CN116528397B - Method and device for realizing 5G (fourth generation) dual-domain private network and 5G dual-domain private network system - Google Patents
Method and device for realizing 5G (fourth generation) dual-domain private network and 5G dual-domain private network system Download PDFInfo
- Publication number
- CN116528397B CN116528397B CN202310793041.XA CN202310793041A CN116528397B CN 116528397 B CN116528397 B CN 116528397B CN 202310793041 A CN202310793041 A CN 202310793041A CN 116528397 B CN116528397 B CN 116528397B
- Authority
- CN
- China
- Prior art keywords
- intranet
- upf
- network
- public network
- smf
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 230000006870 function Effects 0.000 claims description 56
- 208000037550 Primary familial polycythemia Diseases 0.000 claims description 41
- 208000017693 primary familial polycythemia due to EPO receptor mutation Diseases 0.000 claims description 41
- 238000004590 computer program Methods 0.000 claims description 10
- 230000001960 triggered effect Effects 0.000 abstract description 3
- 238000007726 management method Methods 0.000 description 14
- 230000005540 biological transmission Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 8
- 230000006855 networking Effects 0.000 description 7
- 230000008569 process Effects 0.000 description 7
- 238000012545 processing Methods 0.000 description 7
- 230000000694 effects Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000002955 isolation Methods 0.000 description 3
- 238000013523 data management Methods 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000000926 separation method Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000644 propagated effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000000758 substrate Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
- H04W76/11—Allocation or use of connection identifiers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
- H04W76/12—Setup of transport tunnels
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a method and a device for realizing a 5G dual-domain private network and a 5G dual-domain private network system. The method is applied to a public network session management function network element SMF of a 5G core network, the 5G core network is connected with a campus intranet, and the intranet is deployed with the intranet session management function network element SMF and an intranet user plane function network element UPF. In the method, when a park terminal initiates a PDU session creation request, when the public network SMF cannot provide network service for the park terminal, the public network AMF is triggered to select an intranet SMF providing network service for the park terminal, so that an N9 tunnel is established between the intranet UPF and the public network UPF, a data packet accessed by the park terminal to the public network is forwarded to the public network through the N9 tunnel, and a data packet accessed by the park terminal to the intranet is forwarded to the intranet through the intranet UPF.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method and an apparatus for implementing a 5G dual-domain private network, and a 5G dual-domain private network system.
Background
For specific industries, such as campus, government affairs, medical treatment, and travel industries, there is a need for implementing normal access to a public network (also referred to as an external network) by using a 5G terminal by using a five-generation mobile communication technology (5th Generation Mobile Communication Technology,5G) network, and simultaneously accessing an enterprise intranet (also referred to as an enterprise private network) in an enterprise campus, and isolating traffic accessed by employees from the internal and external networks.
However, in the prior art, the enterprise user needs to use a virtual private network (Virtual Private Network, VPN) or switch networks or switch accounts (i.e., "change networks and numbers") to achieve the purpose of accessing the intranet, which is not only excessively complicated and inconvenient, but also has poor stability.
Disclosure of Invention
In view of this, the application provides a method and a device for implementing a 5G dual-domain private network, and a 5G dual-domain private network system, so as to improve convenience and stability on the premise of guaranteeing intranet isolation.
The embodiment of the application provides a realization method of a 5G dual-domain private network, which is applied to a public network session management function network element SMF of a 5G core network, wherein the 5G core network is connected with a campus intranet, the campus intranet is deployed with an intranet session management function network element SMF and an intranet user plane function network element UPF, and the method comprises the following steps:
based on the received protocol data unit PDU session creation request initiated by the park terminal, obtaining a registered data network access identifier DNAI of the park terminal from a policy control function network element PCF;
according to DNAI, if the public network SMF is determined to be incapable of providing network service for the park terminal, triggering the public network AMF to select the intranet SMF for providing network service for the park terminal based on DNAI;
receiving a session creation request initiated by an intranet SMF, wherein the session creation request carries an identifier of an intranet user plane function network element UPF selected by the intranet SMF, triggering an N9 tunnel to be established between the intranet UPF and a public network UPF, forwarding a data packet accessed to the public network by a campus terminal to the public network through the N9 tunnel by the intranet UPF, and forwarding the data packet accessed to the intranet by the campus terminal to the intranet by the intranet UPF.
The embodiment of the application provides a 5G dual-domain private network system, which comprises: the public network session management function network element SMF applied to the 5G core network, the intranet session management function network element SMF deployed in the campus intranet and the intranet user plane function network element UPF;
a public network SMF for executing the steps in the above method;
any intranet SMF, when the public network SMF determines that network service can not be provided for the park terminal, if the public network SMF is selected to provide the network service for the park terminal, a session creation request initiated by the public network SMF is sent; the session creation request carries an identifier of an intranet user plane function network element UPF selected by the intranet SMF, so that the public network SMF triggers an N9 tunnel to be established between the intranet UPF and the public network UPF based on the identifier of the UPF carried by the session creation request;
after an N9 tunnel is established between any intranet UPF and the public network UPF, forwarding the data packet of the park terminal accessing the public network to the public network through the N9 tunnel, and forwarding the data packet of the park terminal accessing the park intranet to the park intranet through the intranet UPF.
The embodiment of the application also provides a device for realizing the 5G dual-domain private network, which is applied to a public network session management function network element SMF of a 5G core network, wherein the 5G core network is connected with a campus intranet, the campus intranet is provided with an intranet session management function network element SMF and an intranet user plane function network element UPF, and the device comprises:
the acquisition module is configured to acquire a registered data network access identifier DNAI of the park terminal from the policy control function network element PCF based on a received protocol data unit PDU session creation request initiated by the park terminal;
the determining module is configured to determine that the public network SMF can not provide network service for the park terminal according to the DNAI, and trigger the public network AMF to select the intranet SMF for providing the network service for the park terminal based on the DNAI;
the tunnel establishment module is configured to receive a session establishment request initiated by the intranet SMF, the session establishment request carries an intranet user plane function network element UPF selected by the intranet SMF, an N9 tunnel is triggered between the intranet UPF and the public network UPF, so that a data packet accessed by the campus terminal to the public network is forwarded to the public network through the N9 tunnel by the intranet UPF, and the data packet accessed by the campus terminal to the intranet is forwarded to the intranet by the intranet UPF.
The embodiment of the application also provides electronic equipment, which comprises: a processor and a memory for storing computer program instructions which, when executed by the processor, cause the processor to perform the steps of the method as above.
Embodiments of the present application also provide a machine-readable storage medium storing computer program instructions which, when executed, enable the steps of the method as above to be carried out.
According to the technical scheme, on the basis of setting the intranet SMF and the intranet UPF in the campus intranet, the public network SMF receives a protocol data unit PDU session creation request initiated by the campus terminal, and obtains a registered data network access identifier DNAI of the campus terminal from a policy control function network element PCF; according to DNAI, if the public network SMF is determined to be incapable of providing network service for the park terminal, triggering the public network AMF to select the intranet SMF for providing network service for the park terminal based on DNAI; receiving a session creation request initiated by an intranet SMF, wherein the session creation request carries an identifier of an intranet user plane function network element UPF selected by the intranet SMF, triggering an N9 tunnel to be established between the intranet UPF and a public network UPF, forwarding a data packet accessed to the public network by a campus terminal to the public network through the N9 tunnel by the intranet UPF, and forwarding the data packet accessed to the intranet by the campus terminal to the intranet by the intranet UPF. The method not only can effectively ensure the isolation of the internal network and the external network, but also can realize the purpose that the terminal of the park can conveniently and rapidly access the internal network and the external network without changing the network and the number.
In addition, when the purpose that the park terminal accesses the internal and external networks is achieved, the internal network SMF and the public network SMF are not bound by the same manufacturer and do not influence the stability of transmission, and because the internal network UPF and the public network SMF do not directly establish a transmission channel, the internal network UPF and the public network SMF are not bound by the same manufacturer and can meet the requirement of stable transmission, the internal network UPF and the internal network SMF can be flexibly deployed according to the requirement, and the requirement of flexible deployment is met on the premise of ensuring the stability of transmission.
Drawings
Fig. 1 is a block diagram of a networking architecture of a 5G dual-domain private network system according to an exemplary embodiment of the present application.
Fig. 2 is a flow chart illustrating a method for implementing a 5G dual-domain private network according to an exemplary embodiment of the present application.
Fig. 3 is a schematic flow chart of triggering an N9 tunnel between an intranet UPF and a public network UPF according to an exemplary embodiment of the present application.
Fig. 4 is a flow chart illustrating a method for determining whether network services can be provided to a campus terminal according to an exemplary embodiment of the present application.
Fig. 5 is an interactive flow diagram of an implementation method of a 5G dual-domain private network according to an exemplary embodiment of the present application.
Fig. 6 is a schematic diagram of basic hardware structure of a device where an implementation apparatus of a 5G dual-domain private network according to an embodiment of the present application is located.
Fig. 7 is a schematic structural diagram of an implementation device of a 5G dual-domain private network according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings identify the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the application. Rather, they are merely examples of apparatus and methods consistent with aspects of the application as detailed in the accompanying claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any or all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the application. The word "if" as used herein may be interpreted as "at … …" or "at … …" or "responsive to a determination", depending on the context.
In order to better illustrate the present solution, the following terms will now be explained.
The 5G core network is a core part in the 5G communication network, and is responsible for managing and controlling the whole network.
Access to mobility management network elements (Access and Mobility Management function, AMF), network devices in the 5G core network responsible for functions such as registration, connection and mobility of mobile subscribers, access security management, etc.
A session management function element (Session Management function, SMF), a network device in the 5G core network responsible for functions such as protocol data unit (Protocol Data Unit, PDU) session management for mobile subscribers, internet protocol (Internet Protocol, IP) address assignment, and user plane function element (User Plane Function, UPF) selection and control.
User plane function network elements (User Plane Function, UPF), network equipment in a 5G core network for mobile user plane data transmission, routing and quality of service (Quality of Service, qoS) handling.
A policy control function network element (Policy Control Function, PCF), a network device in a 5G network for QoS policy control and charging decisions.
The unified data management function network element (Unified Data Management, UDM) is a subscription data management center for the user.
A data network access identifier (DN Access Identifier, DNAI) for identifying a local access point of the data network for the mobile user to access the particular application.
The protocol Data unit PUD session refers to a process of communication between a User Equipment (UE) and a Data Network (DN). After the PDU session is established, a data transmission channel between the UE and the DN is established.
In order to better understand the technical solution provided by the embodiments of the present application and make the above objects, features and advantages of the embodiments of the present application more obvious, the technical solution in the embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
Fig. 1 is a block diagram of a networking architecture of a 5G dual-domain private network system according to an exemplary embodiment of the present application. It should be noted that, the implementation environments of the implementation method of the 5G dual-domain private network provided by the embodiment of the present application are all the networking architecture of the 5G dual-domain private network system shown in fig. 1. As shown in fig. 1, the system includes: and the 5G core network is connected with a park intranet, and the park intranet is provided with intranet SMF and intranet UPF. The 5G core network comprises AMF, public network SMF, public network UPF, PCF and UDM. The network elements in the 5G core network, which do not explicitly illustrate specific positions, are the same as the common setting positions, and are not described here again. In the networking connection shown in fig. 1, the enterprise terminal is a 5G terminal. The specific workflow of each network element in the 5G dual-domain private network system will be described in detail in the following embodiments.
Fig. 2 is a flow chart illustrating a method for implementing a 5G dual-domain private network according to an exemplary embodiment of the present application. The implementation method of the 5G dual-domain private network can be executed by the public network SMF in the networking architecture, and is implemented on the basis of the networking architecture shown in fig. 1. As shown in fig. 2, the implementation method of the 5G dual-domain private network includes the following steps.
S210, based on the received protocol data unit PDU session creation request initiated by the campus terminal, obtaining from the policy control function network element PCF the data network access identifier DNAI registered by the campus terminal.
The park terminal sends a PDU session creation request to the AMF through the base station, and the AMF selects to send the PDU session creation request to the public network SMF according to the data network name (Data Network Name, DNN) and the geographic position information carried in the PDU session creation request based on a preset strategy.
For example, if the park terminal sends a PDU session creation request to the AMF through the XXX operator for the XX enterprise in the X market, the AMF determines to send the PDU session creation request to the public network SMF according to the address of the XXX operator and the XX university carried in the PDU session creation request based on a preset policy.
When receiving a protocol data unit PDU session creation request initiated by a park terminal in a public network SMF, each terminal needs to sign up with a UDM and a PCF, the UDM manages sign-up information, such as QoS, total rate (AMBR) of a subscriber's sign-up terminal, etc., and service policies of the terminal, such as how many G of a traffic packet, a splitting policy, DNAI, etc., are configured on the PFC. Thus, each for a corresponding PCF, typically one PCF manages all terminals of a large area.
After receiving the PDU session creation request from the AMF, the public network SMF determines the PCF corresponding to the park terminal according to the park terminal, and then acquires the registered data network access identifier DNAI of the park terminal from the PCF corresponding to the park terminal.
And S220, according to DNAI, triggering the public network AMF to select the intranet SMF for providing the network service for the park terminal based on DNAI if the public network SMF can not provide the network service for the park terminal.
When the public network SMF obtains DNAI, the public network SMF determines whether the public network SMF can provide network services for the campus terminal, and how the public network SMF specifically determines whether the public network SMF can provide network services for the campus terminal is described in the following embodiments, which are not described herein in detail.
And when the public network SMF is determined to be incapable of providing network service for the park terminal, triggering the public network AMF to select the intranet SMF for providing network service for the park terminal based on DNAI.
In one embodiment, a specific implementation manner of triggering the public network AMF to select an intranet SMF for providing network services for the campus terminal based on DNAI is to send a message to the public network AMF, where the message carries DNAI, and the message is used to instruct the public network AMF to select the intranet SMF for providing network services for the campus terminal based on DNAI.
Specifically, when signing up, all campus terminals with intranet-extranet requirements sign up corresponding preset DNAIs of intranet SMF in PCF, that is, there is a corresponding relationship between DNAIs of the campus terminals and intranet SMF, and the corresponding relationship is preset in AMF. Therefore, when the AMF receives the DNAI, the AMF can select the intranet SMF according to a preset strategy, namely according to the corresponding relation between the DNAI and the intranet SMF of the campus terminal, and select the intranet SMF for providing network service for the campus terminal, so that the 5G dual-domain private network service can be provided for the campus terminal subsequently.
In this embodiment, through the correspondence between DNAI and intranet SMF of the campus terminal, the public network AMF selects the intranet SM for providing network service for the campus terminal based on DNAI, so as to provide 5G dual-domain private network service for the campus terminal.
In an alternative embodiment, if it is determined that the public network SMF supports providing network services for the campus terminal according to DNAI, the method further includes: and forwarding the data packet accessed to the public network by the park terminal to the public network through the public network UPF.
In this embodiment, when the public network SMF supports providing network services for the campus terminal, the mode of forwarding the data packet of the public network accessed by the campus terminal to the public network directly through the public network UPF is implemented to provide services of directly accessing the internet for the campus terminal without the intranet demand, so as to meet the diversified customer demands and improve the user experience.
S230, receiving a session creation request initiated by the intranet SMF, wherein the session creation request carries an intranet user plane function network element UPF selected by the intranet SMF, triggering an N9 tunnel to be established between the intranet UPF and the public network UPF, forwarding a data packet accessed to the public network by the campus terminal to the public network through the N9 tunnel by the intranet UPF, and forwarding the data packet accessed to the intranet by the campus terminal to the campus intranet by the intranet UPF.
When the intranet SMF is selected by the public network AMF based on DNAI to provide network service for the park terminal, the intranet SMF initiates a session creation request to the public network SMF and sends a public network control protocol PFCP session creation request to the intranet UPF so as to create a PFCP session with the intranet UPF.
The public network SMF receives a session creation request initiated by the internal network SMF, wherein the session creation request carries an internal network user plane function network element UPF selected by the internal network SMF, so that an N9 tunnel is established between the internal network UPF and the public network UPF, a data packet accessed to the public network by a park terminal is forwarded to the public network through the N9 tunnel by the internal network UPF, and the data packet accessed to the park intranet by the park terminal is forwarded to the park intranet through the internal network UPF. And the park terminal can access the intranet through the intranet UPF, and access the public network through the intranet UPF, the N9 tunnel and the public network UPF, so that the access of enterprise users to the intranet and extranet is realized.
The specific process of triggering the establishment of the N9 tunnel between the intranet UPF and the public network UPF will be described in the following embodiments, which are not described herein in detail.
Thus, the flow shown in fig. 1 is completed.
Through the effect achieved by the flow of fig. 1, the public network SMF receives a protocol data unit PDU session creation request initiated by a campus terminal, and obtains a registered data network access identifier DNAI of the campus terminal from a policy control function network element PCF; according to DNAI, if the public network SMF is determined to be incapable of providing network service for the park terminal, triggering the public network AMF to select the intranet SMF for providing network service for the park terminal based on DNAI; receiving a session creation request initiated by an intranet SMF, wherein the session creation request carries an identifier of an intranet user plane function network element UPF selected by the intranet SMF, triggering an N9 tunnel to be established between the intranet UPF and a public network UPF, forwarding a data packet accessed to the public network by a campus terminal to the public network through the N9 tunnel by the intranet UPF, and forwarding the data packet accessed to the intranet by the campus terminal to the intranet by the intranet UPF. The method not only can effectively ensure the isolation of the internal network and the external network, but also can realize the purpose that the terminal of the park can conveniently and rapidly access the internal network and the external network without changing the network and the number.
In addition, when the purpose that the park terminal accesses the internal and external networks is achieved, the internal network SMF and the public network SMF are not bound by the same manufacturer and do not influence the stability of transmission, and because the internal network UPF and the public network SMF do not directly establish a transmission channel, the internal network UPF and the public network SMF are not bound by the same manufacturer and can meet the requirement of stable transmission, the internal network UPF and the internal network SMF can be flexibly deployed according to the requirement, and the requirement of flexible deployment is met on the premise of ensuring the stability of transmission.
The following describes, by way of example, the establishment of an N9 tunnel between a triggered intranet UPF and a public network UPF in connection with fig. 3:
fig. 3 is a schematic flow chart of triggering an N9 tunnel between an intranet UPF and a public network UPF according to an exemplary embodiment of the present application. As shown in fig. 3, the flow includes the following steps.
And S310, a data forwarding control protocol (PFCP) session creation request carrying an intranet UPF identifier is sent to the public network UPF so as to create a PFCP session with the public network UPF.
When the intranet SMF is selected by the public network AMF based on DNAI to provide network service for the campus terminal, the intranet SMF first sends a PFCP session creation request to the intranet UPF to create a PFCP session with the intranet UPF, thereby creating a PFCP session creation between the intranet SMF and the intranet UPF.
After receiving a PDU session creation request sent by the intranet SMF, the intranet SMF sends a PFCP session creation request carrying intranet UPF identification information to the public network UPF so as to establish a PFCP session between the public network SMF and the public network UPF.
And S320, after the PFCP session is successfully established, a PFCP session establishment success message is sent to the intranet SMF, wherein the PFCP session establishment success message carries the identifier of the public network UPF so that the intranet SMF sends the identifier of the public network UPF to the intranet UPF, and the intranet UPF and the public network UPF establish an N9 tunnel.
After the establishment of the PFCP session between the public network UPF and the public network SMF is successful, the public network UPF sends PFCP session establishment success information to the public network SMF, wherein the PFCP session establishment success information carries the identification of the public network UPF, and the public network SMF forwards the PFCP session establishment success information to the intranet SMF after receiving the success of the PFCP session establishment carrying the identification of the public network UPF. The intranet SMF sends the identification of the public network UPF to the intranet UPF, so that the intranet UPF and the public network UPF establish an N9 tunnel.
Thus, the flow shown in fig. 3 is completed.
Through the effect that the flow of figure 3 reached, through the above-mentioned mode, realize establishing the N9 tunnel between public network UPF and the intranet UPF to the intranet UPF forwards the data package of garden terminal access public network to public network through N9 tunnel, and forwards the data package of garden terminal access garden intranet to the purpose of garden intranet through the intranet UPF, and then realizes that the garden terminal need not "trade net trade number" just can visit the purpose of intranet and outer net.
The above describes an example of triggering the establishment of an N9 tunnel between the intranet UPF and the public network UPF.
The determination of whether network services can be provided to a campus terminal is described by way of example below in connection with fig. 4.
Fig. 4 is a flow chart illustrating a method for determining whether network services can be provided to a campus terminal according to an exemplary embodiment of the present application. As shown in fig. 4, the flow includes the following steps.
S410, judging whether DNAI is matched with any DNAI in a DNAI list obtained by the SMF of the public network, wherein each DNAI supported by the SMF of the public network is recorded in the DNAI list. If so, S420 is performed, otherwise S430 is performed.
The public network SMF will be preconfigured with a DNAI list, and when the DNAI of the campus terminal matches any DNAI in the DNAI list, the public network SMF need not provide network services for the campus terminal. When the DNAI of the campus terminal does not match any DNAI in the DNAI list, it is determined that the present public network SMF can provide network services for the campus terminal.
S420, determining that the public network SMF cannot provide network service for the park terminal.
And S430, determining that the public network SMF can provide network services for the park terminal.
It should be understood that the DNAIs subscribed to the PCF for the campus terminal are different from any one of the DNAI lists preset for the public network SMF.
Thus, the flow shown in fig. 4 is completed.
Through the effect that the flow of fig. 4 achieves, through the above-mentioned mode, whether can provide network service for the garden terminal to confirm whether there is the demand of 5G dual domain private network at the garden terminal.
The above description is given by way of example of determining whether network services can be provided for a campus terminal.
An implementation method of the 5G dual-domain private network is described below by way of example with reference to fig. 5.
Fig. 5 is an interactive flow diagram of an implementation method of a 5G dual-domain private network according to an exemplary embodiment of the present application. The implementation method of the 5G dual-domain private network is implemented on the basis of the networking architecture shown in fig. 1. As shown in fig. 5, the implementation method of the 5G dual-domain private network includes the following steps.
S510, the park terminal sends a PDU session creation request to the AMF.
S520, the AMF forwards the PDU session creation request to the public network SMF.
S530, the public network SMF acquires DNAI of the park terminal from the PCF.
S540, the public network SMF judges whether DNAI of the park terminal is matched with any DNAI in a DNAI list in the public network SMF.
If so, forwarding the data packet accessed to the public network by the park terminal to the public network through the public network UPF. If not, the following step S550 is performed.
S550, the public network SMF cannot provide network services for the campus terminal, and sends DNAI of the campus terminal to the AMF.
S560, AMF selects the intranet SMF corresponding to DNAI of the park terminal to provide network service for the park terminal.
S570, the intranet SMF sends a PFCP session creation request to the intranet UPF.
The PFCP session between the intranet UPF and the intranet SMF is successfully created.
S580, the intranet UPF sends the PFCP session creation success information to the intranet SMF.
S590, the intranet SMF sends a session creation request to the public network SMF.
When receiving the session creation request sent by the intranet SMF, S5100, the public network SMF sends a PFCP session creation request carrying intranet UPF identification information to the public network UPF. The PFCP session creation between the public network SMF and the public network UPF is successful.
S5110, the public network UPF sends the PFCP session creation success information carrying the public network UPF identification information to the public network SMF.
S5120, the public network SMF sends PFCP session creation success information carrying the public network UPF identification information to the intranet SMF.
When the intranet SMF receives the PFCP session creation success information sent by the intranet UPF and the PFCP session creation success information carrying the public network UPF identification information sent by the public network SMF, S5130, an N9 tunnel is established between the intranet UPF and the public network UPF.
The network access method comprises the steps that an N9 tunnel is formed between an intranet UPF and a public network UPF, so that data packets of the campus terminal accessing the public network are forwarded to the public network through the N9 tunnel, and data packets of the campus terminal accessing the intranet are forwarded to the intranet through the intranet UPF, and therefore access of the target terminal to the intranet and the extranet is achieved.
Thus, the flow shown in fig. 5 is completed.
Through the effect that the flow of fig. 5 reached, through above-mentioned mode, realize not having "trade net trade card" convenient and fast visit intranet and extranet's purpose to satisfy the demand of nimble deployment under the stability of assurance transmission's the prerequisite.
Corresponding to the embodiment of the implementation method of the 5G dual-domain private network, the application also provides an embodiment of an implementation device of the 5G dual-domain private network.
The embodiment of the implementation device of the 5G dual-domain private network can be applied to a public network SMF. The apparatus embodiments may be implemented by software, or may be implemented by hardware or a combination of hardware and software. Taking a software implementation as an example, the device in a logic sense is formed by reading corresponding computer program instructions in a nonvolatile memory into a memory by a processor of a device where the device is located for operation. In terms of hardware, as shown in fig. 6, a hardware structure diagram of a device where the implementation apparatus of the 5G dual-domain private network of the present application is located is shown in fig. 6, and in addition to the processor, the memory, the network interface, and the nonvolatile memory shown in fig. 6, the device where the apparatus is located in the embodiment generally may further include other hardware according to the actual function of the device, which is not described herein.
Fig. 7 is a schematic structural diagram of an implementation device of a 5G dual-domain private network according to an embodiment of the present application. The implementation device 700 of the 5G dual-domain private network provided by the embodiment of the application is applied to the public network SMF arranged in an enterprise park. As shown in fig. 7, the implementation apparatus 700 of the 5G dual-domain private network includes an acquisition module 710, a determination module 720, and a tunnel establishment module 730.
An obtaining module 710 configured to obtain, from the policy control function network element PCF, a data network access identifier DNAI registered by the campus terminal based on a received protocol data unit PDU session creation request initiated by the campus terminal;
the determining module 720 is configured to determine that the local public network SMF cannot provide network services for the campus terminal according to the DNAI, and trigger the public network AMF to select the intranet SMF that provides network services for the campus terminal based on the DNAI;
the tunnel establishment module 730 is configured to receive a session creation request initiated by the intranet SMF, where the session creation request carries an intranet user plane function network element UPF selected by the intranet SMF, trigger an N9 tunnel to be established between the intranet UPF and the public network UPF, so that a data packet accessed by the campus terminal to the public network is forwarded to the public network through the N9 tunnel by the intranet UPF, and forward a data packet accessed by the campus terminal to the campus intranet through the intranet UPF.
In an embodiment of the present application, triggering the public network AMF to select an intranet SMF for providing network services for a campus terminal based on DNAI includes:
and sending a message to the public network AMF, wherein the message carries DNAI, and the message is used for indicating the public network AMF to select the intranet SMF for providing network service for the park terminal based on the DNAI.
In an embodiment of the present application, triggering the establishment of the N9 tunnel between the intranet UPF and the public network UPF includes:
a data forwarding control protocol (PFCP) session creation request carrying an intranet UPF identifier is sent to a public network UPF so as to create a PFCP session with the public network UPF;
after the PFCP session is successfully created, a PFCP session creation success message is sent to the intranet SMF, the PFCP session creation success message carries the identifier of the public network UPF, so that the intranet SMF sends the identifier of the public network UPF to the intranet UPF, and the intranet UPF and the public network UPF establish an N9 tunnel.
In an embodiment of the present application, determining that the SMF of the present public network cannot provide network services for the campus terminal according to DNAI includes:
checking whether DNAI is matched with any DNAI in a DNAI list obtained by the SMF of the public network, if not, determining that the SMF of the public network can not provide network service for a park terminal; the DNAI list records the DNAIs supported by the public network SMF.
In an embodiment of the present application, if it is determined that the public network SMF supports providing network services for the campus terminal according to DNAI, the method further includes:
and forwarding the data packet accessed to the public network by the park terminal to the public network through the public network UPF.
The embodiment of the application also provides a 5G dual-domain private network system, which comprises: the method is applied to public network session management function network elements SMF of a 5G core network, intranet session management function network elements SMF deployed in a campus intranet and intranet user plane function network elements UPF.
A public network SMF for performing the steps of the method as in the above embodiment;
any intranet SMF, when the public network SMF determines that network service can not be provided for the park terminal, if the public network SMF is selected to provide the network service for the park terminal, a session creation request initiated by the public network SMF is sent; the session creation request carries an identifier of an intranet user plane function network element UPF selected by the intranet SMF, so that the public network SMF triggers an N9 tunnel to be established between the intranet UPF and the public network UPF based on the identifier of the UPF carried by the session creation request;
after an N9 tunnel is established between any intranet UPF and the public network UPF, forwarding the data packet of the park terminal accessing the public network to the public network through the N9 tunnel, and forwarding the data packet of the park terminal accessing the park intranet to the park intranet through the intranet UPF.
The implementation process of the functions and roles of the public network SMF of the system is specifically shown in the implementation process of the corresponding steps in the above embodiment, and will not be described herein.
For the device embodiments, reference is made to the description of the method embodiments for the relevant points, since they essentially correspond to the method embodiments. The apparatus embodiments described above are merely illustrative, wherein elements illustrated as separate elements may or may not be physically separate, and elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purposes of the present application. Those of ordinary skill in the art will understand and implement the present application without undue burden.
Embodiments of the subject matter and the functional operations described in this specification can be implemented in: digital electronic circuitry, tangibly embodied computer software or firmware, computer hardware including the structures disclosed in this specification and structural equivalents thereof, or a combination of one or more of them. Embodiments of the subject matter described in this specification can be implemented as one or more computer programs, i.e., one or more modules of computer program instructions encoded on a tangible, non-transitory program carrier for execution by, or to control the operation of, data processing apparatus. Alternatively or additionally, the program instructions may be encoded on a manually-generated propagated signal, e.g., a machine-generated electrical, optical, or electromagnetic signal, that is generated to encode and transmit information to suitable receiver apparatus for execution by data processing apparatus. The computer storage medium may be a machine-readable storage device, a machine-readable storage substrate, a random or serial access memory device, or a combination of one or more of them.
The processes and logic flows described in this specification can be performed by one or more programmable computers executing one or more computer programs to perform corresponding functions by operating on input data and generating output. The processes and logic flows can also be performed by, and apparatus can also be implemented as, special purpose logic circuitry, e.g., an FPGA (field programmable gate array) or an ASIC (application-specific integrated circuit).
Computers suitable for executing computer programs include, for example, general purpose and/or special purpose microprocessors, or any other type of central processing unit. Typically, the central processing unit will receive instructions and data from a read only memory and/or a random access memory. The essential elements of a computer include a central processing unit for carrying out or executing instructions and one or more memory devices for storing instructions and data. Typically, a computer will also include, or be operatively coupled to receive data from or transfer data to, or both, one or more mass storage devices for storing data, e.g., magnetic, magneto-optical disks, or optical disks, etc. However, a computer does not have to have such a device. Furthermore, the computer may be embedded in another device, such as a mobile phone, a Personal Digital Assistant (PDA), a mobile audio or video player, a game console, a Global Positioning System (GPS) receiver, or a portable storage device such as a Universal Serial Bus (USB) flash drive, to name a few.
Computer readable media suitable for storing computer program instructions and data include all forms of non-volatile memory, media and memory devices including, for example, semiconductor memory devices (e.g., EPROM, EEPROM, and flash memory devices), magnetic disks (e.g., internal hard disk or removable disks), magneto-optical disks, and CD-ROM and DVD-ROM disks. The processor and the memory can be supplemented by, or incorporated in, special purpose logic circuitry.
While this specification contains many specific implementation details, these should not be construed as limitations on the scope of any application or of what may be claimed, but rather as descriptions of features of specific embodiments of particular applications. Certain features that are described in this specification in the context of separate embodiments can also be implemented in combination in a single embodiment. On the other hand, the various features described in the individual embodiments may also be implemented separately in the various embodiments or in any suitable subcombination. Furthermore, although features may be acting in certain combinations and even initially claimed as such, one or more features from a claimed combination can in some cases be excised from the combination, and the claimed combination may be directed to a subcombination or variation of a subcombination.
Similarly, although operations are depicted in the drawings in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order, or that all illustrated operations be performed, to achieve desirable results. In some cases, multitasking and parallel processing may be advantageous. Moreover, the separation of various system modules and components in the embodiments described above should not be understood as requiring such separation in all embodiments, and it should be understood that the described program components and systems can generally be integrated together in a single software product or packaged into multiple software products.
Thus, particular embodiments of the subject matter have been described. Other embodiments are within the scope of the following claims. In some cases, the actions recited in the claims can be performed in a different order and still achieve desirable results. Furthermore, the processes depicted in the accompanying drawings are not necessarily required to be in the particular order shown, or sequential order, to achieve desirable results. In some implementations, multitasking and parallel processing may be advantageous.
The foregoing description of the preferred embodiments of the application is not intended to be limiting, but rather is intended to cover all modifications, equivalents, alternatives, and improvements that fall within the spirit and scope of the application.
Claims (9)
1. The implementation method of the 5G dual-domain private network is characterized by being applied to a public network session management function network element SMF of a 5G core network, wherein the 5G core network is connected with a campus intranet, the campus intranet is provided with an intranet session management function network element SMF and an intranet user plane function network element UPF, and the method comprises the following steps:
based on a received protocol data unit PDU session creation request initiated by a park terminal, obtaining a registered data network access identifier DNAI of the park terminal from a policy control function network element PCF;
if the DNAI is not matched with any DNAI in the DNAI list obtained by the public network SMF, determining that the public network SMF cannot provide network service for the park terminal, and triggering the public network AMF to select an intranet SMF for providing network service for the park terminal based on the DNAI; the DNAI list records each DNAI supported by the SMF of the public network;
receiving a session creation request initiated by the intranet SMF, wherein the session creation request carries an identifier of an intranet user plane function network element UPF selected by the intranet SMF, triggering the establishment of an N9 tunnel between the intranet UPF and a public network UPF, forwarding a data packet accessed by the campus terminal to the public network through the N9 tunnel to the public network by the intranet UPF, and forwarding the data packet accessed by the campus terminal to the campus intranet by the intranet UPF.
2. The method of claim 1, wherein the triggering the public network AMF to select an intranet SMF that provides network services for the campus terminal based on the DNAI comprises:
and sending a message to the public network AMF, wherein the message carries the DNAI, and the message is used for indicating the public network AMF to select the intranet SMF for providing the network service for the park terminal based on the DNAI.
3. The method of claim 1, wherein the triggering the establishment of the N9 tunnel between the intranet UPF and the public network UPF comprises:
a data forwarding control protocol (PFCP) session creation request carrying an intranet UPF identifier is sent to the public network UPF so as to create a PFCP session with the public network UPF;
after the PFCP session is successfully created, a PFCP session creation success message is sent to the intranet SMF, wherein the PFCP session creation success message carries an identifier of a public network UPF, so that the intranet SMF sends the identifier of the public network UPF to the intranet UPF, and an N9 tunnel is established between the intranet UPF and the public network UPF.
4. The method of claim 1, wherein if it is determined that the public network SMF supports providing network services for the campus terminal according to the DNAI, the method further comprises:
and forwarding the data packet accessed to the public network by the park terminal to the public network through the public network UPF.
5. A 5G dual-domain private network system, comprising: the public network session management function network element SMF applied to the 5G core network, the intranet session management function network element SMF deployed in the campus intranet and the intranet user plane function network element UPF;
a public network SMF for performing the steps of the method according to any of claims 1 to 4;
any intranet SMF, when the public network SMF determines that network service can not be provided for the park terminal, if the public network SMF is selected to provide the network service for the park terminal, a session creation request initiated by the public network SMF is sent; the session creation request carries the identifier of the intranet user plane function network element UPF selected by the intranet SMF, so that the public network SMF triggers the establishment of an N9 tunnel between the intranet UPF and the public network UPF based on the identifier of the UPF carried by the session creation request;
after an N9 tunnel is established between any intranet UPF and the public network UPF, forwarding the data packet of the campus terminal accessing the public network to the public network through the N9 tunnel, and forwarding the data packet of the campus terminal accessing the campus intranet to the campus intranet through the intranet UPF.
6. The utility model provides a realization device of 5G dual-domain private network, its characterized in that is applied to the public network session management function network element SMF of 5G core network, and 5G core network is the intranet in the park down, and intranet session management function network element SMF and intranet user plane function network element UPF have been deployed to the intranet in the park, and the device includes:
an obtaining module, configured to obtain a registered data network access identifier DNAI of a park terminal from a policy control function network element PCF based on a received protocol data unit PDU session creation request initiated by the park terminal;
a determining module, configured to determine that the public network SMF cannot provide network services for the campus terminal if the DNAI does not match any DNAI in the DNAI list obtained by the public network SMF, and trigger the public network AMF to select an intranet SMF that provides network services for the campus terminal based on the DNAI; the DNAI list records each DNAI supported by the SMF of the public network;
the tunnel establishment module is configured to receive a session establishment request initiated by the intranet SMF, wherein the session establishment request carries an intranet user plane function network element UPF selected by the intranet SMF, trigger an N9 tunnel to be established between the intranet UPF and a public network UPF, forward a data packet accessed by the campus terminal to the public network through the N9 tunnel to the public network by the intranet UPF, and forward the data packet accessed by the campus terminal to the campus network to the campus intranet by the intranet UPF.
7. The apparatus of claim 6, wherein the triggering the public network AMF to select an intranet SMF that provides network services for the campus terminal based on the DNAI comprises:
sending a message to the public network AMF, wherein the message carries the DNAI, and the message is used for indicating the public network AMF to select an intranet SMF for providing network service for the park terminal based on the DNAI;
wherein triggering the establishment of the N9 tunnel between the intranet UPF and the public network UPF includes:
a data forwarding control protocol (PFCP) session creation request carrying an intranet UPF identifier is sent to the public network UPF so as to create a PFCP session with the public network UPF;
after the PFCP session is successfully created, a PFCP session creation success message is sent to the intranet SMF, wherein the PFCP session creation success message carries an identifier of a public network UPF, so that the intranet SMF sends the identifier of the public network UPF to the intranet UPF, and an N9 tunnel is established between the intranet UPF and the public network UPF.
8. An electronic device, comprising:
a processor; and
a memory in which computer program instructions are stored which, when executed by the processor, cause the processor to perform the method of any one of claims 1 to 4.
9. A computer readable storage medium, having stored thereon computer program instructions which, when executed by a processor, cause the processor to perform the method of any of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310793041.XA CN116528397B (en) | 2023-06-29 | 2023-06-29 | Method and device for realizing 5G (fourth generation) dual-domain private network and 5G dual-domain private network system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310793041.XA CN116528397B (en) | 2023-06-29 | 2023-06-29 | Method and device for realizing 5G (fourth generation) dual-domain private network and 5G dual-domain private network system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116528397A CN116528397A (en) | 2023-08-01 |
| CN116528397B true CN116528397B (en) | 2023-09-19 |
Family
ID=87406675
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310793041.XA Active CN116528397B (en) | 2023-06-29 | 2023-06-29 | Method and device for realizing 5G (fourth generation) dual-domain private network and 5G dual-domain private network system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116528397B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117042069B (en) * | 2023-09-28 | 2024-02-27 | 新华三技术有限公司 | Path switching method and device applied to 5G core network and electronic equipment |
| CN117041969B (en) * | 2023-09-28 | 2024-01-02 | 新华三技术有限公司 | Access method, system and device of 5G dual-domain private network and electronic equipment |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021250374A1 (en) * | 2020-06-12 | 2021-12-16 | Darwin Innovation Group Ltd | Access traffic management |
| WO2022022322A1 (en) * | 2020-07-31 | 2022-02-03 | 华为技术有限公司 | Method and device for accessing local network |
| CN114175600A (en) * | 2019-08-20 | 2022-03-11 | 华为技术有限公司 | Method and device for acquiring information |
| CN114339747A (en) * | 2020-09-29 | 2022-04-12 | 中国电信股份有限公司 | Virtual private dial-up network access method, network side system, system and storage medium |
| CN115002769A (en) * | 2022-05-23 | 2022-09-02 | 中国电信股份有限公司 | Flow shunting method, core network element, electronic equipment and medium |
| WO2022193086A1 (en) * | 2021-03-15 | 2022-09-22 | 华为技术有限公司 | Communication method, communication apparatus and communication system |
| CN115462123A (en) * | 2020-04-02 | 2022-12-09 | Idac控股公司 | Interworking of extended 5G local area networks with home networks and change to access networks of 5G LAN connected devices |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117544941A (en) * | 2018-01-12 | 2024-02-09 | 华为技术有限公司 | Session management method, device and system |
| CN112448875B (en) * | 2019-08-28 | 2023-10-20 | 华为技术有限公司 | Communication processing method, communication processing device and system |
| JP2021175109A (en) * | 2020-04-27 | 2021-11-01 | 日本電気株式会社 | Ue, af device, smf device, and method thereof |
-
2023
- 2023-06-29 CN CN202310793041.XA patent/CN116528397B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114175600A (en) * | 2019-08-20 | 2022-03-11 | 华为技术有限公司 | Method and device for acquiring information |
| CN115462123A (en) * | 2020-04-02 | 2022-12-09 | Idac控股公司 | Interworking of extended 5G local area networks with home networks and change to access networks of 5G LAN connected devices |
| WO2021250374A1 (en) * | 2020-06-12 | 2021-12-16 | Darwin Innovation Group Ltd | Access traffic management |
| WO2022022322A1 (en) * | 2020-07-31 | 2022-02-03 | 华为技术有限公司 | Method and device for accessing local network |
| CN114339747A (en) * | 2020-09-29 | 2022-04-12 | 中国电信股份有限公司 | Virtual private dial-up network access method, network side system, system and storage medium |
| WO2022193086A1 (en) * | 2021-03-15 | 2022-09-22 | 华为技术有限公司 | Communication method, communication apparatus and communication system |
| CN115002769A (en) * | 2022-05-23 | 2022-09-02 | 中国电信股份有限公司 | Flow shunting method, core network element, electronic equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116528397A (en) | 2023-08-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN116528397B (en) | Method and device for realizing 5G (fourth generation) dual-domain private network and 5G dual-domain private network system | |
| CN1902877B (en) | Apparatus and method of controlling unsolicited traffic destined to wireless communication device | |
| EP2342869B1 (en) | System and method for managing and appling history information of terminal in converged personal network service environment, and converged personal network service server, mobile communication and end device therefor | |
| EP2884785B1 (en) | Service Sharing System and Apparatus | |
| EP1796342B1 (en) | A method for transmitting requests | |
| US9288828B2 (en) | Method, apparatus and system for accessing service by mobile station | |
| TWI338527B (en) | System and method for resolving contention among applications requiring data connections between a mobile communications device and a wireless network | |
| TW201234830A (en) | Methods and apparatus for access control client assisted roaming | |
| US20130339464A1 (en) | Contact and identity management in a heterogeneous network with disparate clients | |
| US20090023426A1 (en) | Intelligent real access point name (apn) selection using virtual apns | |
| US7853705B2 (en) | On demand session provisioning of IP flows | |
| CN104584490A (en) | Data transmitting method and device | |
| US9439240B1 (en) | Mobile communication system identity pairing | |
| EP4192184A1 (en) | Pdu session establishment method, terminal device, and chip system | |
| JP2017516407A (en) | Method for updating RPLMN information and user equipment | |
| EP4184988A1 (en) | Network slicing management system, application server and terminal device | |
| RU2304853C2 (en) | Method for transferring service data to users of wireless local network | |
| EP4197136B1 (en) | Policy control for redundant transmissions | |
| WO2019161939A1 (en) | Methods, devices, and computer programs for provisioning or controlling operator profiles in terminals | |
| CN109644178A (en) | RCS originates bifurcated | |
| CN105247502A (en) | Contextual display apparatus and methods | |
| JP2005136615A (en) | Mobile communication terminal, mobile communication management device, mobile communication system, mobile communication terminal program, mobile communication management program and mobile communication method | |
| CN109511118A (en) | WLAN access exception processing method, mobile terminal and usim card | |
| WO2003067836A2 (en) | Optimization of point-to-point sessions | |
| CN102573014B (en) | To the method and apparatus of user's data message transmission of employing plurality of access modes |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |