CN117938989A - Method, device, equipment and storage medium for associating 5G signaling with user data - Google Patents

Method, device, equipment and storage medium for associating 5G signaling with user data Download PDF

Info

Publication number
CN117938989A
CN117938989A CN202410305659.1A CN202410305659A CN117938989A CN 117938989 A CN117938989 A CN 117938989A CN 202410305659 A CN202410305659 A CN 202410305659A CN 117938989 A CN117938989 A CN 117938989A
Authority
CN
China
Prior art keywords
message
signaling
gtp
hash bucket
user information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202410305659.1A
Other languages
Chinese (zh)
Other versions
CN117938989B (en
Inventor
唐靖飚
陈龙龙
屈晓阳
陈一骄
杨白
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan Rongteng Network Technology Co ltd
Original Assignee
Hunan Rongteng Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan Rongteng Network Technology Co ltd filed Critical Hunan Rongteng Network Technology Co ltd
Priority to CN202410305659.1A priority Critical patent/CN117938989B/en
Publication of CN117938989A publication Critical patent/CN117938989A/en
Application granted granted Critical
Publication of CN117938989B publication Critical patent/CN117938989B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W92/00Interfaces specially adapted for wireless communication networks
    • H04W92/16Interfaces between hierarchically similar devices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a method, a device, equipment and a storage medium for associating 5G signaling with user data, which relate to the technical field of communication and comprise the following steps: receiving an initial GTP-U data message transmitted through an N3 interface; extracting an outer layer IP and a GTP protocol TEID of an initial GTP-U data message; querying a target user information hash bucket node by using an outer layer IP and a GTP protocol TEID; acquiring a target user data label stored in a target user information hash bucket node; the target user data label is a label generated according to the signaling message transmitted by the N11 interface; and adding the target user data label to the initial GTP-U data message to obtain a target GTP-U data message, and outputting the target GTP-U data message. The application saves the cost of link construction and maintenance and reduces the risk of user information leakage.

Description

Method, device, equipment and storage medium for associating 5G signaling with user data
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method, an apparatus, a device, and a computer readable storage medium for associating 5G signaling with user data.
Background
With the rapid development of mobile internet technology, mobile internet data traffic has been increased explosively, and it is difficult for a 4G (the 4th generation mobile communication technology, fourth generation mobile communication technology) mobile communication system to meet application scene requirements of end users for large bandwidth, low latency, high concurrency, etc. Therefore, 3GPP (3 rd Generation Partnership Project, third generation partnership project) has introduced a fifth generation mobile communication system (5 th-Generation Mobile Communication Technology, 5G). To meet the above application scenario requirements, 5G networks use many new technologies, including using higher frequency spectrum, which also results in poor ability of 5G signals to penetrate obstacles, small coverage, coverage of the same size area, and much higher 5G base station density than 4G.
To ensure the security of network data, the network security department needs to monitor the user data, so that the 5G signaling needs to be associated with the data. The existing 5G signaling and data association method mainly adopts an N2/N4 interface to realize a scheme of associating the 5G signaling and the data, and needs to split light from a large number of N2/N4 interfaces, extract user three-code information, position information and user IP in N2 and N4 interfaces, generate user nodes through a UPF N3 interface side tunnel TEID (Tunnel Endpoint Identifier) and the like, and use an inner layer IP and a TEID of an N3 interface GTP-U message to realize the association of a signaling surface and user data. Although the method can correctly associate the 5G signaling with the user data, the method increases the cost and difficulty of link construction and maintenance because of the need of splitting light from a large number of N2/N4 interfaces. And PFCP (Packet Forwarding Control Policy) protocol messages of the N4 interface do not support encryption, and the light is split from the interface, so that the risk of information leakage of users is increased.
In summary, how to effectively solve the problems of high cost, high difficulty, high risk of user information leakage and the like of the link construction and maintenance of the existing 5G signaling and data association method is a problem which needs to be solved by the present technicians in the field.
Disclosure of Invention
The application aims to provide a method for associating 5G signaling with user data, which saves the cost of link construction and maintenance and reduces the risk of user information leakage; it is another object of the present application to provide an apparatus, device and computer readable storage medium for associating 5G signaling with user data.
In order to solve the technical problems, the application provides the following technical scheme:
a method of associating 5G signaling with user data, comprising:
receiving an initial GTP-U data message transmitted through an N3 interface;
extracting an outer layer IP and a GTP protocol TEID of the initial GTP-U data message;
querying a target user information hash bucket node by utilizing the outer layer IP and the GTP protocol TEID;
Acquiring a target user data tag stored in the target user information hash bucket node; the target user data tag is a tag generated according to a signaling message transmitted by an N11 interface;
and adding the target user data tag to the initial GTP-U data message to obtain a target GTP-U data message, and outputting the target GTP-U data message.
In one embodiment of the present application, receiving an initial GTP-U data packet incoming over an N3 interface includes:
receiving a data message from a service processing board panel;
analyzing the data message to obtain a target message port of the data message;
Judging whether the port number of the target message port is a GTP-U protocol 2152 port number of an N3 interface;
if yes, determining the data message as the initial GTP-U data message.
In a specific embodiment of the present application, the method further includes a process for generating the target user information hash bucket node, where the process for generating the target user information hash bucket node includes:
Receiving a signaling message from a service processing board panel;
Transmitting the signaling message to a signaling acquisition board by using an exchange control board;
receiving a user data tag message returned by the signaling acquisition board;
Carrying out hash calculation by utilizing the UPF network element N3 interface side IP and the UPF network element N3 interface side tunnel TEID in the user data tag message to generate a user information hash bucket uplink direction node;
carrying out hash calculation by utilizing the UPF network element N3 interface side IP and the RAN network element N3 interface side tunnel TEID in the user data label message to generate a user information hash bucket downlink direction node;
the target user information hash bucket node comprises the user information hash bucket uplink direction node and the user information hash bucket downlink direction node.
In a specific embodiment of the present application, querying the target user information hash bucket node by using the outer IP and GTP protocol TEID includes:
inquiring the uplink direction node of the user information hash bucket by utilizing the destination IP of the outer IP header and the GTP protocol TEID;
judging whether the inquiry is successful or not;
if yes, determining the uplink direction node of the user information hash bucket as the target user information hash bucket node.
In a specific embodiment of the present application, querying the target user information hash bucket node by using the outer IP and GTP protocol TEID includes:
inquiring the downlink direction node of the user information hash bucket by using the source IP of the outer IP header and the GTP protocol TEID;
judging whether the inquiry is successful or not;
if yes, determining the downlink direction node of the user information hash bucket as the target user information hash bucket node.
In a specific embodiment of the present application, the method further includes a process of generating the user data tag packet by the signaling acquisition board, where the process of generating the user data tag packet by the signaling acquisition board includes:
Judging whether the signaling message is an http2 signaling message or not by utilizing the signaling acquisition board;
If yes, decompressing the head of the http2 signaling message to obtain the decompressed http2 head;
Judging whether the signaling message is an N11 interface message according to the decompressed http2 header;
If yes, extracting user three-code information, position information, UPF network element N3 interface side IP, UPF network element N3 interface side tunnel TEID, RAN network element N3 interface side IP, RAN network element N3 interface side tunnel TEID from the signaling message;
generating the target user information hash bucket node according to the user three-code information, the position information, the UPF network element N3 interface side IP, the UPF network element N3 interface side tunnel TEID, the RAN network element N3 interface side IP and the RAN network element N3 interface side tunnel TEID;
and generating the user data tag message according to the target user information hash bucket node.
In a specific embodiment of the present application, after generating the target user information hash bucket node according to the user three-code information, the location information, the UPF network element N3 interface side IP, the UPF network element N3 interface side tunnel TEID, the RAN network element N3 interface side IP, and the RAN network element N3 interface side tunnel TEID, the method further includes:
And establishing an association relation between the user imsi of the signaling message and the target user information hash bucket node.
An apparatus for associating 5G signaling with user data, comprising:
The data message receiving module is used for receiving an initial GTP-U data message transmitted through an N3 interface;
the information extraction module is used for extracting the outer layer IP and the GTP protocol TEID of the initial GTP-U data message;
the node query module is used for querying the target user information hash bucket node by utilizing the outer layer IP and the GTP protocol TEID;
The label generation module is used for acquiring the target user data labels stored in the target user information hash bucket nodes; the target user data tag is a tag generated according to a signaling message transmitted by an N11 interface;
And the message output module is used for adding the target user data tag to the initial GTP-U data message to obtain a target GTP-U data message and outputting the target GTP-U data message.
An apparatus for associating 5G signaling with user data, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the association method of 5G signalling and user data as described above when executing said computer program.
A computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of the method of associating 5G signalling with user data as described above.
The application provides a method for associating 5G signaling with user data, which receives an initial GTP-U data message transmitted through an N3 interface; extracting an outer layer IP and a GTP protocol TEID of an initial GTP-U data message; querying a target user information hash bucket node by using an outer layer IP and a GTP protocol TEID; acquiring a target user data label stored in a target user information hash bucket node; the target user data label is a label generated according to the signaling message transmitted by the N11 interface; and adding the target user data label to the initial GTP-U data message to obtain a target GTP-U data message, and outputting the target GTP-U data message.
According to the technical scheme, the 5G core network light splitting scheme is simpler by light splitting at the N11 interface and the N3 interface of the data plane of the 5G core network signaling plane, and the cost of link construction and maintenance is saved. Because the N11 interface uses the http2 protocol and adopts Hpack header compression technology, the security is higher than that of the PFCP protocol message of the N4 interface, and the risk of information leakage of users is reduced. The association method of the 5G signaling and the user data is simple in logic, safe and effective.
Correspondingly, the application also provides a device, equipment and a computer readable storage medium for associating the 5G signaling with the user data, which correspond to the method for associating the 5G signaling with the user data, and have the technical effects and are not repeated herein.
Drawings
In order to more clearly illustrate the embodiments of the application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flowchart of an implementation of a method for associating 5G signaling with user data according to an embodiment of the present application;
Fig. 2 is a schematic structural diagram of a 5G topology network according to an embodiment of the present application;
FIG. 3 is a frame diagram of a signaling acquisition splitter chassis in an embodiment of the application;
Fig. 4 is a flowchart of another implementation of a method for associating 5G signaling with user data according to an embodiment of the present application;
Fig. 5 is a block diagram of a device for associating 5G signaling with user data according to an embodiment of the present application;
fig. 6 is a block diagram of a device for associating 5G signaling with user data according to an embodiment of the present application;
Fig. 7 is a schematic diagram of a specific structure of a device for associating 5G signaling with user data according to this embodiment.
Detailed Description
In order to better understand the aspects of the present application, the present application will be described in further detail with reference to the accompanying drawings and detailed description. It will be apparent that the described embodiments are only some, but not all, embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
Referring to fig. 1, fig. 1 is a flowchart illustrating an implementation of a method for associating 5G signaling with user data according to an embodiment of the present application, where the method may include the following steps:
S101: and receiving an initial GTP-U data message transmitted through an N3 interface.
Referring to fig. 2 and fig. 3, fig. 2 is a schematic structural diagram of a 5G topology network according to an embodiment of the present application, and fig. 3 is a frame diagram of a signaling acquisition splitter frame according to an embodiment of the present application. And inputting GTP-U data messages to a panel of a service processing board in a signaling acquisition splitter frame through N3 interface link splitting in the 5G topology network. The signaling acquisition splitter frame receives an initial GTP-U data message transmitted through an N3 interface.
S102: and extracting the outer layer IP and GTP protocol TEID of the initial GTP-U data message.
The initial GTP-U data message contains an outer IP (Internet Protocol, internetworking protocol) and GTP protocol TEID (Tunnel End Point identifier, tunnel endpoint identification). And after receiving the initial GTP-U data message transmitted through the N3 interface, extracting the outer layer IP and the GTP protocol TEID of the initial GTP-U data message.
S103: and querying the target user information hash bucket node by using the outer layer IP and the GTP protocol TEID.
And generating a user information hash bucket node in advance according to a user data label message comprising the outer layer IP and the GTP protocol TEID, and inquiring a target user information hash bucket node by utilizing the outer layer IP and the GTP protocol TEID after extracting the outer layer IP and the GTP protocol TEID of the initial GTP-U data message.
S104: acquiring a target user data label stored in a target user information hash bucket node; the target user data label is a label generated according to the signaling message transmitted by the N11 interface.
As shown in fig. 2, a signaling message is input to a panel of a service processing board in a signaling acquisition splitter frame through an N11 interface link split in a 5G topology network, a user data tag is generated according to the signaling message, and the user data tag is stored through a user information hash bucket node. And after the target user information hash bucket node is queried, acquiring the target user data label stored in the target user information hash bucket node.
S105: and adding the target user data label to the initial GTP-U data message to obtain a target GTP-U data message, and outputting the target GTP-U data message.
After the target user data label stored in the target user information hash bucket node is obtained, the target user data label is added to the initial GTP-U data message to obtain a target GTP-U data message, and the target GTP-U data message is output. By adding the target user data tag to the initial GTP-U data message, for example, the target user data tag can be added to the tail part of the initial GTP-U data message, so that the effective identification of the user data is realized, the user data is conveniently monitored, and the network security is improved.
According to the technical scheme, the 5G core network light splitting scheme is simpler by light splitting at the N11 interface and the N3 interface of the data plane of the 5G core network signaling plane, and the cost of link construction and maintenance is saved. Because the N11 interface uses http2 protocol (the second edition of hypertext transfer protocol), and adopts Hpack (HEAD FIELD Table Packing) header compression technology, the security is higher than that of the PFCP (Packet Forwarding Control Protocol ) protocol message of the N4 interface, and the risk of user information leakage is reduced. The association method of the 5G signaling and the user data is simple in logic, safe and effective.
It should be noted that, based on the above embodiments, the embodiments of the present application further provide corresponding improvements. The following embodiments relate to the same steps as those in the above embodiments or the steps corresponding to the steps may be referred to each other, and the corresponding beneficial effects may also be referred to each other, which will not be described in detail in the following modified embodiments.
Referring to fig. 4, fig. 4 is a flowchart illustrating another implementation of a method for associating 5G signaling with user data according to an embodiment of the present application, where the method may include the following steps:
s401: data messages are received from the service processing board panel.
And inputting the data message to a panel of a service processing board in the signaling acquisition and distribution device frame through the N3 interface link splitting in the 5G topology network, and receiving the data message from the panel of the service processing board by using the service processing board of the signaling acquisition and distribution device frame.
S402: and analyzing the data message to obtain a target message port of the incoming data message.
The data message comprises message port information of the incoming data message, and after the data message is received, the data message is analyzed to obtain a target message port of the incoming data message.
S403: and judging whether the port number of the target message port is the GTP-U protocol 2152 port number of the N3 interface, if so, executing step S404, and if not, not processing.
After the target message port of the incoming data message is obtained by parsing, it is determined whether the port number of the target message port is the GTP-U protocol 2152 port number of the N3 interface, if yes, step S404 is executed, and if not, no processing is performed.
And judging whether the incoming data message is a GTP-U data message or not by analyzing the port number of the target message port of the incoming data message.
S404: the data message is determined to be an initial GTP-U data message.
When the port number of the target message port is determined to be the GTP-U protocol 2152 port number of the N3 interface, the data message is determined to be the initial GTP-U data message.
S405: and extracting the outer layer IP and GTP protocol TEID of the initial GTP-U data message.
S406: and querying the target user information hash bucket node by using the outer layer IP and the GTP protocol TEID.
In a specific embodiment of the present application, the method may further include a process for generating a target user information hash bucket node, and the process for generating the target user information hash bucket node may include the steps of:
Step one: receiving a signaling message from a service processing board panel;
Step two: transmitting the signaling message to a signaling acquisition board by using an exchange control board;
step three: receiving a user data label message returned by the signaling acquisition board;
step four: carrying out hash calculation by using the UPF network element N3 interface side IP and the UPF network element N3 interface side tunnel TEID in the user data label message to generate a user information hash bucket uplink direction node;
Step five: carrying out hash calculation by using the UPF network element N3 interface side IP and the RAN network element N3 interface side tunnel TEID in the user data label message to generate a user information hash bucket downlink direction node;
The target user information hash bucket node comprises a user information hash bucket uplink direction node and a user information hash bucket downlink direction node.
For convenience of description, the above five steps may be combined for explanation.
Before transmitting the data message, firstly transmitting the signaling message to the service processing board panel through the N11 interface, receiving the signaling message from the service processing board panel by using the service processing board in the signaling acquisition splitter frame, transmitting the signaling message to the signaling acquisition board by using the switching control board in the signaling acquisition splitter frame, generating a user data tag message according to the signaling message after the signaling acquisition board receives the signaling message, and returning the user data tag message to the service processing board.
As shown in fig. 2, the service processing board receives a user data tag packet returned by the signaling acquisition board, performs hash computation by using a UPF (User Plane Function ) network element N3 interface side IP and a UPF network element N3 interface side tunnel TEID in the user data tag packet, generates a user information hash bucket uplink node, performs hash (hash key) computation by using the UPF network element N3 interface side IP and a RAN (Radio Access Network ) network element N3 interface side tunnel TEID in the user data tag packet, generates a user information hash bucket downlink node, and the user information hash bucket uplink node and the user information hash bucket downlink node form a target user information hash bucket node. By constructing the uplink direction node of the user information hash bucket and the downlink direction node of the user information hash bucket, when the user information hash bucket node is queried, the signaling and the user data are successfully associated as long as any one direction query is successful.
After receiving the user data label message, the service processing board can establish, update and delete the uplink direction node of the user information hash bucket and/or the downlink direction node of the user information hash bucket according to the action attribute of the user data label message.
The step of analyzing and processing the N11 interface signaling message by the signaling acquisition board may include:
1. if the message is an N11 interface nsmf-pdusession signaling message, and the value of requestType in the signaling message is an input_request type, which indicates that the message is a user online REQUEST message, extracting user three-code information, position information and pdu session id information, and establishing a hash mapping relation of imsi-user information.
2. If the message is an N11 interface namf-comm signaling message, and the value of NGAPIETYPE in the signaling message is pdu_res_setup_req, which indicates that the message is a user resource establishment request message, extracting an AMF network element N11 interface side ip, an http2 message data frame flow identifier (DATA STREAM IDENTIFIER), an imsi, a PDU session id, a UPF network element N3 interface side ip, a tunnel TEID, and the like, and using hash mapping of imsi-, user information, newly adding or updating the UPF network element N3 interface side ip and the tunnel TEID information under the corresponding PDU session id, and establishing a hash mapping relationship between the AMF network element N11 interface side ip and the http2 message data frame flow identifier-, user information.
3. If the signaling message is an N11 interface nsmf-pdusession signaling message, and the value of N2SmInfoType in the signaling message is a pdu_res_setup_rsp type, which indicates that the message is a user resource establishment response message, extracting an AMF network element N11 interface side ip, an http2 message data frame flow identifier, an SM context ID (smContextsRef, a session management context identifier), location information, a RAN network element N3 interface side ip, a tunnel TEID, and the like, and using a mapping relationship between the AMF network element N11 interface side ip and the http2 message data frame flow identifier-user information to newly add or update location information, and a RAN network element N3 interface side ip, a tunnel TEID. And establishing a hash mapping relation of user information of the Ip and SM context ID of the N11 interface side of the AMF network element. At this time, the user pdu session is successfully created, and a generated user data tag message is sent to the service processing board, and the action attribute is added.
4. If the signaling message is an N11 interface nsmf-pdusession signaling message, and the value of N2SmInfoType in the signaling message is a pdu_res_rel_rsp type, which indicates that the message is a user downlink resource release response message, extracting an AMF network element N11 interface side ip, an SM context ID, and the like, and deleting all hash maps of the user PDU session by using a mapping relationship of user information of the AMF network element N11 interface side ip and the SM context ID-. At this time, the pdu session is logged off, and a user data tag message is generated and sent to the service processing board, where the action attribute is deletion.
In one embodiment of the present application, step S406 may include the steps of:
Step one: inquiring the uplink direction node of the user information hash bucket by utilizing the destination IP of the outer IP header and the GTP protocol TEID;
step two: judging whether the inquiry is successful, if so, executing the third step, and if not, executing the fourth step;
step three: determining an uplink direction node of the user information hash bucket as a target user information hash bucket node;
Step four: inquiring a downlink direction node of the user information hash bucket by using a source IP of the outer IP header and a GTP protocol TEID;
Step five: judging whether the inquiry is successful, if so, executing the step six, and if not, executing the step seven;
step six: determining a downlink direction node of the user information hash bucket as a target user information hash bucket node;
Step seven: and outputting inquiry failure prompt information.
For convenience of description, the above seven steps may be combined for explanation.
When the destination user information hash bucket node is queried by utilizing the outer layer IP and the GTP protocol TEID, the destination IP and the GTP protocol TEID of the outer layer IP head are utilized to query the user information hash bucket uplink direction node, whether query is successful or not is judged, if yes, the user information hash bucket uplink direction node is determined to be the destination user information hash bucket node, if not, the source IP and the GTP protocol TEID of the outer layer IP head are utilized to query the user information hash bucket downlink direction node, whether query is successful or not is judged, if yes, the user information hash bucket downlink direction node is determined to be the destination user information hash bucket node, and if not, query failure prompt information is output.
It should be noted that, in the embodiment of the present invention, the query sequence of the uplink node of the user information hash bucket and the downlink node of the user information hash bucket is not limited, and the uplink node of the user information hash bucket may be queried first, the downlink node of the user information hash bucket may be queried first, or the nodes in both directions may be queried in parallel.
In a specific embodiment of the present application, the method may further include a process of generating the user data tag message by the signaling acquisition board, and the process of generating the user data tag message by the signaling acquisition board may include the following steps:
step one: judging whether the signaling message is an http2 signaling message or not by using a signaling acquisition board; if yes, executing the second step, and if not, not processing.
Step two: decompressing the header of the http2 signaling message to obtain a decompressed http2 header;
step three: judging whether the signaling message is an N11 interface message according to the decompressed http2 header, if so, executing the fourth step, and if not, not processing;
Step four: extracting user three-code information, position information, UPF network element N3 interface side IP, UPF network element N3 interface side tunnel TEID, RAN network element N3 interface side IP, RAN network element N3 interface side tunnel TEID from the signaling message;
Step five: generating a target user information hash bucket node according to the user three-code information, the position information, the UPF network element N3 interface side IP, the UPF network element N3 interface side tunnel TEID, the RAN network element N3 interface side IP and the RAN network element N3 interface side tunnel TEID;
step six: and generating a user data tag message according to the target user information hash bucket node.
For convenience of description, the above six steps may be combined for explanation.
After receiving the signaling message forwarded by the switch control board, the signaling acquisition board judges whether the signaling message is an http2 (HyperText Transfer Protocol 2.0) signaling message, if so, whether the signaling message is an http2 signaling message can be judged according to the port number of the incoming signaling message and the protocol header information of the signaling message, if not, the processing is not performed, if so, the header of the http2 signaling message is decompressed, and the decompressed http2 header is obtained. The decompressed http2 header contains interface information of the signaling message, judges whether the signaling message is an N11 interface message according to the decompressed http2 header, if not, does not process, if so, filters out the N11 interface message, extracts user three-code information, position information, UPF network element N3 interface side IP, UPF network element N3 interface side tunnel TEID, RAN network element N3 interface side IP and RAN network element N3 interface side tunnel TEID from the signaling message, generates a target user information hash bucket node according to the user three-code information, the position information, UPF network element N3 interface side IP, UPF network element N3 interface side tunnel TEID, RAN network element N3 interface side IP and RAN network element N3 interface side tunnel TEID, and generates a user data label message according to the target user information hash bucket node. The signaling surface only needs to be split at the N11 interface, and the http2 protocol message of the N11 interface adopts Hpack header compression technology to support header compression and ciphertext transmission, so that the security is higher than that of the PFCP (Packet Forwarding Control Policy) protocol message of the N4 interface, and the user information leakage is not easy to cause.
In a specific embodiment of the present application, after generating the target user information hash bucket node according to the user three-code information, the location information, the UPF network element N3 interface side IP, the UPF network element N3 interface side tunnel TEID, the RAN network element N3 interface side IP, and the RAN network element N3 interface side tunnel TEID, the method may further include the following steps:
And establishing an association relation between the user imsi of the signaling message and the target user information hash bucket node.
After the target user information hash bucket node is generated, the association relation between the user imsi of the signaling message and the target user information hash bucket node is established, so that the user information hash bucket node can be conveniently queried according to the user imsi of the signaling message.
S407: acquiring a target user data label stored in a target user information hash bucket node; the target user data label is a label generated according to the signaling message transmitted by the N11 interface.
S408: and adding the target user data label to the initial GTP-U data message to obtain a target GTP-U data message, and outputting the target GTP-U data message.
Corresponding to the above method embodiment, the present application further provides a device for associating 5G signaling with user data, where the device for associating 5G signaling with user data described below and the method for associating 5G signaling with user data described above can be referred to correspondingly.
Referring to fig. 5, fig. 5 is a block diagram illustrating a device for associating 5G signaling with user data according to an embodiment of the present application, where the device may include:
The data message receiving module 51 is configured to receive an initial GTP-U data message that is transmitted through the N3 interface;
The information extraction module 52 is configured to extract an outer IP and a GTP protocol TEID of the initial GTP-U data packet;
The node query module 53 is configured to query the target user information hash bucket node by using the outer IP and GTP protocol TEID;
the tag generation module 54 is configured to obtain a target user data tag stored in the target user information hash bucket node; the target user data label is a label generated according to the signaling message transmitted by the N11 interface;
and the message output module 55 is configured to add the target user data tag to the initial GTP-U data message, obtain a target GTP-U data message, and output the target GTP-U data message.
According to the technical scheme, the 5G core network light splitting scheme is simpler by light splitting at the N11 interface and the N3 interface of the data plane of the 5G core network signaling plane, and the cost of link construction and maintenance is saved. Because the N11 interface uses the http2 protocol and adopts Hpack header compression technology, the security is higher than that of the PFCP protocol message of the N4 interface, and the risk of information leakage of users is reduced. The association method of the 5G signaling and the user data is simple in logic, safe and effective.
In one embodiment of the present application, the data packet receiving module 51 includes:
The data message receiving sub-module is used for receiving the data message from the service processing board panel;
the message port obtaining submodule is used for analyzing the data message to obtain a target message port of the incoming data message;
A first judging submodule, configured to judge whether a port number of the target packet port is a GTP-U protocol 2152 port number of the N3 interface;
the initial message determining submodule is used for determining that the data message is an initial GTP-U data message when the port number of the target message port is determined to be the GTP-U protocol 2152 port number of the N3 interface.
In a specific embodiment of the present application, the apparatus may further include a user node generating module, where the user node generating module includes:
The signaling message receiving sub-module is used for receiving the signaling message from the service processing board surface board;
the signaling message transmitting sub-module is used for transmitting the signaling message to the signaling acquisition board by utilizing the switching control board;
The label message receiving sub-module is used for receiving the user data label message returned by the signaling acquisition board;
the uplink node generating sub-module is used for carrying out hash calculation by utilizing the UPF network element N3 interface side IP and the UPF network element N3 interface side tunnel TEID in the user data label message to generate a user information hash bucket uplink node;
The downlink node generating submodule is used for carrying out hash calculation by utilizing the UPF network element N3 interface side IP and the RAN network element N3 interface side tunnel TEID in the user data label message to generate a user information hash bucket downlink node;
The target user information hash bucket node comprises a user information hash bucket uplink direction node and a user information hash bucket downlink direction node.
In one embodiment of the present application, the node query module 53 includes:
an uplink node inquiring sub-module for inquiring the uplink node of the user information hash bucket by utilizing the destination IP of the outer IP header and the GTP protocol TEID;
The second judging submodule is used for judging whether the inquiry is successful or not;
and the first user node determining submodule is used for determining the uplink direction node of the user information hash bucket as a target user information hash bucket node when the query is successful.
In one embodiment of the present application, the node query module 53 includes:
a downlink node inquiring submodule for inquiring the downlink node of the user information hash bucket by utilizing the source IP of the outer IP head and the GTP protocol TEID;
the third judging sub-module is used for judging whether the inquiry is successful or not;
and the second user node determining submodule is used for determining the downlink direction node of the user information hash bucket as a target user information hash bucket node when the query is successful.
In a specific embodiment of the present application, the apparatus may further include a data tag packet generating module, where the data tag packet generating module includes:
A fourth judging sub-module, configured to judge whether the signaling packet is an http2 signaling packet by using the signaling acquisition board;
the decompression sub-module is used for decompressing the head of the http2 signaling message to obtain the decompressed http2 head when the signaling message is determined to be the http2 signaling message;
A fifth judging sub-module, configured to judge whether the signaling packet is an N11 interface packet according to the decompressed http2 header;
the user information extraction sub-module is used for extracting user three-code information, position information, UPF network element N3 interface side IP, UPF network element N3 interface side tunnel TEID, RAN network element N3 interface side IP and RAN network element N3 interface side tunnel TEID from the signaling message when the signaling message is determined to be the N11 interface message;
the node generation sub-module is used for generating a target user information hash bucket node according to the user three-code information, the position information, the UPF network element N3 interface side IP, the UPF network element N3 interface side tunnel TEID, the RAN network element N3 interface side IP and the RAN network element N3 interface side tunnel TEID;
And the data tag message generation sub-module is used for generating a user data tag message according to the target user information hash bucket node.
In one embodiment of the present application, the apparatus may further include:
The association establishing module is used for establishing an association relation between a user imsi of the signaling message and the target user information hash bucket node after generating the target user information hash bucket node according to the user three-code information, the position information, the UPF network element N3 interface side IP, the UPF network element N3 interface side tunnel TEID, the RAN network element N3 interface side IP and the RAN network element N3 interface side tunnel TEID.
Corresponding to the above method embodiment, referring to fig. 6, fig. 6 is a schematic diagram of an apparatus for associating 5G signaling with user data according to the present application, where the apparatus may include:
a memory 332 for storing a computer program;
A processor 322 for implementing the steps of the method for associating 5G signaling with user data of the above method embodiments when executing a computer program.
Specifically, referring to fig. 7, fig. 7 is a schematic diagram of a specific structure of a device for associating 5G signaling with user data according to the present embodiment, where the device for associating 5G signaling with user data may have a relatively large difference due to different configurations or performances, and may include a processor (central processing units, CPU) 322 (e.g., one or more processors) and a memory 332, where the memory 332 stores one or more computer programs 342 or data 344. Wherein the memory 332 may be transient storage or persistent storage. The program stored in memory 332 may include one or more modules (not shown), each of which may include a series of instruction operations in the data processing apparatus. Still further, the processor 322 may be configured to communicate with the memory 332 to execute a series of instruction operations in the memory 332 on the 5G signaling and user data association device 301.
The 5G signaling and user data association device 301 may also include one or more power supplies 326, one or more wired or wireless network interfaces 350, one or more input output interfaces 358, and/or one or more operating systems 341.
The steps in the above-described method of associating 5G signaling with user data may be implemented by the structure of the apparatus for associating 5G signaling with user data.
Corresponding to the above method embodiments, the present application also provides a computer readable storage medium having a computer program stored thereon, which when executed by a processor, performs the steps of:
Receiving an initial GTP-U data message transmitted through an N3 interface; extracting an outer layer IP and a GTP protocol TEID of an initial GTP-U data message; querying a target user information hash bucket node by using an outer layer IP and a GTP protocol TEID; acquiring a target user data label stored in a target user information hash bucket node; the target user data label is a label generated according to the signaling message transmitted by the N11 interface; and adding the target user data label to the initial GTP-U data message to obtain a target GTP-U data message, and outputting the target GTP-U data message.
The computer readable storage medium may include: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
For the description of the computer-readable storage medium provided by the present application, refer to the above method embodiments, and the disclosure is not repeated here.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, so that the same or similar parts between the embodiments are referred to each other. The apparatus, device and computer readable storage medium of the embodiments are described more simply because they correspond to the methods of the embodiments, and the description thereof will be given with reference to the method section.
The principles and embodiments of the present application have been described herein with reference to specific examples, but the description of the examples above is only for aiding in understanding the technical solution of the present application and its core ideas. It should be noted that it will be apparent to those skilled in the art that the present application may be modified and practiced without departing from the spirit of the present application.

Claims (10)

1. A method for associating 5G signaling with user data, comprising:
receiving an initial GTP-U data message transmitted through an N3 interface;
extracting an outer layer IP and a GTP protocol TEID of the initial GTP-U data message;
querying a target user information hash bucket node by utilizing the outer layer IP and the GTP protocol TEID;
Acquiring a target user data tag stored in the target user information hash bucket node; the target user data tag is a tag generated according to a signaling message transmitted by an N11 interface;
and adding the target user data tag to the initial GTP-U data message to obtain a target GTP-U data message, and outputting the target GTP-U data message.
2. The method for associating 5G signaling with user data according to claim 1, wherein receiving an initial GTP-U data packet incoming over an N3 interface comprises:
receiving a data message from a service processing board panel;
analyzing the data message to obtain a target message port of the data message;
Judging whether the port number of the target message port is a GTP-U protocol 2152 port number of an N3 interface;
if yes, determining the data message as the initial GTP-U data message.
3. The method for associating 5G signaling with user data according to claim 1, further comprising a process for generating the target user information hash bucket node, wherein the process for generating the target user information hash bucket node comprises:
Receiving a signaling message from a service processing board panel;
Transmitting the signaling message to a signaling acquisition board by using an exchange control board;
receiving a user data tag message returned by the signaling acquisition board;
Carrying out hash calculation by utilizing the UPF network element N3 interface side IP and the UPF network element N3 interface side tunnel TEID in the user data tag message to generate a user information hash bucket uplink direction node;
carrying out hash calculation by utilizing the UPF network element N3 interface side IP and the RAN network element N3 interface side tunnel TEID in the user data label message to generate a user information hash bucket downlink direction node;
the target user information hash bucket node comprises the user information hash bucket uplink direction node and the user information hash bucket downlink direction node.
4. A method of associating 5G signalling with user data according to claim 3, wherein querying the target user information hash bucket node using the outer IP and GTP protocol TEID comprises:
inquiring the uplink direction node of the user information hash bucket by utilizing the destination IP of the outer IP header and the GTP protocol TEID;
judging whether the inquiry is successful or not;
if yes, determining the uplink direction node of the user information hash bucket as the target user information hash bucket node.
5. A method of associating 5G signalling with user data according to claim 3, wherein querying the target user information hash bucket node using the outer IP and GTP protocol TEID comprises:
inquiring the downlink direction node of the user information hash bucket by using the source IP of the outer IP header and the GTP protocol TEID;
judging whether the inquiry is successful or not;
if yes, determining the downlink direction node of the user information hash bucket as the target user information hash bucket node.
6. A method for associating 5G signaling with user data according to claim 3, further comprising the step of the signaling collection board generating the user data tag message, wherein the step of the signaling collection board generating the user data tag message comprises:
Judging whether the signaling message is an http2 signaling message or not by utilizing the signaling acquisition board;
If yes, decompressing the head of the http2 signaling message to obtain the decompressed http2 head;
Judging whether the signaling message is an N11 interface message according to the decompressed http2 header;
If yes, extracting user three-code information, position information, UPF network element N3 interface side IP, UPF network element N3 interface side tunnel TEID, RAN network element N3 interface side IP, RAN network element N3 interface side tunnel TEID from the signaling message;
generating the target user information hash bucket node according to the user three-code information, the position information, the UPF network element N3 interface side IP, the UPF network element N3 interface side tunnel TEID, the RAN network element N3 interface side IP and the RAN network element N3 interface side tunnel TEID;
and generating the user data tag message according to the target user information hash bucket node.
7. The method according to claim 6, wherein after generating the target user information hash bucket node according to the user three-code information, the location information, the UPF network element N3 interface side IP, the UPF network element N3 interface side tunnel TEID, the RAN network element N3 interface side IP, and the RAN network element N3 interface side tunnel TEID, further comprising:
And establishing an association relation between the user imsi of the signaling message and the target user information hash bucket node.
8. An apparatus for associating 5G signaling with user data, comprising:
The data message receiving module is used for receiving an initial GTP-U data message transmitted through an N3 interface;
the information extraction module is used for extracting the outer layer IP and the GTP protocol TEID of the initial GTP-U data message;
the node query module is used for querying the target user information hash bucket node by utilizing the outer layer IP and the GTP protocol TEID;
The label generation module is used for acquiring the target user data labels stored in the target user information hash bucket nodes; the target user data tag is a tag generated according to a signaling message transmitted by an N11 interface;
And the message output module is used for adding the target user data tag to the initial GTP-U data message to obtain a target GTP-U data message and outputting the target GTP-U data message.
9. An apparatus for associating 5G signaling with user data, comprising:
a memory for storing a computer program;
Processor for implementing the steps of the method for associating 5G signalling with user data according to any of claims 1 to 7 when executing said computer program.
10. A computer readable storage medium, characterized in that it has stored thereon a computer program which, when executed by a processor, implements the steps of the association method of 5G signaling and user data according to any of claims 1 to 7.
CN202410305659.1A 2024-03-18 2024-03-18 Method, device, equipment and storage medium for associating 5G signaling with user data Active CN117938989B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410305659.1A CN117938989B (en) 2024-03-18 2024-03-18 Method, device, equipment and storage medium for associating 5G signaling with user data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410305659.1A CN117938989B (en) 2024-03-18 2024-03-18 Method, device, equipment and storage medium for associating 5G signaling with user data

Publications (2)

Publication Number Publication Date
CN117938989A true CN117938989A (en) 2024-04-26
CN117938989B CN117938989B (en) 2024-06-21

Family

ID=90754038

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410305659.1A Active CN117938989B (en) 2024-03-18 2024-03-18 Method, device, equipment and storage medium for associating 5G signaling with user data

Country Status (1)

Country Link
CN (1) CN117938989B (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008025279A1 (en) * 2006-08-23 2008-03-06 Huawei Technologies Co., Ltd. System, method and apparatus for implementing message transfer
US20100189076A1 (en) * 2009-01-23 2010-07-29 Samsung Electronics Co. Ltd. Apparatus and method for processing gtp in mobile communication system
WO2017123938A1 (en) * 2016-01-15 2017-07-20 Idac Holdings, Inc. Integration of non-3gpp access in a 5g system user plane framework
US20180270782A1 (en) * 2017-03-20 2018-09-20 Samsung Electronics Co., Ltd. Method for supporting efficient pdu session activation and deactivation in cellular networks
CN112584328A (en) * 2019-09-30 2021-03-30 华为技术有限公司 Multicast communication method and device
CN114302259A (en) * 2021-12-27 2022-04-08 杭州迪普信息技术有限公司 User information collection method, device, equipment and computer readable storage medium
CN115174123A (en) * 2022-07-22 2022-10-11 厦门市美亚柏科信息股份有限公司 SA5G network-oriented user tracing association method and system
CN115190430A (en) * 2022-07-08 2022-10-14 厦门市美亚柏科信息股份有限公司 5G core network N2, N3 and N4 interface-based user source tracing correlation method and system
US20230025738A1 (en) * 2021-07-20 2023-01-26 Netscout Systems, Inc. 5g n3 data plane enrichment using n11 interface in a monitoring system
WO2023116127A1 (en) * 2021-12-23 2023-06-29 中兴通讯股份有限公司 Information backfill method, network device, and storage medium
CN116582865A (en) * 2023-06-07 2023-08-11 中国联合网络通信集团有限公司 Information backfilling method and device

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008025279A1 (en) * 2006-08-23 2008-03-06 Huawei Technologies Co., Ltd. System, method and apparatus for implementing message transfer
US20100189076A1 (en) * 2009-01-23 2010-07-29 Samsung Electronics Co. Ltd. Apparatus and method for processing gtp in mobile communication system
WO2017123938A1 (en) * 2016-01-15 2017-07-20 Idac Holdings, Inc. Integration of non-3gpp access in a 5g system user plane framework
US20180270782A1 (en) * 2017-03-20 2018-09-20 Samsung Electronics Co., Ltd. Method for supporting efficient pdu session activation and deactivation in cellular networks
CN112584328A (en) * 2019-09-30 2021-03-30 华为技术有限公司 Multicast communication method and device
US20230025738A1 (en) * 2021-07-20 2023-01-26 Netscout Systems, Inc. 5g n3 data plane enrichment using n11 interface in a monitoring system
WO2023116127A1 (en) * 2021-12-23 2023-06-29 中兴通讯股份有限公司 Information backfill method, network device, and storage medium
CN114302259A (en) * 2021-12-27 2022-04-08 杭州迪普信息技术有限公司 User information collection method, device, equipment and computer readable storage medium
CN115190430A (en) * 2022-07-08 2022-10-14 厦门市美亚柏科信息股份有限公司 5G core network N2, N3 and N4 interface-based user source tracing correlation method and system
CN115174123A (en) * 2022-07-22 2022-10-11 厦门市美亚柏科信息股份有限公司 SA5G network-oriented user tracing association method and system
CN116582865A (en) * 2023-06-07 2023-08-11 中国联合网络通信集团有限公司 Information backfilling method and device

Also Published As

Publication number Publication date
CN117938989B (en) 2024-06-21

Similar Documents

Publication Publication Date Title
US11388269B2 (en) Method for obtaining internet protocol header replacement mapping and network node
US20230308951A1 (en) Data processing method, network element device, and readable storage medium
US10826946B2 (en) Security management in communication systems with provisioning based mechanism to identify information elements
EP3528456A1 (en) Security management in communication systems with network function assisted mechanism to secure information elements
US11134009B2 (en) Packet processing method and apparatus
US20190281116A1 (en) Data Transmission Method, Apparatus, and System, and Storage Medium
EP3562204B1 (en) Method and apparatus for selecting user plane anchor
CN114567880B (en) Communication method, system and computer readable storage medium
US20220361262A1 (en) Data transmission for artificial intelligence (ai) technologies
US20180367651A1 (en) Stream control transmission protocol SCTP-based communications method and system, and appartus
CN112312481B (en) Communication method and system for MEC and multi-operator core network
US20230300106A1 (en) Data processing method, network element device and readable storage medium
CN112968965A (en) Metadata service method, server and storage medium for NFV network node
CN117938989B (en) Method, device, equipment and storage medium for associating 5G signaling with user data
WO2019074032A1 (en) Apparatus, method and program for transmitting and receiving data to and from iot device
CN114158093B (en) Communication method, network element, communication system and storage medium
CN113132142B (en) Method and device for acquiring network slice identifier
CN114040343B (en) Method and system for accessing WIFI equipment to 5G core network
CN106161513B (en) Method and equipment for realizing rapid content distribution
JP6509413B1 (en) Device, method and program for transmitting and receiving data with IoT device
CN111182656B (en) Method, device, equipment and storage medium for establishing X2 connection
CN111786758B (en) Communication method and device
CN102612099A (en) Re-establishment method and device of service bearer
CN117177218A (en) Method, device and communication node for realizing network communication between terminals
CN116866985A (en) Data forwarding method, network system and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant