WO2018036922A1 - Inspection approfondie de paquets pour plans de commande et plans d'utilisateur séparés - Google Patents

Inspection approfondie de paquets pour plans de commande et plans d'utilisateur séparés Download PDF

Info

Publication number
WO2018036922A1
WO2018036922A1 PCT/EP2017/070928 EP2017070928W WO2018036922A1 WO 2018036922 A1 WO2018036922 A1 WO 2018036922A1 EP 2017070928 W EP2017070928 W EP 2017070928W WO 2018036922 A1 WO2018036922 A1 WO 2018036922A1
Authority
WO
WIPO (PCT)
Prior art keywords
plane function
function entity
data packets
end point
received
Prior art date
Application number
PCT/EP2017/070928
Other languages
English (en)
Inventor
Yong Yang
Stefan Rommer
Original Assignee
Telefonaktiebolaget Lm Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget Lm Ericsson (Publ) filed Critical Telefonaktiebolaget Lm Ericsson (Publ)
Publication of WO2018036922A1 publication Critical patent/WO2018036922A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/64Routing or path finding of packets in data switching networks using an overlay routing layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS

Definitions

  • Embodiments presented herein relate to methods, a control plane function entity, a user plane function entity, computer programs, and a computer program product for deep packet inspection of user data packets.
  • one parameter in providing good performance and capacity for a given communications protocol in a communications network is latency.
  • 3GPP 3rd Generation Partnership Project
  • the control plane and the user plane of the serving gateway (SGW), the packet data network gateway (PGW) and the traffic detection function (TDF) in the evolved packet core (EPC) network could be separated.
  • SGW serving gateway
  • PGW packet data network gateway
  • TDF traffic detection function
  • EPC evolved packet core
  • Such a separation could enable a flexible placement of the thus separated control plane and user plane functions for supporting diverse deployment scenarios (e.g. central or distributed user plane function) without affecting the overall functionality provided by these EPC entities.
  • such a separation could enable the user plane functions to be located operatively closer to the end-user than if the user plane functions are not separated from user plane functions, thus enabling latency to be reduced.
  • the UPF in some aspects is responsible for forwarding user data (i.e., packets), performing bearer binding at receiving user data from upstream, performing accounting of the packets and applying Quality of Service (QoS) enforcement per service data flow (SDF), per bearer (such as for an aggregation of all SDFs associated with a bearer) and/or per session (such as for an aggregation of all SDFs associated with the packet data network connection), under the control of the CPF.
  • QoS Quality of Service
  • SDF service data flow
  • per bearer such as for an aggregation of all SDFs associated with a bearer
  • per session such as for an aggregation of all SDFs associated with the packet data network connection
  • the UPF does not have a deep packet inspection (DPI) functionality, the UPF cannot properly identify the service flow, which is needed in order for the UPF to perform other actions, e.g. bearer binding, accounting and enforce QoS.
  • DPI deep packet inspection
  • An object of embodiments herein is to provide efficient DPI for user data packets.
  • a method for deep packet inspection of user data packets is performed by a control plane function entity.
  • the method comprises providing instructions to a user plane function entity to re-direct received user data packets requiring deep packet inspection to a deep packet inspection entity.
  • the method comprises providing instructions to the user plane function entity to set up a data traffic end point in the user plane function entity for at least one service data flow.
  • the method comprises providing instructions to the user plane function entity how to route the received user data packets when the received user data packets are received at the data traffic end point.
  • the method comprises providing instructions to the deep packet inspection entity to direct the received user data packets for the at least one service data flow to the data traffic end point.
  • a control plane function entity for deep packet inspection of user data packets.
  • the control plane function entity comprises processing circuitry.
  • the processing circuitry is configured to cause the control plane function entity to provide instructions to a user plane function entity to re-direct received user data packets requiring deep packet inspection to a deep packet inspection entity.
  • the processing circuitry is configured to cause the control plane function entity to provide instructions to the user plane function entity to set up a data traffic end point in the user plane function entity for at least one service data flow.
  • the processing circuitry is configured to cause the control plane function entity to provide instructions to the user plane function entity how to route the received user data packets when the received user data packets are received at the data traffic end point.
  • the processing circuitry is configured to cause the control plane function entity to provide instructions to the deep packet inspection entity to direct the received user data packets for the at least one service data flow to the data traffic end point.
  • a control plane function entity for deep packet inspection of user data packets.
  • the control plane function entity comprises processing circuitry and a computer program product.
  • the computer program product stores instructions that, when executed by the processing circuitry, causes the control plane function entity to perform operations, or steps.
  • the operations, or steps cause the control plane function entity to provide instructions to a user plane function entity to redirect received user data packets requiring deep packet inspection to a deep packet inspection entity.
  • the operations, or steps cause the control plane function entity to provide instructions to the user plane function entity to set up a data traffic end point in the user plane function entity for at least one service data flow.
  • the operations, or steps, cause the control plane function entity to provide instructions to the user plane function entity how to route the received user data packets when the received user data packets are received at the data traffic end point.
  • the operations, or steps, cause the control plane function entity to provide instructions to the deep packet inspection entity to direct the received user data packets for the at least one service data flow to the data traffic end point.
  • control plane function entity for deep packet inspection of user data packets.
  • the control plane function entity comprises a provide module configured to provide instructions to a user plane function entity to re-direct received user data packets requiring deep packet inspection to a deep packet inspection entity.
  • the control plane function entity comprises a provide module configured to provide
  • the control plane function entity comprises a provide module configured to provide instructions to the user plane function entity how to route the received user data packets when the received user data packets are received at the data traffic end point.
  • the control plane function entity comprises a provide instructions to the deep packet inspection entity to direct the received user data packets for the at least one service data flow to the data traffic end point.
  • a computer program for deep packet inspection of user data packets comprising computer program code which, when run on processing circuitry of a control plane function entity, causes the control plane function entity to perform a method according to the first aspect.
  • a method for deep packet inspection of user data packets The method is performed by a user plane function entity.
  • the method comprises re-directing received user data packets requiring deep packet inspection to a deep packet inspection entity.
  • the method comprises setting up a data traffic end point in the user plane function entity for at least one service data flow.
  • the method comprises routing the received user data packets when the received user data packets are received at the data traffic end point.
  • a user plane function entity for deep packet inspection of user data packets The user plane function entity comprises processing circuitry.
  • the processing circuitry is configured to cause the user plane function entity to re-direct received user data packets requiring deep packet inspection to a deep packet inspection entity.
  • the processing circuitry is configured to cause the user plane function entity to set up a data traffic end point in the user plane function entity for at least one service data flow.
  • the processing circuitry is configured to cause the user plane function entity to route the received user data packets when the received user data packets are received at the data traffic end point.
  • a user plane function entity for deep packet inspection of user data packets.
  • the user plane function entity comprises processing circuitry and a computer program product.
  • the computer program product stores instructions that, when executed by the processing circuitry, causes the user plane function entity to perform operations, or steps.
  • the operations, or steps cause the user plane function entity to re-direct received user data packets requiring deep packet inspection to a deep packet inspection entity.
  • the operations, or steps cause the user plane function entity to set up a data traffic end point in the user plane function entity for at least one service data flow.
  • the operations, or steps cause the user plane function entity to route the received user data packets when the received user data packets are received at the data traffic end point.
  • a user plane function entity for deep packet inspection of user data packets.
  • the user plane function entity comprises a re-direct module configured to re-direct received user data packets requiring deep packet inspection to a deep packet inspection entity.
  • the user plane function entity comprises a set up module configured to set up a data traffic end point in the user plane function entity for at least one service data flow.
  • the user plane function entity comprises a route module configured to route the received user data packets when the received user data packets are received at the data traffic end point.
  • a computer program for deep packet inspection of user data packets comprising computer program code which, when run on processing circuitry of a user plane function entity, causes the user plane function entity to perform a method according to the sixth aspect.
  • a computer program product comprising a computer program according to at least one of the fifth aspect and the tenth aspect and a computer readable storage medium on which the computer program is stored.
  • the computer readable storage medium could be a non-transitory computer readable storage medium.
  • these methods by allocating a data traffic end point per SDF (possibly where several service data flows share the same data traffic end point), provide an efficient mechanism that for those packets requiring a deep packet inspection (where the packets cannot be identified IP 5-tuple rule) allows the user plane function entity (which does not comprise any DPI function) to perform bearer mapping, QoS enforcement, and accounting per SDF.
  • any feature of the first, second, third, fourth, fifth, sixth seventh, eight, ninth, tenth and eleventh aspects may be applied to any other aspect, wherever appropriate.
  • any advantage of the first aspect may equally apply to the second, third, fourth, fifth, sixth, seventh, eight, ninth, tenth, and/or eleventh aspect, respectively, and vice versa.
  • Other objectives, features and advantages of the enclosed embodiments will be apparent from the following detailed disclosure, from the attached dependent claims as well as from the drawings. Generally, all terms used in the enumerated embodiments are to be interpreted according to their ordinary meaning in the technical field, unless explicitly defined otherwise herein.
  • Figs, l and 2 are schematic diagrams illustrating parts of a communication network according to embodiments
  • Figs. 3, 4, 5, and 6 are flowcharts of methods according to embodiments;
  • Fig. 7 is a schematic diagram showing functional units of a control plane function entity according to an embodiment;
  • Fig. 8 is a schematic diagram showing functional modules of a control plane function entity according to an embodiment
  • Fig. 9 is a schematic diagram showing functional units of a user plane function entity according to an embodiment
  • Fig. 10 is a schematic diagram showing functional modules of a user plane function entity according to an embodiment.
  • Fig. 11 shows one example of a computer program product comprising computer readable means according to an embodiment.
  • Fig. l is a schematic diagram illustrating parts of a communications network loo where embodiments presented herein can be applied.
  • the communications network 100 comprises an SGW no, a PGW 120, a TDF 130, and an IP network 140.
  • the SGW 110 comprises a control plane serving gateway SGW-C 110a and a user plane serving gateway SGW-U nob
  • the PGW 120 comprises a control plane packet data network gateway PGW-C 120a and a user plane packet data network gateway PGW-U 120b
  • the TDF 140 comprises a control plane traffic detection function TDF-C 140a and a user plane traffic detection function TDF-U 140b.
  • the SGW 110, SGW-C 110a, SGW-U 110b, PGW 120, PGW-C 120a, PGW-U 120b, TDF 140, TDF-C 140a, TDF-U 140b, and IP network 140 are interconnected via interfaces denoted S11, S4-C,
  • the communications network 100 comprises a control plane function (CPF) entity 200 a user plane function (UPF) entity 300.
  • the control plane function entity 200 could be implemented in the PGW-C 120a (as in Fig. 1), in the TDF-C 140a, or even in the SGW-C 110a.
  • the user plane function entity 300 could be implemented in the PGW-U 120b (as in Fig. 1), in the TDF-U 140b, or even in the SGW-U nob. Functionality of the control plane function entity 200 and the user plane function entity 300 will be described below.
  • Fig. 2 is a schematic diagram illustrating the PGW-C 120a and the PGW-U 120b in more detail. In the illustrative example of Fig.
  • the PGW-C 120a and/or the CPF entity 200 comprises, is co-located with, or is operatively connected to, a deep packet inspection entity 400.
  • deep packet inspection also called complete packet inspection and information extraction or IX
  • IX complete packet inspection and information extraction
  • IX is a form of computer network packet filtering that examines the data part (and possibly also the header) of a packet as it passes an inspection point, searching for protocol non-compliance, viruses, spam, intrusions, and/or defined criteria to decide whether the packet may pass or if it needs to be routed to a different destination, and/or, for the purpose of collecting statistical information that functions at the Application layer of the OSI (Open Systems Interconnection model). Examples of how to perform DPI are as such known in the art and further description thereof is therefore omitted.
  • OSI Open Systems Interconnection model
  • the user data packets need to be re-directed to the PGW-C 120a and/or the CPF entity 200.
  • end points need to be set up.
  • At least one Sx UP End Point at CP (where UP is short for user plane and CP is short for control plane) is therefore provided by the CPF entity 200 to the UPF entity 300 at Sx session establishment so that packets e.g. IPv6 router solicitation / router advertisement (RS/RA), In band Radius/DHCP (where DHCP is short for Dynamic Host Configuration Protocol) messages (e.g. for scenarios 2, 3 and 4 in document 3GPP TS 23.214 Vo.1.0) can be routed to the PGW-C 120a, as well as for those IP packets which requires DPI for both uplink (UL) and downlink (DL) to identify which SDF it belongs to.
  • packets e.g. IPv6 router solicitation / router advertisement (RS/RA), In band Radius/DHCP (where DHCP is short for Dynamic Host Configuration Protocol) messages (e.g. for scenarios 2, 3 and 4 in document 3GPP TS 23.214 Vo.1.0) can be routed to the PGW-
  • the CPF entity 200 could allocate any number of data traffic end points to receive different traffic, e.g. one for receiving RS/RA, one for DHCP, another for user data packets from a first web server, another one for user data packets from a second web server, etc. Further, in general terms, any such data end point may be allocated within the CPF entity 200, but could alternatively be located in another standalone entity, e.g. in another user plane entity. For each Sx UP End Point at CP the CPF entity 200 could provide a filtering rule (IP 5-tuple rule) that identifies the data traffic that requires to be redirected to the Sx UP End Point at CP, e.g. for further processing using DPI.
  • IP 5-tuple rule IP 5-tuple rule
  • the Sx UP End Point at CP could alternatively be provided during a Release Access Bearer Procedure when the SGW-U 110b does not perform buffering of downlink data.
  • the CPF entity 200 For each SDF, or group of SDFs, that could only be identified by DPI, the CPF entity 200 requests the UPF entity 300 to allocate an Sx DL User Data End Point at UP and an Sx UL User Data End Point at UP at the UPF entity 300, and to assign a corresponding packet forwarding rule to route the packets received at this end point to either a remote DL user data end point (towards a next GTP-U hop, e.g. SGW) or toward Packet Data Network over the SGi in uplink direction, or towards some other destinations, e.g. towards a server for further processing of the user data packets, respectively. Additionally the CPF entity 200 could inform the UPF entity 300 about the corresponding parameters (bearer mapping, accounting, enforcement, etc.).
  • the request from the CPF entity 200 to the UPF entity 300 to allocate the Sx DL User Data End Point at UP and the Sx UL User Data End Point at UP can e.g. occur at the time a pre-defined rule, such as a pre-defined policy and charging control (PCC) rule is activated, which implies that a certain service is enabled/activated, or at the time the first user plane packet subject to DPI processing arrives at the Sx UP End Point at CP entity.
  • PCC policy and charging control
  • the CPF entity 200 could be required to inform the UPF entity 300 of the remote DL user data End Point (i.e. SGW S5/S8-U), and allocate an UL user data End Point (i.e.
  • control plane function entity 200 a method performed by the control plane function entity 200, a computer program product comprising code, for example in the form of a computer program, that when run on processing circuitry of the control plane function entity 200, causes the control plane function entity 200 to perform the method.
  • a user plane function entity 300 In order to obtain such mechanisms there is further provided a user plane function entity 300, a method performed by the user plane function entity 300, and a computer program product comprising code, for example in the form of a computer program, that when run on processing circuitry of the user plane function entity 300, causes the user plane function entity 300 to perform the method.
  • Figs. 3 and 4 are flow charts illustrating embodiments of methods for deep packet inspection of user data packets as performed by the control plane function entity 200.
  • Figs. 5 and 6 are flow charts illustrating embodiments of methods for deep packet inspection of user data packets as performed by the user plane function entity 300.
  • the methods are advantageously provided as computer programs 1120a, 1120b.
  • the methods are advantageously implemented in the network architecture of Figs. 1 and 2.
  • Fig. 3 illustrating a method for deep packet inspection of user data packets as performed by the control plane function entity 200 according to an embodiment.
  • the user plane function entity 300 is assumed not capable of performing deep packet inspection.
  • the control plane function entity 200 is therefore configured to perform step S102:
  • the control plane function entity 200 provides instructions to the user plane function entity 300 to re-direct received user data packets requiring deep packet inspection to a deep packet inspection entity 400. Further, in order for the user plane function entity 300 to receive user data packets on which deep packet inspection has been performed the user plane function entity 300 needs to set up a data traffic end point. Otherwise, it may even potentially be so that the user plane function entity 300 would once again re-direct the received user data packets requiring deep packet inspection deep packet inspection entity 400, despite that the user data packets already have been subjected to deep packet inspection.
  • the control plane function entity 200 is therefore configured to perform step S104:
  • the control plane function entity 200 provides instructions to the user plane function entity 300 to set up a data traffic end point in the user plane function entity 300 for at least one service data flow.
  • a data traffic end point in the user plane function entity 300 for at least one service data flow.
  • two such data traffic end points are denoted Sx DL user data end point at UP per SDF and Sx DL user data end point at UP per SDF, respectively.
  • the user plane function entity 300 may not be enabled to identify the service data flow as such and is therefore instructed to set up the data traffic end point such that it can receive the user data packets after deep packet inspection has been performed.
  • the user data packets on which deep packet inspection has been performed are provided to the user plane function entity 300 from the deep packet inspection entity 400 and are then to be delivered towards their destination by the user plane function entity 300.
  • the control plane function entity 200 therefore instructs the user plane function entity 300 how to route the received user data packets after deep packet inspection.
  • the control plane function entity 200 is therefore configured to perform step S106: S106: The control plane function entity 200 provides instructions to the user plane function entity 300 how to route the received user data packets when the received user data packets are received at the data traffic end point.
  • Deep packet inspection is performed by the deep packet inspection entity 400 and in order for the deep packet inspection entity 400 to provide the user data packets on which deep packet inspection has been performed back to the user plane function entity 300 the control plane function entity 200 instructs the deep packet inspection entity 400 how to direct the user data packets.
  • the control plane function entity 200 is therefore configured to perform step S110.
  • the user plane function entity 300 is thereby enabled to route the user data packets according to the instructions provided by the control plane function entity in step S106.
  • step S102 the received user data packets are instructed to be re-directed in step S102 whilst the received user data packets are instructed to be directed in step S110.
  • step S110 the received user data packets otherwise in step S102 by default would not be directed to the deep packet inspection entity 400 whereas step S110 does not involve any re-direction of the received user data packets.
  • the user data packets are in the PGW-U 120b, by default, routed by a routing engine.
  • the CPF entity 200 thus needs to instruct the UPF entity 300 such that user data packets requiring DPI are (at least temporarily) re-directed from the PGW-U 120b to the PGW-C 120a such that DPI can be performed.
  • the routing engine needs to be configured to perform such redirection of the user data packets.
  • Fig. 4 illustrating methods for deep packet inspection of user data packets as performed by the control plane function entity 200 according to further embodiments. It is assumed that steps S102, S104, S106, S110 are performed as described above with reference to Fig. 3 and a thus repeated description thereof is therefore omitted.
  • control plane function entity 200 In addition to provide instructions to the user plane function entity 300 how to route the received user data packets the control plane function entity 200 in some aspects instructions to the user plane function entity 300 to count the received user data packets. Hence according to an embodiment the control plane function entity 200 is configured to perform step S108:
  • the control plane function entity 200 provides instructions to the user plane function entity 300 to count the received user data packets at the data traffic end point.
  • control plane function entity 200 provides instructions to the user plane function entity to route the received user data packets at the data traffic end point to either a remote data traffic end point (e.g., in the SGW 110) in downlink direction, or to an upstream node in the Packet Data Network (e.g., over interface SGi) in uplink direction, or to another server where the user data packets may be processed further.
  • control plane function entity 200 provides instructions to the user plane function entity to route the received user data packets as part of a packet forwarding rule during a session management procedure, such as during a Sx session management procedure.
  • the control plane function entity 200 could instruct the user plane function entity 300 to either set up a data traffic end point, e.g. a GTP-U end point if GTP-U is used, for each of service data flow or for an aggregate of service data flow, in the PGW-U 120b.
  • the instructions specifies to set up a separate data traffic end point for each of the at least one service data flows whilst according to another embodiment the instructions specifies to set up a common data traffic end point for an aggregate of the at least one service data flows.
  • the instructions specifies the data traffic end point to be set up in the user plane function entity 300. Possible locations of the traffic end points (when provided as Sx UP end Point at CP) have been disclosed above.
  • the deep packet inspection entity 400 is instructed by the control plane function entity 200 to direct the received user data packets after performing deep packet inspection of the received user data packets.
  • Fig. 5 illustrating a method for deep packet inspection of user data packets as performed by the user plane function entity 300 according to an embodiment. The methods are advantageously implemented in the network architecture of Figs. 1 and 2.
  • control plane function entity 200 in step S102 provides instructions to the user plane function entity 300 to re-direct received user data packets for deep packet inspection.
  • user plane function entity 300 is configured to perform step S202:
  • S202 The user plane function entity 300 re-directs received user data packets requiring deep packet inspection to the deep packet inspection entity 400.
  • control plane function entity 200 in step S104 provides instructions to the user plane function entity 300 to set up a data traffic end point.
  • the user plane function entity 300 is configured to perform step S204: S204: The user plane function entity 300 sets up a data traffic end point in the user plane function entity 300 for at least one service data flow.
  • control plane function entity 200 in step S106 provides instructions to the user plane function entity 300 how to route the received user data packets.
  • the user plane function entity 300 is configured to perform step S206:
  • the user plane function entity 300 routes the received user data packets when the received user data packets are received at the data traffic end point.
  • step S202 to set up in step S204, and how to route in step S206 are defined by instructions received from the control plane function entity 200.
  • Embodiments relating to further details of deep packet inspection as performed by the user plane function entity 300 will now be disclosed.
  • Fig. 6 illustrating methods for deep packet inspection of user data packets as performed by the user plane function entity 300 according to further embodiments. It is assumed that steps S202-S206 are performed as described above with reference to Fig. 5 and a thus repeated description thereof is therefore omitted.
  • control plane function entity 200 provides instructions to the user plane function entity 300 to count the received user data packets at the data traffic end point.
  • the user plane function entity 300 is configured to perform step S208:
  • the user plane function entity 300 counts the received user data packets at the data traffic end point.
  • to count in step S208 is defined by instructions received from the control plane function entity 200.
  • the user plane function entity 300 routes the received user data packets at the data traffic end point to either a remote data traffic end point in downlink direction, or to an upstream node in uplink direction.
  • the user plane function entity routes the received user data packets as part of a packet forwarding rule during a session management procedure.
  • the user plane function entity 300 could be different ways for the user plane function entity 300 to receive the user data packets. For example, the user data packets could be received either from downlink or uplink.
  • the received user data packets are by the user plane function entity received from an upstream node in downlink direction whilst according to another embodiment the received user data packets are by the user plane function entity received from a user plane entity in uplink direction.
  • the data traffic end point is a user plane General Packet Radio Service Tunneling Protocol (GTP-U) type end point.
  • GTP-U General Packet Radio Service Tunneling Protocol
  • a separate data traffic end point is set up for each of the at least one service data flows whilst according to another embodiment a common data traffic end point is set up for an aggregate of the at least one service data flows.
  • the data traffic end point is set up in the user plane function entity 300.
  • Fig. 7 schematically illustrates, in terms of a number of functional units, the components of a control plane function entity 200 according to an
  • Processing circuitry 210 is provided using any combination of one or more of a suitable central processing unit (CPU), multiprocessor, microcontroller, digital signal processor (DSP), etc., capable of executing software instructions stored in a computer program product 1110a (as in Fig. 11), e.g. in the form of a storage medium 230.
  • the processing circuitry 210 l8 may further be provided as at least one application specific integrated circuit (ASIC), or field programmable gate array (FPGA).
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • the processing circuitry 210 is configured to cause the control plane function entity 200 to perform a set of operations, or steps, S102-S110, as disclosed above.
  • the storage medium 230 may store the set of operations
  • the processing circuitry 210 may be configured to retrieve the set of operations from the storage medium 230 to cause the control plane function entity 200 to perform the set of operations.
  • the set of operations may be provided as a set of executable instructions.
  • the processing circuitry 210 is thereby arranged to execute methods as herein disclosed.
  • the storage medium 230 may also comprise persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid state memory or even remotely mounted memory.
  • the control plane function entity 200 may further comprise a
  • communications interface 220 for communications at least with the user plane function entity 300.
  • the communications interface 220 may comprise one or more transmitters and receivers, comprising analogue and digital components.
  • the processing circuitry 210 controls the general operation of the control plane function entity 200 e.g. by sending data and control signals to the communications interface 220 and the storage medium 230, by receiving data and reports from the communications interface 220, and by retrieving data and instructions from the storage medium 230.
  • Other components, as well as the related functionality, of the control plane function entity 200 are omitted in order not to obscure the concepts presented herein.
  • Fig. 8 schematically illustrates, in terms of a number of functional modules, the components of a control plane function entity 200 according to an embodiment.
  • the control plane function entity 200 of Fig. 8 comprises a number of functional modules; a provide module 210a configured to perform step S102, a provide module 210b configured to perform step S104, a provide module 210c configured to perform step S106, and a provide module 2ioe configured to perform step S110.
  • the control plane function entity 200 of Fig. 8 may further comprise a number of optional functional modules, such as a provide module 2iod configured to perform step S108.
  • each functional module 2ioa-2ioe may be implemented in hardware or in software.
  • one or more or all functional modules 2ioa-2ioe may be implemented by the processing circuitry 210, possibly in cooperation with functional units 220 and/or 230.
  • the processing circuitry 210 may thus be arranged to from the storage medium 230 fetch instructions as provided by a functional module 2ioa-2ioe and to execute these instructions, thereby performing any steps of the control plane function entity 200 as disclosed herein.
  • Fig. 9 schematically illustrates, in terms of a number of functional units, the components of a user plane function entity 300 according to an embodiment.
  • Processing circuitry 310 is provided using any combination of one or more of a suitable central processing unit (CPU), multiprocessor, microcontroller, digital signal processor (DSP), etc., capable of executing software instructions stored in a computer program product mob (as in Fig. 11), e.g. in the form of a storage medium 330.
  • the processing circuitry 310 may further be provided as at least one application specific integrated circuit (ASIC), or field
  • FPGA programmable gate array
  • the processing circuitry 310 is configured to cause the user plane function entity 300 to perform a set of operations, or steps, S202-S2o6a, as disclosed above.
  • the storage medium 330 may store the set of operations, and the processing circuitry 310 may be configured to retrieve the set of operations from the storage medium 330 to cause the user plane function entity 300 to perform the set of operations.
  • the set of operations may be provided as a set of executable instructions.
  • the storage medium 330 may also comprise persistent storage, which, for example, can be any single one or combination of magnetic memory, optical memory, solid state memory or even remotely mounted memory.
  • the user plane function entity 300 may further comprise a communications interface 320 for communications at least with the control plane function entity 200.
  • the communications interface 320 may comprise one or more transmitters and receivers, comprising analogue and digital
  • the processing circuitry 310 controls the general operation of the user plane function entity 300 e.g. by sending data and control signals to the
  • communications interface 320 and the storage medium 330 by receiving data and reports from the communications interface 320, and by retrieving data and instructions from the storage medium 330.
  • Other components, as well as the related functionality, of the user plane function entity 300 are omitted in order not to obscure the concepts presented herein.
  • Fig. 10 schematically illustrates, in terms of a number of functional modules, the components of a user plane function entity 300 according to an embodiment.
  • the user plane function entity 300 of Fig. 10 comprises a number of functional modules; a re-direct module 310a configured to perform step S202, a set up module 310b configured to perform step S204, and a route module configured to perform step S206.
  • the user plane function entity 300 of Fig. 10 may further comprises a number of optional functional modules, such as a count module 3iod configured to perform step S208.
  • each functional module 3ioa-3iod may be implemented in hardware or in software.
  • one or more or all functional modules 3ioa-3iod may be implemented by the processing circuitry 310, possibly in cooperation with functional units 320 and/or 330.
  • the processing circuitry 310 may thus be arranged to from the storage medium 330 fetch instructions as provided by a functional module 3ioa-3iod and to execute these instructions, thereby performing any steps of the user plane function entity 300 as disclosed herein.
  • the control plane function entity 200 and/or user plane function entity 300 may be provided as standalone devices or as a part of at least one further device.
  • the control plane function entity 200 is provided in the control plane packet data network gateway PGW-C 120a
  • the user plane function entity 300 is provided in the user plane packet data network gateway PGW-U 120b.
  • control plane function entity 200 could be provided in the control plane traffic detection function TDF-C 140a and the user plane function entity 300 could be provided in the user plane traffic detection function TDF-C 140b.
  • functionality of the control plane function entity 200 and/or user plane function entity 300 may be distributed between at least two devices, or nodes. These at least two nodes, or devices, may either be part of the same network part or may be spread between at least two such network parts.
  • instructions that are required to be performed in real time may be performed in a device, or node, operatively closer to the end-user of the user data packets than instructions that are not required to be performed in real time.
  • the user plane function entity 300 may be provided operatively closer to the end-user than the control plane function entity 200.
  • the control plane function entity 200 and the user plane function entity 300 could be physically separated (and thus be implemented in physically separated devices).
  • a first portion of the instructions performed by the control plane function entity 200 / user plane function entity 300 may be executed in a first device
  • a second portion of the of the instructions performed by the control plane function entity 200 / user plane function entity 300 may be executed in a second device; the herein disclosed embodiments are not limited to any particular number of devices on which the instructions performed by the control plane function entity 200 / user plane function entity 300 may be executed.
  • Figs. 7 and 9 the processing circuitry 210, 310 may be distributed among a plurality of devices, or nodes.
  • Fig. 11 shows one example of a computer program product 1110a, mob comprising computer readable means 1130.
  • a computer program 1120a can be stored, which computer program 1120a can cause the processing circuitry 210 and thereto operatively coupled entities and devices, such as the communications interface 220 and the storage medium 230, to execute methods according to embodiments described herein.
  • the computer program 1120a and/or computer program product 1110a may thus provide means for performing any steps of the control plane function entity 200 as herein disclosed.
  • a computer program 1120b can be stored, which computer program 1120b can cause the processing circuitry 310 and thereto operatively coupled entities and devices, such as the communications interface 320 and the storage medium 330, to execute methods according to embodiments described herein.
  • the computer program 1120b and/or computer program product mob may thus provide means for performing any steps of the user plane function entity 300 as herein disclosed.
  • the computer program product 1110a, mob is illustrated as an optical disc, such as a CD (compact disc) or a DVD (digital versatile disc) or a Blu-Ray disc.
  • the computer program product 1110a, mob could also be embodied as a memory, such as a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM), or an electrically erasable programmable read-only memory (EEPROM) and more particularly as a non-volatile storage medium of a device in an external memory such as a USB (Universal Serial Bus) memory or a Flash memory, such as a compact Flash memory.
  • RAM random access memory
  • ROM read-only memory
  • EPROM erasable programmable read-only memory
  • EEPROM electrically erasable programmable read-only memory
  • the computer program 1120a, 1120b is here schematically shown as a track on the depicted optical disk, the computer program 1120a, 1120b can be stored in any way which is suitable for the computer program product 1110a, mob.
  • a method for deep packet inspection of user data packets the method being performed by a user plane function entity (300), the method
  • routing (S206) the received user data packets when the received user data packets are received at the data traffic end point.
  • a method for deep packet inspection of user data packets the method being performed by a control plane function entity (200), the method comprising:
  • control plane function entity (200) is provided in a control plane packet data network gateway, PGW-C (120a).
  • PGW-C control plane packet data network gateway
  • user plane function entity (300) is provided in a user plane packet data network gateway, PGW-U (120b).
  • a user plane function entity (300) for deep packet inspection of user data packets comprising processing circuitry (310), the processing circuitry being configured to cause the user plane function entity (300) to: re-direct received user data packets requiring deep packet inspection to a deep packet inspection entity (400);
  • a computer program product storing instructions that, when executed by the processing circuitry, causes the user plane function entity (300) to:
  • a re-direct module (310a) configured to re-direct received user data packets requiring deep packet inspection to a deep packet inspection entity (400);
  • a set up module (310b) configured to set up a data traffic end point in the user plane function entity (300) for at least one service data flow; and a route module (310c) configured to route the received user data packets when the received user data packets are received at the data traffic end point.
  • a control plane function entity (200) for deep packet inspection of user data packets comprising processing circuitry (210), the processing circuitry being configured to cause the control plane function entity (200) to: provide instructions to a user plane function entity (300) to re-direct received user data packets requiring deep packet inspection to a deep packet inspection entity (400);
  • a control plane function entity (200) for deep packet inspection of user data packets comprising:
  • a computer program product (1110a) storing instructions that, when executed by the processing circuitry, causes the control plane function entity (200) to:
  • a control plane function entity (200) for deep packet inspection of user data packets comprising: a provide module (210a) configured to provide instructions to a user plane function entity (300) to re-direct received user data packets requiring deep packet inspection to a deep packet inspection entity (400);
  • a provide module (210b) configured to provide instructions to the user plane function entity (300) to set up a data traffic end point in the user plane function entity (300) for at least one service data flow;
  • a provide module (210c) configured to provide instructions to the user plane function entity (300) how to route the received user data packets when the received user data packets are received at the data traffic end point; and a provide module (2ioe) configured to provide instructions to the deep packet inspection entity (400) to direct the received user data packets for the at least one service data flow to the data traffic end point.
  • a computer program (1120b) for deep packet inspection of user data packets comprising computer code which, when run on processing circuitry (310) of a user plane function entity (300), causes the user plane function entity (300) to:
  • a computer program (1120a) for deep packet inspection of user data packets comprising computer code which, when run on processing circuitry (210) of a control plane function entity (200), causes the control plane function entity (200) to:
  • a computer program product (1110a, mob) comprising a computer program (1120a, 1120b) according to at least one of items 25 and 26, and a computer readable storage medium (1130) on which the computer program is stored.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne une entité de fonction de plan de commande, une entité de fonction de plan d'utilisateur, des programmes d'ordinateur et un produit de programme d'ordinateur destinés à une inspection approfondie de paquets de paquets de données d'utilisateur, un procédé étant mis en œuvre, le procédé consistant : à rediriger (S202) des paquets de données d'utilisateur reçus nécessitant une inspection approfondie de paquets à destination d'une entité d'inspection approfondie de paquets (400) ; à établir (S204) un point d'extrémité de trafic de données dans l'entité de fonction de plan utilisateur (300) pour au moins un flux de données de service ; et à acheminer (S206) les paquets de données d'utilisateur reçus lorsque les paquets de données d'utilisateur reçus sont reçus au niveau du point d'extrémité de trafic de données.
PCT/EP2017/070928 2016-08-22 2017-08-18 Inspection approfondie de paquets pour plans de commande et plans d'utilisateur séparés WO2018036922A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201662377943P 2016-08-22 2016-08-22
US62/377,943 2016-08-22

Publications (1)

Publication Number Publication Date
WO2018036922A1 true WO2018036922A1 (fr) 2018-03-01

Family

ID=59649724

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2017/070928 WO2018036922A1 (fr) 2016-08-22 2017-08-18 Inspection approfondie de paquets pour plans de commande et plans d'utilisateur séparés

Country Status (1)

Country Link
WO (1) WO2018036922A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11349557B2 (en) 2018-11-30 2022-05-31 At&T Intellectual Property I, L.P. System model and architecture for mobile integrated access and backhaul in advanced networks

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8612612B1 (en) * 2011-09-28 2013-12-17 Juniper Networks, Inc. Dynamic policy control for application flow processing in a network device
WO2015070592A1 (fr) * 2013-11-14 2015-05-21 中兴通讯股份有限公司 Procédé de répartition de flux de données et contrôleur

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8612612B1 (en) * 2011-09-28 2013-12-17 Juniper Networks, Inc. Dynamic policy control for application flow processing in a network device
WO2015070592A1 (fr) * 2013-11-14 2015-05-21 中兴通讯股份有限公司 Procédé de répartition de flux de données et contrôleur
EP3070892A1 (fr) * 2013-11-14 2016-09-21 ZTE Corporation Procédé de répartition de flux de données et contrôleur

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11349557B2 (en) 2018-11-30 2022-05-31 At&T Intellectual Property I, L.P. System model and architecture for mobile integrated access and backhaul in advanced networks

Similar Documents

Publication Publication Date Title
CN112889254B (zh) 使用策略处理数据包的方法和系统
US9497661B2 (en) Implementing EPC in a cloud computer with openflow data plane
EP2831733B1 (fr) Mise en oeuvre d'epc dans un ordinateur en nuage à plan de données openflow
US20160323193A1 (en) Service Routing Method, Device, and System
US10397188B2 (en) Access control apparatus, system, and method
US9647937B1 (en) Policy control using software defined network (SDN) protocol
US9173158B2 (en) Method and apparatus for improving LTE enhanced packet core architecture using openflow network controller
US8612612B1 (en) Dynamic policy control for application flow processing in a network device
AU2012303738B2 (en) Implementing a 3G packet core in a cloud computer with openflow data and control planes
EP2441211B1 (fr) Contrôle des performances dans un réseau de communication
CN111262772B (zh) 用于安置在网络环境中的节点的方法及节点
US8953623B1 (en) Predictive network services load balancing within a network device
US8644339B1 (en) In-line packet reassembly within a mobile gateway
US9106563B2 (en) Method and apparatus for switching communications traffic in a communications network
EP2599266B1 (fr) Gestion du trafic de réseau via un accès fixe
US10979349B2 (en) Methods and apparatuses for flexible mobile steering in cellular networks
WO2018036922A1 (fr) Inspection approfondie de paquets pour plans de commande et plans d'utilisateur séparés
US20190268263A1 (en) Flow cache based mechanism of packet redirection in multiple border routers for application awareness
WO2015139729A1 (fr) Configuration de supports de raccordement
EP3131344A1 (fr) Procédé et système permettant de découvrir des points d'agrégation d'accès pour des approches de liaison dans un réseau de télécommunication
KR102055339B1 (ko) 이동통신을 위한 다운링크 데이터 처리 방법 및 그 장치
WO2012114328A1 (fr) Système et procédé pour une gestion de file d'attente active par flux sur un réseau à commutation par paquet

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17754170

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17754170

Country of ref document: EP

Kind code of ref document: A1