WO2018018459A1 - Policy processing method and device - Google Patents

Policy processing method and device Download PDF

Info

Publication number
WO2018018459A1
WO2018018459A1 PCT/CN2016/091861 CN2016091861W WO2018018459A1 WO 2018018459 A1 WO2018018459 A1 WO 2018018459A1 CN 2016091861 W CN2016091861 W CN 2016091861W WO 2018018459 A1 WO2018018459 A1 WO 2018018459A1
Authority
WO
WIPO (PCT)
Prior art keywords
policy
nfvo
group
processing
request message
Prior art date
Application number
PCT/CN2016/091861
Other languages
French (fr)
Chinese (zh)
Inventor
朱雷
杨旭
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2016/091861 priority Critical patent/WO2018018459A1/en
Publication of WO2018018459A1 publication Critical patent/WO2018018459A1/en

Links

Images

Definitions

  • the present invention relates to the field of communications, and in particular, to a method and device for policy processing.
  • NFV Network Function Virtualization
  • NFV technology can implement some network functions in software on general-purpose hardware.
  • NFV technology can be used to implement partial telecommunications in general-purpose cloud servers, switches, and storage. Network capabilities to enable rapid and efficient deployment of network services.
  • NFV technology implements telecommunication network functions through various strategies, and different policies are not completely independent. For example, when performing elastic scaling operations, new resources may need to be allocated, and thus, the network is based on an automatic elastic scaling policy. When the service operates, an affinity/anti-affinity policy, a location restriction policy, and the like may be triggered. However, the prior art lacks a mechanism for processing the different policies described above, which may cause errors in the execution of these policies.
  • the embodiment of the present invention provides a method and a device for processing a policy, which can verify or query a policy based on a policy group, so as to avoid an error when the policy is executed.
  • an embodiment of the present invention provides a method for policy processing, the method comprising: a network function virtualization orchestrator NFVO creates or acquires a policy group, the policy group includes an associated policy; and the NFVO receives from a sender a first request message, the first request message is used to request the NFVO to verify or query a policy in the policy group; the NFVO performs a verification process or a query process on a policy in the policy group; the NFVO direction The sending end sends a response message, where the response message includes a result of the verification process or a result of the query process.
  • the NFVO may perform verification processing or query processing on the policies in the policy group, thereby avoiding the inconsistency between the to-be-executed policy and other policies in the policy group or the error of the pending execution policy. The execution failed.
  • Policy group-based queries or validation can also increase the speed of queries or validations.
  • the NFVO performs verification processing or query processing on the policies in the policy group, including: the NFVO sends a second to an execution unit of the policy in the policy group. a request message, the second request message is used to request the execution unit to perform verification processing or query processing on the policy; and the NFVO receives a verification processing result of the policy or a query processing result from the execution unit.
  • the request execution unit performs query processing or verification processing on the policy in the policy group, thereby avoiding inconsistency between the pending policy and other policies in the policy group. Or the execution failure caused by the error of the pending policy.
  • Policy group-based queries or validation can also increase the speed of queries or validations.
  • the NFVO performs verification processing on the policies in the policy group, including: the NFVO performs verification processing or query processing on the policies in the policy group based on a local policy.
  • the execution unit of the policy in the policy group is NFVO
  • the NFVO can perform query processing or verification processing on the policy in the policy group locally, so as to avoid inconsistency between the policy to be executed and other policies in the policy group or the policy to be executed. The execution caused by the error failed.
  • Policy group-based queries or validation can also increase the speed of queries or validations.
  • the first request message includes indication information, policy information, or a group identifier, where the indication information is used to indicate a policy in the policy group, and the policy information refers to the policy.
  • the information of the policy in the group, the group identifier is used to identify the policy group, and before the NFVO performs verification processing or query processing on the policy in the policy group, the method further includes: the NFVO according to the The indication information or the group identification determines the policy group.
  • the method for policy processing provided by the implementation of the present invention can save the signaling overhead by indicating the policy in the policy group, and add an identifier to each policy group, so that the policy in the policy group can be quickly determined according to the request message. Relevance policies are queried or verified to ensure the integrity of policy queries or verifications while avoiding the inefficiencies caused by traversing policies within all functional modules.
  • the policy group corresponds to a management object, which includes a virtual network function descriptor VNFD, a tenant or a resource. Therefore, the policy group can be flexibly determined according to actual needs.
  • an embodiment of the present invention provides a method for policy processing, where the method includes: a sending end sends a request message to a network function virtualization orchestrator NFVO, where the request message is used to request the NFVO to be in a policy group.
  • the policy performs verification processing or query processing, wherein the policy group includes an associated policy; the sender receives a response message from the NFVO, the response message including a result of the verification process or the query processing result.
  • the sender requests the NFVO to the policy group.
  • the policy in the verification is performed, thereby avoiding the inconsistency between the policy to be executed and other policies in the policy group or the execution failure caused by the error of the policy to be executed.
  • Policy group-based queries or validation can also increase the speed of queries or validations.
  • the request message includes indication information, policy information, or a group identifier, where the indication information is used to indicate a policy in the policy group, and the policy information refers to a policy in a policy group.
  • the information of the group identifier is used to identify the policy group.
  • the method for policy processing provided by the implementation of the present invention can save the signaling overhead by indicating the policy in the policy group, and add an identifier to each policy group, so that the policy in the policy group can be quickly determined according to the request message. Relevance policies are queried or verified to ensure the integrity of policy queries or verifications while avoiding the inefficiencies caused by traversing policies within all functional modules.
  • the policy group corresponds to a management object, which includes a virtual network function descriptor VNFD, a tenant or a resource. Therefore, the policy group can be flexibly determined according to actual needs.
  • the sending end includes: a network element management system EMS, an operation support system OSS, a service support system BSS, or an external management unit.
  • the method for policy processing provided by the embodiment of the present invention supports different senders to send service processing requests, thereby adapting to different application scenarios.
  • the embodiment of the present invention provides an NFVO, which can implement the functions performed by the NFVO in the method related to the foregoing aspects, and the functions can be implemented by using hardware or by executing corresponding software by hardware.
  • the hardware or software includes one or more corresponding units or modules of the above functions.
  • the NFVO structure includes a processor and a communication interface configured to support the NFVO to perform the corresponding functions of the above methods.
  • the communication interface is used to support communication between the NFVO and other network elements.
  • the NFVO can also include a memory for coupling with the processor that holds the necessary program instructions and data for the NFVO.
  • the embodiment of the present invention provides a sending end, where the sending end can implement the function performed by the sending end in the method embodiment of the foregoing aspect, and the function can be implemented by hardware or by hardware.
  • Software Implementation The hardware or software includes one or more modules corresponding to the above functions.
  • the structure of the transmitting end includes a processor and a communication interface, and the processor is configured to support the transmitting end to perform a corresponding function in the above method.
  • This transceiver is used to support Communication between the sender and other network elements.
  • the sender can also include a memory for coupling with the processor that holds the program instructions and data necessary for the sender.
  • the foregoing sending end may be a network element management system EMS, an operation support system OSS or a service support system BSS.
  • an embodiment of the present invention provides a communication system, including the NFVO and the transmitting end described in the foregoing aspects.
  • an embodiment of the present invention provides a computer storage medium for storing computer software instructions for use in the NFVO, including a program designed to perform the above aspects.
  • an embodiment of the present invention provides a computer storage medium for storing computer software instructions for use by the transmitting end, which includes a program designed to perform the above aspects.
  • the NFVO can perform verification processing or query processing on the policies in the policy group, thereby avoiding the inconsistency between the to-be-executed policy and other policies in the policy group. Execution failed due to an error in the execution of the policy. Policy group-based queries or validation can also increase the speed of queries or validations.
  • FIG. 1 is a schematic diagram of a possible network architecture to which an embodiment of the present invention is applied;
  • FIG. 2 is a schematic diagram of communication of a method for sending a policy according to an embodiment of the present invention
  • FIG. 3 is a schematic diagram of communication of a method for policy processing according to an embodiment of the present invention.
  • FIG. 4 is a schematic diagram of communication of another method for policy processing according to an embodiment of the present invention.
  • FIG. 5A is a schematic structural diagram of a possible NFVO according to an embodiment of the present invention.
  • FIG. 5B is a schematic structural diagram of another possible NFVO according to an embodiment of the present invention.
  • 6A is a schematic structural diagram of a possible transmitting end according to an embodiment of the present invention.
  • FIG. 6B is a schematic structural diagram of another possible transmitting end according to an embodiment of the present invention.
  • the network architecture and the service scenario described in the embodiments of the present invention are for the purpose of more clearly illustrating the technical solutions of the embodiments of the present invention, and are not limited to the technical solutions provided by the embodiments of the present invention.
  • the technical solutions provided by the embodiments of the present invention are equally applicable to similar technical problems.
  • the method of the embodiment of the present invention can be applied to an NFV-based network architecture, and can also be applied to a network architecture based on an application container engine (for example, Docker), a virtual machine monitor (VMM)-based network architecture, or other virtual In the network architecture, the VMM may also be referred to as a hypervisor.
  • an application container engine for example, Docker
  • VMM virtual machine monitor
  • the VMM may also be referred to as a hypervisor.
  • FIG. 1 is a schematic diagram of an NFV-based network architecture according to an embodiment of the present invention.
  • the network architecture includes: Network Function Virtualization Orchestrator (NFVO), Virtualized Network Function Manager (VNFM), and Virtualized Infrastructure Manager (Virtualized Infrastructure). Manager, VIM), Network Function Virtualization Infrastructure (NFVI), Virtualized Network Function (VNF), and Element Manager System (EMS), where NFVO, VNFM, and VIM belongs to the Management and Orchestration (MANO) architecture of the NFV system.
  • OSS/BSS Operation Support System/Business Support System
  • the network architecture shown in FIG. 1 is an existing OSS or BSS of the operator.
  • a virtualisation container is part of a compute node that provides an isolated virtualized computing environment.
  • An example of a typical virtualized container is a virtual machine.
  • a virtual machine refers to a virtual device that is simulated on a physical device by virtual machine software. For applications running in virtual machines, these virtual machines work just like real physical devices, which can have operating systems and applications installed on them, and virtual machines can access network resources.
  • VNF also known as virtualized network elements
  • VNF corresponds to physical network functions in traditional non-virtualized networks.
  • the functional behavior and state of the network function is independent of the virtualization of the network function.
  • VNF It can be composed of multiple lower-level components.
  • one VNF can be deployed on multiple VMs, and each VM hosts a Virtualized Network Function Component (VNFC).
  • VNFC Virtualized Network Function Component
  • a VNF can also be deployed on a VM.
  • VNFD Virtualized Network Function Descriptor
  • VNFD is a deployment template for the VNF.
  • the VNFD and the VNF are in one-to-one correspondence, and the VNFD describes the virtual resource parameters and requirements required to implement the VNF, and is mainly used to establish a VNF instance and manage the life cycle of the VNF.
  • the VNFM is mainly used to implement the lifecycle management of the VNF instance, including the initialization of the VNF instance, the expansion or contraction of the VNF instance, and the termination of the VNF instance.
  • the EMS is mainly used to perform traditional FCAPS (Fault Management, Configuration Management, Accounting Management, Performance Management and Security Management, fault management, configuration management, billing management, performance management, and security management) functions for the VNF.
  • FCAPS fault Management, Configuration Management, Accounting Management, Performance Management and Security Management, fault management, configuration management, billing management, performance management, and security management
  • the EMS can exist alone or as a VNF with EMS functionality.
  • VIM is mainly responsible for: management, monitoring, and fault reporting of infrastructure layer hardware resources and virtualized resources, and providing virtualized resource pools for upper-layer applications.
  • NFVI Provides hardware and virtual resources for the entire system, consisting of hardware resources (including computing, networking, and storage), virtualization layers (virtualizing hardware resources into resource pools), and virtual resources (also divided into computing, networking, and storage). Part) composition. From a VNF perspective, the virtualization layer and hardware resources appear to be an entity that provides the required virtual resources.
  • NFVO Network Service Descriptor
  • VNFD Virtualized Network Function Forwarding Graph
  • NS Network Service lifecycle management
  • the global view feature is used to implement Network Service Descriptor (NSD), VNFD, Virtualized Network Function Forwarding Graph (VNFFG) management, Network Service (NS) lifecycle management, and resources.
  • NSD Network Service Descriptor
  • VNFFG Virtualized Network Function Forwarding Graph
  • NS Network Service lifecycle management
  • the network architecture shown in FIG. 1 may further include a Policy Management Function (PMF) unit.
  • the physical implementation of the PMF unit can be a separate manager.
  • the PMF unit can be connected to the OSS/BSS, NFVO, VNFM, and VIM respectively, and the reference point can be used to manage the reference point with NFVO, VNFM, and VIM connection.
  • the PMF unit may also be a manager co-located with the NFVO in physical implementation, or it may be understood that the PMF unit and the NFVO are deployed on the same physical computer system. In this case, the PMF unit is respectively connected to the VNFM and the VIM.
  • the PMF unit may also be deployed in the OSS or the BSS.
  • EPC Evolved Packet Core
  • MME Mobility Management Entity
  • PGW Packet Data Network Gateway
  • SGW virtual Serving Gateway
  • the operator can send policies to the MANO system through the OSS/BSS, for example, configuring the lifecycle management policy of the NS and the lifecycle management policy of the VNF.
  • FIG. 1 shows a schematic diagram of the completion of policy delivery during the instantiation request process.
  • the process of policy delivery includes:
  • the sending end (for example, an OSS/BSS or an external management unit) sends a request message for instantiating the VNF to the NFVO.
  • the external management unit refers to an external entity connected to the NFVO, and the external management unit and the NFVO can interact with each other.
  • the external management unit may be a management terminal or a management network element connected to the NFVO.
  • the NFVO verifies the correctness of the request message.
  • the NFVO checks the resource availability and performs resource reservation (optional step). For example, the NFVO sends a resource query request message to the VIM, requests to query the currently available resources, and the VIM sends the query result to the NFVO.
  • the NFVO obtains the VNF lifecycle management and resource management related strategies from the VNFD;
  • the NFVO sends an instantiation request message to the VNFM, informing the VNFM to perform the VNF instantiation, and the NFVO sends the VNF lifecycle management policy to the VNFM. If the S203 is performed, the instantiation request message carries the reserved resource information.
  • the VNFM verifies the instantiation request message and performs VNF instantiation processing, for example, modifying the instantiation parameter and the completion information, and at the same time, the VNFM stores the received VNF lifecycle management policy;
  • the VNFM sends a request message for requesting allocation of resources to the NFVO, and sends an acknowledgement message to the NFVO, where the acknowledgement message is used to notify the NFVO, and the VNF lifecycle management policy has been obtained.
  • the NFVO performs a pre-processing operation, for example, verifying the instantiation parameter, selecting a resource location (ie, selecting a VIM), and checking the dependency;
  • the NFVO sends a request message for requesting a virtual resource to the VIM, and sends a resource management policy related to the VNF to the VIM.
  • the VIM stores the resource management policy after receiving the resource management policy.
  • the VIM establishes a virtual network
  • the VIM allocates a virtual machine and a storage resource, and mounts the virtual machine to the virtual network.
  • the VIM sends an acknowledgement message to the NFVO, notifying that the NFVO resource allocation has been completed, and the resource management policy has been processed;
  • the NFVO notifies that the VNFM resource allocation is completed, the VNFM and the EM configure the VNF, and the VNFM notifies the NFVO to complete the instantiation;
  • the NFVO notifies the sender that the instantiation is completed.
  • the policy is delivered through the policy management interface.
  • operations such as adding and deleting policies can be implemented through independent policy management interfaces.
  • policy management interfaces between different network elements or units, for example: i) policy group management interface between OSS and NFVO, which is mainly responsible for the establishment, deletion, query, modification, etc. of the policy group; ii) EMS and The policy management interface between VNFM is mainly responsible for adding, deleting, and modifying VNF lifecycle management policies. iii) The policy management interface that VIM is open to administrators, which is mainly responsible for adding, deleting, and modifying virtual resource policies; The policy management interface between NFVO and VNFM is responsible for adding, deleting, modifying, querying, and verifying policy information to NFVO to VNFM.
  • VNFM forwards the policy query/verification request initiated by EMS to NFVO, and VNFM sends policy update notification to NFVO;
  • Policy management interface between NFVO and VIM responsible for adding, deleting, modifying, querying, and verifying policy information to NFVO to VIM, VIM sending policy update notifications to NFVO, etc.;
  • Policy management interface between VNFM and VIM responsible for NFVO authorization VNFM adds, deletes, modifies, queries, and validates policy information to VIM.
  • the NFVO After the NFVO reads the VNFD to obtain the relevant policy information, the NFVO can issue and store the VNF lifecycle management policy and the resource management policy to the VNFM and VIM respectively through the policy management interface between the VNFM and the VIM.
  • the OSS and the VIM are provided. Administrators, EMS, etc. can also manage the policy information in MANO through the corresponding policy management interface.
  • the embodiment of the present invention provides a policy group-based solution, where the policy group includes an associated policy, so that different policies can be processed based on the policy group to prevent errors in the execution of these policies.
  • an NFVO or PMF unit or the like may create a policy group, and the policy group includes an associated policy.
  • a policy group can be created according to different management objects.
  • the NFVO or PMF unit can index related policies according to different management objects to form a policy group.
  • the NFVO or PMF unit can also add an identifier to each policy group, so that the policies in the policy group can be quickly determined according to the request message, and a group of related policies can be queried or verified to ensure the integrity of the policy query or verification. Avoid the inefficiencies caused by traversing the policies within all functional modules.
  • the management object is VNFD.
  • the VNFD includes some policy information. After reading the policy defined in the VNFD, the NFVO can use all the policies read as a policy group, and use the VNFD identifier or the automatically generated identifier as the group identifier of the group policy.
  • the management object is a tenant. Different tenants can use or manage different VNFs or virtual resources to share MANO management and infrastructure. Some policies can be set up by tenants as managed objects, such as resource usage restriction policies for different tenants.
  • NFVO can use the tenant ID to create a policy group as a group ID. When adding a policy for a tenant, if the tenant ID is the same as the group ID of the policy group, NFVO can add the policy to the policy group, if the tenant ID and policy group The group IDs are inconsistent, and NFVO can create a new policy group for the policy.
  • the management object is a resource.
  • the NFV system includes a plurality of different types of resources, such as computing resources, network resources, storage resources, and acceleration resources.
  • the system can set policies for different kinds of resources.
  • the system can also target resource groups (for example, resource zones). ), reserve a resource pool (reservation pool) to set a special strategy.
  • the NFVO may create a policy group according to the category or identifier of the resource. When adding a policy for the resource, if the resource corresponding to the policy belongs to a type of resource or a resource group, the NFVO may add the policy to the policy group if the policy The corresponding resource has nothing to do with the existing resource or resource group. NFVO can create a new policy group for the policy.
  • the NFVO may also obtain the policy from the PMF unit or other unit. group.
  • FIG. 3 is a schematic diagram of communication of a method 300 for policy processing according to an embodiment of the present invention. As shown in FIG. 3, the method 300 includes:
  • the NFVO creates or acquires a policy group, where the policy group includes an associated policy.
  • NFVO can create a policy group.
  • NFVO may create a policy group according to a management object, where the management object may include a VNFD, a tenant or a resource, and the like.
  • the embodiment of the present invention can flexibly determine a policy group according to actual needs.
  • NFVO can acquire a policy group.
  • NFVO can obtain a policy group from a PMF unit, OSS, or BSS.
  • the PMF unit, the OSS, or the BSS may send the policy group to the NFVO according to the management object, where the management object may include a VNFD, a tenant, or a resource.
  • the management object may include a VNFD, a tenant, or a resource.
  • the sending end sends a first request message to the NFVO, where the first request message is used to request the NFVO to perform verification processing or query processing on the policy in the policy group.
  • the first request message may be an authentication request message for requesting at least one of consistency, correctness, and enforceability of the policies in the NFVO verification policy group.
  • the consistency means that the policy information saved by the NFVO is the same or not contradictory to the policy information saved in the policy execution unit; the correctness means that the policy information has no semantic and grammatical errors in expression; the executable
  • the policy information may be executed by the policy execution unit, that is, the policy information is not an invalid policy (the invalid policy means that the policy is not applicable to the execution of the policy execution unit in which it is located, for example, the policy includes operations that are not supported by the policy execution unit) or Redundancy policy (the redundancy policy means that the policy information can be replaced by other one or more policy information so as not to be actually executed).
  • the first request message may also be a query request message, where the query request message is used to request a policy in the NFVO query policy group, so that the sender performs verification.
  • the sending end may be an EMS, an OSS or a BSS, or an external management unit, wherein the administrator may initiate a query request or an authentication request to the NFVO through the external management unit. Therefore, the embodiment of the present invention can support service processing requests sent by different sending ends, so that it can adapt to different application scenarios.
  • the NFVO performs verification processing or query processing on the policies in the policy group.
  • the verification process may be to check whether the policy stored in the NFVM or VIM is consistent with the policy stored in the NFVO (ie, verify the consistency of the policy), or may generate a trigger related policy by simulating the event (ie, verifying the policy) The correctness and enforceability); the query processing may be to request the VNFM or VIM to send the locally stored related policies to the NFVO.
  • the method of verification processing and query processing may be different depending on the execution unit of the policy.
  • the S330 may include: S331.
  • the NFVO performs a verification process or a query process on the policy in the policy group locally, where the execution unit of the policy is NFVO.
  • the S330 may include: S332, the NFVO sends a second request message to the VNFM or the VIM, where the second request message is used to request the execution unit to perform verification processing or query processing on the policy, where the execution unit of the policy is VNFM or VIM; S333, NFVO receives the result of the verification process sent by the VNFM or VIM or the result of the query process.
  • the method for policy processing provided by the embodiment of the present invention sends a query request information or a verification request information to an execution unit of a policy in a policy group, and requests the execution unit to perform query processing or verification processing on the policy in the policy group, thereby avoiding waiting for the policy in the policy group.
  • Execution policy fails with other policies in the policy group or the execution of the pending policy fails.
  • the NFVO can perform query processing or verification processing on the policy in the policy group locally, so as to avoid inconsistency between the policy to be executed and other policies in the policy group or the policy to be executed. The execution caused by the error failed.
  • Policy group-based queries or validation can also increase the speed of queries or validations.
  • the method 300 further includes:
  • the NFVO sends a response message to the sender, where the response message includes a result of the verification process or a result of the query process.
  • the NFVO can verify or query the policy in the policy group, thereby avoiding the inconsistency between the policy to be executed and other policies in the policy group or the execution failure caused by the error of the policy to be executed.
  • Policy group-based queries or validation can also increase the speed of queries or validations.
  • FIG. 4 is a schematic flowchart of another method 400 for policy processing according to an embodiment of the present invention.
  • the method 400 includes three steps: S410, initiating a query/verification request; S420, query verification Certificate process; S430, result feedback.
  • S410 initiating a query/verification request
  • S420 query verification Certificate process
  • S430 result feedback.
  • the NFVO receives the request message sent by the sending end, where the request message may be an authentication request message, and is used to request at least one of consistency, correctness, and enforceability of the policy in the NFVO verification policy group, and the request message is also It may be a query request message for requesting a policy in the NFVO query policy group.
  • the S410 includes the following three cases according to different senders of the query/verification request.
  • the sender is OSS.
  • the OSS can directly send a policy query/authentication request message to the NFVO, and after receiving the request message, the NFVO performs query processing or verification processing on the corresponding policy group.
  • the sender is EMS.
  • the EMS may send a policy query/authentication request message to the VNFM, and the VNFM forwards the request message to the NFVO, so that the NFVO performs query processing or verification processing on the corresponding policy group according to the request message.
  • the sender is an external management unit.
  • the administrator can directly send a policy query/authentication request message to the NFVO through the external management unit, and after receiving the request message, the NFVO performs query processing or verification processing on the corresponding policy group.
  • the method for policy processing provided by the implementation of the present invention can support different senders to send service processing requests, thereby adapting to different application scenarios.
  • S420 The NFVO performs a verification process or a query process on the policy in the policy group according to the request message. According to the specific execution unit of the strategy, the verification process is divided into the following three cases.
  • the policy execution unit is NFVO, and the NFVO locally performs verification processing or query processing on the policies in the policy group.
  • the NFVO sends a query/verification request message to the VIM, requesting the VIM to perform verification processing or query processing on the policies in the policy group.
  • the policy execution unit is a VNFM
  • the NFVO sends a query/verification request message to the VNFM, requesting the VNFM to perform verification processing or query processing on the policies in the policy group.
  • the request message sent by the sending end to the NFVO may carry the indication information of the policy information, may also carry the group identifier of the policy group, and may also carry the policy information, and the NFVO may determine the policy according to the indication information, the policy information, or the group identifier carried in the request message.
  • a group wherein the indication information is used to indicate a policy in the policy group, the group identifier is used to identify the policy group, and the policy information refers to information of a policy in a policy group.
  • NFVO can be based on the execution unit of the policy in the policy group.
  • the verification/query request message is sent to different execution units respectively, and the execution unit is requested to perform verification processing or query processing on the corresponding policy. If the execution unit of the policy is NFVO, the verification/query request message does not need to be sent, and the local execution may be performed locally. Verification processing or query processing.
  • the method for policy processing provided by the implementation of the present invention can save the signaling overhead by indicating the policy in the policy group, and add an identifier to each policy group, so that the policy in the policy group can be quickly determined according to the request message. Relevance policies are queried or verified to ensure the integrity of policy queries or verifications while avoiding the inefficiencies caused by traversing policies within all functional modules.
  • the verification process may be to check whether the policy stored in the NFVM or VIM is consistent with the policy stored in the NFVO (ie, verify the consistency of the policy), or may generate a trigger related policy by simulating the event (ie, verifying the correctness of the policy and Execution), for example, sends VNF monitoring information to the VNFM "Central processor CPU load exceeds 85%" to verify whether the VNF's auto-elastic scaling policy can be triggered, thereby avoiding errors in the execution of the policy.
  • the query processing may be to request the VNFM or VIM to send the locally stored related policies to the NFVO.
  • the NFVO sends the result of the verification processing or the query processing to the sender.
  • the sender can determine whether to execute the policy according to the result of the verification process, or the sender verifies the policy obtained by the query to determine whether to execute the policy.
  • the NFVO can query or verify the policy in the policy group, thereby avoiding the inconsistency between the policy to be executed and other policies in the policy group or the execution failure caused by the error of the policy to be executed.
  • Policy group-based queries or validation can also increase the speed of queries or validations.
  • each network element such as NFVO, OSS/BSS, EMS, etc.
  • each network element such as NFVO, OSS/BSS, EMS, etc.
  • each network element such as NFVO, OSS/BSS, EMS, etc.
  • NFVO NFVO
  • OSS/BSS OSS/BSS
  • EMS EMS
  • the present invention can be implemented in a combination of hardware or hardware and computer software in combination with the elements and algorithm steps of the various examples described in the embodiments disclosed herein. Whether a function is implemented in hardware or computer software to drive hardware depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods for implementing the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present invention.
  • the embodiments of the present invention may perform functional unit division on the NFVO, the transmitting end (for example, OSS, BSS, or EMS) according to the foregoing method.
  • each functional unit may be divided according to each function, or two or more of the functional units may be divided.
  • the functions are integrated in one processing unit.
  • the above integrated unit can be implemented in the form of hardware or in the form of a software functional unit. It should be noted that the division of the unit in the embodiment of the present invention is schematic, and is only a logical function division, and the actual implementation may have another division manner.
  • FIG. 5A shows a possible structural diagram of the NFVO involved in the above embodiment.
  • the NFVO 500 includes a processing unit 502 and a communication unit 503.
  • the processing unit 502 is configured to perform control management on the actions of the NFVO 500.
  • the processing unit 502 is configured to support the NFVO 500 to perform S310, S330, and S340 of FIG. 3.
  • the processing unit 502 is further configured to support the NFVO 500 to perform S420 and S430 of FIG. 4, and / or other processes for the techniques described herein.
  • Communication unit 503 is used to support communication of NFVO 500 with other network entities, such as with the sender shown in FIG.
  • the NFVO 500 may also include a storage unit 501 for storing program codes and data of the NFVO 500.
  • the processing unit 502 can be a processor or a controller, and can be, for example, a central processing unit (CPU), a general-purpose processor, a digital signal processor (DSP), and an application-specific integrated circuit (Application-Specific). Integrated Circuit (ASIC), Field Programmable Gate Array (FPGA) or other programmable logic device, transistor logic device, hardware component, or any combination thereof. It is possible to implement or carry out the various illustrative logical blocks, modules and circuits described in connection with the present disclosure.
  • the processor may also be a combination of computing functions, for example, including one or more microprocessor combinations, a combination of a DSP and a microprocessor, and the like.
  • the communication unit 503 can be a communication interface, a transceiver, a transceiver circuit, etc., wherein the communication interface is a collective name and can include one or more interfaces.
  • the storage unit 501 can be a memory.
  • the processing unit 502 is a processor
  • the communication unit 503 is a communication interface
  • the storage unit 501 is a memory
  • the NFVO involved in the embodiment of the present invention may be the NFVO shown in FIG. 5B.
  • the NFVO 510 includes a processor 512, a communication interface 513, and a memory 511.
  • the NFVO 510 can also include a bus 514.
  • the communication interface 513, the processor 512, and the memory 511 may be connected to each other through a bus 514.
  • the bus 514 may be a Peripheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (abbreviated). EISA) bus and so on.
  • PCI Peripheral Component Interconnect
  • EISA Extended Industry Standard Architecture
  • the bus 514 can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in Figure 5B, but it does not mean that there is only one bus or one type of bus.
  • the NFVO provided by the embodiment of the present invention can verify or query the policy in the policy group, thereby avoiding the inconsistency between the policy to be executed and other policies in the policy group or the execution failure caused by the error of the policy to be executed.
  • Policy group-based queries or validation can also increase the speed of queries or validations.
  • FIG. 6A shows a possible structural diagram of a transmitting end (for example, EMS, OSS, or BSS) involved in the above embodiment.
  • the transmitting end 600 includes a processing unit 602 and a communication unit 603.
  • the processing unit 602 is configured to perform control and management on the action of the sending end 600.
  • the processing unit 602 is configured to support the sending end 600 to execute S320 of FIG. 3, and the processing unit 602 is further configured to support the sending end 600 to execute S410 of FIG. 4, and / or other processes for the techniques described herein.
  • Communication unit 603 is used to support communication between sender 600 and other network entities, such as communication with the NFVO shown in FIG.
  • the transmitting end 600 may further include a storage unit 601 for storing program codes and data of the transmitting end 600.
  • the processing unit 602 can be a processor or a controller, and can be, for example, a central processing unit (CPU), a general-purpose processor, a digital signal processor (DSP), and an application-specific integrated circuit (Application-Specific). Integrated Circuit (ASIC), Field Programmable Gate Array (FPGA) or other programmable logic device, transistor logic device, hardware component, or any combination thereof. It is possible to implement or carry out the various illustrative logical blocks, modules and circuits described in connection with the present disclosure.
  • the processor may also be a combination of computing functions, for example, including one or more microprocessor combinations, a combination of a DSP and a microprocessor, and the like.
  • the communication unit 603 can be a communication interface, a transceiver, a transceiver circuit, etc., wherein the communication interface is a collective name and can include one or more interfaces.
  • the storage unit 601 can be a memory.
  • the transmitting end of the embodiment of the present invention may be the transmitting end shown in FIG. 6B.
  • the transmitting end 610 includes a processor 612, a communication interface 613, and a memory 611.
  • the transmitting end 610 may further include a bus 614.
  • the communication interface 613, at The processor 612 and the memory 611 may be connected to each other through a bus 614.
  • the bus 614 may be a Peripheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (EISA) bus.
  • PCI Peripheral Component Interconnect
  • EISA Extended Industry Standard Architecture
  • the bus 614 can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in Figure 6B, but it does not mean that there is only one bus or one type of bus.
  • the sender provided by the embodiment of the present invention may send a query request message or an authentication request message, requesting the NFVO to query or verify the policy in the policy group, thereby avoiding the inconsistency between the policy to be executed and other policies in the policy group. Execution failed due to an error in the execution of the policy.
  • Policy group-based queries or validation can also increase the speed of queries or validations.
  • sequence number of each process does not mean the order of execution, and the order of execution of each process should be determined by its function and internal logic, and should not be limited to the implementation process of the embodiment of the present invention.
  • the steps of the method or algorithm described in connection with the disclosure of the embodiments of the present invention may be implemented in a hardware manner, or may be implemented by a processor executing software instructions.
  • the software instructions may be composed of corresponding software modules, which may be stored in a random access memory (RAM), a flash memory, a read only memory (ROM), an erasable programmable read only memory ( Erasable Programmable ROM (EPROM), electrically erasable programmable read only memory (EEPROM), registers, hard disk, removable hard disk, compact disk read only (CD-ROM) or any other form of storage medium known in the art.
  • An exemplary storage medium is coupled to the processor to enable the processor to read information from, and write information to, the storage medium.
  • the storage medium can also be an integral part of the processor.
  • the processor and the storage medium can be located in an ASIC.
  • the ASIC can be located in NFVO or NM.
  • the processor and the storage medium can also exist as discrete components in NFVO or NM.
  • the functions described herein can be implemented in hardware, software, firmware, or any combination thereof.
  • the functions may be stored in a computer readable medium or transmitted as one or more instructions or code on a computer readable medium.
  • Computer readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one location to another.
  • a storage medium may be any available media that can be accessed by a general purpose or special purpose computer.

Abstract

Disclosed are a policy processing method and device. The method comprises: a network function virtualization orchestrator (NFVO) creating or acquiring a policy group, the policy group comprising an associated policy; the NFVO receiving a first request message from a sending end, the first request message being used for requesting the NFVO to verify or query a policy in the policy group; the NFVO verifying or querying a policy in the policy group; and the NFVO sending a response message to the sending end, the response message comprising a result of the verification or a result of the query. By means of the policy processing method and device provided in the embodiments of the present invention, a policy in a policy group is verified, inconformity between a policy to be executed and other policies in the policy group or an execution failure caused by an error of the policy to be executed is avoided, and based on the querying or verification of the policy group, the speed of querying or verification may be further improved.

Description

一种策略处理的方法和设备Method and device for strategic processing 技术领域Technical field
本发明涉及通信领域,尤其涉及一种策略处理的方法和设备。The present invention relates to the field of communications, and in particular, to a method and device for policy processing.
背景技术Background technique
网络功能虚拟化(Network Function Virtualization,NFV)技术可以将部分网络功能以软件方式在通用硬件上实现,例如,在电信网络中,利用NFV技术可以在通用的云服务器、交换机和存储中实现部分电信网络功能,从而实现网络服务的快速、高效部署。Network Function Virtualization (NFV) technology can implement some network functions in software on general-purpose hardware. For example, in telecom networks, NFV technology can be used to implement partial telecommunications in general-purpose cloud servers, switches, and storage. Network capabilities to enable rapid and efficient deployment of network services.
NFV技术通过各种策略来实现电信网络功能,而不同策略之间并不是完全独立的,例如,在执行弹性伸缩操作时,可能会需要分配新的资源,从而,在根据自动弹性伸缩策略对网络服务进行操作时,可能会触发亲和/反亲和策略、位置限制策略等,然而,现有技术中缺乏对上述不同策略进行处理的机制,这可能导致这些策略在执行时出现错误。NFV technology implements telecommunication network functions through various strategies, and different policies are not completely independent. For example, when performing elastic scaling operations, new resources may need to be allocated, and thus, the network is based on an automatic elastic scaling policy. When the service operates, an affinity/anti-affinity policy, a location restriction policy, and the like may be triggered. However, the prior art lacks a mechanism for processing the different policies described above, which may cause errors in the execution of these policies.
发明内容Summary of the invention
有鉴于此,本发明实施例提供了一种策略处理的方法和设备,能够基于策略组对策略进行验证或查询,从而可以避免策略执行时出现错误。In view of this, the embodiment of the present invention provides a method and a device for processing a policy, which can verify or query a policy based on a policy group, so as to avoid an error when the policy is executed.
一方面,本发明实施例提供了一种策略处理的方法,该方法包括:网络功能虚拟化编排器NFVO创建或获取策略组,所述策略组包括相关联的策略;所述NFVO从发送端接收第一请求消息,所述第一请求消息用于请求所述NFVO验证或者查询所述策略组中的策略;所述NFVO对所述策略组中的策略进行验证处理或查询处理;所述NFVO向所述发送端发送响应消息,所述响应消息包括所述验证处理的结果或者所述查询处理的结果。In one aspect, an embodiment of the present invention provides a method for policy processing, the method comprising: a network function virtualization orchestrator NFVO creates or acquires a policy group, the policy group includes an associated policy; and the NFVO receives from a sender a first request message, the first request message is used to request the NFVO to verify or query a policy in the policy group; the NFVO performs a verification process or a query process on a policy in the policy group; the NFVO direction The sending end sends a response message, where the response message includes a result of the verification process or a result of the query process.
根据本发明实施例提供的策略处理的方法,NFVO可以对策略组中的策略进行验证处理或查询处理,从而避免了待执行策略与策略组中的其它策略的不一致或者待执行策略的错误导致的执行失败。基于策略组的查询或验证还可以提高查询或验证的速度。According to the method for policy processing provided by the embodiment of the present invention, the NFVO may perform verification processing or query processing on the policies in the policy group, thereby avoiding the inconsistency between the to-be-executed policy and other policies in the policy group or the error of the pending execution policy. The execution failed. Policy group-based queries or validation can also increase the speed of queries or validations.
在一个可能的设计中,所述NFVO对所述策略组中的策略进行验证处理或查询处理,包括:所述NFVO向所述策略组中的策略的执行单元发送第二 请求消息,所述第二请求消息用于请求所述执行单元对所述策略进行验证处理或者查询处理;所述NFVO从所述执行单元接收所述策略的验证处理结果或者查询处理结果。通过向策略组中的策略的执行单元发送查询请求信息或者验证请求信息,请求执行单元对策略组中的策略进行查询处理或者验证处理,从而可以避免待执行策略与策略组中的其它策略的不一致或者待执行策略的错误导致的执行失败。基于策略组的查询或验证还可以提高查询或验证的速度。In a possible design, the NFVO performs verification processing or query processing on the policies in the policy group, including: the NFVO sends a second to an execution unit of the policy in the policy group. a request message, the second request message is used to request the execution unit to perform verification processing or query processing on the policy; and the NFVO receives a verification processing result of the policy or a query processing result from the execution unit. By sending the query request information or the verification request information to the execution unit of the policy in the policy group, the request execution unit performs query processing or verification processing on the policy in the policy group, thereby avoiding inconsistency between the pending policy and other policies in the policy group. Or the execution failure caused by the error of the pending policy. Policy group-based queries or validation can also increase the speed of queries or validations.
在一个可能的设计中,所述NFVO对所述策略组中的策略进行验证处理,包括:所述NFVO基于本地策略对所述策略组中的策略进行验证处理或查询处理。当策略组中的策略的执行单元为NFVO时,可以在NFVO本地对策略组中的策略进行查询处理或者验证处理,从而可以避免待执行策略与策略组中的其它策略的不一致或者待执行策略的错误导致的执行失败。基于策略组的查询或验证还可以提高查询或验证的速度。In a possible design, the NFVO performs verification processing on the policies in the policy group, including: the NFVO performs verification processing or query processing on the policies in the policy group based on a local policy. When the execution unit of the policy in the policy group is NFVO, the NFVO can perform query processing or verification processing on the policy in the policy group locally, so as to avoid inconsistency between the policy to be executed and other policies in the policy group or the policy to be executed. The execution caused by the error failed. Policy group-based queries or validation can also increase the speed of queries or validations.
在一个可能的设计中,所述第一请求消息中包括指示信息、策略信息或组标识,其中,所述指示信息用于指示所述策略组中的策略,所述策略信息是指所述策略组中的策略的信息,所述组标识用于标识所述策略组,所述NFVO对所述策略组中的策略进行验证处理或查询处理之前,所述方法还包括:所述NFVO根据所述指示信息或所述组标识确定所述策略组。本发明实施提供的策略处理的方法,通过指示信息指示策略组中的策略,可以节省信令开销,对每个策略组添加标识,从而可以根据请求消息快速确定策略组中的策略,对一组有关联性的策略进行查询或验证,确保策略查询或验证的完整性,同时避免了遍历所有功能模块内策略导致的低效。In a possible design, the first request message includes indication information, policy information, or a group identifier, where the indication information is used to indicate a policy in the policy group, and the policy information refers to the policy. The information of the policy in the group, the group identifier is used to identify the policy group, and before the NFVO performs verification processing or query processing on the policy in the policy group, the method further includes: the NFVO according to the The indication information or the group identification determines the policy group. The method for policy processing provided by the implementation of the present invention can save the signaling overhead by indicating the policy in the policy group, and add an identifier to each policy group, so that the policy in the policy group can be quickly determined according to the request message. Relevance policies are queried or verified to ensure the integrity of policy queries or verifications while avoiding the inefficiencies caused by traversing policies within all functional modules.
在一个可能的设计中,所述策略组与管理对象相对应,所述管理对象包括虚拟网络功能描述符VNFD、租户或资源。从而可以根据实际需求灵活确定策略组。In one possible design, the policy group corresponds to a management object, which includes a virtual network function descriptor VNFD, a tenant or a resource. Therefore, the policy group can be flexibly determined according to actual needs.
另一方面方面,本发明实施例提供了一种策略处理的方法,该方法包括:发送端向网络功能虚拟化编排器NFVO发送请求消息,所述请求消息用于请求所述NFVO对策略组中的策略进行验证处理或查询处理,其中,所述策略组包括相关联的策略;所述发送端从所述NFVO接收响应消息,所述响应消息包括所述验证处理的结果或所述查询处理的结果。On the other hand, an embodiment of the present invention provides a method for policy processing, where the method includes: a sending end sends a request message to a network function virtualization orchestrator NFVO, where the request message is used to request the NFVO to be in a policy group. The policy performs verification processing or query processing, wherein the policy group includes an associated policy; the sender receives a response message from the NFVO, the response message including a result of the verification process or the query processing result.
根据本发明实施例提供的策略验证的方法,发送端请求NFVO对策略组 中的策略进行验证,从而避免了待执行策略与策略组中的其它策略的不一致或者待执行策略的错误导致的执行失败。基于策略组的查询或验证还可以提高查询或验证的速度。According to the method for policy verification provided by the embodiment of the present invention, the sender requests the NFVO to the policy group. The policy in the verification is performed, thereby avoiding the inconsistency between the policy to be executed and other policies in the policy group or the execution failure caused by the error of the policy to be executed. Policy group-based queries or validation can also increase the speed of queries or validations.
在一个可能的设计中,所述请求消息中包括指示信息、策略信息或组标识,其中,所述指示信息用于指示所述策略组中的策略,所述策略信息是指策略组中的策略的信息,所述组标识用于标识所述策略组。本发明实施提供的策略处理的方法,通过指示信息指示策略组中的策略,可以节省信令开销,对每个策略组添加标识,从而可以根据请求消息快速确定策略组中的策略,对一组有关联性的策略进行查询或验证,确保策略查询或验证的完整性,同时避免了遍历所有功能模块内策略导致的低效。In a possible design, the request message includes indication information, policy information, or a group identifier, where the indication information is used to indicate a policy in the policy group, and the policy information refers to a policy in a policy group. The information of the group identifier is used to identify the policy group. The method for policy processing provided by the implementation of the present invention can save the signaling overhead by indicating the policy in the policy group, and add an identifier to each policy group, so that the policy in the policy group can be quickly determined according to the request message. Relevance policies are queried or verified to ensure the integrity of policy queries or verifications while avoiding the inefficiencies caused by traversing policies within all functional modules.
在一个可能的设计中,所述策略组与管理对象相对应,所述管理对象包括虚拟网络功能描述符VNFD、租户或资源。从而可以根据实际需求灵活确定策略组。In one possible design, the policy group corresponds to a management object, which includes a virtual network function descriptor VNFD, a tenant or a resource. Therefore, the policy group can be flexibly determined according to actual needs.
在一个可能的设计中,所述发送端包括:网元管理系统EMS、运营支撑系统OSS、业务支撑系统BSS或外部管理单元。本发明实施例提供的策略处理的方法,支持不同发送端发送业务处理请求,从而可以适应不同的应用场景。In a possible design, the sending end includes: a network element management system EMS, an operation support system OSS, a service support system BSS, or an external management unit. The method for policy processing provided by the embodiment of the present invention supports different senders to send service processing requests, thereby adapting to different application scenarios.
又一方面,本发明实施例提供了一种NFVO,该NFVO可以实现上述方面所涉及方法中NFVO所执行的功能,所述功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。所述硬件或软件包括一个或多个上述功能相应的单元或模块。In another aspect, the embodiment of the present invention provides an NFVO, which can implement the functions performed by the NFVO in the method related to the foregoing aspects, and the functions can be implemented by using hardware or by executing corresponding software by hardware. The hardware or software includes one or more corresponding units or modules of the above functions.
在一种可能的设计中,该NFVO的结构中包括处理器和通信接口,该处理器被配置为支持该NFVO执行上述方法中相应的功能。该通信接口用于支持该NFVO与其他网元之间的通信。该NFVO还可以包括存储器,该存储器用于与处理器耦合,其保存该NFVO必要的程序指令和数据。In one possible design, the NFVO structure includes a processor and a communication interface configured to support the NFVO to perform the corresponding functions of the above methods. The communication interface is used to support communication between the NFVO and other network elements. The NFVO can also include a memory for coupling with the processor that holds the necessary program instructions and data for the NFVO.
又一方面,本发明实施例提供了一种发送端,该发送端可以实现上述方面所涉及方法实施例中发送端所执行的功能,所述功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。所述硬件或软件包括一个或多个上述功能相应的模块。In another aspect, the embodiment of the present invention provides a sending end, where the sending end can implement the function performed by the sending end in the method embodiment of the foregoing aspect, and the function can be implemented by hardware or by hardware. Software Implementation. The hardware or software includes one or more modules corresponding to the above functions.
在一种可能的设计中,该发送端的结构中包括处理器和通信接口,该处理器被配置为支持该发送端执行上述方法中相应的功能。该收发器用于支持 该发送端与其他网元之间的通信。该发送端还可以包括存储器,该存储器用于与处理器耦合,其保存该发送端必要的程序指令和数据。In a possible design, the structure of the transmitting end includes a processor and a communication interface, and the processor is configured to support the transmitting end to perform a corresponding function in the above method. This transceiver is used to support Communication between the sender and other network elements. The sender can also include a memory for coupling with the processor that holds the program instructions and data necessary for the sender.
在一个可能的设计中,上述发送端可以为网元管理系统EMS、运营支撑系统OSS或业务支撑系统BSS。In a possible design, the foregoing sending end may be a network element management system EMS, an operation support system OSS or a service support system BSS.
又一方面,本发明实施例提供了一种通信系统,该系统包括上述方面所述的NFVO和发送端。In another aspect, an embodiment of the present invention provides a communication system, including the NFVO and the transmitting end described in the foregoing aspects.
再一方面,本发明实施例提供了一种计算机存储介质,用于储存为上述NFVO所用的计算机软件指令,其包含用于执行上述方面所设计的程序。In still another aspect, an embodiment of the present invention provides a computer storage medium for storing computer software instructions for use in the NFVO, including a program designed to perform the above aspects.
再一方面,本发明实施例提供了一种计算机存储介质,用于储存为上述发送端所用的计算机软件指令,其包含用于执行上述方面所设计的程序。In still another aspect, an embodiment of the present invention provides a computer storage medium for storing computer software instructions for use by the transmitting end, which includes a program designed to perform the above aspects.
相比于现有技术,根据本发明实施例提供的策略处理的方法,NFVO可以对策略组中的策略进行验证处理或查询处理,从而避免了待执行策略与策略组中的其它策略的不一致或者待执行策略的错误导致的执行失败。基于策略组的查询或验证还可以提高查询或验证的速度。Compared with the prior art, according to the method for policy processing provided by the embodiment of the present invention, the NFVO can perform verification processing or query processing on the policies in the policy group, thereby avoiding the inconsistency between the to-be-executed policy and other policies in the policy group. Execution failed due to an error in the execution of the policy. Policy group-based queries or validation can also increase the speed of queries or validations.
附图说明DRAWINGS
为了更清楚地说明本发明实施例的技术方案,下面将对本发明实施例中所需要使用的附图作简单地介绍,显而易见地,下面所描述的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings to be used in the embodiments of the present invention will be briefly described below. It is obvious that the drawings described below are only some embodiments of the present invention, Those skilled in the art can also obtain other drawings based on these drawings without paying any creative work.
图1是适用本发明实施例的一种可能的网络架构的示意图;1 is a schematic diagram of a possible network architecture to which an embodiment of the present invention is applied;
图2是本发明实施例提供的策略下发的方法的通信示意图;2 is a schematic diagram of communication of a method for sending a policy according to an embodiment of the present invention;
图3是本发明实施例提供的一种策略处理的方法的通信示意图;3 is a schematic diagram of communication of a method for policy processing according to an embodiment of the present invention;
图4是本发明实施例提供的另一种策略处理的方法的通信示意图;4 is a schematic diagram of communication of another method for policy processing according to an embodiment of the present invention;
图5A是本发明实施例提供的一种可能的NFVO的结构示意图;FIG. 5A is a schematic structural diagram of a possible NFVO according to an embodiment of the present invention; FIG.
图5B是本发明实施例提供的另一种可能的NFVO的示意结构图;FIG. 5B is a schematic structural diagram of another possible NFVO according to an embodiment of the present invention; FIG.
图6A是本发明实施例提供的一种可能的发送端的结构示意图;6A is a schematic structural diagram of a possible transmitting end according to an embodiment of the present invention;
图6B是本发明实施例提供的另一种可能的发送端的结构示意图。FIG. 6B is a schematic structural diagram of another possible transmitting end according to an embodiment of the present invention.
具体实施方式detailed description
为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发 明实施例中的附图,对本发明实施例中的技术方案进行描述。In order to make the purpose, technical solution and advantages of the embodiments of the present invention clearer, the following will be combined with the present invention. The technical solutions in the embodiments of the present invention are described in the accompanying drawings in the embodiments.
本发明实施例描述的网络架构以及业务场景是为了更加清楚的说明本发明实施例的技术方案,并不构成对本发明实施例提供的技术方案的限定,本领域普通技术人员可知,随着网络架构的演变和新业务场景的出现,本发明实施例提供的技术方案对于类似的技术问题,同样适用。The network architecture and the service scenario described in the embodiments of the present invention are for the purpose of more clearly illustrating the technical solutions of the embodiments of the present invention, and are not limited to the technical solutions provided by the embodiments of the present invention. The technical solutions provided by the embodiments of the present invention are equally applicable to similar technical problems.
本发明实施例的方法可以应用于基于NFV的网络架构,此外还可以应用于基于应用容器引擎(例如Docker)的网络架构、基于虚拟机监视器(Virtual Machine Monitor,VMM)的网络架构或者其它虚拟化的网络架构中,其中VMM也可以称为hypervisor,下面,以基于NFV的网络架构为例,对本发明实施例的方案进行说明。The method of the embodiment of the present invention can be applied to an NFV-based network architecture, and can also be applied to a network architecture based on an application container engine (for example, Docker), a virtual machine monitor (VMM)-based network architecture, or other virtual In the network architecture, the VMM may also be referred to as a hypervisor. The following describes the solution of the embodiment of the present invention by taking an NFV-based network architecture as an example.
图1为本发明实施例提供的一种基于NFV的网络架构的示意图。如图1所示,该网络架构包括:网络功能虚拟化编排器(Network Function Virtualization Orchestrator,NFVO)、虚拟化网络功能管理器(Virtualized Network Function Manager,VNFM)、虚拟化基础设施管理器(Virtualized Infrastructure Manager,VIM)、网络功能虚拟化基础设施(Network Function Virtualization Infrastructure,NFVI)、虚拟化网络功能(Virtualized Network Function,VNF)和网元管理系统(Element Manager System,EMS),其中,NFVO、VNFM和VIM属于NFV系统的管理编排(Management and Orchestration,MANO)架构。此外,图1所示网络架构中的运营支撑系统/业务支撑系统(Operation Support System/Business Support System,OSS/BSS)是运营商现有的OSS或BSS。FIG. 1 is a schematic diagram of an NFV-based network architecture according to an embodiment of the present invention. As shown in Figure 1, the network architecture includes: Network Function Virtualization Orchestrator (NFVO), Virtualized Network Function Manager (VNFM), and Virtualized Infrastructure Manager (Virtualized Infrastructure). Manager, VIM), Network Function Virtualization Infrastructure (NFVI), Virtualized Network Function (VNF), and Element Manager System (EMS), where NFVO, VNFM, and VIM belongs to the Management and Orchestration (MANO) architecture of the NFV system. In addition, the Operation Support System/Business Support System (OSS/BSS) in the network architecture shown in FIG. 1 is an existing OSS or BSS of the operator.
为了方便理解本发明实施例,下面,分别对上述设备以及与本发明相关的要素进行简要介绍。In order to facilitate the understanding of the embodiments of the present invention, the above-described devices and elements related to the present invention will be briefly described below.
虚拟化容器(virtualisation container)是计算节点的一部分,用于提供隔离的虚拟化计算环境,一个典型的虚拟化容器的例子是虚拟机。虚拟机(Virtual Machine,VM)指通过虚拟机软件在物理设备上模拟出的虚拟设备。对于在虚拟机中运行的应用程序而言,这些虚拟机就像真正的物理设备那样进行工作,虚拟机上可以安装操作系统和应用程序,虚拟机还可访问网络资源。A virtualisation container is part of a compute node that provides an isolated virtualized computing environment. An example of a typical virtualized container is a virtual machine. A virtual machine (VM) refers to a virtual device that is simulated on a physical device by virtual machine software. For applications running in virtual machines, these virtual machines work just like real physical devices, which can have operating systems and applications installed on them, and virtual machines can access network resources.
VNF,也可称之为虚拟化网元,对应于传统的非虚拟化网络中的物理网络功能。网络功能的功能性行为和状态与网络功能的虚拟化与否无关。VNF 可以由多个更低级别的组件组成,可选的,一个VNF可以部署在多个VM上,每个VM承载(host)一个虚拟网络功能组件(Virtualized Network Function Component,VNFC)。可选的,一个VNF也可以部署在一个VM上。VNF, also known as virtualized network elements, corresponds to physical network functions in traditional non-virtualized networks. The functional behavior and state of the network function is independent of the virtualization of the network function. VNF It can be composed of multiple lower-level components. Optionally, one VNF can be deployed on multiple VMs, and each VM hosts a Virtualized Network Function Component (VNFC). Optionally, a VNF can also be deployed on a VM.
虚拟网络功能描述符(Virtualized Network Function Descriptor,VNFD)是VNF的部署模板。可选的,VNFD和VNF一一对应,VNFD描述实现该VNF所需的虚拟资源参数和需求,主要被用于建立VNF实例和管理VNF的生命周期。The Virtualized Network Function Descriptor (VNFD) is a deployment template for the VNF. Optionally, the VNFD and the VNF are in one-to-one correspondence, and the VNFD describes the virtual resource parameters and requirements required to implement the VNF, and is mainly used to establish a VNF instance and manage the life cycle of the VNF.
VNFM主要用于:实现VNF实例的生命周期管理,包括VNF实例的初始化、VNF实例的扩容或缩容以及VNF实例的终止。The VNFM is mainly used to implement the lifecycle management of the VNF instance, including the initialization of the VNF instance, the expansion or contraction of the VNF instance, and the termination of the VNF instance.
EMS主要用于:针对VNF执行传统的FCAPS(Fault Management,Configuration Management,Accounting Management,Performance Management and Security Management,故障管理,配置管理,计费管理,性能管理,安全管理)功能。EMS可以单独存在,也可以是具有EMS功能的VNF。The EMS is mainly used to perform traditional FCAPS (Fault Management, Configuration Management, Accounting Management, Performance Management and Security Management, fault management, configuration management, billing management, performance management, and security management) functions for the VNF. The EMS can exist alone or as a VNF with EMS functionality.
VIM主要负责:基础设施层硬件资源和虚拟化资源的管理、监控和故障上报,面向上层应用提供虚拟化资源池。VIM is mainly responsible for: management, monitoring, and fault reporting of infrastructure layer hardware resources and virtualized resources, and providing virtualized resource pools for upper-layer applications.
NFVI:提供整个系统运行的硬件和虚拟资源,由硬件资源(包括计算、网络、存储三部分)、虚拟化层(将硬件资源虚拟化成资源池)和虚拟资源(同样分成计算、网络、存储三部分)组成。从VNF的角度来说,虚拟化层和硬件资源看起来是一个能够提供所需虚拟资源的实体。NFVI: Provides hardware and virtual resources for the entire system, consisting of hardware resources (including computing, networking, and storage), virtualization layers (virtualizing hardware resources into resource pools), and virtual resources (also divided into computing, networking, and storage). Part) composition. From a VNF perspective, the virtualization layer and hardware resources appear to be an entity that provides the required virtual resources.
NFVO用于实现网络服务描述符(Network Service Descriptor,NSD)、VNFD、虚拟网络功能转发图(Virtualized Network Function Forwarding Graph,VNFFG)的管理,网络服务(Network Service,NS)生命周期的管理,和资源的全局视图功能。NFVO is used to implement Network Service Descriptor (NSD), VNFD, Virtualized Network Function Forwarding Graph (VNFFG) management, Network Service (NS) lifecycle management, and resources. The global view feature.
可选的,图1所示的网络架构还可以包括策略管理功能(Policy Management Function,PMF)单元。PMF单元的物理实现可以是单独的管理器,当PMF单元为单独的管理器时,PMF单元可以分别与OSS/BSS、NFVO、VNFM和VIM连接,具体可以通过策略管理参考点与NFVO、VNFM和VIM连接。PMF单元在物理实现上也可以是与NFVO共址的管理器,或者可以理解为PMF单元和NFVO部署在同一物理计算机系统上,该情况下,PMF单元分别与VNFM和VIM连接。可选的,在一些实施例中,PMF单元也可以部署在OSS或者BSS中。 Optionally, the network architecture shown in FIG. 1 may further include a Policy Management Function (PMF) unit. The physical implementation of the PMF unit can be a separate manager. When the PMF unit is a separate manager, the PMF unit can be connected to the OSS/BSS, NFVO, VNFM, and VIM respectively, and the reference point can be used to manage the reference point with NFVO, VNFM, and VIM connection. The PMF unit may also be a manager co-located with the NFVO in physical implementation, or it may be understood that the PMF unit and the NFVO are deployed on the same physical computer system. In this case, the PMF unit is respectively connected to the VNFM and the VIM. Optionally, in some embodiments, the PMF unit may also be deployed in the OSS or the BSS.
运营商可以利用NFV技术搭建演进的分组核心网(Evolved Packet Core,EPC),例如,部署虚拟的移动性管理实体(Mobility Management Entity,MME)、虚拟的分组数据网络网关(Packet Data Network Gateway,PGW)、虚拟的服务网关(Serving Gateway,SGW)。运营商可以通过OSS/BSS向MANO系统发送策略,例如,配置NS的生命周期管理策略、VNF的生命周期管理策略。Operators can use NFV technology to build an Evolved Packet Core (EPC). For example, deploy a virtual Mobility Management Entity (MME) and a virtual Packet Data Network Gateway (PGW). ), a virtual Serving Gateway (SGW). The operator can send policies to the MANO system through the OSS/BSS, for example, configuring the lifecycle management policy of the NS and the lifecycle management policy of the VNF.
根据执行实体的不同,不同的策略需要保存到不同的MANO实体(即,NFVO、VNFM或VIM)中,以便于策略的本地执行,策略下发可以在实例化过程中完成,也可以通过策略管理接口完成,下面,分别对这两种情况进行描述。需要说明的是,下面有关策略下发的描述是为了更好的理解本发明实施例所涉及的领域,而不构成对本发明实施例的限定。Depending on the execution entity, different policies need to be saved to different MANO entities (ie, NFVO, VNFM, or VIM) to facilitate local execution of the policy. Policy delivery can be done in the instantiation process or through policy management. The interface is completed. Below, the two cases are described separately. It is to be understood that the following description of the embodiments of the present invention is not intended to limit the scope of the present invention.
第一种情况,在实例化请求过程中完成策略下发。图2示出了在实例化请求过程中完成策略下发的示意图。策略下发的过程包括:In the first case, the policy is delivered during the instantiation request. Figure 2 shows a schematic diagram of the completion of policy delivery during the instantiation request process. The process of policy delivery includes:
S201,发送端(例如,OSS/BSS或外部管理单元)向NFVO发送实例化VNF的请求消息;其中,外部管理单元是指与NFVO相连的外部实体,外部管理单元与NFVO之间可以进行交互,例如,外部管理单元可以是与NFVO相连的管理终端或管理网元等。S201. The sending end (for example, an OSS/BSS or an external management unit) sends a request message for instantiating the VNF to the NFVO. The external management unit refers to an external entity connected to the NFVO, and the external management unit and the NFVO can interact with each other. For example, the external management unit may be a management terminal or a management network element connected to the NFVO.
S202,NFVO验证该请求消息的正确性;S202. The NFVO verifies the correctness of the request message.
S203,NFVO检查资源可用性并进行资源预留(可选步骤),例如,NFVO向VIM发送资源查询请求消息,请求查询当前可用的资源,VIM向NFVO发送查询的结果;S203, the NFVO checks the resource availability and performs resource reservation (optional step). For example, the NFVO sends a resource query request message to the VIM, requests to query the currently available resources, and the VIM sends the query result to the NFVO.
S204,NFVO从VNFD中获取该VNF生命周期管理和资源管理的相关策略;S204, the NFVO obtains the VNF lifecycle management and resource management related strategies from the VNFD;
S205,NFVO向VNFM发送实例化请求消息,通知VNFM进行VNF实例化,同时,NFVO将VNF生命周期管理策略下发给VNFM,若进行了S203,实例化请求消息还携带预留资源信息;S205, the NFVO sends an instantiation request message to the VNFM, informing the VNFM to perform the VNF instantiation, and the NFVO sends the VNF lifecycle management policy to the VNFM. If the S203 is performed, the instantiation request message carries the reserved resource information.
S206,VNFM验证实例化请求消息并执行VNF实例化处理,例如,修改实例化参数、补全信息,同时,VNFM将接收到的VNF生命周期管理策略存储起来;S206, the VNFM verifies the instantiation request message and performs VNF instantiation processing, for example, modifying the instantiation parameter and the completion information, and at the same time, the VNFM stores the received VNF lifecycle management policy;
S207,VNFM向NFVO发送申请分配资源的请求消息,并向NFVO发送确认消息,该确认消息用于通知NFVO,VNF生命周期管理策略已得到处 理;S207. The VNFM sends a request message for requesting allocation of resources to the NFVO, and sends an acknowledgement message to the NFVO, where the acknowledgement message is used to notify the NFVO, and the VNF lifecycle management policy has been obtained. Reason
S208,NFVO执行预处理操作,例如,验证实例化参数、选取资源位置(即,选择一个VIM)、检查依赖性;S208. The NFVO performs a pre-processing operation, for example, verifying the instantiation parameter, selecting a resource location (ie, selecting a VIM), and checking the dependency;
S209,NFVO向VIM发送申请虚拟资源的请求消息,并向VIM发送与该VNF相关的资源管理策略;S209. The NFVO sends a request message for requesting a virtual resource to the VIM, and sends a resource management policy related to the VNF to the VIM.
S210,VIM接收到资源管理策略后存储该资源管理策略;S210. The VIM stores the resource management policy after receiving the resource management policy.
S211,VIM建立虚拟网络;S211, the VIM establishes a virtual network;
S212,VIM分配虚拟机和存储资源,并挂载到虚拟网络上;S212: The VIM allocates a virtual machine and a storage resource, and mounts the virtual machine to the virtual network.
S213,VIM向NFVO发送确认消息,通知NFVO资源分配已经完成,资源管理策略已经处理;S213, the VIM sends an acknowledgement message to the NFVO, notifying that the NFVO resource allocation has been completed, and the resource management policy has been processed;
S214,NFVO通知VNFM资源分配完成,VNFM和EM对VNF进行配置,VNFM通知NFVO实例化完成;S214, the NFVO notifies that the VNFM resource allocation is completed, the VNFM and the EM configure the VNF, and the VNFM notifies the NFVO to complete the instantiation;
S215,NFVO通知发送端实例化完成。S215, the NFVO notifies the sender that the instantiation is completed.
第二种情况,通过策略管理接口实现策略下发。除了随VNF实例化过程下发策略,还可以通过独立的策略管理接口实现策略的添加、删除等操作。In the second case, the policy is delivered through the policy management interface. In addition to the policy of issuing policies along with the VNF instantiation process, operations such as adding and deleting policies can be implemented through independent policy management interfaces.
在不同的网元或单元之间,有独立的策略管理接口,例如:i)OSS与NFVO间的策略组管理接口,主要负责策略组的建立、删除、查询、修改等操作;ii)EMS与VNFM间的策略管理接口,主要负责VNF生命周期管理策略的添加、删除、修改等操作;iii)VIM对管理员开放的策略管理接口,主要负责虚拟资源策略的添加、删除、修改等操作;iv)NFVO与VNFM间的策略管理接口,负责NFVO向VNFM添加、删除、修改、查询、验证策略信息,VNFM转发EMS向NFVO发起的策略查询/验证请求,VNFM向NFVO发送策略更新通知等;v)NFVO与VIM间的策略管理接口,负责NFVO向VIM添加、删除、修改、查询、验证策略信息,VIM向NFVO发送策略更新通知等;vi)VNFM与VIM间的策略管理接口,负责经过NFVO授权的VNFM向VIM添加、删除、修改、查询、验证策略信息等。There are independent policy management interfaces between different network elements or units, for example: i) policy group management interface between OSS and NFVO, which is mainly responsible for the establishment, deletion, query, modification, etc. of the policy group; ii) EMS and The policy management interface between VNFM is mainly responsible for adding, deleting, and modifying VNF lifecycle management policies. iii) The policy management interface that VIM is open to administrators, which is mainly responsible for adding, deleting, and modifying virtual resource policies; The policy management interface between NFVO and VNFM is responsible for adding, deleting, modifying, querying, and verifying policy information to NFVO to VNFM. VNFM forwards the policy query/verification request initiated by EMS to NFVO, and VNFM sends policy update notification to NFVO; v) Policy management interface between NFVO and VIM, responsible for adding, deleting, modifying, querying, and verifying policy information to NFVO to VIM, VIM sending policy update notifications to NFVO, etc.; vi) Policy management interface between VNFM and VIM, responsible for NFVO authorization VNFM adds, deletes, modifies, queries, and validates policy information to VIM.
NFVO读取VNFD获取相关策略信息后,NFVO可以通过与VNFM和与VIM间的策略管理接口,将VNF生命周期管理策略和资源管理策略分别下发并存储到VNFM和VIM中,此外,OSS、VIM管理员、EMS等也可通过相应的策略管理接口对MANO中的策略信息进行管理。After the NFVO reads the VNFD to obtain the relevant policy information, the NFVO can issue and store the VNF lifecycle management policy and the resource management policy to the VNFM and VIM respectively through the policy management interface between the VNFM and the VIM. In addition, the OSS and the VIM are provided. Administrators, EMS, etc. can also manage the policy information in MANO through the corresponding policy management interface.
各种策略下发完成后,这些策略之间并不是完全独立的,但现有技术中 缺乏对相关联的策略进行处理的机制,这可能导致这些策略在执行时出现错误。有鉴于此,本发明实施例提供一种基于策略组的方案,该策略组中包括相关联的策略,从而可以基于该策略组对不同策略进行处理,以避免这些策略在执行时出现错误。After the various strategies are issued, these strategies are not completely independent, but in the prior art. There is a lack of mechanisms for dealing with associated policies, which can lead to errors in their implementation. In view of this, the embodiment of the present invention provides a policy group-based solution, where the policy group includes an associated policy, so that different policies can be processed based on the policy group to prevent errors in the execution of these policies.
在一种可能的实施方式中,NFVO或PMF单元等可以创建策略组,策略组中包括相关联的策略。示例性的,可以根据不同的管理对象创建策略组。例如,NFVO或PMF单元可以根据不同的管理对象对相关策略建立索引,形成策略组。NFVO或PMF单元还可以对每个策略组添加标识,从而可以根据请求消息快速确定策略组中的策略,对一组有关联性的策略进行查询或验证,确保策略查询或验证的完整性,同时避免了遍历所有功能模块内策略导致的低效。In a possible implementation manner, an NFVO or PMF unit or the like may create a policy group, and the policy group includes an associated policy. Exemplarily, a policy group can be created according to different management objects. For example, the NFVO or PMF unit can index related policies according to different management objects to form a policy group. The NFVO or PMF unit can also add an identifier to each policy group, so that the policies in the policy group can be quickly determined according to the request message, and a group of related policies can be queried or verified to ensure the integrity of the policy query or verification. Avoid the inefficiencies caused by traversing the policies within all functional modules.
下面举出几个根据不同管理对象创建策略组的示例。Here are a few examples of creating policy groups based on different management objects.
管理对象为VNFD。VNFD包括一些策略信息,NFVO在读取VNFD中定义的策略后,可以将读取到的全部策略作为一个策略组,以VNFD的标识或自动生成的标识作为该组策略的组标识。The management object is VNFD. The VNFD includes some policy information. After reading the policy defined in the VNFD, the NFVO can use all the policies read as a policy group, and use the VNFD identifier or the automatically generated identifier as the group identifier of the group policy.
管理对象为租户(tenant)。不同的租户可以使用或管理不同的VNF或虚拟资源,共享MANO的管理和基础设施。某些策略可以以租户为管理对象进行设置,例如针对不同租户的资源使用限制策略。NFVO可以使用租户标识作为组标识创建策略组,当添加针对某个租户的策略时,如果租户标识与策略组的组标识一致,NFVO可以将该策略加入到该策略组,如果租户标识与策略组的组标识不一致,NFVO可以为该策略新建一个策略组。The management object is a tenant. Different tenants can use or manage different VNFs or virtual resources to share MANO management and infrastructure. Some policies can be set up by tenants as managed objects, such as resource usage restriction policies for different tenants. NFVO can use the tenant ID to create a policy group as a group ID. When adding a policy for a tenant, if the tenant ID is the same as the group ID of the policy group, NFVO can add the policy to the policy group, if the tenant ID and policy group The group IDs are inconsistent, and NFVO can create a new policy group for the policy.
管理对象为资源。NFV系统中包括多种不同类型的资源,如计算资源、网络资源、存储资源和加速资源,系统可以针对不同种类的资源设定策略,此外,系统也可以针对资源组(例如资源区(resource zone)、预留资源池(reservation pool))设定专门的策略。NFVO可以根据这些资源的类别或标识创建策略组,当添加针对资源的策略时,如果该策略对应的资源属于一类资源或者一个资源组,NFVO可以将该策略加入到该策略组,如果该策略对应的资源与现有的资源或者资源组都没有关系,NFVO可以为该策略新建一个策略组。The management object is a resource. The NFV system includes a plurality of different types of resources, such as computing resources, network resources, storage resources, and acceleration resources. The system can set policies for different kinds of resources. In addition, the system can also target resource groups (for example, resource zones). ), reserve a resource pool (reservation pool) to set a special strategy. The NFVO may create a policy group according to the category or identifier of the resource. When adding a policy for the resource, if the resource corresponding to the policy belongs to a type of resource or a resource group, the NFVO may add the policy to the policy group if the policy The corresponding resource has nothing to do with the existing resource or resource group. NFVO can create a new policy group for the policy.
上述示例仅是举例说明,本发明实施例不限于此,可选的,PMF单元或其他单元创建策略组后,NFVO还可以从PMF单元或其他单元获取该策略 组。The above example is only an example, and the embodiment of the present invention is not limited thereto. Alternatively, after the PMF unit or other unit creates a policy group, the NFVO may also obtain the policy from the PMF unit or other unit. group.
下面将基于上面所述的本发明涉及的共性方面,对本发明实施例进一步详细说明。The embodiments of the present invention will be further described in detail below based on the common aspects of the invention described above.
图3为本发明实施例提供的一种策略处理的方法300的通信示意图,如图3所示,该方法300包括:FIG. 3 is a schematic diagram of communication of a method 300 for policy processing according to an embodiment of the present invention. As shown in FIG. 3, the method 300 includes:
S310,NFVO创建或者获取策略组,该策略组包括相关联的策略。S310. The NFVO creates or acquires a policy group, where the policy group includes an associated policy.
在一个示例中,NFVO可以创建策略组。例如,NFVO可以根据管理对象创建策略组,其中,管理对象可以包括VNFD、租户或资源等。具体创建方式可以参考上述有关根据不同管理对象创建策略组的示例的详细描述,此处不作赘述。从而本发明实施例可以根据实际需求灵活确定策略组。In one example, NFVO can create a policy group. For example, NFVO may create a policy group according to a management object, where the management object may include a VNFD, a tenant or a resource, and the like. For details about how to create a method, refer to the above detailed description of an example of creating a policy group based on different management objects, which is not described here. Therefore, the embodiment of the present invention can flexibly determine a policy group according to actual needs.
在另一个示例中,NFVO可以获取策略组。例如,NFVO可以从PMF单元、OSS或BSS等处获取策略组。其中,PMF单元、OSS或BSS等可以根据管理对象创建策略组后,将策略组发送至NFVO,其中管理对象可以包括VNFD、租户或资源等。具体创建方式可以参考上述有关根据不同管理对象创建策略组的示例的详细描述,此处不作赘述。In another example, NFVO can acquire a policy group. For example, NFVO can obtain a policy group from a PMF unit, OSS, or BSS. The PMF unit, the OSS, or the BSS may send the policy group to the NFVO according to the management object, where the management object may include a VNFD, a tenant, or a resource. For details about how to create a method, refer to the above detailed description of an example of creating a policy group based on different management objects, which is not described here.
S320,发送端向NFVO发送第一请求消息,该第一请求消息用于请求NFVO对所述策略组中的策略进行验证处理或查询处理。S320. The sending end sends a first request message to the NFVO, where the first request message is used to request the NFVO to perform verification processing or query processing on the policy in the policy group.
在一个示例中,第一请求消息可以是验证请求消息,该验证请求消息用于请求NFVO验证策略组中策略的一致性、正确性和可执行性中的至少一种属性。其中,所述一致性指NFVO保存的策略信息与策略执行单元中保存的策略信息是相同的或不矛盾的;所述正确性指策略信息在表达上没有语义和语法错误;所述可执行性指策略信息可以被策略执行单元所执行,即,策略信息不是无效策略(所述无效策略是指策略不适用于其所在策略执行单元执行,比如该策略包括该策略执行单元不支持的操作)或冗余策略(所述冗余策略指策略信息可被其它一个或多个策略信息替代,从而不会被实际执行)。或者,第一请求消息也可以是查询请求消息,该查询请求消息用于请求NFVO查询策略组中的策略,以便于发送端进行验证。In one example, the first request message may be an authentication request message for requesting at least one of consistency, correctness, and enforceability of the policies in the NFVO verification policy group. The consistency means that the policy information saved by the NFVO is the same or not contradictory to the policy information saved in the policy execution unit; the correctness means that the policy information has no semantic and grammatical errors in expression; the executable The policy information may be executed by the policy execution unit, that is, the policy information is not an invalid policy (the invalid policy means that the policy is not applicable to the execution of the policy execution unit in which it is located, for example, the policy includes operations that are not supported by the policy execution unit) or Redundancy policy (the redundancy policy means that the policy information can be replaced by other one or more policy information so as not to be actually executed). Alternatively, the first request message may also be a query request message, where the query request message is used to request a policy in the NFVO query policy group, so that the sender performs verification.
发送端可以是EMS,也可以是OSS或BSS,还可以是外部管理单元,其中,管理员可以通过外部管理单元向NFVO发起查询请求或者验证请求。因此,本发明实施例可以支持不同发送端发送的业务处理请求,从而可以适应不同的应用场景。 The sending end may be an EMS, an OSS or a BSS, or an external management unit, wherein the administrator may initiate a query request or an authentication request to the NFVO through the external management unit. Therefore, the embodiment of the present invention can support service processing requests sent by different sending ends, so that it can adapt to different application scenarios.
S330,NFVO对所述策略组中的策略进行验证处理或者查询处理。S330. The NFVO performs verification processing or query processing on the policies in the policy group.
在一个示例中,验证处理可以是检查NFVM或VIM中存储的策略与NFVO中存储的策略是否一致(即,验证策略的一致性),也可以是通过模拟事件产生触发相关策略(即,验证策略的正确性和可执行性);查询处理可以是请求VNFM或VIM将本地存储的相关策略发送给NFVO。In an example, the verification process may be to check whether the policy stored in the NFVM or VIM is consistent with the policy stored in the NFVO (ie, verify the consistency of the policy), or may generate a trigger related policy by simulating the event (ie, verifying the policy) The correctness and enforceability); the query processing may be to request the VNFM or VIM to send the locally stored related policies to the NFVO.
在一个示例中,根据策略的执行单元的不同,验证处理和查询处理的方法可能不同。In one example, the method of verification processing and query processing may be different depending on the execution unit of the policy.
例如,S330可以包括:S331,NFVO在本地对策略组中的策略进行验证处理或查询处理,其中,策略的执行单元为NFVO。For example, the S330 may include: S331. The NFVO performs a verification process or a query process on the policy in the policy group locally, where the execution unit of the policy is NFVO.
又例如,S330可以包括:S332,NFVO向VNFM或VIM发送第二请求消息,该第二请求消息用于请求所述执行单元对所述策略进行验证处理或者查询处理,其中,策略的执行单元为VNFM或VIM;S333,NFVO接收VNFM或VIM发送的验证处理的结果或者查询处理的结果。For example, the S330 may include: S332, the NFVO sends a second request message to the VNFM or the VIM, where the second request message is used to request the execution unit to perform verification processing or query processing on the policy, where the execution unit of the policy is VNFM or VIM; S333, NFVO receives the result of the verification process sent by the VNFM or VIM or the result of the query process.
本发明实施例提供的策略处理的方法,通过向策略组中的策略的执行单元发送查询请求信息或者验证请求信息,请求执行单元对策略组中的策略进行查询处理或者验证处理,从而可以避免待执行策略与策略组中的其它策略的不一致或者待执行策略的错误导致的执行失败。The method for policy processing provided by the embodiment of the present invention sends a query request information or a verification request information to an execution unit of a policy in a policy group, and requests the execution unit to perform query processing or verification processing on the policy in the policy group, thereby avoiding waiting for the policy in the policy group. Execution policy fails with other policies in the policy group or the execution of the pending policy fails.
当策略组中的策略的执行单元为NFVO时,可以在NFVO本地对策略组中的策略进行查询处理或者验证处理,从而可以避免待执行策略与策略组中的其它策略的不一致或者待执行策略的错误导致的执行失败。基于策略组的查询或验证还可以提高查询或验证的速度。When the execution unit of the policy in the policy group is NFVO, the NFVO can perform query processing or verification processing on the policy in the policy group locally, so as to avoid inconsistency between the policy to be executed and other policies in the policy group or the policy to be executed. The execution caused by the error failed. Policy group-based queries or validation can also increase the speed of queries or validations.
NFVO根据第一请求消息完成查询处理或者验证处理后,方法300还包括:After the NFVO completes the query processing or the verification processing according to the first request message, the method 300 further includes:
S340,NFVO向发送端发送响应消息,该响应消息包括所述验证处理的结果或者所述查询处理的结果。S340. The NFVO sends a response message to the sender, where the response message includes a result of the verification process or a result of the query process.
根据本发明实施例的策略处理的方法300,NFVO可以对策略组中的策略进行验证或查询,从而避免了待执行策略与策略组中的其它策略的不一致或者待执行策略的错误导致的执行失败。基于策略组的查询或验证还可以提高查询或验证的速度。According to the method 300 of the policy processing according to the embodiment of the present invention, the NFVO can verify or query the policy in the policy group, thereby avoiding the inconsistency between the policy to be executed and other policies in the policy group or the execution failure caused by the error of the policy to be executed. . Policy group-based queries or validation can also increase the speed of queries or validations.
图4为根据本发明实施例提供的另一种策略处理的方法400的示意性流程图,方法400包括三个步骤:S410,发起查询/验证请求;S420,查询验 证过程;S430,结果反馈。下面,结合图4详细描述根据本发明实施例的策略处理的方法。FIG. 4 is a schematic flowchart of another method 400 for policy processing according to an embodiment of the present invention. The method 400 includes three steps: S410, initiating a query/verification request; S420, query verification Certificate process; S430, result feedback. Hereinafter, a method of policy processing according to an embodiment of the present invention will be described in detail with reference to FIG.
S410,NFVO接收发送端发送的请求消息,该请求消息可以是验证请求消息,用于请求NFVO验证策略组中策略的一致性、正确性和可执行性中的至少一种属性,该请求消息也可以是查询请求消息,用于请求NFVO查询策略组中的策略,根据查询/验证请求的发送端不同,S410包括以下3种情况。S410, the NFVO receives the request message sent by the sending end, where the request message may be an authentication request message, and is used to request at least one of consistency, correctness, and enforceability of the policy in the NFVO verification policy group, and the request message is also It may be a query request message for requesting a policy in the NFVO query policy group. The S410 includes the following three cases according to different senders of the query/verification request.
第一种情况,发送端为OSS。OSS可以直接向NFVO发送策略查询/验证请求消息,NFVO接收到该请求消息后对相应的策略组进行查询处理或验证处理。In the first case, the sender is OSS. The OSS can directly send a policy query/authentication request message to the NFVO, and after receiving the request message, the NFVO performs query processing or verification processing on the corresponding policy group.
第二种情况,发送端为EMS。EMS可以向VNFM发送策略查询/验证请求消息,VNFM接收到该请求消息后向NFVO转发,以便于NFVO根据该请求消息对相应的策略组进行查询处理或验证处理。In the second case, the sender is EMS. The EMS may send a policy query/authentication request message to the VNFM, and the VNFM forwards the request message to the NFVO, so that the NFVO performs query processing or verification processing on the corresponding policy group according to the request message.
第三种情况,发送端为外部管理单元。管理员可以通过外部管理单元直接向NFVO发送策略查询/验证请求消息,NFVO接收到该请求消息后对相应的策略组进行查询处理或验证处理。In the third case, the sender is an external management unit. The administrator can directly send a policy query/authentication request message to the NFVO through the external management unit, and after receiving the request message, the NFVO performs query processing or verification processing on the corresponding policy group.
本发明实施提供的策略处理的方法,可以支持不同发送端发送业务处理请求,从而可以适应不同的应用场景。The method for policy processing provided by the implementation of the present invention can support different senders to send service processing requests, thereby adapting to different application scenarios.
S420,NFVO根据所述请求消息对所述策略组中的策略进行验证处理或查询处理。根据策略的具体执行单元的不同,验证处理分为以下3种情况。S420: The NFVO performs a verification process or a query process on the policy in the policy group according to the request message. According to the specific execution unit of the strategy, the verification process is divided into the following three cases.
第一种情况,策略执行单元为NFVO,则NFVO在本地对所述策略组中的策略进行验证处理或查询处理。In the first case, the policy execution unit is NFVO, and the NFVO locally performs verification processing or query processing on the policies in the policy group.
第二种情况,策略执行单元为VIM,则NFVO向VIM发送查询/验证请求消息,请求VIM对所述策略组中的策略进行验证处理或查询处理。In the second case, if the policy execution unit is a VIM, the NFVO sends a query/verification request message to the VIM, requesting the VIM to perform verification processing or query processing on the policies in the policy group.
第三种情况,策略执行单元为VNFM,则NFVO向VNFM发送查询/验证请求消息,请求VNFM对所述策略组中的策略进行验证处理或查询处理。In the third case, the policy execution unit is a VNFM, and the NFVO sends a query/verification request message to the VNFM, requesting the VNFM to perform verification processing or query processing on the policies in the policy group.
发送端向NFVO发送的请求消息中可以携带策略信息的指示信息,也可以携带策略组的组标识,还可以携带策略信息,NFVO可以根据请求消息中携带的指示信息、策略信息或组标识确定策略组,其中,所述指示信息用于指示所述策略组中的策略,所述组标识用于标识所述策略组,所述策略信息是指策略组中的策略的信息。NFVO可以根据策略组中策略的执行单元的不 同,分别向不同的执行单元发送验证/查询请求消息,请求执行单元对相应的策略进行验证处理或查询处理,如果策略的执行单元是NFVO,则无需发送验证/查询请求消息,可以在本地进行验证处理或查询处理。The request message sent by the sending end to the NFVO may carry the indication information of the policy information, may also carry the group identifier of the policy group, and may also carry the policy information, and the NFVO may determine the policy according to the indication information, the policy information, or the group identifier carried in the request message. a group, wherein the indication information is used to indicate a policy in the policy group, the group identifier is used to identify the policy group, and the policy information refers to information of a policy in a policy group. NFVO can be based on the execution unit of the policy in the policy group. Similarly, the verification/query request message is sent to different execution units respectively, and the execution unit is requested to perform verification processing or query processing on the corresponding policy. If the execution unit of the policy is NFVO, the verification/query request message does not need to be sent, and the local execution may be performed locally. Verification processing or query processing.
本发明实施提供的策略处理的方法,通过指示信息指示策略组中的策略,可以节省信令开销,对每个策略组添加标识,从而可以根据请求消息快速确定策略组中的策略,对一组有关联性的策略进行查询或验证,确保策略查询或验证的完整性,同时避免了遍历所有功能模块内策略导致的低效。The method for policy processing provided by the implementation of the present invention can save the signaling overhead by indicating the policy in the policy group, and add an identifier to each policy group, so that the policy in the policy group can be quickly determined according to the request message. Relevance policies are queried or verified to ensure the integrity of policy queries or verifications while avoiding the inefficiencies caused by traversing policies within all functional modules.
验证处理可以是检查NFVM或VIM中存储的策略与NFVO中存储的策略是否一致(即,验证策略的一致性),也可以是通过模拟事件产生触发相关策略(即,验证策略的正确性和可执行性),例如,向VNFM发送VNF监控信息“中央处理器CPU负荷超过85%”,验证是否能够触发VNF的自动弹性伸缩策略,从而可以避免策略在执行时出现错误。The verification process may be to check whether the policy stored in the NFVM or VIM is consistent with the policy stored in the NFVO (ie, verify the consistency of the policy), or may generate a trigger related policy by simulating the event (ie, verifying the correctness of the policy and Execution), for example, sends VNF monitoring information to the VNFM "Central processor CPU load exceeds 85%" to verify whether the VNF's auto-elastic scaling policy can be triggered, thereby avoiding errors in the execution of the policy.
查询处理可以是请求VNFM或VIM将本地存储的相关策略发送给NFVO。The query processing may be to request the VNFM or VIM to send the locally stored related policies to the NFVO.
S430,结果反馈。S430, the result feedback.
NFVO将验证处理或查询处理的结果发送给发送端,发送端可以根据验证处理的结果确定是否执行策略,或者发送端对查询得到的策略进行验证处理,确定是否执行策略。The NFVO sends the result of the verification processing or the query processing to the sender. The sender can determine whether to execute the policy according to the result of the verification process, or the sender verifies the policy obtained by the query to determine whether to execute the policy.
根据本发明实施例的策略处理的方法,NFVO可以对策略组中的策略进行查询或验证,从而避免了待执行策略与策略组中的其它策略的不一致或者待执行策略的错误导致的执行失败。基于策略组的查询或验证还可以提高查询或验证的速度。According to the policy processing method of the embodiment of the present invention, the NFVO can query or verify the policy in the policy group, thereby avoiding the inconsistency between the policy to be executed and other policies in the policy group or the execution failure caused by the error of the policy to be executed. Policy group-based queries or validation can also increase the speed of queries or validations.
上述实施例主要从各个网元之间交互的角度对本发明实施例的方案进行了介绍。可以理解的是,各个网元,例如NFVO、OSS/BSS、EMS等为了实现上述功能,其包含了执行各个功能相应的硬件结构和/或软件模块。本领域技术人员应该很容易意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,本发明能够以硬件或硬件和计算机软件的结合形式来实现。某个功能究竟以硬件还是计算机软件驱动硬件的方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。 The foregoing embodiment mainly introduces the solution of the embodiment of the present invention from the perspective of interaction between the network elements. It can be understood that each network element, such as NFVO, OSS/BSS, EMS, etc., in order to implement the above functions, includes corresponding hardware structures and/or software modules for performing various functions. Those skilled in the art will readily appreciate that the present invention can be implemented in a combination of hardware or hardware and computer software in combination with the elements and algorithm steps of the various examples described in the embodiments disclosed herein. Whether a function is implemented in hardware or computer software to drive hardware depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods for implementing the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present invention.
本发明实施例可以根据上述方法示例对NFVO、发送端(例如OSS、BSS或EMS)等进行功能单元的划分,例如,可以对应各个功能划分各个功能单元,也可以将两个或两个以上的功能集成在一个处理单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。需要说明的是,本发明实施例中对单元的划分是示意性的,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式。The embodiments of the present invention may perform functional unit division on the NFVO, the transmitting end (for example, OSS, BSS, or EMS) according to the foregoing method. For example, each functional unit may be divided according to each function, or two or more of the functional units may be divided. The functions are integrated in one processing unit. The above integrated unit can be implemented in the form of hardware or in the form of a software functional unit. It should be noted that the division of the unit in the embodiment of the present invention is schematic, and is only a logical function division, and the actual implementation may have another division manner.
在采用集成的单元的情况下,图5A示出了上述实施例中所涉及的NFVO的一种可能的结构示意图。NFVO500包括:处理单元502和通信单元503。处理单元502用于对NFVO500的动作进行控制管理,例如,处理单元502用于支持NFVO500执行图3的S310、S330和S340,处理单元502还可以用于支持NFVO500执行图4的S420和S430,和/或用于本文所描述的技术的其它过程。通信单元503用于支持NFVO500与其它网络实体的通信,例如与图3中示出的发送端之间的通信。NFVO500还可以包括存储单元501,用于存储NFVO500的程序代码和数据。In the case of employing an integrated unit, FIG. 5A shows a possible structural diagram of the NFVO involved in the above embodiment. The NFVO 500 includes a processing unit 502 and a communication unit 503. The processing unit 502 is configured to perform control management on the actions of the NFVO 500. For example, the processing unit 502 is configured to support the NFVO 500 to perform S310, S330, and S340 of FIG. 3. The processing unit 502 is further configured to support the NFVO 500 to perform S420 and S430 of FIG. 4, and / or other processes for the techniques described herein. Communication unit 503 is used to support communication of NFVO 500 with other network entities, such as with the sender shown in FIG. The NFVO 500 may also include a storage unit 501 for storing program codes and data of the NFVO 500.
其中,处理单元502可以是处理器或控制器,例如可以是中央处理器(Central Processing Unit,CPU),通用处理器,数字信号处理器(Digital Signal Processor,DSP),专用集成电路(Application-Specific Integrated Circuit,ASIC),现场可编程门阵列(Field Programmable Gate Array,FPGA)或者其他可编程逻辑器件、晶体管逻辑器件、硬件部件或者其任意组合。其可以实现或执行结合本发明公开内容所描述的各种示例性的逻辑方框,模块和电路。所述处理器也可以是实现计算功能的组合,例如包含一个或多个微处理器组合,DSP和微处理器的组合等等。通信单元503可以是通信接口、收发器、收发电路等,其中,通信接口是统称,可以包括一个或多个接口。存储单元501可以是存储器。The processing unit 502 can be a processor or a controller, and can be, for example, a central processing unit (CPU), a general-purpose processor, a digital signal processor (DSP), and an application-specific integrated circuit (Application-Specific). Integrated Circuit (ASIC), Field Programmable Gate Array (FPGA) or other programmable logic device, transistor logic device, hardware component, or any combination thereof. It is possible to implement or carry out the various illustrative logical blocks, modules and circuits described in connection with the present disclosure. The processor may also be a combination of computing functions, for example, including one or more microprocessor combinations, a combination of a DSP and a microprocessor, and the like. The communication unit 503 can be a communication interface, a transceiver, a transceiver circuit, etc., wherein the communication interface is a collective name and can include one or more interfaces. The storage unit 501 can be a memory.
当处理单元502为处理器,通信单元503为通信接口,存储单元501为存储器时,本发明实施例所涉及的NFVO可以为图5B所示的NFVO。When the processing unit 502 is a processor, the communication unit 503 is a communication interface, and the storage unit 501 is a memory, the NFVO involved in the embodiment of the present invention may be the NFVO shown in FIG. 5B.
参阅图5B所示,该NFVO510包括:处理器512、通信接口513、存储器511。可选的,NFVO510还可以包括总线514。其中,通信接口513、处理器512以及存储器511可以通过总线514相互连接;总线514可以是外设部件互连标准(Peripheral Component Interconnect,简称PCI)总线或扩展工业标准结构(Extended Industry Standard Architecture,简称EISA)总线等。 所述总线514可以分为地址总线、数据总线、控制总线等。为便于表示,图5B中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。Referring to FIG. 5B, the NFVO 510 includes a processor 512, a communication interface 513, and a memory 511. Alternatively, the NFVO 510 can also include a bus 514. The communication interface 513, the processor 512, and the memory 511 may be connected to each other through a bus 514. The bus 514 may be a Peripheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (abbreviated). EISA) bus and so on. The bus 514 can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in Figure 5B, but it does not mean that there is only one bus or one type of bus.
所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,上述描述的装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。A person skilled in the art can clearly understand that, for the convenience and brevity of the description, the specific working process of the device and the unit described above can refer to the corresponding process in the foregoing method embodiment, and details are not described herein again.
因此,本发明实施例提供的NFVO,可以对策略组中的策略进行验证或查询,从而避免了待执行策略与策略组中的其它策略的不一致或者待执行策略的错误导致的执行失败。基于策略组的查询或验证还可以提高查询或验证的速度。Therefore, the NFVO provided by the embodiment of the present invention can verify or query the policy in the policy group, thereby avoiding the inconsistency between the policy to be executed and other policies in the policy group or the execution failure caused by the error of the policy to be executed. Policy group-based queries or validation can also increase the speed of queries or validations.
在采用集成的单元的情况下,图6A示出了上述实施例中所涉及的发送端(例如,EMS、OSS或BSS)的一种可能的结构示意图。发送端600包括:处理单元602和通信单元603。处理单元602用于对发送端600的动作进行控制管理,例如,处理单元602用于支持发送端600执行图3的S320,处理单元602还可以用于支持发送端600执行图4的S410,和/或用于本文所描述的技术的其它过程。通信单元603用于支持发送端600与其它网络实体的通信,例如与图3中示出的NFVO之间的通信。发送端600还可以包括存储单元601,用于存储发送端600的程序代码和数据。In the case of employing an integrated unit, FIG. 6A shows a possible structural diagram of a transmitting end (for example, EMS, OSS, or BSS) involved in the above embodiment. The transmitting end 600 includes a processing unit 602 and a communication unit 603. The processing unit 602 is configured to perform control and management on the action of the sending end 600. For example, the processing unit 602 is configured to support the sending end 600 to execute S320 of FIG. 3, and the processing unit 602 is further configured to support the sending end 600 to execute S410 of FIG. 4, and / or other processes for the techniques described herein. Communication unit 603 is used to support communication between sender 600 and other network entities, such as communication with the NFVO shown in FIG. The transmitting end 600 may further include a storage unit 601 for storing program codes and data of the transmitting end 600.
其中,处理单元602可以是处理器或控制器,例如可以是中央处理器(Central Processing Unit,CPU),通用处理器,数字信号处理器(Digital Signal Processor,DSP),专用集成电路(Application-Specific Integrated Circuit,ASIC),现场可编程门阵列(Field Programmable Gate Array,FPGA)或者其他可编程逻辑器件、晶体管逻辑器件、硬件部件或者其任意组合。其可以实现或执行结合本发明公开内容所描述的各种示例性的逻辑方框,模块和电路。所述处理器也可以是实现计算功能的组合,例如包含一个或多个微处理器组合,DSP和微处理器的组合等等。通信单元603可以是通信接口、收发器、收发电路等,其中,通信接口是统称,可以包括一个或多个接口。存储单元601可以是存储器。The processing unit 602 can be a processor or a controller, and can be, for example, a central processing unit (CPU), a general-purpose processor, a digital signal processor (DSP), and an application-specific integrated circuit (Application-Specific). Integrated Circuit (ASIC), Field Programmable Gate Array (FPGA) or other programmable logic device, transistor logic device, hardware component, or any combination thereof. It is possible to implement or carry out the various illustrative logical blocks, modules and circuits described in connection with the present disclosure. The processor may also be a combination of computing functions, for example, including one or more microprocessor combinations, a combination of a DSP and a microprocessor, and the like. The communication unit 603 can be a communication interface, a transceiver, a transceiver circuit, etc., wherein the communication interface is a collective name and can include one or more interfaces. The storage unit 601 can be a memory.
当处理单元602为处理器,通信单元603为通信接口,存储单元601为存储器时,本发明实施例所涉及的发送端可以为图6B所示的发送端。When the processing unit 602 is a processor, the communication unit 603 is a communication interface, and the storage unit 601 is a memory, the transmitting end of the embodiment of the present invention may be the transmitting end shown in FIG. 6B.
参阅图6B所示,该发送端610包括:处理器612、通信接口613、存储器611。可选的,发送端610还可以包括总线614。其中,通信接口613、处 理器612以及存储器611可以通过总线614相互连接;总线614可以是外设部件互连标准(Peripheral Component Interconnect,简称PCI)总线或扩展工业标准结构(Extended Industry Standard Architecture,简称EISA)总线等。所述总线614可以分为地址总线、数据总线、控制总线等。为便于表示,图6B中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。Referring to FIG. 6B, the transmitting end 610 includes a processor 612, a communication interface 613, and a memory 611. Optionally, the transmitting end 610 may further include a bus 614. Among them, the communication interface 613, at The processor 612 and the memory 611 may be connected to each other through a bus 614. The bus 614 may be a Peripheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (EISA) bus. The bus 614 can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in Figure 6B, but it does not mean that there is only one bus or one type of bus.
所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,上述描述的装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。A person skilled in the art can clearly understand that, for the convenience and brevity of the description, the specific working process of the device and the unit described above can refer to the corresponding process in the foregoing method embodiment, and details are not described herein again.
因此,本发明实施例提供的发送端,可以发送查询请求消息或者验证请求消息,请求NFVO对策略组中的策略进行查询或验证,从而避免了待执行策略与策略组中的其它策略的不一致或者待执行策略的错误导致的执行失败。基于策略组的查询或验证还可以提高查询或验证的速度。Therefore, the sender provided by the embodiment of the present invention may send a query request message or an authentication request message, requesting the NFVO to query or verify the policy in the policy group, thereby avoiding the inconsistency between the policy to be executed and other policies in the policy group. Execution failed due to an error in the execution of the policy. Policy group-based queries or validation can also increase the speed of queries or validations.
在本发明实施例中,各过程的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本发明实施例的实施过程构成任何限定。In the embodiment of the present invention, the sequence number of each process does not mean the order of execution, and the order of execution of each process should be determined by its function and internal logic, and should not be limited to the implementation process of the embodiment of the present invention.
另外,本文中术语“和/或”,仅仅是一种描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。另外,本文中字符“/”,一般表示前后关联对象是一种“或”的关系。In addition, the term "and/or" herein is merely an association relationship describing an associated object, indicating that there may be three relationships, for example, A and/or B, which may indicate that A exists separately, and A and B exist at the same time. There are three cases of B alone. In addition, the character "/" in this article generally indicates that the contextual object is an "or" relationship.
结合本发明实施例公开内容所描述的方法或者算法的步骤可以硬件的方式来实现,也可以是由处理器执行软件指令的方式来实现。软件指令可以由相应的软件模块组成,软件模块可以被存放于随机存取存储器(Random Access Memory,RAM)、闪存、只读存储器(Read Only Memory,ROM)、可擦除可编程只读存储器(Erasable Programmable ROM,EPROM)、电可擦可编程只读存储器(Electrically EPROM,EEPROM)、寄存器、硬盘、移动硬盘、只读光盘(CD-ROM)或者本领域熟知的任何其它形式的存储介质中。一种示例性的存储介质耦合至处理器,从而使处理器能够从该存储介质读取信息,且可向该存储介质写入信息。当然,存储介质也可以是处理器的组成部分。处理器和存储介质可以位于ASIC中。另外,该ASIC可以位于NFVO或NM中。当然,处理器和存储介质也可以作为分立组件存在于NFVO或NM中。 The steps of the method or algorithm described in connection with the disclosure of the embodiments of the present invention may be implemented in a hardware manner, or may be implemented by a processor executing software instructions. The software instructions may be composed of corresponding software modules, which may be stored in a random access memory (RAM), a flash memory, a read only memory (ROM), an erasable programmable read only memory ( Erasable Programmable ROM (EPROM), electrically erasable programmable read only memory (EEPROM), registers, hard disk, removable hard disk, compact disk read only (CD-ROM) or any other form of storage medium known in the art. An exemplary storage medium is coupled to the processor to enable the processor to read information from, and write information to, the storage medium. Of course, the storage medium can also be an integral part of the processor. The processor and the storage medium can be located in an ASIC. Additionally, the ASIC can be located in NFVO or NM. Of course, the processor and the storage medium can also exist as discrete components in NFVO or NM.
本领域技术人员应该可以意识到,在上述一个或多个示例中,本发明所描述的功能可以用硬件、软件、固件或它们的任意组合来实现。当使用软件实现时,可以将这些功能存储在计算机可读介质中或者作为计算机可读介质上的一个或多个指令或代码进行传输。计算机可读介质包括计算机存储介质和通信介质,其中通信介质包括便于从一个地方向另一个地方传送计算机程序的任何介质。存储介质可以是通用或专用计算机能够存取的任何可用介质。Those skilled in the art will appreciate that in one or more examples described above, the functions described herein can be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored in a computer readable medium or transmitted as one or more instructions or code on a computer readable medium. Computer readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one location to another. A storage medium may be any available media that can be accessed by a general purpose or special purpose computer.
以上所述的具体实施方式,对本发明的目的、技术方案和有益效果进行了进一步详细说明,所应理解的是,以上所述仅为本发明的具体实施方式而已,并不用于限定本发明的保护范围,凡在本发明的技术方案的基础之上,所做的任何修改、等同替换、改进等,均应包括在本发明的保护范围之内。 The specific embodiments of the present invention have been described in detail with reference to the preferred embodiments of the present invention. The scope of the protection, any modifications, equivalent substitutions, improvements, etc., which are made on the basis of the technical solutions of the present invention, are included in the scope of the present invention.

Claims (18)

  1. 一种策略处理的方法,其特征在于,所述方法包括:A method for policy processing, the method comprising:
    网络功能虚拟化编排器NFVO创建或获取策略组,所述策略组包括相关联的策略;The network function virtualization orchestrator NFVO creates or acquires a policy group, the policy group including an associated policy;
    所述NFVO从发送端接收的第一请求消息,所述第一请求消息用于请求所述NFVO验证或者查询所述策略组中的策略;The first request message received by the NFVO from the sending end, where the first request message is used to request the NFVO verification or query a policy in the policy group;
    所述NFVO对所述策略组中的策略进行验证处理或查询处理;The NFVO performs verification processing or query processing on the policies in the policy group;
    所述NFVO向所述发送端发送响应消息,所述响应消息包括所述验证处理的结果或者所述查询处理的结果。The NFVO sends a response message to the sender, the response message including a result of the verification process or a result of the query process.
  2. 根据权利要求1所述的方法,其特征在于,所述NFVO对所述策略组中的策略进行验证处理或查询处理,包括:The method according to claim 1, wherein the NFVO performs verification processing or query processing on the policies in the policy group, including:
    所述NFVO向所述策略组中的策略的执行单元发送第二请求消息,所述第二请求消息用于请求所述执行单元对所述策略进行验证处理或者查询处理;The NFVO sends a second request message to the execution unit of the policy in the policy group, where the second request message is used to request the execution unit to perform verification processing or query processing on the policy;
    所述NFVO从所述执行单元接收所述策略的验证处理结果或者查询处理结果。The NFVO receives a verification processing result of the policy or a query processing result from the execution unit.
  3. 根据权利要求1所述的方法,其特征在于,所述NFVO对所述策略组中的策略进行验证处理,包括:The method according to claim 1, wherein the NFVO performs verification processing on the policies in the policy group, including:
    所述NFVO基于本地策略对所述策略组中的策略进行验证处理或查询处理。The NFVO performs verification processing or query processing on the policies in the policy group based on a local policy.
  4. 根据权利要求1至3中任一项所述的方法,其特征在于,所述第一请求消息中包括指示信息、策略信息或组标识,其中,所述指示信息用于指示所述策略组中的策略,所述策略信息是指所述策略组中的策略的信息,所述组标识用于标识所述策略组,所述NFVO对所述策略组中的策略进行验证处理或查询处理之前,所述方法还包括:The method according to any one of claims 1 to 3, wherein the first request message includes indication information, policy information or a group identifier, wherein the indication information is used to indicate the policy group. a policy, where the policy information refers to information of a policy in the policy group, where the group identifier is used to identify the policy group, and before the NFVO performs verification processing or query processing on a policy in the policy group, The method further includes:
    所述NFVO根据所述指示信息或所述组标识确定所述策略组。The NFVO determines the policy group according to the indication information or the group identifier.
  5. 根据权利要求1至4中任一项所述的方法,其特征在于,所述策略组与管理对象相对应,所述管理对象包括虚拟网络功能描述符VNFD、租户或资源。The method according to any one of claims 1 to 4, wherein the policy group corresponds to a management object, the management object comprising a virtual network function descriptor VNFD, a tenant or a resource.
  6. 一种策略处理的方法,其特征在于,所述方法包括:A method for policy processing, the method comprising:
    发送端向网络功能虚拟化编排器NFVO发送请求消息,所述请求消息用 于请求所述NFVO对策略组中的策略进行验证处理或查询处理,其中,所述策略组包括相关联的策略;The sending end sends a request message to the network function virtualization orchestrator NFVO, where the request message is used Requesting, by the NFVO, to perform verification processing or query processing on a policy in a policy group, where the policy group includes an associated policy;
    所述发送端从所述NFVO接收响应消息,所述响应消息包括所述验证处理的结果或所述查询处理的结果。The transmitting end receives a response message from the NFVO, and the response message includes a result of the verification process or a result of the query process.
  7. 根据权利要求6所述的方法,其特征在于,所述请求消息中包括指示信息、策略信息或组标识,其中,所述指示信息用于指示所述策略组中的策略,所述策略信息是指所述策略组中的策略的信息,所述组标识用于标识所述策略组。The method according to claim 6, wherein the request message includes indication information, policy information or a group identifier, wherein the indication information is used to indicate a policy in the policy group, and the policy information is Refers to information of a policy in the policy group, where the group identifier is used to identify the policy group.
  8. 根据权利要求6或7所述的方法,其特征在于,所述策略组与管理对象相对应,所述管理对象包括虚拟网络功能描述符VNFD、租户或资源。The method according to claim 6 or 7, wherein the policy group corresponds to a management object, and the management object comprises a virtual network function descriptor VNFD, a tenant or a resource.
  9. 根据权利要求6至8中任一项所述的方法,其特征在于,所述发送端包括:网元管理系统EMS、运营支撑系统OSS、业务支撑系统BSS或外部管理单元。The method according to any one of claims 6 to 8, wherein the transmitting end comprises: a network element management system EMS, an operation support system OSS, a service support system BSS or an external management unit.
  10. 一种网络功能虚拟化编排器NFVO,其特征在于,包括:处理单元和通信单元,A network function virtualization orchestrator NFVO, comprising: a processing unit and a communication unit,
    所述处理单元用于创建或获取策略组,所述策略组包括相关联的策略;以及用于通过所述通信单元从发送端接收第一请求消息,所述第一请求消息用于请求所述NFVO验证或者查询所述策略组中的策略;以及用于对所述策略组中的策略进行验证处理或查询处理;以及用于通过所述通信单元向所述发送端发送响应消息,所述响应消息包括所述验证处理的结果或所述查询处理的结果。The processing unit is configured to create or acquire a policy group, the policy group includes an associated policy, and configured to receive, by the communication unit, a first request message from a sending end, where the first request message is used to request the NFVO validating or querying a policy in the policy group; and performing verification processing or query processing on the policy in the policy group; and transmitting, by the communication unit, a response message to the sender, the response The message includes the result of the verification process or the result of the query process.
  11. 根据权利要求10所述的NFVO,其特征在于,所述处理单元具体用于通过所述通信单元向所述策略组中的策略的执行单元发送第二请求消息,所述第二请求消息用于请求所述执行单元对所述策略进行验证处理或者查询处理;以及用于通过所述通信单元从所述执行单元接收所述策略的验证处理结果或者查询处理的结果。The NFVO according to claim 10, wherein the processing unit is specifically configured to send, by the communication unit, a second request message to an execution unit of a policy in the policy group, where the second request message is used Requesting the execution unit to perform verification processing or query processing on the policy; and receiving, by the communication unit, a verification processing result of the policy or a result of the query processing from the execution unit.
  12. 根据权利要求10所述的NFVO,其特征在于,所述处理单元具体用于基于本地策略对所述策略组中的策略进行验证处理或查询处理。The NFVO according to claim 10, wherein the processing unit is specifically configured to perform verification processing or query processing on the policies in the policy group based on a local policy.
  13. 根据权利要求10至12中任一项所述的NFVO,其特征在于,所述第一请求消息中包括指示信息、策略信息或组标识,其中,所述指示信息用于指示所述策略组中的策略,所述策略信息是指所述策略组中的策略的信 息,所述组标识用于标识所述策略组,所述处理单元还用于在对所述策略组中的策略进行验证处理或查询处理之前,根据所述指示信息或所述组标识确定所述策略组。The NFVO according to any one of claims 10 to 12, wherein the first request message includes indication information, policy information, or a group identifier, wherein the indication information is used to indicate the policy group. Policy, the policy information refers to a letter of the policy in the policy group The group identifier is used to identify the policy group, and the processing unit is further configured to determine, according to the indication information or the group identifier, before performing verification processing or query processing on the policy in the policy group. The strategy group.
  14. 根据权利要求10至13中任一项所述的NFVO,其特征在于,所述策略组与管理对象相对应,所述管理对象包括虚拟网络功能描述符VNFD、租户或资源。The NFVO according to any one of claims 10 to 13, characterized in that the policy group corresponds to a management object, the management object comprising a virtual network function descriptor VNFD, a tenant or a resource.
  15. 一种发送端,其特征在于,包括:处理单元和通信单元,A transmitting end, comprising: a processing unit and a communication unit,
    所述处理单元用于通过所述通信单元向网络功能虚拟化编排器NFVO发送请求消息,所述请求消息用于请求所述NFVO对策略组中的策略进行验证处理或查询处理,其中,所述策略组包括相关联的策略;以及用于通过所述通信单元从所述NFVO接收响应消息,所述响应消息包括所述验证处理的结果或所述查询处理的结果。The processing unit is configured to send, by using the communication unit, a request message to the network function virtualization orchestrator NFVO, where the request message is used to request the NFVO to perform verification processing or query processing on a policy in a policy group, where The policy group includes an associated policy; and is configured to receive, by the communication unit, a response message from the NFVO, the response message including a result of the verification process or a result of the query process.
  16. 根据权利要求15所述的发送端,其特征在于,所述请求消息中包括指示信息、策略信息或组标识,其中,所述指示信息用于指示所述策略组中的策略,所述策略信息是指所述策略组中的策略的信息,所述组标识用于标识所述策略组。The sender according to claim 15, wherein the request message includes indication information, policy information, or a group identifier, where the indication information is used to indicate a policy in the policy group, and the policy information is Refers to the information of the policy in the policy group, where the group identifier is used to identify the policy group.
  17. 根据权利要求15或16所述的发送端,其特征在于,所述策略组与管理对象相对应,所述管理对象包括虚拟网络功能描述符VNFD、租户或资源。The transmitting end according to claim 15 or 16, wherein the policy group corresponds to a management object, and the management object includes a virtual network function descriptor VNFD, a tenant or a resource.
  18. 根据权利要求15至17中任一项所述的发送端,其特征在于,所述发送端包括:网元管理系统EMS、运营支撑系统OSS、业务支撑系统BSS或外部管理单元。 The transmitting end according to any one of claims 15 to 17, wherein the transmitting end comprises: a network element management system EMS, an operation support system OSS, a service support system BSS or an external management unit.
PCT/CN2016/091861 2016-07-27 2016-07-27 Policy processing method and device WO2018018459A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/091861 WO2018018459A1 (en) 2016-07-27 2016-07-27 Policy processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/091861 WO2018018459A1 (en) 2016-07-27 2016-07-27 Policy processing method and device

Publications (1)

Publication Number Publication Date
WO2018018459A1 true WO2018018459A1 (en) 2018-02-01

Family

ID=61015324

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/091861 WO2018018459A1 (en) 2016-07-27 2016-07-27 Policy processing method and device

Country Status (1)

Country Link
WO (1) WO2018018459A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114978912A (en) * 2021-02-23 2022-08-30 中国电信股份有限公司 Resource authorization method, NFVO, network system, and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1836169A (en) * 2003-08-14 2006-09-20 特尔科迪亚技术股份有限公司 Auto-ip traffic optimization in mobile telecommunications systems
WO2015197025A1 (en) * 2014-06-26 2015-12-30 Huawei Technologies Co., Ltd. System and method for virtual network function policy management
CN105429780A (en) * 2015-10-30 2016-03-23 南京优速网络科技有限公司 Virtualized network service business automatic generation and dynamic monitoring method
CN105634780A (en) * 2014-11-04 2016-06-01 中兴通讯股份有限公司 Method and device for realizing VNF elastic scaling

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1836169A (en) * 2003-08-14 2006-09-20 特尔科迪亚技术股份有限公司 Auto-ip traffic optimization in mobile telecommunications systems
WO2015197025A1 (en) * 2014-06-26 2015-12-30 Huawei Technologies Co., Ltd. System and method for virtual network function policy management
CN105634780A (en) * 2014-11-04 2016-06-01 中兴通讯股份有限公司 Method and device for realizing VNF elastic scaling
CN105429780A (en) * 2015-10-30 2016-03-23 南京优速网络科技有限公司 Virtualized network service business automatic generation and dynamic monitoring method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114978912A (en) * 2021-02-23 2022-08-30 中国电信股份有限公司 Resource authorization method, NFVO, network system, and storage medium

Similar Documents

Publication Publication Date Title
US10768955B1 (en) Executing commands within virtual machine instances
US10313183B2 (en) Network function virtualization NFV fault management apparatus, device, and method
CN109417496B (en) Automatic service function verification in a virtual network environment
JP6686910B2 (en) Network function virtualization management and orchestration method, device and program
CN105657081B (en) The method, apparatus and system of DHCP service are provided
JP6729400B2 (en) Data file registration management system, method, management device and program
JP6466003B2 (en) Method and apparatus for VNF failover
EP3119034A1 (en) Fault handling method, device and system based on network function virtualization
CN108370328B (en) Management method and device of NFV MANO policy descriptor
CN110324399B (en) Bringing cluster awareness into a facility management portal
WO2016121834A1 (en) Method, system, device, and program for managing network function virtualization
WO2018000197A1 (en) Virtual network function resource management method and device
WO2017185251A1 (en) Vnfm determining method and network function virtualization orchestrator
KR102086486B1 (en) Method and apparatus for on-boarding network service descriptor
CN110855488B (en) Virtual machine access method and device
CN109428764B (en) Virtual network function instantiation method
US11461031B1 (en) Non-disruptive storage volume migration between storage controllers
WO2019109948A1 (en) Paas management method and device, and storage medium
WO2019063028A1 (en) Information processing method and related device
WO2018018459A1 (en) Policy processing method and device
CN115220871A (en) Virtual machine cloning method, device and storage medium
WO2020220937A1 (en) Security policy management method and device
WO2013188697A1 (en) System and method for supporting version based routing in a transactional middleware machine environment
WO2018039878A1 (en) Method, apparatus, and system for managing virtual resource
WO2018120182A1 (en) Private information distribution method and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16910040

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16910040

Country of ref document: EP

Kind code of ref document: A1