KR20220037321A - Method and apparatus for providing local breakout over f1 interface - Google Patents

Abstract

The present invention relates to a method for providing a local breakout (LBO) by a device located inline in an F1 interface, which comprises the steps of: extracting packet encryption/decryption information used in an F1 tunnel created in an F1 interface, by using signaling messages exchanged in an X2 interface and the F1 interface; decoding a packet passing through the F1 tunnel, by using the packet encryption/decryption information; and bypassing the packet to a local data network when IP address information extracted from the decoded packet meets an LBO rule.

Description

METHOD AND APPARATUS FOR PROVIDING LOCAL BREAKOUT OVER F1 INTERFACE

The present disclosure relates to a technology for providing 5G ultra-low latency.

Compared to LTE networks, 5G networks can provide ultra-low latency, high-speed, and ultra-connectivity. In particular, ultra-low latency is essential for V2X communication-based autonomous driving and smart factories through factory automation. To this end, a method of using uplink classifier (UL-CL) of a user plane function (UPF) and a method of detouring traffic through a method of placing MEC (Mobile edge computing) on the S1-U interface have been proposed. .

Meanwhile, in the process of evolving from the LTE network to the 5G network, the current 5G network is being built in a Non-Standalone (NSA) structure that interworks with the LTE network. There are a number of NSA options proposed by 3GPP, but in general, mobile operators choose NSA Option 3x, which can quickly provide 5G communication services to users. NSA Option 3x is a structure in which a 5G base station (gNB) is added to the access network while utilizing the LTE network's Evolved Packet Core (EPC) and base station (eNB) as it is. In the NSA Option 3x structure, the signaling message corresponding to the control plane basically uses the LTE network, and the data traffic corresponding to the user plane uses a mix of the LTE network and the 5G network depending on the situation. . A method for providing ultra-low latency in such an NSA structure is needed.

The problem to be solved relates to an F1-LBO device providing a local breakout (LBO) in an F1 interface of a 5G-NSA structure, and an operating method thereof.

The task to be solved is that the F1-LBO device analyzes the signaling messages exchanged in the X2 interface and the F1 interface, extracts encryption/decryption information of the packet, and provides LBO in the F1 interface through which the encrypted packet is transmitted. it's about

The problem to be solved relates to a method in which an F1-LBO device creates a tunnel connected to a terminal through a separate interface connected to an external network, and provides a connection to the terminal through indirect paging through the tunnel.

According to an embodiment, as a method for providing a local breakout (LBO) by a device located inline in the F1 interface, the X2 interface and the signaling messages exchanged in the F1 interface are used to generate the generated in the F1 interface. Extracting packet encryption/decryption information used in the F1 tunnel, using the packet encryption/decryption information to decrypt a packet passing through the F1 tunnel, and IP address information extracted from the decrypted packet conforms to the local breakout rule In this case, it includes the step of bypassing the packet to a local data network.

The extracting of the encryption/decryption information includes collecting signaling messages for the same terminal based on the identifier included in the signaling messages exchanged in the X2 interface and the F1 interface, and encrypting/decrypting the corresponding terminal from the collected signaling messages. information can be extracted.

The extracting of the packet encryption/decryption information may include extracting an encryption algorithm of a packet transmitted through the F1 tunnel, and information necessary for encryption/decryption of the encryption algorithm.

The method for providing a local breakout may further include accumulating the number of packets detoured to the local data network in the number of uplink LBO packets.

The method for providing a local breakout includes correcting a sequence number of the decoded packet with reference to the number of uplink LBO packets when the IP address information does not conform to the local breakout rule, and The method may further include encrypting the packet having the sequence number corrected and transmitting the encrypted packet by uplink bypass.

The step of correcting the sequence number may be performed by subtracting the number of uplink LBO packets from the sequence number of the decoded packet.

According to another embodiment, there is provided a method of providing a local breakout (LBO) by a device located inline on an F1 interface, the method comprising: determining whether an incoming uplink packet meets a local breakout rule; the local breakout If the rule is satisfied, detour-transmitting the uplink packet to the local data network, and accumulating the number of packets detour-transmitted to the local data network in the number of uplink LBO packets.

The method for providing a local breakout includes correcting a sequence number of the uplink packet with reference to the number of uplink LBO packets when the uplink packet does not conform to the local breakout rule, and the sequence number is It may include bypassing the corrected uplink packet.

The detour transmission to the local data network includes decoding the uplink packet using encryption/decryption information related to the uplink packet, and when the IP address information extracted from the decoded packet meets the local breakout rule, The method may include bypassing the uplink packet to a local data network.

The method for providing local breakout may further include extracting the encryption/decryption information by using signaling messages exchanged in the X2 interface and the F1 interface.

The method for providing a local breakout includes correcting a sequence number of the downlink packet with reference to the number of downlink LBO packets when a downlink packet passing through the F1 tunnel created in the F1 interface is introduced, and the downlink sequence number is corrected. The method may further include bypass forwarding the packet. The number of downlink LBO packets may be the number of downlink transmitted packets flowing in from the local data network.

The method for providing a local breakout includes correcting a sequence number of the local data network packet when a local data network packet from the local data network to the terminal is introduced, and transmitting the corrected sequence number packet to the terminal; The method may further include accumulating the number of packets transmitted to the terminal to the number of downlink LBO packets.

The transmitting of the sequence number-corrected packet may include encrypting the sequence number-corrected packet and transmitting the encrypted packet through the F1 tunnel.

The method for providing a local breakout includes, when the local data network packet is introduced, checking whether the F1 tunnel exists, and if the F1 tunnel does not exist, transmitting a message to a tunnel connected to the terminal through an external network It may include further steps. The F1 tunnel may be created while the message is transmitted to the terminal.

A method for a device to provide a local breakout (LBO) according to another embodiment, the method comprising: checking a type of traffic transmitted in an X2 interface and an F1 interface; In the case of a signaling message, extracting packet encryption/decryption information used in the F1 tunnel created in the F1 interface from the signaling message; When the type of traffic transmitted in the F1 interface is data traffic, the packet encryption/decryption information Decrypting the packet included in the data traffic by using .

The device may be located inline to the F1 interface.

The device may tap the X2 interface.

The device may create a logical tunnel through which a message can be transmitted to the terminal through an interface connected to a general data network.

The method for providing a local breakout includes managing the number of LBO packets accumulating the number of packets detoured to the local data network, and referring to the number of LBO packets, a sequence number of uplink packets bypassed to the F1 interface (Sequence number) may further include the step of correcting.

The method for providing a local breakout includes managing the number of LBO packets accumulating the number of packets transmitted from the local data network to the terminal, and referring to the number of LBO packets, the number of downlink packets bypassed to the F1 interface The method may further include correcting a sequence number.

According to the embodiment, information for applying the LBO rule can be extracted by decoding the packet transmitted from the F1 interface, so that user traffic can be bypassed to the local data network in the gNB-DU and gNB-CU sections closest to the terminal. there is.

According to the embodiment, it is possible to maximize the ultra-low latency of the 5G network by reducing the delay compared to the LBO in the S1 interface.

According to the embodiment, even if the idle terminal returns the resource for the F1 tunnel, the F1-LBO device may indirectly perform paging to the idle terminal through a separate interface connected to the general data network, and local through the regenerated F1 tunnel Data traffic from the data network can be transmitted to an idle terminal.

According to the embodiment, terminal connectivity can be secured through a tunnel formed with a terminal created through a general data network, and continuous F1-LBO can be provided without being affected by the state of the terminal.

1 is an example of a 5G network non-exclusive (5G-NSA) structure.
2 is a 5G-NSA structure including an F1-LBO device according to an embodiment.
3 is an example of the structure of a packet transmitted in the F1 interface.
4 is a diagram for explaining signaling messages exchanged in X2 and F1 interfaces.
5 is a view for explaining a method of generating an encryption key of the F1-LBO device according to an embodiment.
6 is a diagram for explaining an encryption/decryption algorithm in an F1 interface according to an embodiment.
7 is a diagram illustrating a tunneling-based indirect paging method of an F1-LBO device according to an embodiment.
8 is a flowchart of a method for providing a local breakout according to an embodiment.
9 is a flowchart of a method for providing a local breakout according to another embodiment.
10 is a flowchart of a method for providing a local breakout according to another embodiment.
11 to 13 are diagrams schematically illustrating the operation of the F1-LBO device.

Hereinafter, with reference to the accompanying drawings, the embodiments of the present disclosure will be described in detail so that those of ordinary skill in the art to which the present disclosure pertains can easily implement them. However, the present disclosure may be implemented in several different forms and is not limited to the embodiments described herein. And in order to clearly explain the present disclosure in the drawings, parts irrelevant to the description are omitted, and similar reference numerals are attached to similar parts throughout the specification.

In the specification, when a part "includes" a certain component, it means that other components may be further included, rather than excluding other components, unless otherwise stated. The devices constituting the network may be implemented by hardware or software or a combination of hardware and software.

The devices of the present disclosure are operated by at least one processor, and may include one or more processors, a memory for loading a program executed by the processor, a storage for storing a computer program and various data, and a communication interface. A computer program may include instructions that, when loaded into memory, cause a processor to perform methods/operations according to various embodiments of the present disclosure. That is, the processor may perform the method/operations according to various embodiments of the present disclosure by executing the instructions. An instruction refers to a set of computer readable instructions grouped by function, which is a component of a computer program and is executed by a processor.

In the description, a user equipment (UE) may be connected to a core network by accessing a base station (eNB, gNB) of an access network/radio access network (RAN). The terminal may be a terminal of various types and uses, such as a portable terminal, an IoT terminal, a vehicle terminal, a display terminal, a broadcasting terminal, and a game terminal.

In the description, local breakout (LBO) is a technology that bypasses data traffic to a local data network (Local Data Network, Local DN), and transmits upstream data to the local data network rather than the core network, or Downlink data generated in . Local breakout (LBO) may be referred to as traffic offloading, traffic steering, or the like.

In the description, a detailed description of the content defined in the standard and the operation of the device may be omitted.

1 is an example of a 5G network non-exclusive (5G-NSA) structure.

Referring to FIG. 1 , among the Non-Standalone (NSA) structures of the 5G network, NSA Option 3x suggested by 3GPP will be described as an example. According to NSA Option 3x, the LTE network core (Evolved Packet Core, EPC) 10 can be shared by the LTE base station (eNB) 20 and the 5G base station (gNB) 30 . The gNB 30 may be divided into a Radio Unit (RU) (not shown), a Central Unit (gNB-CU) 31 , and a Distributed Unit (gNB-DU) 33 . The eNB 20 may be described as an eNB-DU in which an RU (not shown) is separated. The EPC 10 may be connected to a packet data network (PDN) 50 which is a general data network.

A terminal (User Equipment, UE) 40 may be connected to the EPC 10 by accessing the eNB 20 . Here, the signaling message corresponding to the control plane is transmitted through the LTE network, and the data traffic of the UE 40 corresponding to the user plane is the eNB 20 or gNB 30 depending on the situation. can be transmitted through

The EPC (10) and the eNB (20), the EPC (10) and the gNB (30) are connected to the S1 interface. The eNB 20 and the gNB-CU 31 are connected through an X2 interface. The gNB-CU 31 and the gNB-DU 33 are connected to the F1 interface. Each interface can be divided into a control plane and a user plane (S1-C and S1-U, X2-C and X2-U, F1-C and F1-U).

On the other hand, as a method to implement a low delay through a local breakout (LBO) in the 5G network, for example, using the UL-CL (Uplink Classifier) of the user plane function (User Plane Function, UPF), There is a way to divert traffic to a local data network close to the UE.

For better low-latency performance than UL-CL, mobile edge computing (MEC) deployed on the S1-U interface allows traffic to be diverted to the local data network. The LBO method uses terminal IP information and destination IP information obtained by analyzing a header of a GTP (GPRS Tunneling Protocol) packet. In general, 5-Tuple (Source IP Address, Source Port, Destination Address, Destination Port, Protocol Number) may be utilized as terminal IP information and destination IP information. The MEC placed on the S1-U interface parses the GTP header to extract the 5-tuple, determines whether the 5-tuple matches the LBO rule, and then forwards the traffic to the local data network or passes it as it is.

On the other hand, the S1-U interface is a connection section between the EPC 10 and the gNB-CU 31, and the gNB-CU 31 is generally located in a centralized office. Accordingly, a delay occurs due to the physical distance between the gNB-CU 31 and the UE 40 . Accordingly, if the LBO is provided near the gNB-DU 33 closest to the UE 40, the ultra-low latency can be maximized.

However, unlike LBO in the S1-U interface that can extract 5-tuple by simply parsing the GTP header, it is difficult to provide LBO in the F1 interface. Because the F1 interface requires processing of a Packet Data Convergence Protocol (PDCP) packet in addition to a GTP packet capable of obtaining a 5-tuple from a header, and encryption for security is applied to the PDCP packet. Therefore, for LBO in the F1 interface, a packet encryption/decryption function and a key extraction method to be used for encryption/decryption are required. In addition, PDCP packets have a unique sequence number assigned to all uplink/downlink packets. Since the sequence number is used as an encryption/decryption key and is also used for flow control, sequence number management is required.

Meanwhile, for efficient use of radio resources, the UE 40 returns the resource when there is no data communication for a certain period and enters an idle state. In this case, a data radio bearer (DRB) and an S1 bearer are returned in the F1 and S1-U interfaces. Accordingly, when the UE 40 is in the idle state, even if data destined for the UE 40 occurs in the local data network, there is no bearer to be used for data transmission to the UE 40 , and thus a packet cannot be normally introduced from the F1 interface. Accordingly, there is a need for a method for providing connectivity of a terminal for LBO for downlink data as well as LBO for uplink data.

In the following, we describe in detail how to address these requirements and provide LBO in the F1 interface instead of the S1-U interface.

2 is a 5G-NSA structure including an F1-LBO device according to an embodiment.

Referring to FIG. 2 , the F1-LBO device 100 is disposed on the F1 interface of the 5G-NSA structure described in FIG. 1 , and bypasses data traffic to the local data network (Local DN, LDN) 60 according to a rule. Local breakout (LBO) is provided. The F1-LBO device 100 may be located inline on the F1 interface. The name of the F1-LBO device 100 may be variously assigned. In the description, the rules are referred to as LBO rules.

The eNB-DU 20 and the gNB-CU 31 are connected to the EPC 10 to transmit and receive signaling messages and user data. The EPC 10 may be connected to a packet data network (PDN) 50 which is a general data network.

The eNB-DU 20 and the gNB-DU 33 may be connected to the UE 40 . The UE 40 may transmit uplink data to the gNB-DU 33 according to circumstances.

The F1-LBO device 100 is disposed between the gNB-CU 31 and the gNB-DU 33 . The F1-LBO device 100 may be disposed adjacent to the gNB-DU 33 . The F1-LBO device 100 may bypass the uplink data from the gNB-DU 33 to the gNB-CU 31 to the local data network 60 , or may bypass the gNB-CU 31 . The F1-LBO device 100 may divert data traffic of the UE 40 to the local data network 60 at a distance closer to the UE 40 than the gNB-CU 31 located in the centralized office. Accordingly, through the LBO in the F1 interface, the delay caused by the distance to the UE 40 can be minimized.

The F1-LBO device 100 extracts information (eg, destination IP address, terminal IP address) for applying the LBO rule from a packet transmitted from the F1 interface. At this time, the packet transmitted from the F1 interface is encrypted. Accordingly, the F1-LBO device 100 extracts a packet encryption/decryption function and a key to be used for encryption/decryption for LBO in the F1 interface.

On the other hand, the sequence number of the packet is important information not only used for encryption/decryption of the packet, but also used for flow control in the F1 interface. However, if some of the uplink data is detoured to the local data network 60, or data flowing in from the local data network 60 is added to the F1 interface as downlink data, a sequence number difference occurs in the F1 interface by the number of LBO packets. do.

To compensate for this sequence number difference, the F1-LBO device 100 may manage an uplink sequence number transmitted to the gNB-CU 31 and a downlink sequence number transmitted to the gNB-DU 33 . In addition, the F1-LBO device 100 accumulates the number of LBO packets, and corrects the sequence number of the bypass-transmitted packet by using the accumulated number of LBO packets. The number of LBO packets may be divided into the number of uplink LBO packets and the number of downlink LBO packets. Specifically, when the F1-LBO device 100 bypasses the packet transmission to the gNB-CU 31 , the F1-LBO device 100 performs correction by subtracting the sequence number of the packet by the number of uplink LBO packets, and then sends the packet to the gNB-CU 31 . can transmit When the F1-LBO device 100 bypasses the packet transmission to the gNB-DU 33 , the F1-LBO device 100 may transmit the packet to the gNB-DU 33 after performing correction by adding the sequence number of the packet as much as the number of downlink LBO packets.

In this way, since the F1-LBO device 100 corrects the sequence number of the bypass-transmitted packet while providing the LBO, the gNB-CU 31 and the gNB-DU 33 are irrespective of the LBO in the F1 interface. may receive packets with sequentially increasing sequence numbers. The F1-LBO device 100 may provide the LBO at a point closest to the UE 40 without interfering with the flow in the F1 interface through sequence number correction.

To this end, the F1-LBO device 100 collects signaling messages exchanged in the X2 interface between the eNB-DU 20 and the gNB-CU 31 . A method of collecting signaling messages exchanged in the X2 interface may be implemented in various ways. For example, the F1-LBO device 100 may collect signaling messages exchanged in the X2 interface by tapping the X2 interface.

The F1-LBO device 100 may extract information for encryption/decryption of a packet transmitted through the F1 interface by using the signaling message collected from the X2 interface and the signaling message collected from the F1 interface. The F1-LBO device 100 may extract encryption/decryption information of the UE 40 based on the collected signaling message. The F1-LBO device 100 encrypts/decrypts packets flowing into the F1 interface through the encryption/decryption information of the UE 40 to obtain information necessary for LBO, and transmits data traffic corresponding to the LBO rule to the local data network 60 Bypass transmission to , bypass transmission to the gNB-CU (31), or bypass transmission to the gNB-DU (33). In this case, the F1-LBO device 100 may record information extracted from signaling messages related to the UE 40 and information extracted from a packet decoded through this into the terminal management table, and may update it according to the signaling message.

The F1-LBO device 100 further has a PDN interface connected to the PDN 50 as an external network. Through this, a tunnel (Logical Tunnel) is created in which the F1-LBO device 100, the PDN 50, the EPC 10, and the UE 40 are logically connected, and using the tunnel formed through the PDN interface, A message may be sent to the UE 40 in an idle state, and through this, an indirect paging may be performed.

The F1-LBO device 100 may transmit a wake-up message to the UE 40 in the idle state through the PDN interface. Then, a new bearer is generated while the message is transmitted to the UE 40 through the EPC 10, and the F1-LBO device 100 based on the signaling message exchanged for new bearer creation in the X2 and F1 interfaces. The terminal management table may be updated. The F1-LBO device 100 may transmit data from the local data network 60 to the UE 40 to the gNB-DU 33 when the F1 tunnel, which is a new bayer, is created in the F1 interface.

FIG. 3 is an example of a packet structure transmitted in the F1 interface, and FIG. 4 is a diagram illustrating signaling messages exchanged in the X2 and F1 interfaces.

Referring to FIG. 3 , user data transmitted through the F1 interface is transmitted as an encrypted PDCP packet.

Looking at the uplink data packet 200 transferred from the gNB-DU 33 to the gNB-CU 31 , the packet 200 includes an F1 packet header 210 and an F1 packet payload. ) (230). The F1 packet payload 230 may be encrypted.

The F1 packet header 210 is composed of headers added in the transmission step. The outer header 211 includes a destination IP address (IP address of gNB-CU in case of uplink data) and a source IP address (IP address of gNB-DU in case of uplink data). The GTP header 213 may include an F1 tunnel identifier (Tunnel ID, TEID). The PDCP header 215 may include a PDU type and a PDCP sequence number.

The F1-LBO device 100 may extract an F1 TEID, a PDU type, and a PDCP sequence number from the F1 packet header 210 of a packet transmitted through the F1 interface. The F1 TEID is a value matching the uplink/downlink bearer allocated to each terminal, and is used to classify traffic of each terminal and to encrypt/decrypt packets. The PDU Type is used to determine whether it is data traffic or a signal message. The PDCP sequence number is used for flow control in the F1 interface and is also used for packet encryption and decryption.

The F1 packet payload 230 may include a user packet header 231 and a user packet payload 233 . The user packet header 231 includes a destination IP address (in the case of uplink data, the IP address of the application server) and a source IP address (in the case of uplink data, the IP address of the terminal).

The F1-LBO device 100 has an LBO rule for determining whether to bypass the data traffic to the local data network 60 . The LBO rule may include the terminal IP address and/or the IP address of the destination application server. Accordingly, the F1-LBO device 100 needs to extract information for applying the LBO rule from the packet transmitted from the F1 interface. Since the F1 packet payload 230 including this is encrypted, the encryption/decryption information of the packet must be extracted. have to find out For encryption/decryption information, it is necessary to find out the encryption key encryption algorithm and information required by the encryption algorithm.

The F1-LBO device 100 may extract encryption/decryption information of a packet transmitted through the F1 interface by using the signaling message collected from the X2 interface and the signaling message collected from the F1 interface.

The F1-LBO device 100 may decrypt the F1 packet payload 230 based on encryption/decryption information extracted from the signaling messages, and check the IP address included in the user packet header 231 . When the IP address checked in the packet corresponds to the LBO rule, the F1-LBO device 100 transmits the packet to the designated address for LBO.

If the IP address checked in the packet does not correspond to the LBO rule, the F1-LBO device 100 corrects the sequence number of the corresponding packet, re-encrypts it, and transmits it to the gNB-CU 31 . The F1-LBO device 100 performs a correction by subtracting the sequence number of a packet that does not correspond to the LBO rule by the number of uplink LBO packets, and then transmits the bypass to the gNB-CU 31 . To this end, the F1-LBO device 100 manages the number of uplink LBO packets by accumulating the number of bypassed packets when at least a portion of uplink data is bypassed to the local data network 60 .

Referring to FIG. 4 , the F1-LBO device 100 may extract information for encryption/decryption of a packet transmitted through the F1 interface by analyzing the signaling messages exchanged in the X2 and F1 interfaces.

The signaling messages defined in the 5G NSA Initial Attach Call Flow will be described as examples.

The eNB-DU 20 transmits an SGNB Addition Request message to the gNB-CU 31 (S110). The gNB-CU 31 transmits a UE Context Setup Request message to the gNB-DU 33 (S120). The gNB-DU 33 transmits a UE Context Setup Response message to the gNB-CU 31 (S130). The gNB-CU 31 transmits an SGNB Addition Acknowledge message to the eNB-DU 20 (S140). The eNB-DU 20 transmits an RRC connection reconfiguration message to the UE 40 (S150). The UE 40 transmits an RRC connection reconfiguration complete message to the eNB-DU 20 (S160). The eNB-DU 20 transmits the SGNB reconfiguration complete message to the gNB-CU 31 (S170). After the random access procedure is performed, the eNB-DU 20 transmits an SN Status Transfer message to the gNB-CU 31 (S180).

In this way, the F1-LBO device 100 may collect signaling messages exchanged in the network attach step of the UE 40, and as shown in Table 1, extract information included in each signaling message.

signaling message information contained in the message SGNB Addition Request message eNB-UE-X2AP-IDgNB-Security-Key UE Context Setup Request message gNB-CU-UE-F1AP-ID
F1 DRB ID (UL)
F1 GTP TEID (UL) UE Context Setup Response Message gNB-CU-UE-F1AP-ID
gNB-DU-UE-F1AP-ID
F1 DRB ID (UL)
F1 GTP TEID (UL) SGNB Addition Acknowledgment Message eNB-UE-X2AP-ID
gNB-UE-X2AP-ID
Ciphering Algorithm SN Status Transfer message eNB-UE-X2AP-ID
gNB-UE-X2AP-ID
Hyper Frame Number
PDCP Sequence Number

Since the signaling message includes an identifier (ID) assigned by each device to identify a terminal, the F1-LBO device 100 collects information of signaling messages for the same terminal based on the ID, and as shown in Table 2 An encryption/decryption information table for each terminal may be created.

UE index ID Information collected from signaling messages One eNB-UE-X2AP-ID
gNB-UE-X2AP-ID
gNB-CU-UE-F1AP-ID gNB-Security-Key
Ciphering Algorithm
Hyper Frame Number
PDCP Sequence Number
F1 DRB ID (UL)
F1 GTP TEID (UL)

The encryption/decryption information table shown in Table 2 may be generated as follows.

The SGNB Addition Request message, SGNB Addition Acknowledge message, and SN Status Transfer message in Table 1 include a common “eNB-UE-X2AP-ID”. Accordingly, the F1-LBO device 100 includes a key (gNB-Security-Key), an encryption algorithm (Ciphering Algorithm), and a hyper frame number included in the signaling information having the same “eNB-UE-X2AP-ID”. ), PDCP sequence numbers may be collected, and the encryption/decryption information table of Table 2 may be generated as encryption/decryption information of a specific terminal.

On the other hand, in Table 1, “gNB-UE-X2AP-ID” and “gNB-CU-UE-F1AP-ID” are named differently, but as an ID for distinguishing the UE 40 from the gNB-CU 31 have a value Accordingly, the UE Context Setup Request message and the UE Context Setup Response message having the same “gNB-CU-UE-F1AP-ID” as “gNB-UE-X2AP-ID” may be identified as signaling information of the same UE. The F1-LBO device 100 may store the F1 DRB ID (UL) and the F1 GTP TEID (UL) included in the UE Context Setup Request message and the UE Context Setup Response message in the table of UE1.

In this way, the F1-LBO device 100 groups five signaling messages and extracts internal information of each message, gNB-Security-Key, Ciphering Algorithm, Hyper Frame Number, PDCP Sequence Number, F1 DRB ID and F1 TEID can be secured. The F1-LBO device 100 uses this to decode the packet passing through the F1 tunnel, determines whether it meets the LBO rule based on the IP information extracted from the decoded packet, and then transfers it to the local data network by detour or bypass transmission. there is.

5 is a diagram for explaining a method of generating an encryption key of an F1-LBO device according to an embodiment, and FIG. 6 is a diagram for explaining an encryption/decryption algorithm in the F1 interface according to an embodiment.

Referring to FIG. 5 , an encryption key (KEY) used in the F1 interface may be generated using the SK _gNB transmitted from the eNB-DU 20 . SK _gNB may be “gNB-Security-Key” of Table 2.

F1-LBO device 100 includes a key extraction function (Key Derivation Function, KDF), algorithm identifier (Alg-Distinguisher), algorithm identifier (Alg-ID), and SK _gNB transmitted from the eNB-DU (20) can be input into the KDF to extract the encryption key KS _gNB-UP-enc used for encryption and decryption of PDCP packets. According to the specified standard, since data to be encrypted/decrypted is user data, Alg-Distinguisher is the value 0x06 of UP-int-alg, and Alg-ID is a value corresponding to the algorithm number identified in the subsequent signaling message. The KDF defined by 3GPP is HMAC-SHA-256, and by passing it through the 128-bit Truncate function, the final KS _gNB-UP-enc can be generated.

The F1-LBO device 100 may know the encryption/decryption algorithm (eg, NEA) used in the F1 interface based on the Ciphering Algorithm of the encryption/decryption information table.

Referring to FIG. 6 , the encryption/decryption algorithm used in the F1 interface may be, for example, a Niching Evolutionary Algorithm (NEA). NEA uses encryption key (KEY), count (COUNT), bearer (BEARER), direction (DIRECTION) and length (LENGTH) to create a keystream block (KEYSTREAM BLOCK), and uses the keystream block for data encryption and decryption. It is an algorithm.

As the encryption key (KEY), the encryption key KS _gNB-UP-enc extracted through KDF in FIG. 5 may be used.

For the count (COUNT), a combination value of the hyper frame number and PDCP sequence number in Table 2 may be used.

For the bearer (BEARER), a value obtained by subtracting 1 from the DRB ID of Table 2 may be used.

The direction (DIRECTION) is a value indicating the direction (UL/DL) of the packet, and can be confirmed in Table 2, where 0 may indicate UL and 1 may indicate DL.

As the length (LENGTH), the length of the data packet is used.

The F1-LBO device 100 uses the encryption key KS _gNB-UP-enc , and encryption/decryption information extracted from the signaling messages (Hyper Frame Number, PDCP Sequence Number, DRB ID, UL/DL) with the same TEID. The encrypted payload of the packet can be decrypted. The F1-LBO device 100 may check the destination IP address and the source IP address (UE IP address) required in the LBO rule in the user packet header of the decrypted packet.

The F1-LBO device 100 may generate encryption/decryption information extracted from signaling messages related to the terminal and information related to a packet decoded through this as a terminal management table as shown in Table 3, and may update it according to the signaling message.

UE index UE IP DRB ID
(UL/DL) TEID
(UL/DL) Ciphering Algorithm Hyper Frame Number
(UL/DL) PDCP Sequence Number LBO data
volume
(UL/DL) One Address1 1/1 b00000001/b000F0001 NEA2 0/0 0/0 X/X 2 Address2 1/1 b00000002/b000F0002 NEA2 0/0 0/0 Y/Y

The F1-LBO device 100 may store information on the corresponding terminal in the terminal management table until the release message of the terminal is checked in the X2 or F1 interface.

The F1-LBO device 100 may decode a packet transmitted through the F1 interface with reference to the terminal management table, and provide the LBO based on information included in the header.

Among the information managed in the terminal management table, since the hyper frame number and the PDCP sequence number are values that change during data transmission/reception, the F1-LBO device 100 updates them in real time.

The hyper frame number is a value for time synchronization between the core network and the terminal, and the value is counted during packet delivery. The F1-LBO device 100 may set the hyper frame number obtained from the SN Status Transfer message as a starting value and utilize it for encryption/decryption while updating the terminal data transmission/reception time.

The PDCP sequence number is a value for controlling the flow of the F1 message and is also used for encryption/decryption. After some uplink data is detoured to the local data network 60, the F1-LBO device 100 makes a correction to lower the sequence number of the uplink bypass packet to the gNB-CU 31, and through this, the gNB-CU 31 may receive packets of sequentially increasing sequence numbers. On the other hand, when the F1-LBO device 100 transmits a packet (LDN packet) introduced from the local data network 60 to the gNB-DU 33, the gNB-DU 33 sequentially increases the packet of the sequence number. In order to receive the LDN packets, the sequence number of the LDN packet is changed and transmitted. Therefore, after transmitting the LDN packet to the gNB-DU 33 , the F1-LBO device 100 performs a correction to increase the sequence number of the downlink bypass packet going to the gNB-DU 33 , and through this, the gNB-DU (33) may receive packets of sequentially increasing sequence numbers.

The F1-LBO device 100 may record the amount of data detoured to the LBO (LBO data volume) as shown in Table 3. The amount of LBO data may be divided into upstream data/downstream data. According to the amount of LBO data, it is possible to charge the LBO service user. The amount of LBO data may be transferred to the billing system.

7 is a diagram illustrating a tunneling-based indirect paging method of an F1-LBO device according to an embodiment.

Referring to FIG. 7 , in general, for efficient use of radio resources, the UE 40 returns the resource and enters an idle state when there is no data communication for a certain period of time. In this case, a data radio bearer (DRB) and an S1 bearer are returned from the F1 and S1-U interfaces, and the TEID and DRB ID, which are information related to the F1 tunnel, are also returned. Accordingly, when the UE 40 is in an idle state, the F1-LBO device 100 cannot flow data from the local data network to the UE 40.

Thereafter, when data is generated from the UE 40 or the PDN 50 , an F1 tunnel through which data can be transmitted to the F1 interface through paging is created. However, since the EPC 10 allocates a UE IP address through NAT and converts it into a public IP address when transmitting to the PDN 50 , the F1-LBO device 100 knows only the private IP address. Therefore, the F1-LBO device 100 cannot send data to the UE 40 through the PDN 50, so it is difficult to cause paging.

To solve this, the F1-LBO device 100 may form a tunnel with the UE 40 through an external network, and may cause indirect paging by transmitting a message through the tunnel. The F1-LBO device 100 is connected to the PDN 50, which is a general data network, through the PDN interface, and the PDN 50, the EPC 10, and the UE 40 are logically connected for a tunnel (Logical Tunnel) for Server can be opened.

When the UE 40 for using the F1 LBO is connected to the EPC 10 , it attempts a logical tunnel connection with the F1-LBO device 100 through the PDN 50 . The F1-LBO device 100 may form a tunnel with the UE 40 and manage tunnel information. Thereafter, after the UE 40 transmits a Release message and returns a resource, it may enter an idle state. Then, the F1-LBO device 100 may delete or deactivate information of the UE 40 in the terminal management table of Table 3.

The F1-LBO device 100 receives traffic from the local data network 60 to the UE 40 in an idle state, stores the traffic in a buffer, and then sends a wake-up message to the tunnel formed with the UE 40 to send

In the process of transmitting the wake-up message to the UE 40 through the EPC 10 , a new bayer is generated, and the F1-LBO device 100 is based on the signaling message exchanged in the X2 and F1 interfaces to the UE 40 ) of the terminal management table can be created. The F1-LBO device 100 may transmit packets stored in the buffer based on the terminal management table of the UE 40 to the UE 40 through the F1 interface.

The F1-LBO device 100 and the UE 40 may periodically exchange a heartbeat message for confirming the tunnel connection. Through this, the F1-LBO device 100 may quickly provide a packet inflow from the local data network to the F1 interface. When the PDN 50 includes a general Internet network, a security technology such as SSL encryption may be applied to secure a message transmitted through a tunnel.

8 is a flowchart of a method for providing a local breakout according to an embodiment.

Referring to FIG. 8 , the F1-LBO device 100 collects signaling messages exchanged in the network access phase of terminals in the X2 and F1 interfaces (S210).

The F1-LBO device 100 classifies the signaling messages related to the same terminal based on the identifier included in the signaling messages, and stores encryption/decryption information extracted from the signaling messages for each terminal in the terminal management table (S220). The encryption/decryption information includes, for example, the key (gNB-Security-Key), the encryption algorithm (Ciphering Algorithm) as shown in Table 2, and information designated to generate information necessary for the encryption algorithm (Hyper Frame Number, PDCP Sequence Number, DRB ID, GTP TEID). The F1-LBO device 100 may store encryption/decryption information from signaling messages for each terminal in a terminal management table as shown in FIG. 3 .

The F1-LBO device 100 decrypts a packet transmitted through the F1 tunnel created in the F1 interface using the encryption/decryption information of the terminal, and information for LBO rule application in the decrypted packet (eg, destination IP address, source IP address) is extracted (S230). Since the F1-LBO device 100 is disposed inline on the F1 interface, it can decode the incoming packet.

The F1-LBO device 100 provides LBO by determining whether to transmit by detour to the local data network based on information extracted from the decoded packet, and accumulates the number of uplink LBO packets (S240). The F1-LBO device 100 may store the amount of detoured data in the terminal management table. The F1-LBO device 100 accumulates the number of bypass-transmitted packets in the number of uplink LBO packets whenever packets are bypassed to the local data network. When the F1-LBO device 100 bypasses transmission of new uplink data, the PDCP sequence number of the bypass packet may be corrected using the number of uplink LBO packets (correction by lowering the sequence number by the number of uplink LBO packets).

The F1-LBO device 100 updates information that varies according to data transmission/reception in the terminal management table (S250). Information that varies according to data transmission/reception may include, for example, a Hyper Frame Number and a PDCP Sequence Number.

When the resource allocated to the terminal is returned based on the signaling messages collected from the X2 and F1 interfaces, the F1-LBO device 100 deletes information on the corresponding terminal from the terminal management table (S260).

9 is a flowchart of a method for providing a local breakout according to another embodiment.

Referring to FIG. 9 , the F1-LBO device 100 forms a tunnel with the terminal through an external network ( S310 ). For a tunnel logically connected through an external network (PDN), the F1-LBO device 100 opens a server of a separate interface, and the UE 40 uses the F1-LBO device 100 and the F1-LBO device 100 to use the F1 LBO. A logical tunnel connection may be attempted.

When a packet from the local data network to the terminal is introduced, the F1-LBO device 100 checks whether an F1 tunnel of the terminal exists in the terminal management table (S320). The F1-LBO device 100 may store the incoming packets in a buffer.

When the F1 tunnel of the terminal exists, the F1-LBO device 100 encrypts the packet with encryption/decryption information of the terminal management table, and then transmits the packet to the terminal through the F1 tunnel (S330).

The F1-LBO device 100 accumulates the number of packets introduced from the local data network to the number of downlink LBO packets (S332). When the F1-LBO device 100 bypasses transmission of new downlink data, the PDCP sequence number of the bypass packet may be corrected using the number of downlink LBO packets (correction to increase the sequence number by the number of downlink LBO packets).

If the F1 tunnel of the terminal does not exist, the F1-LBO device 100 sends a wake-up message to the tunnel formed through the terminal and the external network (S340).

The F1-LBO device 100 generates a terminal management table including the F1 tunnel identifier (F1 TEID) based on the signaling message exchanged in the X2 and F1 interfaces in the process where the wake-up message is delivered to the terminal through the core network. do (S350).

Since the F1 tunnel of the terminal is created, the F1-LBO device 100 moves to step S330 to encrypt the packet stored in the buffer with encryption/decryption information of the terminal management table, and then transmits traffic to the terminal through the F1 tunnel. .

10 is a flowchart of a method for providing a local breakout according to another embodiment.

Referring to FIG. 10 , the F1-LBO device 100 stores an LBO rule including IP information to which LBO to a local data network is applied, and manages a terminal management table generated based on the LBO rule (S410) . The F1-LBO device 100 may update the terminal management table using signaling messages.

The F1-LBO device 100 waits for traffic transmitted from the X2 and F1 interfaces (S412).

The F1-LBO device 100 checks the type of traffic transmitted through the X2 or F1 interface (S420).

When the type of traffic transmitted in the X2 or F1 interface is a signaling message for network access of the terminal, the F1-LBO device 100 records encryption/decryption information extracted based on the identifier included in the signaling message in the terminal management table. (S430). On the other hand, when the type of traffic transmitted in the X2 or F1 interface is a signaling message for release of the terminal, the F1-LBO device 100 may delete information on the terminal related to the signaling message from the terminal management table. .

When the type of traffic transmitted through the F1 interface is data traffic, the F1-LBO device 100 decrypts the packet using encryption/decryption information of the terminal stored in the terminal management table (S440).

The F1-LBO device 100 determines whether the decoded packet is uplink data (S450). The F1-LBO device 100 determines whether the transmission direction of the decoded packet is uplink or downlink.

When the decoded packet is uplink data, the F1-LBO device 100 determines whether the LBO rule is satisfied based on the IP information extracted from the packet (S460).

If the LBO rule is met, the F1-LBO device 100 bypasses the data traffic to the local data network (S462).

If the LBO rule is not met, the F1-LBO device 100 encrypts the decrypted packet and then transmits the decrypted packet by uplink bypass (S464). At this time, even if there is traffic previously detoured to the local data network, the sequence numbers of bypass-transmitted packets must be sequentially increased, so the F1-LBO device 100 accumulates the PDCP sequence numbers before the uplink bypass transmission. After correction is made to decrease the number of packets, encryption can be performed. The F1-LBO device 100 may correct the PDCP sequence number by reflecting this when the traffic conforming to the LBO rule has previously been bypassed to the local data network.

When the decrypted packet is downlink data, the F1-LBO device 100 encrypts the decrypted packet and then transmits the decrypted packet by downlink bypass (S466). At this time, even if there is traffic previously introduced from the local data network, the sequence numbers of the bypass-transmitted packets must be sequentially increased, so the F1-LBO device 100 accumulates the PDCP sequence numbers before the downlink bypass transmission. After correcting the height by the number, it can be encrypted.

11 to 13 are diagrams schematically illustrating the operation of the F1-LBO device.

Referring to FIG. 11 , when an uplink (UL) packet is received from the gNB-DU 33 ( S510 ), the F1-LBO device 100 decodes the packet ( S520 ), and based on the IP information extracted from the decoded packet to determine whether the LBO rule is met (S530).

If the LBO rule is satisfied, the F1-LBO device 100 LBO transmits the decoded packets to the local data network 60 (S540), and accumulates the number of uplink LBO packets (S550).

If the LBO rule is not met, the F1-LBO device 100 refers to the number of uplink LBO packets, corrects the sequence number of the packet (subtracts by the number of uplink LBO packets) (S560), and encrypts the decrypted packet (S570), the encrypted packet is transferred to the gNB-CU 31 by an uplink (UL) bypass (S580).

Referring to FIG. 12 , when a packet (referred to as “LDN packet”) is received from the local data network 60 ( S610 ), the F1-LBO device 100 corrects the sequence number of the packet ( S620 ), and the sequence number After encrypting the corrected packet (S630), the encrypted packet is transmitted downlink (DL) to the gNB-DU 33 (S640). Then, the F1-LBO device 100 accumulates the number of downlink LBO packets (S650).

The F1-LBO device 100 manages the downlink sequence number transmitted to the gNB-DU 33, and corrects the sequence number of the LDN packet based on this. That is, the F1-LBO device 100 corrects the LDN packet with a sequence number increased by “1” from the latest packet transmitted to the gNB-DU 33, so that the gNB-DU 33 controls the flow by the LDN packet. can be prevented from being disturbed.

Referring to FIG. 13 , when a packet (referred to as a “PDN packet”) is received from the gNB-CU 31 (S710), the F1-LBO device 100 decodes the packet (S720) and calculates the number of downlink LBO packets. With reference, the sequence number of the packet is corrected (increased by the number of downlink LBO packets) (S730), the decrypted packet is encrypted (S740), and the encrypted packet is downlinked (DL) bypassed to the gNB-DU (33). It transmits (S750).

Here, the F1-LBO device 100 may decrypt and encrypt the incoming packet using encryption/decryption information extracted from signaling messages exchanged in the X2 and F1 interfaces.

As described above, according to the embodiment, information for applying the LBO rule can be extracted by decoding a packet transmitted from the F1 interface, so that user traffic is transferred to the local data network in the gNB-DU and gNB-CU sections closest to the terminal. can be bypassed

According to the embodiment, it is possible to maximize the ultra-low latency of the 5G network by reducing the delay compared to the LBO in the S1 interface.

According to the embodiment, even if the idle terminal returns the resource for the F1 tunnel, the F1-LBO device may indirectly perform paging to the idle terminal through a separate interface connected to the general data network, and local through the regenerated F1 tunnel Data traffic from the data network can be transmitted to an idle terminal.

According to the embodiment, terminal connectivity can be secured through a tunnel formed with a terminal created through a general data network, and continuous F1-LBO can be provided without being affected by the state of the terminal.

The embodiments of the present disclosure described above are not implemented only through apparatus and methods, and may be implemented through a program for realizing a function corresponding to the configuration of the embodiment of the present disclosure or a recording medium in which the program is recorded.

Although the embodiments of the present disclosure have been described in detail above, the scope of the present disclosure is not limited thereto, and various modifications and improved forms of the present disclosure are also provided by those skilled in the art using the basic concept of the present disclosure as defined in the following claims. is within the scope of the right.

Claims (20)

A method for providing a local breakout (LBO) by a device located inline to an F1 interface, the method comprising:
extracting packet encryption/decryption information used in the F1 tunnel created in the F1 interface by using the signaling messages exchanged in the X2 interface and the F1 interface;
Decrypting the packet passing through the F1 tunnel by using the packet encryption/decryption information, and
If the IP address information extracted from the decoded packet meets the local breakout rule, bypassing the packet to the local data network
Including, a local breakout providing method. In claim 1,
The step of extracting the encryption/decryption information
A local breakout is provided that collects signaling messages for the same terminal based on the identifier included in the signaling messages exchanged in the X2 interface and the F1 interface, and extracts encryption/decryption information of the corresponding terminal from the aggregated signaling messages method. In claim 1,
The step of extracting the packet encryption/decryption information
A method of providing a local breakout for extracting an encryption algorithm of a packet transmitted through the F1 tunnel, and information necessary for encryption/decryption of the encryption algorithm. In claim 1,
accumulating the number of packets detoured to the local data network in the number of uplink LBO packets
Further comprising, a local breakout providing method. In claim 4,
correcting a sequence number of the decoded packet with reference to the number of uplink LBO packets when the IP address information does not conform to the local breakout rule; and
encrypting the packet in which the sequence number is corrected, and transmitting the encrypted packet by uplink bypass
Further comprising, a local breakout providing method. In claim 5,
The step of correcting the sequence number is
Compensating by subtracting the number of uplink LBO packets from the sequence number of the decoded packet, a method for providing a local breakout. A method for providing a local breakout (LBO) by a device located inline to an F1 interface, the method comprising:
determining whether the incoming uplink packet conforms to the local breakout rule;
If the local breakout rule is satisfied, detour-transmitting the uplink packet to a local data network; and
accumulating the number of packets detoured to the local data network in the number of uplink LBO packets
Including, a local breakout providing method. In claim 7,
If the uplink packet does not conform to the local breakout rule, correcting a sequence number of the uplink packet with reference to the number of uplink LBO packets; and
Bypass-delivering the uplink packet with the sequence number corrected
Including, a local breakout providing method. In claim 7,
The detour transmission to the local data network is
decoding the uplink packet by using encryption/decryption information related to the uplink packet; and
If the IP address information extracted from the decoded packet meets the local breakout rule, bypassing the uplink packet to a local data network
Including, a local breakout providing method. In claim 9,
Extracting the encryption/decryption information using signaling messages exchanged in the X2 interface and the F1 interface
Further comprising, a local breakout providing method. In claim 7,
correcting the sequence number of the downlink packet by referring to the number of downlink LBO packets when a downlink packet passing through the F1 tunnel created in the F1 interface is introduced; and
The method further comprises the step of bypassing forwarding the downlink packet in which the sequence number is corrected,
The number of downlink LBO packets is the number of downlink transmitted packets flowing in from the local data network. In claim 11,
When a local data network packet from the local data network to the terminal is received, correcting the sequence number of the local data network packet and transmitting the corrected sequence number packet to the terminal; and
accumulating the number of packets transmitted to the terminal to the number of downlink LBO packets
Further comprising, a local breakout providing method. In claim 12,
The step of transmitting the packet in which the sequence number is corrected
A method for providing a local breakout by encrypting a packet having the sequence number corrected and transmitting the encrypted packet to the F1 tunnel. In claim 13,
When the local data network packet is introduced, checking whether the F1 tunnel exists; and
If the F1 tunnel does not exist, further comprising the step of transmitting a message to a tunnel connected to the terminal through an external network,
The method for providing a local breakout, wherein the F1 tunnel is created in the process of transmitting the message to the terminal. A method for a device to provide a local breakout (LBO), comprising:
checking the types of traffic transmitted on the X2 interface and the F1 interface;
extracting packet encryption/decryption information used in the F1 tunnel created in the F1 interface from the signaling message when the traffic type is a signaling message for network access of the terminal;
decrypting a packet included in the data traffic using the packet encryption/decryption information when the type of traffic transmitted through the F1 interface is data traffic;
Comparing the decoded packet with the local breakout rule, and bypassing the data traffic to the local data network or bypassing the F1 interface
A method of providing a local breakout that includes. In claim 15,
wherein the device is located inline to the F1 interface. In claim 15,
wherein the device taps the X2 interface. In claim 15,
The apparatus creates a logical tunnel through which a message can be transmitted to the terminal through an interface connected to a general data network, the method of providing a local breakout. In claim 15,
managing the number of LBO packets accumulating the number of packets detoured to the local data network, and
Correcting a sequence number of an uplink packet that is bypassed to the F1 interface with reference to the number of LBO packets
Further comprising, a local breakout providing method. In claim 15,
managing the number of LBO packets accumulating the number of packets transmitted from the local data network to the terminal; and
Correcting a sequence number of a downlink packet that bypasses the F1 interface with reference to the number of LBO packets
Further comprising, a local breakout providing method.

Images