CN115002803B - Terminal management method and device and electronic equipment - Google Patents

Terminal management method and device and electronic equipment Download PDF

Info

Publication number
CN115002803B
CN115002803B CN202210515676.9A CN202210515676A CN115002803B CN 115002803 B CN115002803 B CN 115002803B CN 202210515676 A CN202210515676 A CN 202210515676A CN 115002803 B CN115002803 B CN 115002803B
Authority
CN
China
Prior art keywords
network
vlan
customized
vpn
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210515676.9A
Other languages
Chinese (zh)
Other versions
CN115002803A (en
Inventor
朱煜文
孔大勇
郑淑琴
刘湘梅
陈凯
王哲
陈子琨
向亮
陈龙如
安冬萍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN202210515676.9A priority Critical patent/CN115002803B/en
Publication of CN115002803A publication Critical patent/CN115002803A/en
Application granted granted Critical
Publication of CN115002803B publication Critical patent/CN115002803B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/02Arrangements for optimising operational condition
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention provides a method and a device for managing a terminal and electronic equipment, which are applied to UPF network elements, wherein the method comprises the following steps: receiving first configuration information; according to the first configuration information, configuring a first VLAN and a first VPN in a server and network equipment, so that a UPF network element transmits data forwarded by an external network from a network management system and/or transmits data to the network management system in the external network through the first VLAN and the first VPN; receiving second configuration information; and according to the second configuration information, configuring a target number of second VLANs and a target number of second VPNs in the server and the network equipment so that the UPF network element transmits data forwarded by the customized network from the terminal equipment and/or transmits data to the terminal equipment in the customized network through the target number of second VLANs and the target number of second VPNs. The UPF network element is used for connecting the network management system in the external network and the terminal equipment in the customized network, so that the management difficulty of the terminal equipment in the customized network is reduced.

Description

Terminal management method and device and electronic equipment
Technical Field
The embodiment of the invention relates to the technical field of mobile communication, in particular to a method and a device for managing a terminal and electronic equipment.
Background
With the development of mobile communication technology, people increasingly rely on networks for information transfer. In particular, the advent of customized networking has provided more convenience to customers. The customized network is a network customized specially for the customer, and terminal equipment in the customized network can communicate with equipment in the customer intranet. The communication realized by the customized network and the intranet has high safety performance and partial performance of the communication of the extranet, thereby meeting more demands of customers.
At present, terminal equipment in the customized network can be directly accessed to an external network, so that the management of the terminal equipment in the customized network can be realized by deploying a network management system in the external network.
However, with the continuous increase of the security requirement, the terminal device in the customized network needs to be isolated from the external network, which causes that the network management system in the external network cannot directly access the terminal device in the customized network, thereby increasing the management difficulty of the terminal device in the customized network.
Disclosure of Invention
In view of the foregoing, embodiments of the present invention are provided to provide a method, an apparatus, and an electronic device for terminal management that overcome or at least partially solve the foregoing problems.
In a first aspect, an embodiment of the present invention provides a method for terminal management, applied to a UPF (User Port Function, user plane function) network element, where the UPF network element includes a server for providing UPFs and a network device, where the network device is communicatively connected to terminal devices that access the customized network through a target number of customized networks, the network device is communicatively connected to a network management system that accesses the external network through the external network, and the server and the network device each access each VPN (Virtual Private Network ) in a first set, and each VLAN (Virtual Local Area Network ) in a second set;
The method comprises the following steps:
receiving first configuration information, wherein the first configuration information comprises: configuration information of a first VLAN in the first set and configuration information of a first VPN in the second set;
according to the first configuration information, configuring the first VLAN and the first VPN in the server and the network equipment, so that the UPF network element transmits data forwarded by the external network from the network management system and/or transmits data to the network management system in the external network through the first VLAN and the first VPN;
Receiving second configuration information, wherein the second configuration information comprises: configuration information of the target number of second VLANs in the first set and configuration information of the target number of second VPNs in the second set;
And according to the second configuration information, configuring the second VLANs with the target number and the second VPNs with the target number in the server and the network equipment, so that the UPF network element transmits data from the terminal equipment forwarded by the customized network and/or transmits data to the terminal equipment in the customized network through the second VLANs with the target number and the second VPNs with the target number.
Optionally, said configuring the first VLAN and the first VPN in the server and the network device includes:
configuring the first VLAN and the first VPN in a first network interface of the network device;
adding a target proxy service in the server, and configuring the first VLAN and the first VPN in the target proxy service, wherein the types of the target proxy service include: virtual machines or containers.
Optionally, the server includes the target number of customized web services, wherein the types of customized web services include: a virtual machine or container;
In the case where the target number is plural, configuring the target number of second VLANs and the target number of second VPNs in the server and the network device includes:
Determining the second VLAN and the second VPN corresponding to each customized network, wherein the second VLAN and the second VPN corresponding to different customized networks are completely different;
Configuring a second VLAN and a second VPN corresponding to the customized network in each second network interface of the network equipment;
And configuring the second VLAN and the second VPN corresponding to one customized network in each customized network service of the server.
Optionally, after configuring the target number of second VLANs and the target number of second VPNs in the server and the network device, the method further comprises:
Setting a first prohibition parameter and a second prohibition parameter, wherein the first prohibition parameter is used for prohibiting the intercommunication among all the VPNs in the first set, and the second prohibition parameter is used for prohibiting the intercommunication among all the VLANs in the second set.
Optionally, after configuring the target number of second VLANs and the target number of second VPNs in the server and the network device according to the second configuration information, the method further comprises:
transmitting the management instruction to the server through the first VLAN and the first VPN under the condition that the network equipment receives the management instruction forwarded by the external network from the network management system;
Controlling the server to transmit the management instruction to the network device through the second VLAN and the second VPN;
And controlling the network equipment to transmit the management instruction to the terminal equipment in the customized network, so that the terminal equipment executes the management instruction under the condition of receiving the management instruction.
Optionally, after configuring the target number of second VLANs and the target number of second VPNs in the server and the network device according to the second configuration information, the method further comprises:
Transmitting the device information to the server through the second VLAN and the second VPN under the condition that the network device receives the device information forwarded by the customized network from the terminal device;
controlling the server to transmit the device information to the network device through the first VLAN and the first VPN;
and controlling the network equipment to transmit the equipment information to the network management system in the external network.
In a second aspect, an embodiment of the present invention further provides an apparatus for terminal management, where the apparatus includes:
The first receiving module is configured to receive first configuration information, where the first configuration information includes: configuration information of a first VLAN in the first set and configuration information of a first VPN in the second set;
The first configuration module is configured to configure the first VLAN and the first VPN in the server and the network device according to the first configuration information, so that a UPF network element transmits data forwarded by the external network from the network management system and/or transmits data to the network management system in the external network through the first VLAN and the first VPN;
The second receiving module is configured to receive second configuration information, where the second configuration information includes: configuration information of the target number of second VLANs in the first set and configuration information of the target number of second VPNs in the second set;
and the second configuration module is used for configuring the second VLANs with the target number and the second VPNs with the target number in the server and the network equipment according to the second configuration information, so that the UPF network element transmits the data forwarded by the customized network from the terminal equipment and/or transmits the data to the terminal equipment in the customized network through the second VLANs with the target number and the second VPNs with the target number.
Optionally, the first configuration module includes:
a first configuration unit, configured to configure the first VLAN and the first VPN in a first network interface of the network device;
A second configuration unit, configured to add a target proxy service in the server, and configure the first VLAN and the first VPN in the target proxy service, where a type of the target proxy service includes: virtual machines or containers.
Optionally, the server includes the target number of customized web services, wherein the types of customized web services include: a virtual machine or container;
The second configuration module includes:
A determining unit, configured to determine the second VLAN and the second VPN corresponding to each customized network, where the second VLAN and the second VPN corresponding to different customized networks are completely different;
a third configuration unit, configured to configure, in each second network interface of the network device, the second VLAN and the second VPN corresponding to the customized network;
and a fourth configuration unit, configured to configure the second VLAN and the second VPN corresponding to one customized network in each customized network service of the server.
Optionally, the apparatus further comprises:
The device comprises a parameter setting module, a first control module and a second control module, wherein the parameter setting module is used for setting a first prohibition parameter and a second prohibition parameter, the first prohibition parameter is used for prohibiting intercommunication among all VPNs in the first set, and the second prohibition parameter is used for prohibiting intercommunication among all VLANs in the second set.
Optionally, the apparatus further comprises:
The first transmission module is used for transmitting the management instruction to the server through the first VLAN and the first VPN under the condition that the network equipment receives the management instruction forwarded by the external network from the network management system;
A second transmission module, configured to control the server to transmit the management instruction to the network device through the second VLAN and the second VPN;
and the third transmission module is used for controlling the network equipment to transmit the management instruction to the terminal equipment in the customized network, so that the terminal equipment executes the management instruction under the condition of receiving the management instruction.
Optionally, the apparatus further comprises:
A fourth transmission module, configured to, when the network device receives device information forwarded by the customized network from the terminal device, transmit the device information to the server through the second VLAN and the second VPN;
A fifth transmission module, configured to control the server to transmit the device information to the network device through the first VLAN and the first VPN;
and a sixth transmission module, configured to control the network device to transmit the device information to the network management system in the external network.
In a third aspect, an embodiment of the present invention further provides an electronic device, including: a processor, a memory and a computer program stored on the memory and executable on the processor, the processor implementing the above method of terminal management when executing the program.
In a fourth aspect, an embodiment of the present invention further provides a readable storage medium, which when executed by a processor of an electronic device, enables the electronic device to perform the above-described method of terminal management.
In the embodiment of the invention, the method is applied to a UPF network element, and the UPF network element comprises a server for providing UPF and network equipment. Firstly, receiving first configuration information, and configuring a first VLAN and a first VPN in a server and network equipment according to the first configuration information, so that a UPF network element transmits data forwarded by an external network from a network management system and/or transmits data to the network management system in the external network through the first VLAN and the first VPN, thereby realizing the transmission of the data from and/or to the network management system in the external network in the UPF network element; and then receiving the second configuration information, and configuring a target number of second VLANs and a target number of second VPNs in the server and the network equipment according to the second configuration information, so that the UPF network element transmits data forwarded by the customized network from the terminal equipment and/or transmits data to the terminal equipment in the customized network through the target number of second VLANs and the target number of second VPNs, thereby realizing the transmission of the data from and/or to the terminal equipment in the customized network in the UPF network element, and further connecting a network management system in an external network with the terminal equipment in the customized network through the UPF network element. Therefore, the network management system can be deployed in the external network to realize the management of the terminal equipment in the customized network, thereby reducing the management difficulty of the terminal equipment in the customized network.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments of the present invention will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flowchart of steps of a method for terminal management according to an embodiment of the present invention;
fig. 2 is an application architecture schematic diagram of a method for terminal management according to an embodiment of the present invention;
Fig. 3 is a block diagram of a device for terminal management according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be appreciated that reference throughout this specification to "one embodiment" or "an embodiment" means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, the appearances of the phrases "in one embodiment" or "in an embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
In various embodiments of the present invention, it should be understood that the sequence numbers of the following processes do not mean the order of execution, and the order of execution of the processes should be determined by the functions and internal logic, and should not constitute any limitation on the implementation process of the embodiments of the present invention.
Referring to fig. 1, an embodiment of the present invention provides a method for terminal management, which is applied to a UPF network element, where the UPF network element includes a server for providing UPF and a network device, where the network device is communicatively connected to a terminal device accessing a customized network through a target number of customized networks, the network device is communicatively connected to a network management system accessing an external network through the external network, and the server and the network device are both accessed to each VPN in the first set and each VLAN in the second set. The external network may also be understood as a public network, and will not be described in detail herein.
It should be noted that the UPF network element has a function as an interconnection point between the radio access network and the data network, and here, the embodiment of the present invention adopts VPN technology and VLAN technology to implement the function. The type of the UPF network element may be a shared type or an exclusive type, which is not limited herein. The terminal equipment is accessed in the customized network in advance, and the terminal equipment accessed in the customized network can directly communicate with other equipment accessed in the customized network. It should be noted that the first set includes at least two VPNs and the second set includes at least two VLANs.
It can be understood that the customized network is a network customized specifically for the client, and the network customized for the client is partitioned by network slicing, edge computing, independent customization, and other network schemes. For example, but not limited to, a network may be customized for 5G (fifth generation mobile communication technology, 5th Generation Mobile Communication Technology). The network device is in communication connection with the terminal device accessing the customized network through the customized network with the target number, wherein the target number can be one or a plurality of customized networks, and the method is not limited herein. It should be noted that when the target number is plural, that is, when the network device accesses plural customized networks, different customized networks are isolated from each other, so that different terminal devices in the same customized network can realize communication through the same customized network. Also, because the customized networks are isolated from each other, terminal devices located in different customized networks cannot directly communicate within the customized networks.
The method comprises the following steps:
Step 101: receiving first configuration information, wherein the first configuration information comprises: configuration information of a first VLAN in the first set and configuration information of a first VPN in the second set.
It should be noted that, in the case where the server and the network device access each VPN in the first set and each VLAN in the second set, if the communication function between the server and the network device is to be implemented, the same VLAN and the same VPN need to be configured in the server and the network device. Here, the first VLAN may be any VLAN in the first set, and the first VPN may be any VPN in the second set. The configuration information of the first VLAN may include, but is not limited to, a VLAN number, where the VLAN number is a unique identifier of the first VLAN in the first set; the configuration information of the first VPN may include, but is not limited to, a VPN number, wherein the VPN number is a unique identification of the first VPN in the second set. In the UPF network element, the server does not directly communicate with the external device, but uses the network device to implement communication with the external device, where the network device may be a switch, but is not limited thereto.
Step 102: according to the first configuration information, a first VLAN and a first VPN are configured in the server and the network equipment, so that the UPF network element transmits data forwarded by the external network from the network management system and/or transmits data to the network management system in the external network through the first VLAN and the first VPN.
It should be noted that, according to the first configuration information, after the first VLAN and the first VPN are configured in the server and the network device, the UPF network element may implement transmission of the target data inside the UPF network element through the first VLAN and the first VPN, where the target data includes: data from and/or to network management systems in the external network. That is, the UPF network element will utilize the first VLAN and the first VPN exclusively for transmitting the target data. Preferably, the relevant policy may be configured in the UPF network element in advance, so that after the UPF network element receives the target data, the target data is transmitted using the first VLAN and the first VPN based on the relevant policy.
Step 103: receiving second configuration information, wherein the second configuration information comprises: configuration information of a target number of second VLANs in the first set and configuration information of a target number of second VPNs in the second set.
It should be noted that the second VLAN may be any unused VLAN in the first set, and the second VPN may be any unused VPN in the second set. The configuration information of the second VLAN may include, but is not limited to, a VLAN name, wherein the VLAN name is a unique identification of the second VLAN in the first set; the configuration information of the second VPN may include, but is not limited to, a VPN name, wherein the VPN name is a unique identification of the second VPN in the second set. The number of the second VLANs and the number of the second VPNs are equal to the number of the customized networks, and the number of the second VLANs and the number of the second VPNs are target numbers.
Step 104: and according to the second configuration information, configuring a target number of second VLANs and a target number of second VPNs in the server and the network equipment so that the UPF network element transmits data forwarded by the customized network from the terminal equipment and/or transmits data to the terminal equipment in the customized network through the target number of second VLANs and the target number of second VPNs.
It should be noted that, according to the second configuration information, after the server and the network device configure the target number of second VLANs and the target number of second VPNs, the UPF network element may implement transmission of terminal data inside the UPF network element through the target number of second VLANs and the target number of second VPNs, where the terminal data includes: data from and/or to terminal devices in the customized network. That is, the UPF network element will use the target number of second VLANs and the target number of second VPNs exclusively for transmitting terminal data. It can be understood that, in the case that the target number is multiple, different customized networks correspond to different second VLANs and second VPNs, and when the UPF network element internally transmits terminal data associated with a certain customized network, the second VLAN and the second VPN corresponding to the customized network are used to transmit the terminal data. Preferably, the relevant policy may be configured in the UPF network element in advance, so that after the UPF network element receives the terminal data, the terminal data is transmitted using the corresponding second VLAN and the second VPN based on the relevant policy.
In the embodiment of the invention, the method is applied to a UPF network element, and the UPF network element comprises a server for providing UPF and network equipment. Firstly, receiving first configuration information, and configuring a first VLAN and a first VPN in a server and network equipment according to the first configuration information, so that a UPF network element transmits data forwarded by an external network from a network management system and/or transmits data to the network management system in the external network through the first VLAN and the first VPN, thereby realizing the transmission of the data from and/or to the network management system in the external network in the UPF network element; and then receiving the second configuration information, and configuring a target number of second VLANs and a target number of second VPNs in the server and the network equipment according to the second configuration information, so that the UPF network element transmits data forwarded by the customized network from the terminal equipment and/or transmits data to the terminal equipment in the customized network through the target number of second VLANs and the target number of second VPNs, thereby realizing the transmission of the data from and/or to the terminal equipment in the customized network in the UPF network element, and further connecting a network management system in an external network with the terminal equipment in the customized network through the UPF network element. Therefore, the network management system can be deployed in the external network to realize the management of the terminal equipment in the customized network, thereby reducing the management difficulty of the terminal equipment in the customized network.
Optionally, configuring the first VLAN and the first VPN in the server and the network device includes:
Configuring a first VLAN and a first VPN in a first network interface of a network device;
Adding a target proxy service in a server, and configuring a first VLAN and a first VPN in the target proxy service, wherein the types of the target proxy service comprise: virtual machines or containers.
It should be noted that a plurality of network interfaces are provided on the network device, through which communication with other devices can be achieved. Since both the network device and the server have access to the first VLAN and the first VPN. Therefore, the same VLAN and VPN (i.e., the first VLAN and the first VPN) are respectively configured in the first network interface of the network device and the target proxy service of the server, and a connection channel may be established between the first network interface of the network device and the target proxy service of the server, so that data transmission between the network device and the server is realized by using the first VLAN and the first VPN. It will be appreciated that the target proxy service provides a basis for internal transmission of target data by the UPF network element, wherein the target data comprises: data from and/or to network management systems in the external network. Depending on the target proxy service, a new connection channel can be established between the server and the network device to exclusively transmit the target data. Here, the timing of adding the target proxy service in the server is not limited thereto, and may be any timing before the first VLAN and the first VPN are configured. It should be noted that the type selection of the target proxy service is related to the UPF type, and may be a virtual machine or a container, which is not limited herein.
In the embodiment of the invention, the target proxy service is added in the server, and a special connection channel is established between the server and the network equipment by means of the target proxy service and the first network interface of the network equipment, so that the safe transmission of data from and/or to a network management system in an external network is realized.
Optionally, the server includes a target number of customized web services, wherein the types of customized web services include: a virtual machine or container;
In the case where the target number is plural, configuring the target number of second VLANs and the target number of second VPNs in the server and the network device includes:
determining a second VLAN and a second VPN corresponding to each customized network, wherein the second VLAN and the second VPN corresponding to different customized networks are completely different;
configuring a second VLAN and a second VPN corresponding to a customized network in each second network interface of the network equipment;
And configuring a second VLAN and a second VPN corresponding to the customized network in each customized network service of the server.
It should be noted that in case the target number is a plurality, in order to ensure mutual isolation between the plurality of customized networks, different second VLANs and second VPNs will be used when transmitting data to the terminal devices in the different customized networks, and the server and the network device will access the different second VLANs and second VPNs through different network interfaces or services. Specifically, the second configuration information further includes association information, where the association information records a second VLAN and a second VPN corresponding to each customized network, and the second VLAN and the second VPN corresponding to different customized networks are completely different. After determining the second VLAN and the second VPN corresponding to each customized network based on the association information, the second VLAN and the second VPN corresponding to each customized network may be configured in each second network interface of the network device, and the second VLAN and the second VPN corresponding to each customized network may be configured in each customized network service of the server. For example, the second VLAN and the second VPN corresponding to the customized web service a are the second VLAN a and the second VPN a, respectively, and the second VLAN and the second VPN corresponding to the customized web service b are the second VLAN b and the second VPN b, respectively. When the configuration is performed in the network device and the server, the second VLAN a and the second VPN a may be configured in the second network interface a of the network device, and the second VLAN a and the second VPN a may be configured in the customized web service a in the server, so that terminal data associated with the customized web a may be transmitted in the second network interface a and the customized web service a, where the terminal data includes: data from and/or to terminal devices in the customized network. Likewise, the second VLAN b and the second VPN b may be configured in the second network interface b of the network device, and the second VLAN b and the second VPN b may be configured in the customized web service b in the server, so that terminal data associated with the customized web b may be transmitted in the second network interface b as well as the customized web service b.
In the embodiment of the invention, under the condition that the target number is a plurality of, a plurality of special connection channels are established between the server and the network equipment by means of a plurality of customized network services in the server and a plurality of second network interfaces in the network equipment, so that the safe transmission of terminal data associated with the customized network is realized.
Optionally, after configuring the target number of second VLANs and the target number of second VPNs in the server and the network device, the method further comprises:
And setting a first prohibition parameter and a second prohibition parameter, wherein the first prohibition parameter is used for prohibiting the intercommunication among all the VPNs in the first set, and the second prohibition parameter is used for prohibiting the intercommunication among all the VLANs in the second set.
It should be noted that after the second VLANs of the target number and the second VPNs of the target number are configured in the server and the network device, it may be understood that there are a plurality of connection channels between the server and the network device at this time, and in order to avoid interworking of the connection channels, the first prohibition parameter and the second prohibition parameter will be set.
In the embodiment of the invention, the intercommunication between VPNs in the first set is forbidden by setting the first forbidden parameter and the second forbidden parameter, and the intercommunication between VLANs in the second set is forbidden, so that the potential safety hazard caused by the intercommunication between VPNs or VLANs is avoided.
Optionally, after configuring the target number of second VLANs and the target number of second VPNs in the server and the network device according to the second configuration information, the method further comprises:
Under the condition that the network equipment receives a management instruction forwarded by an external network from a network management system, the management instruction is transmitted to a server through a first VLAN and a first VPN;
the control server transmits a management instruction to the network equipment through the second VLAN and the second VPN;
and the control network equipment transmits the management instruction to the terminal equipment in the customized network, so that the terminal equipment executes the management instruction under the condition of receiving the management instruction.
It should be noted that the first VLAN and the first VPN are used for transmitting data from and/or to network management systems in the external network and the second VLAN and the second VPN are used for transmitting data from and/or to terminal devices in the customized network.
That is, in the case that the network device receives a management instruction forwarded by the external network from the network management system, the management instruction is transmitted to the server through the first VLAN and the first VPN; the server determines a target customized network pointed by the management instruction in the customized network service of the target quantity under the condition of receiving the management instruction transmitted by the network equipment; under the condition that the server determines the target customized network, the control server sends a management instruction to the network equipment through a second VLAN and a second VPN corresponding to the target customized network; and finally, the control network equipment transmits the management instruction to the target customized network, so that the terminal equipment in the target customized network can acquire the management instruction from the target customized network and execute the management instruction. Preferably, the network management system stores relevant information of each customized network, so as to identify different customized networks and different terminal devices under each customized network, thereby carrying out targeted management on each terminal device under each customized network through the relevant information. For example, the management command carries a customized network identifier for distinguishing each customized network and a terminal identifier for distinguishing each terminal device. After the management command is transmitted from the network management system to the corresponding customized network, only the terminal equipment with the terminal identification in the management command can receive and execute the management command, so that the targeted management of the terminal equipment is realized. Here, the management instruction includes a configuration instruction for configuring the terminal device, a reporting instruction for instructing the terminal device to report information, an operation instruction for instructing the terminal device to perform some operation, and the like, but is not limited thereto.
In the embodiment of the invention, under the condition that the network equipment receives the management instruction forwarded by the external network from the network management system, the management instruction is firstly transmitted to the server through the first VLAN and the first VPN; the control server transmits the management instruction to the network equipment through the second VLAN and the second VPN; and finally, the control network equipment sends the management instruction to the terminal equipment through the customized network, so that the terminal equipment executes the management instruction under the condition of receiving the management instruction, and the management of the terminal equipment in the customized network by the network management system of the external network is realized.
Optionally, after configuring the target number of second VLANs and the target number of second VPNs in the server and the network device according to the second configuration information, the method further comprises:
transmitting the device information to the server through the second VLAN and the second VPN under the condition that the network device receives the device information forwarded by the customized network from the terminal device;
the control server transmits the device information to the network device through the first VLAN and the first VPN;
And controlling the network equipment to transmit the equipment information to a network management system in the external network.
It should be noted that, in the case that the target number is a plurality of, in order to ensure that the device information from the terminal device is safely transmitted to the network management system of the external network, when the device information is transmitted to the server, the second VLAN and the second VPN corresponding to the target customized network accessed by the terminal device are determined from the second VLAN and the second VPN of the target number, and then the device information is transmitted to the server through the second VLAN and the second VPN corresponding to the target customized network. Wherein, the server is added with a target proxy service, and the target proxy service is not described herein. Here, the device information includes terminal device capability information, feedback information for the terminal device to perform certain operations, and the like, but is not limited thereto.
In the embodiment of the invention, under the condition that the network equipment receives the equipment information forwarded by the customized network from the terminal equipment, the equipment information is transmitted to the server through the second VLAN and the second VPN; the control server transmits the device information to the network device through the first VLAN and the first VPN; and finally, the control network equipment sends the equipment information to the network management system through the external network, so that the terminal equipment in the customized network reports the equipment information to the network management system of the external network, and further, the management of the network management system of the external network on the terminal equipment in the customized network is enhanced.
Referring to fig. 2, the embodiment of the present invention further provides an application architecture schematic diagram of a method for terminal management, where the application architecture includes: client intranet, terminal network management system, shared UPF and 5G customized network.
The client intranet is a private network of a client person, a home or an enterprise, and is isolated from the public network, so that a user cannot access the client intranet through the public network, and the safety of data is further ensured.
The terminal network management system is used for managing the terminals in the 5G customized network, and can generate a management instruction for managing the terminals and can display the feedback information of the terminals. The terminal network management system corresponds to the network management system in the embodiment shown in fig. 1.
The shared UPF corresponds to the UPF network element in the embodiment shown in fig. 1, and may be an exclusive UPF, which is only described herein as an example of the shared UPF. Proxy services (equivalent to the target proxy services in the above-described embodiments of the invention) may be newly added within the shared UPF. Data from and/or to the end network management system is transmitted within the shared UPF using a unified message path (corresponding to the first VLAN and the first VPN in the embodiment shown in fig. 1), and data from and/or to the end devices is transmitted using VPNs and VLANs (corresponding to the second VLAN and the second VPN in the embodiment shown in fig. 1) corresponding to each 5G customized network. Here, only three 5G customized networks are illustrated, in which the 5G customized network a corresponds to VPNA and vlan a, the 5G customized network B corresponds to VPNB and VLANB, and the 5G customized network C corresponds to VPNC and VLANC, so that when receiving data addressed to a terminal in the 5G customized network B, the proxy service sends the data to the 5G customized network B using VPNB and VLANB, and the terminal in the 5G customized network B will receive the terminal data. Similarly, the terminals in 5G customized network B transmit data to the proxy service using 5G customized network B and VPNB and VLANB, and further transmit the data to the terminal management system in the external network through the proxy service via the unified message channel.
It will be appreciated that in order to ensure mutual isolation between the custom networks, and thus, the VPNs, and correspondingly, the VLANs, are not interoperable. It should be noted that the type of the newly added proxy service is related to the type of the shared UPF, and when the shared UPF is of the container type, the type of the newly added proxy service is also of the container type. Of course, when the shared UPF is a virtual machine type, the type of the newly added proxy service is also a virtual machine type.
The 5G customized web corresponds to the customized web in the embodiment shown in fig. 1. The 5G customized network is provided with a plurality of terminals, the terminals arranged in the same 5G customized network can communicate with each other, and the terminals arranged in different 5G customized networks can not communicate with each other.
In the embodiment of the invention, proxy service is newly added in the shared UPF and corresponding configuration is carried out, so that the shared UPF can transmit data forwarded by the external network from a network management system, data forwarded by the external network from a terminal device and data forwarded by the customized network from the terminal device, and data forwarded by the customized network to the terminal device in the customized network, thereby realizing the management of the terminal network management system of the external network to the terminal device in the 5G customized network and reducing the management difficulty of the terminal in the 5G customized network.
Having described the method for terminal management provided by the embodiment of the present invention, a device for terminal management provided by the embodiment of the present invention will be described below with reference to the accompanying drawings.
Referring to fig. 3, the embodiment of the invention further provides a device for terminal management, which includes:
The first receiving module 31 is configured to receive first configuration information, where the first configuration information includes: configuration information of a first VLAN in the first set and configuration information of a first VPN in the second set;
A first configuration module 32, configured to configure a first VLAN and a first VPN in the server and the network device according to the first configuration information, so that the UPF network element transmits data forwarded by the external network from the network management system and/or transmits data to the network management system in the external network through the first VLAN and the first VPN;
A second receiving module 33, configured to receive second configuration information, where the second configuration information includes: configuration information of a target number of second VLANs in the first set and configuration information of a target number of second VPNs in the second set;
And the second configuration module 34 is configured to configure the target number of second VLANs and the target number of second VPNs in the server and the network device according to the second configuration information, so that the UPF network element transmits the data forwarded by the customized network from the terminal device and/or transmits the data to the terminal device in the customized network through the target number of second VLANs and the target number of second VPNs.
Optionally, the first configuration module 32 includes:
a first configuration unit, configured to configure a first VLAN and a first VPN in a first network interface of a network device;
A second configuration unit, configured to add a target proxy service in the server, and configure the first VLAN and the first VPN in the target proxy service, where the type of the target proxy service includes: virtual machines or containers.
Optionally, the server includes a target number of customized web services, wherein the types of customized web services include: a virtual machine or container;
A second configuration module 34 comprising:
a determining unit, configured to determine a second VLAN and a second VPN corresponding to each customized network, where the second VLAN and the second VPN corresponding to different customized networks are completely different;
a third configuration unit, configured to configure a second VLAN and a second VPN corresponding to a customized network in each second network interface of the network device;
And the fourth configuration unit is used for configuring a second VLAN and a second VPN corresponding to one customized network in each customized network service of the server.
Optionally, the apparatus further comprises:
And the parameter setting module is used for setting a first prohibition parameter and a second prohibition parameter, wherein the first prohibition parameter is used for prohibiting the intercommunication among the VPNs in the first set, and the second prohibition parameter is used for prohibiting the intercommunication among the VLANs in the second set.
Optionally, the apparatus further comprises:
The first transmission module is used for transmitting the management instruction to the server through the first VLAN and the first VPN under the condition that the network equipment receives the management instruction forwarded by the external network from the network management system;
the second transmission module is used for controlling the server to transmit the management instruction to the network equipment through the second VLAN and the second VPN;
and the third transmission module is used for controlling the network equipment to transmit the management instruction to the terminal equipment in the customized network so that the terminal equipment executes the management instruction under the condition of receiving the management instruction.
Optionally, the apparatus further comprises:
a fourth transmission module, configured to transmit, when the network device receives device information forwarded by the customized network from the terminal device, the device information to the server through the second VLAN and the second VPN;
A fifth transmission module, configured to control the server to transmit the device information to the network device through the first VLAN and the first VPN;
and the sixth transmission module is used for controlling the network equipment to transmit the equipment information to a network management system in the external network.
In the embodiment of the invention, the method is applied to a UPF network element, and the UPF network element comprises a server for providing UPF and network equipment. Firstly, receiving first configuration information, and configuring a first VLAN and a first VPN in a server and network equipment according to the first configuration information, so that a UPF network element transmits data forwarded by an external network from a network management system and/or transmits data to the network management system in the external network through the first VLAN and the first VPN, thereby realizing the transmission of the data from and/or to the network management system in the external network in the UPF network element; and then receiving the second configuration information, and configuring a target number of second VLANs and a target number of second VPNs in the server and the network equipment according to the second configuration information, so that the UPF network element transmits data forwarded by the customized network from the terminal equipment and/or transmits data to the terminal equipment in the customized network through the target number of second VLANs and the target number of second VPNs, thereby realizing the transmission of the data from and/or to the terminal equipment in the customized network in the UPF network element, and further connecting a network management system in an external network with the terminal equipment in the customized network through the UPF network element. Therefore, the network management system can be deployed in the external network to realize the management of the terminal equipment in the customized network, thereby reducing the management difficulty of the terminal equipment in the customized network.
On the other hand, the embodiment of the application also provides an electronic device, which comprises a processor, a memory and a computer program stored on the memory and capable of running on the processor, wherein the processor realizes the terminal management method provided by the embodiments of the application when executing the program.
In still another aspect, an embodiment of the present application further provides a readable storage medium, where instructions in the readable storage medium, when executed by a processor of an electronic device, enable the electronic device to perform a method for terminal management provided in the above embodiments of the present application.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules can be selected according to actual needs to achieve the purpose of the embodiment of the invention. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (14)

1. The method for terminal management is characterized by being applied to a user plane function UPF network element, wherein the UPF network element comprises a server for providing UPF and network equipment, the network equipment is in communication connection with terminal equipment accessed to a customized network through a target number of customized networks, the network equipment is in communication connection with a network management system accessed to an external network through the external network, and the server and the network equipment are both accessed to each virtual private network VPN in a first set and each virtual local area network VLAN in a second set;
The method comprises the following steps:
Receiving first configuration information, wherein the first configuration information comprises: configuration information of a first VLAN in the second set and configuration information of a first VPN in the first set;
according to the first configuration information, configuring the first VLAN and the first VPN in the server and the network equipment, so that the UPF network element transmits data forwarded by the external network from the network management system and/or transmits data to the network management system in the external network through the first VLAN and the first VPN;
Receiving second configuration information, wherein the second configuration information comprises: configuration information of the target number of second VLANs in the second set and configuration information of the target number of second VPNs in the first set;
And according to the second configuration information, configuring the second VLANs with the target number and the second VPNs with the target number in the server and the network equipment, so that the UPF network element transmits data from the terminal equipment forwarded by the customized network and/or transmits data to the terminal equipment in the customized network through the second VLANs with the target number and the second VPNs with the target number.
2. The method of claim 1, wherein configuring the first VLAN and the first VPN in the server and the network device comprises:
configuring the first VLAN and the first VPN in a first network interface of the network device;
adding a target proxy service in the server, and configuring the first VLAN and the first VPN in the target proxy service, wherein the types of the target proxy service include: virtual machines or containers.
3. The method of claim 1, wherein the server includes the target number of customized web services, wherein the type of customized web service includes: a virtual machine or container;
In the case where the target number is plural, configuring the target number of second VLANs and the target number of second VPNs in the server and the network device includes:
Determining the second VLAN and the second VPN corresponding to each customized network, wherein the second VLAN and the second VPN corresponding to different customized networks are completely different;
Configuring a second VLAN and a second VPN corresponding to the customized network in each second network interface of the network equipment;
And configuring the second VLAN and the second VPN corresponding to one customized network in each customized network service of the server.
4. The method of claim 1, wherein after configuring the target number of second VLANs and the target number of second VPNs in the server and the network device, the method further comprises:
Setting a first prohibition parameter and a second prohibition parameter, wherein the first prohibition parameter is used for prohibiting the intercommunication among all the VPNs in the first set, and the second prohibition parameter is used for prohibiting the intercommunication among all the VLANs in the second set.
5. The method of claim 1, wherein after configuring the target number of second VLANs and the target number of second VPNs in the server and the network device according to the second configuration information, the method further comprises:
transmitting the management instruction to the server through the first VLAN and the first VPN under the condition that the network equipment receives the management instruction forwarded by the external network from the network management system;
Controlling the server to transmit the management instruction to the network device through the second VLAN and the second VPN;
And controlling the network equipment to transmit the management instruction to the terminal equipment in the customized network, so that the terminal equipment executes the management instruction under the condition of receiving the management instruction.
6. The method of claim 1, wherein after configuring the target number of second VLANs and the target number of second VPNs in the server and the network device according to the second configuration information, the method further comprises:
Transmitting the device information to the server through the second VLAN and the second VPN under the condition that the network device receives the device information forwarded by the customized network from the terminal device;
controlling the server to transmit the device information to the network device through the first VLAN and the first VPN;
and controlling the network equipment to transmit the equipment information to the network management system in the external network.
7. The device for terminal management is characterized by being applied to a user plane function UPF network element, wherein the UPF network element comprises a server for providing UPF and network equipment, the network equipment is in communication connection with terminal equipment accessed to a customized network through a target number of customized networks, the network equipment is in communication connection with a network management system accessed to an external network through the external network, and the server and the network equipment are both accessed to each virtual private network VPN in a first set and each virtual local area network VLAN in a second set; the device comprises:
The first receiving module is configured to receive first configuration information, where the first configuration information includes: configuration information of a first VLAN in the second set and configuration information of a first VPN in the first set;
The first configuration module is configured to configure the first VLAN and the first VPN in the server and the network device according to the first configuration information, so that a UPF network element transmits data forwarded by the external network from the network management system and/or transmits data to the network management system in the external network through the first VLAN and the first VPN;
The second receiving module is configured to receive second configuration information, where the second configuration information includes: configuration information of the target number of second VLANs in the second set and configuration information of the target number of second VPNs in the first set;
and the second configuration module is used for configuring the second VLANs with the target number and the second VPNs with the target number in the server and the network equipment according to the second configuration information, so that the UPF network element transmits the data forwarded by the customized network from the terminal equipment and/or transmits the data to the terminal equipment in the customized network through the second VLANs with the target number and the second VPNs with the target number.
8. The apparatus of claim 7, wherein the first configuration module comprises:
a first configuration unit, configured to configure the first VLAN and the first VPN in a first network interface of the network device;
A second configuration unit, configured to add a target proxy service in the server, and configure the first VLAN and the first VPN in the target proxy service, where a type of the target proxy service includes: virtual machines or containers.
9. The apparatus of claim 7, wherein the server comprises the target number of customized web services, wherein the type of customized web service comprises: a virtual machine or container;
The second configuration module includes:
A determining unit, configured to determine the second VLAN and the second VPN corresponding to each customized network, where the second VLAN and the second VPN corresponding to different customized networks are completely different;
a third configuration unit, configured to configure, in each second network interface of the network device, the second VLAN and the second VPN corresponding to the customized network;
and a fourth configuration unit, configured to configure the second VLAN and the second VPN corresponding to one customized network in each customized network service of the server.
10. The apparatus of claim 7, wherein the apparatus further comprises:
The device comprises a parameter setting module, a first control module and a second control module, wherein the parameter setting module is used for setting a first prohibition parameter and a second prohibition parameter, the first prohibition parameter is used for prohibiting intercommunication among all VPNs in the first set, and the second prohibition parameter is used for prohibiting intercommunication among all VLANs in the second set.
11. The apparatus of claim 7, wherein the apparatus further comprises:
The first transmission module is used for transmitting the management instruction to the server through the first VLAN and the first VPN under the condition that the network equipment receives the management instruction forwarded by the external network from the network management system;
A second transmission module, configured to control the server to transmit the management instruction to the network device through the second VLAN and the second VPN;
and the third transmission module is used for controlling the network equipment to transmit the management instruction to the terminal equipment in the customized network, so that the terminal equipment executes the management instruction under the condition of receiving the management instruction.
12. The apparatus of claim 7, wherein the apparatus further comprises:
A fourth transmission module, configured to, when the network device receives device information forwarded by the customized network from the terminal device, transmit the device information to the server through the second VLAN and the second VPN;
A fifth transmission module, configured to control the server to transmit the device information to the network device through the first VLAN and the first VPN;
and a sixth transmission module, configured to control the network device to transmit the device information to the network management system in the external network.
13. An electronic device, comprising: a processor, a memory and a computer program stored on the memory and executable on the processor, the processor implementing the method of terminal management according to any of claims 1-6 when the program is executed.
14. A readable storage medium, characterized in that instructions in said storage medium, when executed by a processor of an electronic device, enable the electronic device to perform the method of terminal management according to any of claims 1-6.
CN202210515676.9A 2022-05-12 2022-05-12 Terminal management method and device and electronic equipment Active CN115002803B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210515676.9A CN115002803B (en) 2022-05-12 2022-05-12 Terminal management method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210515676.9A CN115002803B (en) 2022-05-12 2022-05-12 Terminal management method and device and electronic equipment

Publications (2)

Publication Number Publication Date
CN115002803A CN115002803A (en) 2022-09-02
CN115002803B true CN115002803B (en) 2024-06-07

Family

ID=83026676

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210515676.9A Active CN115002803B (en) 2022-05-12 2022-05-12 Terminal management method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN115002803B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115426723B (en) * 2022-10-28 2023-03-24 新华三技术有限公司 VPN tunnel establishment method and device and electronic equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103607345A (en) * 2013-11-21 2014-02-26 浙江宇视科技有限公司 Method and system for setting up routing information by monitoring node
KR20140120837A (en) * 2013-04-04 2014-10-14 건국대학교 산학협력단 Apparatus for implementing two-factor authentication into vpn and method for operating the same
CN105260856A (en) * 2015-11-12 2016-01-20 青岛中加科技投资控股有限公司 Combined one-piece enterprise information management apparatus
CN106603659A (en) * 2016-12-13 2017-04-26 南京邮电大学 Intelligent manufacturing special network data acquisition scheduling system
CN114025412A (en) * 2021-11-03 2022-02-08 中国联合网络通信集团有限公司 Service access method, system, device and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20140120837A (en) * 2013-04-04 2014-10-14 건국대학교 산학협력단 Apparatus for implementing two-factor authentication into vpn and method for operating the same
CN103607345A (en) * 2013-11-21 2014-02-26 浙江宇视科技有限公司 Method and system for setting up routing information by monitoring node
CN105260856A (en) * 2015-11-12 2016-01-20 青岛中加科技投资控股有限公司 Combined one-piece enterprise information management apparatus
CN106603659A (en) * 2016-12-13 2017-04-26 南京邮电大学 Intelligent manufacturing special network data acquisition scheduling system
CN114025412A (en) * 2021-11-03 2022-02-08 中国联合网络通信集团有限公司 Service access method, system, device and storage medium

Also Published As

Publication number Publication date
CN115002803A (en) 2022-09-02

Similar Documents

Publication Publication Date Title
US20190327149A1 (en) Network slice instance management method, apparatus, and system
US8909053B2 (en) Tenant isolation in a multi-tenant cloud system
CN105939365B (en) Master control borad User space obtains the method and device of data from business intralaminar nuclei state
US20220150116A1 (en) Network slice configuration method, apparatus, and system
US9094409B2 (en) Method for configuring access rights, control point, device and communication system
US8521863B2 (en) Method and device for operating resource on shared network element
US8972593B2 (en) Load sharing method, load sharing system and access server
CN104202187B (en) A kind of method and apparatus that the virtual bridged function in edge is disposed for interchanger
WO2019137516A1 (en) Network slice deployment method and apparatus
CN114615109B (en) Container network creation method, device, electronic equipment and storage medium
CN115002803B (en) Terminal management method and device and electronic equipment
CN102170366B (en) Method, device and system for communicating with single board
CN111464334A (en) System, method and server for realizing terminal equipment management under software defined wide area network system
CN109039764A (en) A kind of network parameter configuration method of distributed memory system
CN105281957A (en) Method for connecting device to Internet of things and server
CN108604996A (en) A kind of strategy transmission method and apparatus in NFV systems
CN112003825A (en) SDN-based virtual network isolation method and SDN controller
CN105763661B (en) A kind of acquisition methods and communication equipment of network protocol IP address
CN115834434A (en) Network device control method, control server, proxy device and communication network
CN101388796A (en) Information sending processing method, communication equipment and communication system
CN114172807A (en) Whole machine system and firmware upgrading method of intelligent network card thereof
CN115550313A (en) Communication method and device of external equipment, electronic equipment and storage medium
WO2023035777A1 (en) Network configuration method, proxy component, controller, electronic device and storage medium
CN111901902B (en) Mobile base station and corresponding service processing method and storage medium
US20240056449A1 (en) Communication method, apparatus, and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant