in a second set. The external network may also be understood as a public network, which is not described in detail herein.
It should be noted that the UPF network element has a function as an interconnection point between the radio access network and the data network, and here, the embodiment of the present invention uses the VPN technology and the VLAN technology to implement the function. The type of the UPF network element may be a shared type or an exclusive type, which is not limited herein. The terminal device is accessed into the customized network in advance, and the terminal device accessed into the customized network can directly communicate with other devices accessed into the customized network. It is noted that the first set includes at least two VPNs and the second set includes at least two VLANs.
It is understood that the customized network is a network customized for a customer, and the network specific to the customer is divided through network slicing, edge calculation, independent customization and other network schemes. For example, the network may be customized for 5G (5 th Generation Mobile Communication Technology), but is not limited thereto. The network device is in communication connection with the terminal device accessing the customized network through a customized network with a target number, where the target number may be one or multiple, and is not limited herein. It should be noted that, when the target number is multiple, that is, when the network device accesses multiple customized networks, different customized networks are isolated from each other, so that different terminal devices in the same customized network can communicate through the same customized network. Similarly, because the customized networks are isolated from each other, the terminal devices in different customized networks cannot directly communicate in the customized networks.
The method comprises the following steps:
step 101: receiving first configuration information, wherein the first configuration information comprises: configuration information for a first VLAN in the first set and configuration information for a first VPN in the second set.
It should be noted that, in the case where the server and the network device both access each VPN in the first set and access each VLAN in the second set, the same VLAN and the same VPN need to be configured in the server and the network device in order to implement the communication function between the server and the network device. Here, the first VLAN may be any VLAN in the first set, and the first VPN may be any VPN in the second set. The configuration information of the first VLAN may include, but is not limited to, a VLAN number, wherein the VLAN number is a unique identifier of the first VLAN in the first set; the configuration information of the first VPN may include, but is not limited to, a VPN number, wherein the VPN number is a unique identification of the first VPN in the second set. In the UPF network element, the server does not directly communicate with the external device, but uses the network device to implement communication with the external device, where the network device may be a switch, but is not limited thereto.
Step 102: and configuring a first VLAN and a first VPN in the server and the network equipment according to the first configuration information so that the UPF network element transmits data from the network management system forwarded by the external network and/or transmits data to the network management system in the external network through the first VLAN and the first VPN.
It should be noted that, after configuring the first VLAN and the first VPN in the server and the network device according to the first configuration information, the UPF network element may implement transmission of target data inside the UPF network element through the first VLAN and the first VPN, where the target data includes: data from and/or to a network management system in an external network. That is, the UPF network element will utilize the first VLAN and the first VPN exclusively for transporting the target data. Preferably, the relevant policy may be configured in the UPF network element in advance, so that after the UPF network element receives the target data, the target data is transmitted using the first VLAN and the first VPN based on the relevant policy.
Step 103: receiving second configuration information, wherein the second configuration information comprises: configuration information for a target number of second VLANs in the first set and configuration information for a target number of second VPNs in the second set.
It should be noted that the second VLAN may be any unused VLAN in the first set and the second VPN may be any unused VPN in the second set. The configuration information of the second VLAN may include, but is not limited to, a VLAN name, wherein the VLAN name is a unique identifier of the second VLAN in the first set; the configuration information for the second VPN may include, but is not limited to, a VPN name, wherein the VPN name is a unique identification of the second VPN in the second set. Here, the number of the second VLANs and the number of the second VPNs are equal to the number of the customized networks, and the number of the second VLANs and the number of the second VPNs are the target number.
Step 104: and configuring a target number of second VLANs and a target number of second VPNs in the server and the network device according to the second configuration information, so that the UPF network element transmits data forwarded by the customized network through the target number of second VLANs and the target number of second VPNs from the terminal device and/or transmits data to the terminal device in the customized network.
It should be noted that, after configuring the target number of second VLANs and the target number of second VPNs in the server and the network device according to the second configuration information, the UPF network element may implement transmission of the terminal data inside the UPF network element through the target number of second VLANs and the target number of second VPNs, where the terminal data includes: data from and/or to terminal devices in the customized network. That is, the UPF network element will utilize the target number of second VLANs and the target number of second VPNs exclusively for transmitting the terminal data. It can be understood that, when the number of targets is multiple, different customized networks correspond to different second VLANs and second VPNs, and when the UPF network element internally transmits terminal data associated with a certain customized network, the terminal data will be transmitted by using the second VLANs and second VPNs corresponding to the customized network. Preferably, the relevant policy may be configured in the UPF network element in advance, so that after the UPF network element receives the terminal data, the terminal data is transmitted using the corresponding second VLAN and second VPN based on the relevant policy.
In the embodiment of the invention, the method is applied to the UPF network element, and the UPF network element comprises a server for providing UPF and network equipment. Firstly, receiving first configuration information, and configuring a first VLAN and a first VPN in a server and network equipment according to the first configuration information, so that a UPF network element transmits data from a network management system forwarded by an external network and/or transmits data to the network management system in the external network through the first VLAN and the first VPN, thereby realizing the transmission of the data from and/or to the network management system in the external network in the UPF network element; and then receiving second configuration information, and configuring a target number of second VLANs and a target number of second VPNs in the server and the network device according to the second configuration information, so that the UPF network element transmits data from the terminal device forwarded by the customized network and/or transmits data to the terminal device in the customized network through the target number of second VLANs and the target number of second VPNs, thereby realizing the transmission of the data from and/or to the terminal device in the customized network in the UPF network element, and further getting through the connection between the network management system in the external network and the terminal device in the customized network through the UPF network element. Therefore, the network management system can be deployed in the external network to realize the management of the terminal equipment in the customized network, thereby reducing the management difficulty of the terminal equipment in the customized network.
Optionally, configuring a first VLAN and a first VPN in the server and the network device includes:
configuring a first VLAN and a first VPN in a first network interface of a network device;
adding a target proxy service in a server, and configuring a first VLAN and a first VPN in the target proxy service, wherein the type of the target proxy service comprises the following steps: a virtual machine or a container.
It should be noted that a plurality of network interfaces are provided on the network device, and communication between the network device and other devices can be realized through the network interfaces. Since both the network device and the server have access to the first VLAN and the first VPN. Therefore, the same VLAN and VPN (i.e., the first VLAN and the first VPN) are respectively configured in the first network interface of the network device and the target proxy service of the server, a connection channel can be established between the first network interface of the network device and the target proxy service of the server, and data transmission between the network device and the server is realized by using the first VLAN and the first VPN. It can be understood that the target proxy service provides a basis for the internal transmission of target data by the UPF network element, wherein the target data includes: data from and/or to a network management system in an external network. A new connection channel can be established between the server and the network equipment by relying on the target proxy service to specially transmit target data. Here, the timing of adding the target proxy service to the server is not limited to this, and may be any timing before the first VLAN and the first VPN are configured. It should be noted that the type of the target proxy service is selected according to the UPF type, and may be a virtual machine or a container, which is not limited herein.
In the embodiment of the invention, the target agent service is added in the server, and a special connecting channel is established between the server and the network equipment by relying on the first network interface of the target agent service and the network equipment, so that the safe transmission of data from and/or to a network management system in an external network is realized.
Optionally, the server comprises a target number of customized web services, wherein the type of customized web service comprises: a virtual machine or container;
under the condition that the target number is multiple, configuring a second VLAN with the target number and a second VPN with the target number in the server and the network equipment, wherein the method comprises the following steps:
determining a second VLAN and a second VPN corresponding to each customized network, wherein the second VLAN and the second VPN corresponding to different customized networks are completely different;
configuring a second VLAN and a second VPN corresponding to a customized network in each second network interface of the network equipment;
and configuring a second VLAN and a second VPN corresponding to the customized network in each customized network service of the server.
It should be noted that, in the case where the target number is plural, in order to ensure mutual isolation between the plural customized networks, when data is transmitted to terminal devices in different customized networks, different second VLANs and second VPNs will be used, and the server and the network device will access the different second VLANs and second VPNs through different network interfaces or services. Specifically, the second configuration information further includes association information, where the association information records a second VLAN and a second VPN corresponding to each customized network, and the second VLAN and the second VPN corresponding to different customized networks are completely different. After determining the second VLAN and the second VPN corresponding to each customized network based on the association information, the second VLAN and the second VPN corresponding to each customized network may be configured in each second network interface of the network device, and the second VLAN and the second VPN corresponding to each customized network may be configured in each customized network service of the server. For example, the second VLAN and the second VPN corresponding to the customized web service a are the second VLAN a and the second VPN a, respectively, and the second VLAN and the second VPN corresponding to the customized web service b are the second VLAN b and the second VPN b, respectively. When the network device and the server are configured, a second VLAN a and a second VPN a may be configured in a second network interface a of the network device, and a second VLAN a and a second VPN a may be configured in a customized web service a in the server, so that terminal data associated with the customized web a may be transmitted in the second network interface a and the customized web service a, where the terminal data includes: data from and/or to terminal devices in the customized network. Similarly, a second VLAN b and a second VPN b may be configured in the second network interface b of the network device, and a second VLAN b and a second VPN b may be configured in the customized network service b in the server, so that the terminal data associated with the customized network b may be transmitted in the second network interface b and the customized network service b.
In the embodiment of the invention, under the condition that the target number is multiple, multiple special connection channels are established between the server and the network equipment by relying on multiple customized network services in the server and multiple second network interfaces in the network equipment, so that the safe transmission of the terminal data associated with the customized network is realized.
Optionally, after configuring the target number of second VLANs and the target number of second VPNs in the server and the network device, the method further includes:
and setting a first prohibition parameter and a second prohibition parameter, wherein the first prohibition parameter is used for prohibiting the intercommunication among the VPNs in the first set, and the second prohibition parameter is used for prohibiting the intercommunication among the VLANs in the second set.
It should be noted that, after configuring the target number of second VLANs and the target number of second VPNs in the server and the network device, it may be understood that a plurality of connection channels exist between the server and the network device at this time, and in order to avoid interworking of the connection channels, the first prohibition parameter and the second prohibition parameter are set here.
In the embodiment of the invention, the intercommunication among the VPNs in the first set is forbidden and the intercommunication among the VLANs in the second set is forbidden by setting the first forbidden parameter and the second forbidden parameter, so that potential safety hazards caused by the intercommunication among the VPNs or among the VLANs are avoided.
Optionally, after configuring the target number of second VLANs and the target number of second VPNs in the server and the network device according to the second configuration information, the method further includes:
under the condition that the network equipment receives a management instruction from a network management system forwarded by an external network, transmitting the management instruction to a server through a first VLAN and a first VPN;
the control server transmits the management instruction to the network equipment through a second VLAN and a second VPN;
and the control network equipment transmits the management instruction to the terminal equipment in the customized network so that the terminal equipment executes the management instruction under the condition of receiving the management instruction.
It should be noted that the first VLAN and the first VPN are used for transporting data from and/or to a network management system in an external network and the second VLAN and the second VPN are used for transporting data from and/or to an end device in a customized network.
That is to say, when the network device receives a management instruction from the network management system forwarded by the external network, the management instruction is transmitted to the server through the first VLAN and the first VPN; the method comprises the steps that a server determines a target customized network to which a management instruction points in customized network services of a target quantity under the condition that the server receives the management instruction transmitted by network equipment; under the condition that the server determines the target network making, the control server sends the management instruction to the network equipment through a second VLAN and a second VPN corresponding to the target network making; and finally, controlling the network equipment to transmit the management instruction to the target customized network, so that the terminal equipment in the target customized network can acquire the management instruction from the target customized network and execute the management instruction. Preferably, the network management system stores relevant information of each customized network to identify different customized networks and different terminal devices under each customized network, so that the relevant information can be used for performing targeted management on each terminal device under each customized network. For example, the management instruction carries a customized network identifier for distinguishing each customized network and a terminal identifier for distinguishing each terminal device. After the management instruction is transmitted to the corresponding customized network from the network management system, only the terminal equipment with the terminal identification in the management instruction can receive and execute the management instruction, so that the targeted management of the terminal equipment is realized. Here, the management instruction includes, but is not limited to, a configuration instruction for configuring the terminal device, a reporting instruction for instructing the terminal device to report information, an operation instruction for instructing the terminal device to perform some operations, and the like.
In the embodiment of the invention, under the condition that the network equipment receives the management instruction from the network management system forwarded by the external network, the management instruction is transmitted to the server through the first VLAN and the first VPN; the control server transmits the management instruction to the network equipment through a second VLAN and a second VPN; and finally, controlling the network equipment to send the management instruction to the terminal equipment through the customized network so that the terminal equipment executes the management instruction under the condition of receiving the management instruction, thereby realizing the management of the terminal equipment in the customized network by a network management system of the external network.
Optionally, after configuring the target number of second VLANs and the target number of second VPNs in the server and the network device according to the second configuration information, the method further includes:
under the condition that the network equipment receives equipment information from the terminal equipment forwarded by the customized network, the equipment information is transmitted to the server through a second VLAN and a second VPN;
the control server transmits the device information to the network device through the first VLAN and the first VPN;
and controlling the network equipment to transmit the equipment information to a network management system in the external network.
It should be noted that, when the number of targets is multiple, in order to ensure that the device information from the terminal device is safely transmitted to the network management system of the external network, when the device information is transmitted to the server, the second VLAN and the second VPN corresponding to the target customized network to which the terminal device is accessed are determined in the second VLAN and the second VPN of the number of targets, and then the device information is transmitted to the server through the second VLAN and the second VPN corresponding to the target customized network. The target proxy service is added to the server, and details about the target proxy service are not described herein. Here, the device information includes terminal device capability information, feedback information that the terminal device performs some operation, and the like, but is not limited thereto.
In the embodiment of the invention, under the condition that the network equipment receives the equipment information from the terminal equipment forwarded by the customized network, the equipment information is transmitted to the server through the second VLAN and the second VPN; the control server transmits the equipment information to the network equipment through the first VLAN and the first VPN; and finally, the network equipment is controlled to send the equipment information to the network management system through the external network, so that the terminal equipment in the customized network reports the equipment information to the network management system of the external network, and further, the management of the terminal equipment in the customized network by the network management system of the external network is enhanced.
Referring to fig. 2, an embodiment of the present invention further provides an application architecture diagram of a terminal management method, where the application architecture includes: the system comprises a client intranet, a terminal network management system and a shared UPF and 5G customized network.
The client intranet is a special network for the individual client, the family or the enterprise, and is isolated from the public network, so that the user cannot access the client intranet through the public network, and the data security is further ensured.
The terminal network management system is used for managing the terminals in the 5G customized network, can generate a management instruction for managing the terminals, and can also display messages fed back by the terminals. The terminal network management system corresponds to the network management system in the embodiment shown in fig. 1.
The shared UPF is equivalent to the UPF network element in the embodiment shown in fig. 1, and may also be an exclusive UPF, which is only described as an example. Proxy services (corresponding to the target proxy services in the above-described embodiments of the invention) may be newly added within the shared UPF. Inside the shared UPF, a unified message channel (corresponding to the first VLAN and the first VPN in the embodiment shown in fig. 1) is used to transmit data from and/or to the terminal network management system, and a VPN and a VLAN (corresponding to the second VLAN and the second VPN in the embodiment shown in fig. 1) corresponding to each 5G customized network are used to transmit data from and/or to the terminal device. Here, only three customized 5G networks are taken as an example for explanation, and the customized 5G network a corresponds to VPNA and VLANA, the customized 5G network B corresponds to VPNB and VLANB, and the customized 5G network C corresponds to VPNC and VLANC, so that when receiving data addressed to a terminal in the customized 5G network B, the proxy service transmits the data to the customized 5G network B using VPNB and VLANB, and the terminal in the customized 5G network B receives the terminal data. Similarly, the terminal in the 5G customized network B transmits data to the proxy service by using the 5G customized network B and the VPNB and the vlan B, and then transmits the data to the terminal management system in the external network through the proxy service by using a unified message channel.
It will be appreciated that in order to ensure isolation between the customized networks, the VPNs are not interoperable, and correspondingly, the VLANs are not interoperable. It should be noted that the type of the newly added proxy service is related to the type of the shared UPF, and when the shared UPF is a container type, the type of the newly added proxy service is also a container type. Of course, when the shared UPF is a virtual machine type, the type of the newly added proxy service is also a virtual machine type.
The 5G customized web corresponds to the customized web in the embodiment shown in fig. 1. The 5G customized network is provided with a plurality of terminals, the terminals arranged in the same 5G customized network can communicate with each other, and the terminals arranged in different 5G customized networks can not communicate with each other.
In the embodiment of the invention, the proxy service is newly added in the shared UPF and the corresponding configuration is carried out, so that the shared UPF can transmit data forwarded by an external network from a network management system, can transmit data sent to the network management system in the external network, can transmit data forwarded by a customized network from terminal equipment and can transmit data sent to the terminal equipment in the customized network, thereby realizing the management of the terminal network management system of the external network on the terminal equipment in the 5G customized network and reducing the management difficulty of the terminal in the 5G customized network.
The terminal management method according to the embodiment of the present invention is described above, and a terminal management apparatus according to the embodiment of the present invention is described below with reference to the accompanying drawings.
Referring to fig. 3, an embodiment of the present invention further provides a terminal management apparatus, where the apparatus includes:
a first receiving module 31, configured to receive first configuration information, where the first configuration information includes: configuration information of a first VLAN in the first set and configuration information of a first VPN in the second set;
a first configuration module 32, configured to configure a first VLAN and a first VPN in the server and the network device according to the first configuration information, so that the UPF network element transmits data from the network management system and/or transmits data to the network management system in the external network, where the data is forwarded by the external network through the first VLAN and the first VPN;
a second receiving module 33, configured to receive second configuration information, where the second configuration information includes: configuration information of a target number of second VLANs in the first set and configuration information of a target number of second VPNs in the second set;
and a second configuration module 34, configured to configure, in the server and the network device, a target number of second VLANs and a target number of second VPNs according to the second configuration information, so that the UPF network element transmits, through the target number of second VLANs and the target number of second VPNs, data from the terminal device forwarded by the customized network and/or transmits data to the terminal device in the customized network.
Optionally, the first configuration module 32 includes:
a first configuration unit, configured to configure a first VLAN and a first VPN in a first network interface of a network device;
a second configuration unit, configured to add a target proxy service in the server, and configure the first VLAN and the first VPN in the target proxy service, where the type of the target proxy service includes: a virtual machine or a container.
Optionally, the server comprises a target number of customized web services, wherein the type of customized web service comprises: a virtual machine or container;
a second configuration module 34 comprising:
the determining unit is used for determining a second VLAN and a second VPN corresponding to each customized network, wherein the second VLAN and the second VPN corresponding to different customized networks are completely different;
a third configuration unit, configured to configure a second VLAN and a second VPN corresponding to a customized network in each second network interface of the network device;
and the fourth configuration unit is used for configuring a second VLAN and a second VPN corresponding to one customized network in each customized network service of the server.
Optionally, the apparatus further comprises:
and the parameter setting module is used for setting a first prohibition parameter and a second prohibition parameter, wherein the first prohibition parameter is used for prohibiting the intercommunication among the VPNs in the first set, and the second prohibition parameter is used for prohibiting the intercommunication among the VLANs in the second set.
Optionally, the apparatus further comprises:
the first transmission module is used for transmitting the management instruction to the server through the first VLAN and the first VPN under the condition that the network equipment receives the management instruction from the network management system forwarded by the external network;
the second transmission module is used for controlling the server to transmit the management instruction to the network equipment through a second VLAN and a second VPN;
and the third transmission module is used for controlling the network equipment to transmit the management instruction to the terminal equipment in the customized network so that the terminal equipment executes the management instruction under the condition of receiving the management instruction.
Optionally, the apparatus further comprises:
the fourth transmission module is used for transmitting the equipment information to the server through the second VLAN and the second VPN under the condition that the network equipment receives the equipment information from the terminal equipment, which is forwarded by the customized network;
the fifth transmission module is used for controlling the server to transmit the equipment information to the network equipment through the first VLAN and the first VPN;
and the sixth transmission module is used for controlling the network equipment to transmit the equipment information to a network management system in the external network.
In the embodiment of the invention, the method is applied to the UPF network element, and the UPF network element comprises a server for providing UPF and network equipment. Firstly, receiving first configuration information, and configuring a first VLAN and a first VPN in a server and network equipment according to the first configuration information, so that a UPF network element transmits data forwarded by an external network from a network management system and/or transmits data to the network management system in the external network through the first VLAN and the first VPN, and the transmission of the data from and/or to the network management system in the external network in the UPF network element is realized; and then receiving second configuration information, and configuring a target number of second VLANs and a target number of second VPNs in the server and the network device according to the second configuration information, so that the UPF network element transmits data from the terminal device forwarded by the customized network and/or transmits data to the terminal device in the customized network through the target number of second VLANs and the target number of second VPNs, thereby realizing the transmission of the data from and/or to the terminal device in the customized network in the UPF network element, and further getting through the connection between the network management system in the external network and the terminal device in the customized network through the UPF network element. Therefore, the network management system can be deployed in the external network to realize the management of the terminal equipment in the customized network, thereby reducing the management difficulty of the terminal equipment in the customized network.
On the other hand, an embodiment of the present application further provides an electronic device, which includes a processor, a memory, and a computer program that is stored in the memory and is executable on the processor, and when the processor executes the program, the method for managing the terminal provided in the embodiments of the present invention is implemented.
In still another aspect, the present invention further provides a readable storage medium, where instructions in the readable storage medium, when executed by a processor of an electronic device, enable the electronic device to perform the method for terminal management provided in the above embodiments of the present invention.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the embodiment of the present invention. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (14)
1. A method for terminal management is characterized in that the method is applied to a User Plane Function (UPF) network element, the UPF network element comprises a server for providing UPF and network equipment, wherein the network equipment is in communication connection with terminal equipment accessed to a customized network through a target number of customized networks, the network equipment is in communication connection with a network management system accessed to the external network through an external network, and the server and the network equipment are both accessed to each Virtual Private Network (VPN) in a first set and each Virtual Local Area Network (VLAN) in a second set;
the method comprises the following steps:
receiving first configuration information, wherein the first configuration information comprises: configuration information for a first VLAN in the first set and configuration information for a first VPN in the second set;
configuring the first VLAN and the first VPN in the server and the network equipment according to the first configuration information so that the UPF network element transmits data forwarded by the external network from the network management system and/or transmits data to the network management system in the external network through the first VLAN and the first VPN;
receiving second configuration information, wherein the second configuration information comprises: configuration information for the target number of second VLANs in the first set and configuration information for the target number of second VPNs in the second set;
and configuring the target number of second VLANs and the target number of second VPNs in the server and the network device according to the second configuration information, so that the UPF network element transmits data from the terminal device forwarded by the customized network and/or transmits data to the terminal device in the customized network through the target number of second VLANs and the target number of second VPNs.
2. The method of claim 1, wherein said configuring the first VLAN and the first VPN in the server and the network device comprises:
configuring the first VLAN and the first VPN in a first network interface of the network device;
adding a target proxy service in the server, and configuring the first VLAN and the first VPN in the target proxy service, wherein the type of the target proxy service comprises: a virtual machine or a container.
3. The method of claim 1, wherein the server comprises the target number of customized web services, and wherein the type of customized web service comprises: a virtual machine or container;
configuring, in the server and the network device, the target number of second VLANs and the target number of second VPNs when the target number is plural, including:
determining the second VLAN and the second VPN corresponding to each customized network, wherein the second VLAN and the second VPN corresponding to different customized networks are completely different;
configuring the second VLAN and the second VPN corresponding to one customized network in each second network interface of the network device;
configuring the second VLAN and the second VPN corresponding to one customized network in each customized network service of the server.
4. The method of claim 1, wherein after configuring the target number of second VLANs and the target number of second VPNs in the server and the network device, the method further comprises:
and setting a first prohibition parameter and a second prohibition parameter, wherein the first prohibition parameter is used for prohibiting the intercommunication among the VPNs in the first set, and the second prohibition parameter is used for prohibiting the intercommunication among the VLANs in the second set.
5. The method of claim 1, wherein after configuring the target number of second VLANs and the target number of second VPNs in the server and the network device according to the second configuration information, the method further comprises:
under the condition that the network equipment receives a management instruction from the network management system forwarded by the external network, transmitting the management instruction to the server through the first VLAN and the first VPN;
controlling the server to transmit the management instruction to the network device through the second VLAN and the second VPN;
and controlling the network equipment to transmit the management instruction to the terminal equipment in the customized network so that the terminal equipment executes the management instruction under the condition of receiving the management instruction.
6. The method of claim 1, wherein after configuring the target number of second VLANs and the target number of second VPNs in the server and the network device according to the second configuration information, the method further comprises:
under the condition that the network equipment receives equipment information from the terminal equipment forwarded by the customized network, the equipment information is transmitted to the server through the second VLAN and the second VPN;
controlling the server to transmit the device information to the network device via the first VLAN and the first VPN;
and controlling the network equipment to transmit the equipment information to the network management system in the external network.
7. An apparatus for terminal management, the apparatus comprising:
a first receiving module, configured to receive first configuration information, where the first configuration information includes: configuration information for a first VLAN in the first set and configuration information for a first VPN in the second set;
a first configuration module, configured to configure the first VLAN and the first VPN in the server and the network device according to the first configuration information, so that a UPF network element transmits data from the network management system forwarded by the external network and/or transmits data to the network management system in the external network through the first VLAN and the first VPN;
a second receiving module, configured to receive second configuration information, where the second configuration information includes: configuration information for the target number of second VLANs in the first set and configuration information for the target number of second VPNs in the second set;
a second configuration module, configured to configure, in the server and the network device, the target number of second VLANs and the target number of second VPNs according to the second configuration information, so that the UPF network element transmits, through the target number of second VLANs and the target number of second VPNs, data from the terminal device forwarded by the customized network and/or transmits data to the terminal device in the customized network.
8. The apparatus of claim 7, wherein the first configuration module comprises:
a first configuration unit configured to configure the first VLAN and the first VPN in a first network interface of the network device;
a second configuration unit, configured to add a target proxy service in the server, and configure the first VLAN and the first VPN in the target proxy service, where a type of the target proxy service includes: a virtual machine or a container.
9. The apparatus of claim 7, wherein the server comprises the target number of customized web services, and wherein the type of customized web service comprises: a virtual machine or container;
the second configuration module, comprising:
a determining unit, configured to determine the second VLAN and the second VPN corresponding to each customized network, where the second VLAN and the second VPN corresponding to different customized networks are completely different;
a third configuration unit, configured to configure the second VLAN and the second VPN corresponding to one customized network in each second network interface of the network device;
a fourth configuration unit, configured to configure the second VLAN and the second VPN corresponding to one customized network in each customized network service of the server.
10. The apparatus of claim 7, further comprising:
and the parameter setting module is used for setting a first prohibition parameter and a second prohibition parameter, wherein the first prohibition parameter is used for prohibiting the intercommunication among the VPNs in the first set, and the second prohibition parameter is used for prohibiting the intercommunication among the VLANs in the second set.
11. The apparatus of claim 7, further comprising:
a first transmission module, configured to transmit, when the network device receives a management instruction from the network management system forwarded by the external network, the management instruction to the server through the first VLAN and the first VPN;
a second transmission module, configured to control the server to transmit the management instruction to the network device through the second VLAN and the second VPN;
a third transmission module, configured to control the network device to transmit the management instruction to the terminal device in the customized network, so that the terminal device executes the management instruction when receiving the management instruction.
12. The apparatus of claim 7, further comprising:
a fourth transmission module, configured to transmit the device information to the server through the second VLAN and the second VPN when the network device receives the device information from the terminal device forwarded by the customized network;
a fifth transmission module, configured to control the server to transmit the device information to the network device through the first VLAN and the first VPN;
and a sixth transmission module, configured to control the network device to transmit the device information to the network management system in the external network.
13. An electronic device, comprising: processor, memory and computer program stored on the memory and executable on the processor, which when executing the program implements a method of terminal management according to any of claims 1-6.
14. A readable storage medium, wherein instructions in the storage medium, when executed by a processor of an electronic device, enable the electronic device to perform the method of terminal management according to any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210515676.9A CN115002803A (en) | 2022-05-12 | 2022-05-12 | Terminal management method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210515676.9A CN115002803A (en) | 2022-05-12 | 2022-05-12 | Terminal management method and device and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115002803A true CN115002803A (en) | 2022-09-02 |
Family
ID=83026676
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210515676.9A Pending CN115002803A (en) | 2022-05-12 | 2022-05-12 | Terminal management method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115002803A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115426723A (en) * | 2022-10-28 | 2022-12-02 | 新华三技术有限公司 | VPN tunnel establishment method and device and electronic equipment |
-
2022
- 2022-05-12 CN CN202210515676.9A patent/CN115002803A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115426723A (en) * | 2022-10-28 | 2022-12-02 | 新华三技术有限公司 | VPN tunnel establishment method and device and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7012836B2 (en) | Network slice management method and equipment | |
| US11032214B2 (en) | Method, apparatus, and system for managing network slice instance | |
| EP3557818B1 (en) | Method, device and system for managing network slice instance | |
| US20210274418A1 (en) | Information Transmission Method and Apparatus | |
| EP3968685A1 (en) | Network slice management method and related device | |
| US9824080B2 (en) | Automatic generation of forms for device configuration | |
| US8521863B2 (en) | Method and device for operating resource on shared network element | |
| US8521877B2 (en) | Method for configuring access rights, control point, device and communication system | |
| CN113612807B (en) | Distributed firewall definition method and system | |
| CN113890767A (en) | Network access method, device, equipment and storage medium | |
| CN111797173B (en) | Alliance chain sharing system, method and device, electronic equipment and storage medium | |
| WO2019056954A1 (en) | Network slice management method and device | |
| CN111328060B (en) | Bluetooth equipment mesh networking method and system and equipment thereof | |
| CN115002803A (en) | Terminal management method and device and electronic equipment | |
| CN109039764A (en) | A kind of network parameter configuration method of distributed memory system | |
| CN102170366B (en) | Method, device and system for communicating with single board | |
| CN114926163A (en) | Resource cross-chain transfer method and device | |
| CN103843291A (en) | Communication device, communication method, and program | |
| US8331972B2 (en) | Resolving potential conflicts in interoperability communications | |
| CN113873005A (en) | Node master selection method, system, equipment and medium for micro-service cluster | |
| CN115118585A (en) | Service deployment method, device and system | |
| CN108604996A (en) | A kind of strategy transmission method and apparatus in NFV systems | |
| US8122486B2 (en) | Method and system for secure management of co-located customer premises equipment | |
| CN108096838A (en) | Gift bag gets method, apparatus, server, mobile terminal and storage medium | |
| KR20060012285A (en) | System and method for programmatically changing the network location of a network component |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |