WO2018049583A1 - User plane sharing method, device and supervising management device based on network slicing - Google Patents

User plane sharing method, device and supervising management device based on network slicing Download PDF

Info

Publication number
WO2018049583A1
WO2018049583A1 PCT/CN2016/098997 CN2016098997W WO2018049583A1 WO 2018049583 A1 WO2018049583 A1 WO 2018049583A1 CN 2016098997 W CN2016098997 W CN 2016098997W WO 2018049583 A1 WO2018049583 A1 WO 2018049583A1
Authority
WO
WIPO (PCT)
Prior art keywords
target
rule
user plane
network
manager
Prior art date
Application number
PCT/CN2016/098997
Other languages
French (fr)
Chinese (zh)
Inventor
王岩
李业兴
陈中平
侯义合
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2016/098997 priority Critical patent/WO2018049583A1/en
Publication of WO2018049583A1 publication Critical patent/WO2018049583A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the embodiments of the present invention relate to the field of communications technologies, and in particular, to a network slice-based user plane sharing method, apparatus, and supervisor manager.
  • the function items in the EPC are decomposed into CP (Control Plane Gateway) and GW-U (Gateway-user plane, User plane gateway).
  • the GW-U is mainly used for processing data packets;
  • the CP is mainly used to define the processing action of the GW-U on the data packet, and the CP sends the processing rule (rule) of the data packet to the GW-U, when the data packet arrives at the GW.
  • the GW-U processes the data packet according to the forwarding rule sent by the CP, thereby completing the processing and transmission of the user data packet.
  • each network slice When the network is sliced under the network frame separated by the CP and the GW-U, each network slice has its own independent CP, and each network slice has one or more GW-Us. In order to reduce the delay, the GW-U in the network slice needs to be moved down. GW-U usually adopts distributed deployment. When a large number of GW-Us need to be deployed at the edge of the network, if the network slice is used exclusively for GW-U, each network slice will cause network edge due to heavy GW-U. Resources are quickly exhausted, which in turn limits the scalability of network slices. Therefore, a method in which a plurality of network slices share a GW-U is generally adopted, so that resources consumed by creating a GW-U can be reduced to improve resource utilization.
  • the Flowvisor is used in the OpenFlow protocol to ensure isolation of network slices when multiple OpenFlow controllers share an OpenFlow switch.
  • OpenFlow is used in the transmission network and is an interface protocol between the OpenFlow controller and the OpenFlow switch.
  • the OpenFlow controller is the control plane network element
  • the OpenFlow switch is the user plane network element.
  • the Flowvisor is deployed between the OpenFlow controller and the OpenFlow switch.
  • the Flowvisor configures the relationship between the OpenFlow controller and the OpenFlow switch according to the contents of the Policy.
  • the signaling is managed in a unified manner to isolate the CPU (Central Processing Unit), bandwidth, and topology when the OpenFlow switch is shared, so that the slices do not affect each other when the OpenFlow switch is shared.
  • Flowvisor Since Flowvisor is used in the OpenFlow protocol, the isolation is mainly the isolation of the underlying physical resources. Currently, OpenFlow only implements basic stateless fast forwarding, and has not implemented DPI, online charging, etc., so Flowvisor does not consider each The atomic function of the network slice user plane is isolated. However, in the network architecture in which the existing core network gateways C and U are separated, the user plane GW-U has functions such as charging, DPI (Deep Packet Inspection, Deep Packet Inspection), etc. in the core network. Each network slice has a specific set of atomic functions, and the atomic function set of each network slice is a subset of the full set of user-side atomic functions. Since the Flowvisor does not isolate the user plane atomic function set of the network slice, it is likely that the network slice uses the user plane atom function outside the specified range, thereby affecting the normal operation of other network slices.
  • DPI Deep Packet Inspection
  • Deep Packet Inspection Deep Packet Inspection
  • the present invention provides a user plane sharing method, apparatus and supervisor manager based on network slicing.
  • a network slice-based user plane sharing method includes:
  • the supervisor manager obtains a target configuration policy of the target network slice, where the target configuration policy includes a set of user plane atomic functions;
  • the supervisory manager determines whether the function set delivered by the target rule is a subset of the user plane atomic function set
  • the supervisor manager When the function set delivered by the target rule is a subset of the user plane atomic function set, the supervisor manager sends the target rule to the target user plane network element.
  • the supervisory network can effectively prevent the target network slice from crossing the boundary using unauthorized user plane atom functions, thereby avoiding affecting the normal operation of other network slices.
  • the target configuration policy further includes: a target frequency and a target bandwidth; the method further includes:
  • the supervisory manager determines whether the frequency of the target rule delivery is less than the target frequency
  • the supervisory manager determines whether the bandwidth delivered by the target rule is not greater than the target bandwidth
  • the step of the supervisor manager sending the target rule to the target user plane network element is performed.
  • the function set, frequency and bandwidth delivered by the supervisory manager to the target rule may be judged at the same time, or may be judged according to a certain judgment order, and the supervisor manager except the function set, the frequency and the target rule
  • the supervisory manager can also detect other attribute parameters delivered by the target rule according to the requirements, and then determine whether the requirements are met, so as to prevent the target network slice from crossing the boundary using the unauthorized user plane atom function, thereby causing the impact.
  • the supervisory manager obtains a target configuration policy of the target network slice, including:
  • the supervisor manager obtains a target feature value of the target network slice
  • the supervisor manager obtains a target configuration policy corresponding to the target feature value.
  • the feature value Since the feature value is unique, the feature value can be represented by the IP address of the control plane network element.
  • the supervisor manager finds the configuration policy corresponding to the target feature value in multiple configuration policies, that is, the target Target configuration policy for network slicing.
  • the supervisory manager is in communication with the slice manager and the management orchestration domain, the method further comprising:
  • the slice manager obtains network slice creation information
  • the slice manager sends a network slice creation instruction to the management orchestration domain according to the network slice creation information
  • the management orchestration domain creates a target control plane network element and a target user plane network element according to the network slice creation instruction;
  • the slice manager When the slice manager obtains a network slice creation response sent by the management orchestration domain, the slice manager sends a new network slice request including the target configuration policy to the supervision manager.
  • the management orchestration domain respectively creates a target control plane network element and a target user plane network element according to the network slice creation instruction, that is, instantiates the target user plane network element and the target control plane network element, and further includes if the instantiated network slice network element instruction is included
  • the requirements for the instantiation of the supervisor manager may require the instantiation of the supervisor manager.
  • the management orchestration domain sends a network slice creation response to the slice manager, at which time the slice manager sends a new network slice request carrying the target configuration policy of the target network slice to the supervisor manager.
  • the supervisory manager is in communication with the slice manager and the management orchestration domain, the method further includes:
  • the supervisor manager acquires network slice creation information sent by the slice manager;
  • the supervisor manager sends a network slice creation instruction to the management orchestration domain according to the network slice creation information
  • the management orchestration domain creates a target control plane network element and a target user plane network element according to the step of creating a network slice network element;
  • the supervisor manager sends a network slice creation instruction to the management orchestration domain.
  • the management orchestration domain creates a target control plane network element and a target user plane network element according to the network slice creation instruction, that is, instantiates the target user.
  • the face network element and the target control plane network element are included in the supervisory manager.
  • the supervisor manager may need to be instantiated.
  • the management orchestration domain After the management orchestration domain instantiation is completed, the management orchestration domain sends a network slice creation response to the supervisory manager, and the management orchestration domain sends a new network slice request carrying the target configuration policy of the target network slice to the supervisory manager, and may also The slice manager sends a new network slice request; so that the supervisor manager extracts the target configuration policy and the feature value of the target slice according to the received new network slice request.
  • the target configuration policy further includes: a correspondence between a real network topology and a virtual network topology, where the supervisor manager Sending the target rule to the target user plane network element, including:
  • the supervisor manager obtains a virtual IP address in the virtual network topology
  • the target configuration policy includes the correspondence between the real network topology of the network slice and the virtual network topology node.
  • the implementation process in the supervisory manager is as follows: after the supervisor manager receives the real network topology sent by the slice manager and the virtual network topology. After the correspondence between the nodes, the supervisor manager virtualizes the control port IP between the network element and the target control plane.
  • the IP address of the port is the IP of the virtual (virtual) target user plane network element.
  • the (real) control port IP of the target user plane network element has a one-to-one correspondence or a one-to-many correspondence relationship.
  • the supervisory manager sends the target rule to the target user plane network element corresponding to the real IP address.
  • the target control plane network element is the virtual target user plane network element.
  • the IP is issued, and the supervisor manager can find the corresponding True target user plane network element IP according to the virtual target user plane network element IP; if the one-to-many relationship is received, the supervisory manager receives the rule issued by the target control plane network element.
  • the corresponding True target user plane network element IP is also found according to a certain algorithm, so that the rule is delivered.
  • the method further includes:
  • the supervisor manager modifies the target rule according to the target configuration policy, obtains a modified target rule, and sends the modified target rule to the target user plane network element, so that the function set in the modified target rule is a subset of the user plane atomic function set;
  • the supervisor manager prohibits sending the target rule to the target user plane network element.
  • the supervisor manager modifies the target rule according to the target configuration policy, obtains the modified target rule, and sends the modified target rule to the target user plane network element, so that Modify the feature set in the target rule to be a subset of the user face atomic feature set.
  • the supervisor manager prohibits the delivery of the target rule to the target user plane network element.
  • the user plane atomic function set includes one or more of the following Combinations: billing, lawful interception, paging, deep packet inspection DPI, protocol security IPsec, network address translation NAT, hypertext transfer protocol HTTP header enhancement and caching.
  • a network slice-based user plane sharing apparatus which is applied to a core network including a supervisory manager, where the apparatus includes:
  • a target configuration policy obtaining module configured to acquire a target configuration policy of the target network slice, where the target configuration policy includes a user plane atom function set;
  • a target rule judging module configured to determine, when the target control plane network element sends a target rule to the target user plane network element, whether the function set delivered by the target rule is a subset of the user plane atomic function set ;
  • a target rule sending module configured to send the target rule to the target user plane network element when the function set sent by the target rule is a subset of the user plane atomic function set.
  • the target rules issued by the control plane network element are uniformly controlled, which can effectively prevent the target network slice from crossing the boundary using the unauthorized user plane atom function, thereby avoiding affecting the normal operation of other network slices.
  • the target configuration policy further includes: a target frequency and a target bandwidth; the device further includes:
  • a frequency judging module configured to determine whether a frequency of the target rule is less than the target frequency
  • a bandwidth determining module configured to: when the frequency of sending the target rule is less than the target frequency, The supervisory manager determines whether the bandwidth delivered by the target rule is not greater than the target bandwidth.
  • the target rule judgment module, the frequency judgment module, and the bandwidth judgment module respectively can determine the function set, the frequency, and the bandwidth delivered by the target rule at the same time, or can perform the judgment according to a certain judgment order, except for the target rule.
  • other attribute parameters delivered by the target rule may be detected according to requirements, thereby determining whether the requirements are met, so as to prevent the target network slice from crossing the boundary using unauthorized user plane atoms.
  • the target configuration policy acquiring module includes:
  • the target feature value obtaining submodule is configured to acquire a target feature value of the target network slice.
  • the target configuration policy sub-module is configured to acquire a target configuration policy corresponding to the target feature value.
  • the target configuration policy sub-module searches for a configuration policy corresponding to the target feature value in multiple configuration policies, that is, a target configuration policy for the target network slice.
  • the supervisory manager is separately connected to the slice manager and the management orchestration domain, and the device further includes:
  • a first network slice creation information acquisition module configured to acquire network slice creation information
  • a first network slice creation instruction sending module configured to send a network slice creation instruction to the management orchestration domain according to the network slice creation information
  • a first network slice creation module configured to create a target control plane network element and a target user plane network element according to the network slice creation instruction
  • a new network slice request sending module configured to send a new network slice request including the target configuration policy to the supervisor manager when the slice manager obtains a network slice creation response sent by the management orchestration domain.
  • the first network slice creation instruction sending module separately creates a target control plane network element and a target user plane network element according to the network slice creation instruction, that is, instantiating the target user plane network element and the target control plane network element, and if instantiating the network slice
  • the NE instruction includes requirements for the instantiation of the supervisor manager, which may need to be instantiated.
  • manage the orchestration domain The slice manager sends a network slice creation response, at which time the slice manager sends a new network slice request to the supervisor manager that carries the target configuration policy for the target network slice.
  • the supervisory manager is separately connected to the slice manager and the management orchestration domain, and the device further includes:
  • a second network slice creation information acquiring module configured to acquire network slice creation information sent by the slice manager
  • a second network slice creation instruction sending module configured to send a network slice creation instruction to the management orchestration domain according to the network slice creation information
  • a second network slice creation module configured to create a target control plane network element and a target user plane network element according to the creating a network slice network element instruction.
  • the second network slice creation instruction sending module sends a network slice creation instruction to the management orchestration domain.
  • the management orchestration domain respectively creates a target control plane network element and a target user plane network element according to the network slice creation instruction, that is, instantiates the target user plane network element and the target control plane network element, and further includes if the instantiated network slice network element instruction is included
  • the requirements for the instantiation of the supervisor manager may require the instantiation of the supervisor manager.
  • the management orchestration domain sends a network slice creation response to the supervisory manager, and the management orchestration domain sends a new network slice request carrying the target configuration policy of the target network slice to the supervisory manager, in other embodiments.
  • the slice manager may send a new network slice request; so that the supervisor manager extracts the target configuration policy and the feature value of the target slice according to the received new network slice request.
  • the target configuration policy further includes: a correspondence between a real network topology and a virtual network topology, where the target rule is delivered Modules, including:
  • a virtual IP address obtaining submodule configured to obtain a virtual IP address in the virtual network topology
  • a real IP address determining submodule configured to determine a real IP address corresponding to the virtual IP address according to the correspondence between the real network topology and the virtual network topology;
  • the target configuration policy includes the correspondence between the real network topology of the network slice and the virtual network topology node.
  • the implementation process in the supervisory manager is as follows: after the supervisor manager receives the real network topology sent by the slice manager and the virtual network topology. After the correspondence between the nodes, the supervisor manager virtualizes the control port IP between the network element and the target control plane.
  • the IP address of the port is a virtual (virtual) target user plane network element.
  • IP the IP of these Virtual target user plane network elements has a one-to-one correspondence or one-to-many correspondence relationship with the control port IP of the True (real) target user plane network element.
  • the target rule sending submodule is configured to send the target rule to the target user plane network element corresponding to the real IP address.
  • the target control plane network element when the target control plane network element sends the rule, the target control plane network element is the virtual target user plane network element.
  • the IP address is sent, and the real IP address determining sub-module can find the corresponding True target user plane network element IP according to the virtual target user plane network element IP; if it is a one-to-many relationship, the real IP address determining sub-module receives the target control plane network.
  • the rule is issued by the element, the corresponding target network element IP of the True target is found according to a certain algorithm, so that the rule is delivered.
  • the device further includes:
  • a target rule modification module configured to modify the target rule according to the target configuration policy when the function set in the target rule is not a subset of the user plane atomic function set, obtain a modified target rule, and modify the target Sending a target rule to the target user plane network element, so that the function set in the modification target rule is a subset of the user plane atomic function set;
  • the target rule issuance module is disabled, and the target rule is prohibited from being sent to the target user plane network element.
  • the target rule modification module modifies the target rule according to the target configuration policy, obtains the modified target rule, and sends the modified target rule to the target user plane network element, Makes the function in the modification target rule a subset of the user-side atomic feature set. Or, the target rule issuance module is forbidden to send the target rule to the target user plane network element.
  • the user plane atomic function set includes one or more of the following Combination: billing, lawful interception, paging, deep packet inspection DPI, protocol security IPsec, network address translation NAT, hypertext transfer protocol HTTP header enhancement and caching.
  • a supervisory manager including: a transceiver and a processor;
  • the transceiver is configured to acquire a target configuration policy of a target network slice, where the target configuration policy is Including the user plane atomic function set;
  • the processor is used to:
  • the target control plane network element sends the target rule to the target user plane network element, determining whether the function set delivered by the target rule is a subset of the user plane atomic function set;
  • the target rule is sent to the target user plane network element.
  • the target network slice can be effectively prevented from using the unauthorized user plane atomic function, thereby avoiding affecting the normal operation of other network slices.
  • the target configuration policy further includes: a target frequency and a target bandwidth; the processor is further configured to:
  • the function set, frequency and bandwidth delivered by the processor of the supervisory manager to the target rule may be judged at the same time, or may be judged according to a certain judgment order, except for the function set, frequency and bandwidth in the target rule.
  • other attribute parameters delivered by the target rule may be detected according to the requirements, thereby determining whether the requirements are met, so as to prevent the target network slice from crossing the boundary using the unauthorized user plane atom function, thereby affecting other network slices. normal operation.
  • the monitoring manager obtains a target configuration policy of the target network slice, including:
  • the feature value can be represented by the IP address of the control plane network element.
  • the processor may search for a configuration policy corresponding to the target feature value in multiple configuration policies, that is, a target configuration policy for the target network slice.
  • the supervisory manager is separately connected to the slice manager and the management orchestration domain, and the processor is further configured to:
  • the slice manager obtains network slice creation information
  • the slice manager sends a network slice creation instruction to the management orchestration domain according to the network slice creation information
  • the management orchestration domain creates a target control plane network element and a target user plane network element according to the network slice creation instruction;
  • the slice manager When the slice manager obtains a network slice creation response sent by the management orchestration domain, the slice manager sends a new network slice request including the target configuration policy to the supervision manager.
  • the management orchestration domain respectively creates a target control plane network element and a target user plane network element according to the network slice creation instruction, that is, instantiates the target user plane network element and the target control plane network element, and further includes if the instantiated network slice network element instruction is included
  • the requirements for the instantiation of the supervisor manager may require the instantiation of the supervisor manager.
  • the management orchestration domain sends a network slice creation response to the slice manager, at which time the slice manager sends a new network slice request carrying the target configuration policy of the target network slice to the supervisor manager.
  • the supervisory manager is separately connected to the slice manager and the management orchestration domain, and the processor is further configured to:
  • the management orchestration domain creates a target control plane network element and a target user plane network element according to the step of creating a network slice network element;
  • the step of acquiring the target configuration policy of the target network slice is performed.
  • the supervisor manager's processor sends a network slice creation instruction to the management orchestration domain.
  • the management orchestration domain respectively creates a target control plane network element and a target user plane network element according to the network slice creation instruction, that is, instantiates the target user plane network element and the target control plane network element, and further includes if the instantiated network slice network element instruction is included
  • the requirements for the instantiation of the supervisor manager may require the instantiation of the supervisor manager.
  • the management orchestration domain sends a network slice creation response to the supervisory manager, where the management orchestration domain sends a new network slice request carrying the target configuration policy of the target network slice to the supervisory manager, in other embodiments,
  • the slice manager may also send a new network slice request; so that the supervisor manager extracts the target configuration policy and the feature value of the target slice according to the received new network slice request.
  • the target configuration policy further includes: a correspondence between a real network topology and a virtual network topology, where the supervisor manager Sending the target rule to the target user plane network element, including:
  • the target configuration policy includes the correspondence between the real network topology of the network slice and the virtual network topology node.
  • the implementation process in the supervisory manager is as follows: after the supervisor manager receives the real network topology sent by the slice manager and the virtual network topology. After the correspondence between the nodes, the supervisor manager virtualizes the control port IP between the network element and the target control plane network.
  • the IP address of the virtual target user plane network element is the IP address of the virtual target user plane network element and the True target user plane.
  • the control port IP of the network element has a one-to-one correspondence or a one-to-many correspondence.
  • the supervisory manager sends the target rule to the target user plane network element corresponding to the real IP address.
  • the target control plane network element is the virtual target user plane network element.
  • the IP is delivered, and the processor can find the corresponding True target user plane network element IP according to the virtual target user plane network element IP; if the one-to-many relationship is received, the supervisory manager receives the rule delivered by the target control plane network element.
  • the corresponding True target user plane network element IP is found according to a certain algorithm, so that the rule is delivered.
  • the processor is further configured to:
  • the target rule is prohibited from being sent to the target user plane network element.
  • the processor of the supervisor manager modifies the target rule according to the target configuration policy, obtains the modified target rule, and sends the modified target rule to the target user plane network element.
  • the supervisor manager's processor prohibits the delivery of the target rule to the target user plane network element.
  • the user plane atomic function set includes one or more of the following Combination: billing, lawful interception, paging, deep packet inspection DPI, protocol security IPsec, network address translation NAT, hypertext transfer protocol HTTP header enhancement and caching.
  • the supervisor manager obtains the target network layer's target configuration policy, and the target control plane network element in the target network slice is directed to the target user plane network.
  • the supervisor manager determines whether the function set delivered by the target rule is a subset of the user face atomic function set, and if so, the supervisor manager sends the target rule to the target user plane network element; otherwise, The supervisory manager modifies the target rule according to the target configuration policy carried in the new network slice request, or prohibits the target rule from being delivered to the target user plane network element.
  • the supervisory network can effectively prevent the target network slice from crossing the boundary using unauthorized user plane atom functions, thereby avoiding affecting the normal operation of other network slices.
  • FIG. 1 is a schematic diagram of a scenario application according to an exemplary embodiment
  • FIG. 2 is a schematic diagram of a scenario application according to an exemplary embodiment
  • FIG. 3 is a schematic diagram of a scenario application according to an exemplary embodiment
  • FIG. 4 is a schematic diagram of a scenario application according to an exemplary embodiment
  • FIG. 5 is a flowchart of a network slice-based user plane sharing method according to an exemplary embodiment
  • FIG. 6 is a flowchart of a network slice-based user plane sharing method according to an exemplary embodiment
  • FIG. 7 is a flowchart of a network slice-based user plane sharing method according to an exemplary embodiment
  • FIG. 8 is a flowchart of step S540 of FIG. 5 according to an exemplary embodiment
  • FIG. 9 is a flowchart of a network slice-based user plane sharing method according to an exemplary embodiment
  • FIG. 10 is a schematic diagram of a network slice creation process signaling according to an exemplary embodiment
  • FIG. 11 is a signaling diagram of a network slice creation process according to an exemplary embodiment
  • FIG. 12 is a network slice modification flow signaling diagram according to an exemplary embodiment
  • FIG. 13 is a network slice modification flow signaling diagram according to an exemplary embodiment
  • FIG. 14 is a schematic structural diagram of a network slice-based user plane sharing apparatus according to an exemplary embodiment
  • FIG. 15 is a schematic structural diagram of a network slice-based user plane sharing apparatus according to an exemplary embodiment
  • FIG. 16 is a schematic structural diagram of a network slice-based user plane sharing apparatus according to an exemplary embodiment
  • FIG. 17 is a schematic diagram of the target rule issuing module of FIG. 14 according to an exemplary embodiment
  • FIG. 18 is a schematic structural diagram of a network slice-based user plane sharing apparatus according to an exemplary embodiment
  • FIG. 19 is a schematic diagram of the target configuration policy acquisition module of FIG. 14 according to an exemplary embodiment
  • FIG. 20 is a schematic structural diagram of a network slice-based user plane sharing apparatus according to an exemplary embodiment
  • FIG. 21 is a schematic structural diagram of a supervisor manager according to an exemplary embodiment.
  • FIG. 1 is a schematic diagram of a scenario application according to an embodiment of the present invention.
  • FIG. 1 in the core network, FIG. 1 includes: a control plane network element CP 100, a supervisor manager Upvisor (supervisor manager) 200, a user plane network element GW-U 300, and a slice manager SA (Slicing Administrator, The slice manager 400 and the management orchestration domain MANO (Management and Orchestration) 500. among them,
  • the network slice created in the core network in the embodiment of the present invention includes a CP 100, an Upvisor 200, and a plurality of GW-Us 300, exemplarily shown in FIG.
  • the core network creates a corresponding CP 100 according to the needs of the user, and can use the existing GW-U 300 to share with other network slices or create a new GW-U300.
  • the creation of a new GW-U 300 can be shared with other network slices.
  • the GW-U 300 is mainly used for processing data packets.
  • the CP 100 is mainly used to define the processing action of the GW-U 300 on data packets.
  • Each network slice includes one CP 100 and multiple GW-Us 300.
  • the Upvisor 200 has a configuration policy for each network slice, and the CP 100 corresponds to a network slice.
  • the Upvisor 200 finds a configuration policy that matches the network slice according to the feature value of the network slice, and determines whether the rule delivered by the GW-U 300 satisfies the condition according to the configuration policy, if the condition is met.
  • the GW-U 300 is delivered to the corresponding GW-U 300. Otherwise, the IPS 100 is not required to be sent to the corresponding GW-U 300.
  • the SA 400 sends a message to the MANO 500 when the SA 400 receives the network slice creation information.
  • the Upvisor 200 sends an instantiated network slice network element instruction to the MANO 500.
  • the network slice creation information includes: single user maximum bandwidth, service delay, total throughput, redundancy, hot migration, busy hour service size, and slice atomic action set.
  • Busy-time service size including: number of users, number of SRs/releases, number of pages, number of bearers (default + dedicated), bearer activation rate, number of bearers per packet, length of data packets, proportion of uplink and downlink traffic, and topology requirements .
  • the network slice network element instruction is instantiated, including: a specification of the CP 100 to be created, a quantity, location, and capacity specification information of the required GW-U 300.
  • the SA400 includes: a policy execution module Policy Execution 201 and a configuration policy database Policy database 202, and the Policy Execution 201 establishes a communication connection with the CP 100 and the GW-U 300, respectively, and transmits between the CP 100 and the GW-U 300.
  • Information detection; Policy database 202 is mainly used to store data such as Policy.
  • the MANO 500 can create the GW-U 300 of information according to the command, or can designate the existing GW-U 300 and share it with the GW-U 300 of other network slices.
  • the MANO 500 sends a new network element response to the SA 400.
  • the SA 400 receives the new network element response sent by the MANO 500, the SA 400 sends a new network slice request to the Upvisor 200.
  • the new network slice request carries the feature value of the newly created network slice and the configuration policy policy, and the policy includes the maximum rate of the CP 100 delivery rule, the maximum user bandwidth, and the atomic action set (including: charging, Lawful interception, paging, DPI, IPsec, NAT, HTTP header enhancement and caching, etc.), the correspondence between the real network topology and the virtual network topology (the correspondence is between the IP address of the real network topology and the IP address of the virtual network topology) Correspondence).
  • the policy includes the maximum rate of the CP 100 delivery rule, the maximum user bandwidth, and the atomic action set (including: charging, Lawful interception, paging, DPI, IPsec, NAT, HTTP header enhancement and caching, etc.), the correspondence between the real network topology and the virtual network topology (the correspondence is between the IP address of the real network topology and the IP address of the virtual network topology) Correspondence).
  • the network slice creation information carries the feature value of the newly created network slice and the configuration policy Policy, wherein the feature value of the network slice is unique, because each network slice The CP 100 is different. Therefore, the IP value of the CP 100 in the network slice can be used to represent the feature value of the newly created network slice; the policy includes the correspondence between the real network topology of the network slice and the virtual network topology node, and the authorization.
  • the atomic action set, the frequency of communication between the CP 100 and the GW-U 300, and the maximum bandwidth of the user define an indicator of the amount of physical resources used by the slice in the GW-U 300.
  • the Upvisor 200 When the CP 100 sends a rule to the corresponding GW-U 300 in the newly created network slice, the Upvisor 200 establishes a communication connection with the CP 100 and the GW-U 300, respectively. When the Upvisor 200 establishes a connection with the CP 100, the Upvisor 200 reports the virtual topology in the network slice to the CP 100.
  • the newly created network slice can be a target network slice corresponding to the target network slice.
  • the configuration policy becomes the target configuration policy, and the CP 100 in the target network slice is referred to as the target CP 100, and the GW-U 300 in the target network slice is referred to as the target GW-U 300.
  • the CP 100 sends a rule rule to the GW-U 300.
  • the Upvisor 200 obtains the corresponding policy according to the network slice feature value in the rule.
  • the Upvisor 200 is configured according to the rule.
  • the policy checks the number of rules issued by the CP 100 to the GW-U 300, including: 1) checking the function set in the rule, and if the function set in the rule is a subset of the user-side atomic function set in the policy, 2) 2) If the frequency of the rule is checked, if the frequency of the rule is less than the frequency specified in the policy, then 3); 3) check the bandwidth sent by the rule, if the bandwidth delivered by the rule is less than Or the bandwidth specified in the policy, the IP address of the port GW-U 300 is controlled according to the purpose of the rule, and the IP of the real user control port GW-U 300 is found, and the rule is sent; if the function set in the rule If the frequency of the user-side atomic function set in the policy is not greater than the frequency specified in the policy, or
  • the policy includes the mapping between the real network topology of the network slice and the virtual network topology node.
  • the implementation process in the Upvisor 200 is as follows: After the Upvisor 200 receives the correspondence between the real network topology sent by the SA 400 and the virtual network topology node, The Upvisor 200 virtualizes the control port IP between the CP 100 and the CP 100.
  • the IP of the port is the IP of the Virtual GW-U 300.
  • the CP 100 is delivered to the IP of the Virtual GW-U 300 when the CP 100 sends the rule.
  • the Upvisor 200 is based on the virtual.
  • the GW-U 300 IP can find the corresponding True GW-U 300 IP; if it is a one-to-many relationship, the Upvisor 200 must find the corresponding True GW-U 300 IP according to a certain algorithm when receiving the rule issued by the CP 100. Thus complete the release of the rule.
  • the user plane network element port between the Virtual GW-U and the True GW-U also has a corresponding relationship, and the user plane network element port is used to receive or send data of the user plane network element.
  • the Virtual GW-U IP corresponds to the True GW-U1 IP and the True GW-U2 IP
  • the port number 1/2 may correspond to Ture GW-U1 A/B
  • port number 3/4 can correspond to the E/F of True GW-U2.
  • only one correspondence is exemplified, and there are other ways.
  • the slice control plane assumes that the data packet is directly transmitted between GW-U1 and GW-U4, but in fact the data packet is transmitted from GW-U1 to GW-U2 first, and then transmitted by GW-U2.
  • GW-U4 the path is re-planned by Upvisor.
  • 203 in FIG. 3 is Virtual GW-U IP
  • 601 is Ture GW-U1 IP
  • 701 is Ture GW-U2 IP.
  • the MANO is mainly responsible for the management and arrangement of the entire NFV (Network Function Virtualization) resource, and is mainly used for the control plane network element in the embodiment of the present invention.
  • NFV Network Function Virtualization
  • Slice administrator It is mainly used for lifecycle management of network fragmentation and its resources, accepting input of business requirements upwards, and managing IaaS (Infrastructure as a Service) resources and VNF resources downwards;
  • the CP is used to send the rule to the GW-U when the user attaches or creates a new session request.
  • GW-U It is used to execute the rule delivered by the CP and complete the forwarding of data.
  • Upvisor Located between the CP and GW-U, it is used to isolate the network slices and abstract the user plane network topology.
  • a user plane sharing method based on network slice is provided, and the method is applied to the core.
  • the method may include the following steps:
  • step S510 the supervisor manager obtains a target configuration policy of the target network slice.
  • the supervisory manager first obtains a new network slice request sent by the slice manager, and the new network slice request carries the data information such as the feature value and the configuration policy of the target network slice.
  • the purpose of obtaining the target configuration policy of the target network slice can be achieved by extracting the configuration policy in the newly created network slice request.
  • the target configuration policy includes a maximum rate of the control plane network element delivery rule, a maximum user bandwidth, an atomic action set, a correspondence between the real network topology and the virtual network topology (the corresponding relationship is the IP address of the real network topology and Correspondence between IP addresses of virtual network topologies).
  • the atomic action set includes: accounting, lawful interception, paging, DPI (Deep Packet Inspection), IPsec (Internet Protocol Security), and Network Address Translation (NAT). , HTTP header enhancements and caching, etc.
  • the configuration policy is carried in the newly created network slice request as a target configuration policy, where the target configuration policy includes a user plane atomic function set.
  • the target network slice includes a target control plane network element and a target user plane network element.
  • the target network slice in the embodiment of the present invention may include a target control plane network element, a supervisor manager, and a plurality of target user plane network elements.
  • the new network slice request carries the feature value of the required target network slice, and the feature value is represented by the IP address of the control plane network element in the embodiment of the present invention, but the embodiment is This is not limited to this.
  • the target control plane network element in the control plane network element may be determined according to the IP address of the control plane network element.
  • the supervisor manager may be used as part of the network slice, or the supervisor manager may not be part of the network slice.
  • the main function of the supervisor manager is to control the network element and the user plane in the network slice. The data transmitted between the network elements is checked to determine whether the requirements are met.
  • the target user plane network element in the core network may be determined according to the target configuration policy carried in the new network slice request, and the determined target user plane network element may be the existing user plane network element in the shared core network. It may also be a newly generated user plane network element as needed, wherein the newly generated user plane network elements may also be shared by other network slices in the core network.
  • step S520 when the target control plane network element sends the target rule to the target user plane network element, the supervisory manager determines whether the function set delivered by the target rule is a subset of the user plane atomic function set.
  • step S530 the supervisor manager sends the target rule to the target user plane network element.
  • step S540 the supervisor manager modifies the target rule according to the target configuration policy, obtains the modified target rule, and sends the modified target rule to the target user plane.
  • the network element is such that the function set in the modification target rule is a subset of the user plane atomic function set.
  • the supervisor manager prohibits the delivery of the target rule to the target user plane network element.
  • a rule (rule) sent by the target control plane network element in the target network slice to the target user plane network element is used as a target rule, and when the target control plane network element in the target network slice sends the target rule to the target user plane network element,
  • the target network slice shares some user plane network elements with other network slices in the core network.
  • the supervisor manager needs to determine the target rule. Whether the delivered feature set is a subset of the user-side atomic feature set ensures that the target network slice does not cross the boundary using the user face feature.
  • the supervisor manager can allow the target rule to be sent to the target user plane network element. Otherwise, the supervisor manager modifies the target rule according to the target configuration policy, so that the function set in the modified target rule is a subset of the user-side atomic function set. Of course, the supervisor manager can also prohibit the delivery of the target rule to the target user plane network element as needed.
  • the supervisor manager obtains the target configuration policy of the target network slice, and when the target control plane network element in the target network slice sends the target rule to the target user plane network element, The supervisor manager determines whether the function set delivered by the target rule is a subset of the user plane atomic function set, and if so, the supervisor manager sends the target rule to the target user plane network element; otherwise, the supervisor manager performs the network slice according to the network
  • the target configuration policy carried in the information modification is modified to the target rule, or the target rule is prohibited from being delivered to the target user plane network element.
  • the target configuration policy further includes a target frequency and a target bandwidth, as shown in FIG.
  • the method can also include the following steps:
  • step S550 the supervisory manager determines whether the frequency of the target rule delivery is less than the target frequency.
  • step S560 the supervisory manager determines whether the bandwidth delivered by the target rule is not greater than the target bandwidth.
  • step S530 is performed.
  • the function set, the frequency, and the bandwidth that are sent by the supervisory manager to the target rule may be determined at the same time, and may be determined according to other determination orders in the foregoing embodiment, and the embodiment of the present invention is not limited to this.
  • the supervisory manager can also detect other attribute parameters delivered by the target rule according to requirements, and then determine whether the requirements are met. Prevents the target network slice from crossing the boundary using unauthorized user plane atomic functions, which in turn affects the normal operation of other network slices.
  • the method may further include the following steps:
  • step S501 the slice manager acquires network slice creation information.
  • step S502 the slice manager sends a network slice creation instruction to the management orchestration domain according to the newly created network slice creation information.
  • the network slice creation information includes: a single user maximum bandwidth, a service delay, a total throughput rate, and the like, and an instantiation of a network slice network element instruction, including: a control plane network to be created, may be combined with the foregoing embodiment and FIG.
  • a network slice network element instruction including: a control plane network to be created
  • the management orchestration domain is mainly responsible for the management and orchestration of the entire NFV resource.
  • it is mainly used for generating the control plane network element and the user plane network element;
  • the slice manager is mainly used for the network fragmentation and its resources. Lifecycle management, accepting input from business requirements, and managing IaaS resources and VNF resources downwards.
  • step S503 the management orchestration domain creates a target control plane network element and a target user plane network element according to the network slice creation instruction.
  • step S504 when the slice manager acquires the network slice creation response sent by the management orchestration domain, the slice manager sends a new network slice request including the target configuration policy to the supervision manager.
  • the management orchestration domain respectively creates a target control plane network element and a target user plane network element according to the network slice creation instruction, that is, instantiates the target user plane network element and the target control plane network element, and further includes if the instantiated network slice network element instruction is included
  • the requirements for the instantiation of the supervisor manager may require the instantiation of the supervisor manager.
  • the management orchestration domain sends a network slice creation response to the slice manager, at which time the slice manager sends a new network slice request carrying the target configuration policy of the target network slice to the supervisor manager.
  • the target configuration policy further includes: a correspondence between nodes between the real network topology structure and the virtual network topology structure, as shown in FIG. 8, step S540. It can also include the following steps:
  • step S541 the supervisor manager obtains the virtual IP address in the virtual network topology.
  • step S542 the supervisory manager determines the real IP address corresponding to the virtual IP address according to the correspondence between the real network topology and the virtual network topology.
  • step S543 the supervisor manager sends the target rule to the target user plane network element corresponding to the real IP address.
  • the target configuration policy includes the correspondence between the real network topology of the network slice and the virtual network topology node, and the implementation process in the supervisor manager is as follows, and the supervisor manager receives the slice manager.
  • the supervisor manager virtualizes the control port IP between the target control plane network element, and the port IP is the IP of the virtual (virtual) target user plane network element, and these virtual targets
  • the IP of the user plane network element has a one-to-one correspondence or a one-to-many correspondence relationship with the control port IP of the True (real) target user plane network element.
  • the target control plane network element is the virtual target user plane network element.
  • the IP is issued, and the supervisor manager can find the corresponding True target user plane network element IP according to the virtual target user plane network element IP; if the one-to-many relationship is received, the supervisory manager receives the rule issued by the target control plane network element.
  • the corresponding True target user plane network element IP is also found according to a certain algorithm, so that the rule is delivered.
  • step S510 may further include the following steps:
  • step S511 the supervisory manager acquires the target feature value of the target network slice.
  • step S512 the supervisor manager acquires a target configuration policy corresponding to the target feature value.
  • the feature value is unique, the feature value is represented by the IP address of the control plane network element in the embodiment of the present invention.
  • the supervisor manager searches for a configuration policy corresponding to the target feature value in multiple configuration policies, that is, a target configuration policy for the target network slice.
  • the supervisory manager communicates with the slice manager and the management orchestration domain respectively, as shown in FIG.
  • the method may further comprise the following steps:
  • step S505 the supervisor manager acquires network slice creation information transmitted by the slice manager.
  • step S506 the supervisor manager sends a network slice creation instruction to the management orchestration domain according to the network slice creation information.
  • step S507 the management orchestration domain creates a target control plane according to the instruction of creating a network slice network element. NE and target user plane network element.
  • step S510 is performed.
  • the network manager creation instruction is sent by the supervisor manager to the management orchestration domain.
  • the management orchestration domain respectively creates a target control plane network element and a target user plane network element according to the network slice creation instruction, that is, instantiates the target user plane network element and the target control plane network element, and further includes if the instantiated network slice network element instruction is included
  • the requirements for the instantiation of the supervisor manager may require the instantiation of the supervisor manager.
  • the management orchestration domain sends a network slice creation response to the supervisory manager, and the management orchestration domain sends a new network slice request carrying the target configuration policy of the target network slice to the supervisory manager, in other embodiments.
  • the slice manager may send a new network slice request; so that the supervisor manager extracts the target configuration policy and the feature value of the target slice according to the received new network slice request.
  • the supervisor manager obtains the target configuration policy of the target network slice; when the target control plane network element sends the target rule to the target user plane network element, the supervisory manager separately Determining whether the function set delivered by the target rule is a subset of the user plane atomic function set, whether the frequency of the target rule is less than the target frequency, and whether the bandwidth delivered by the target rule is greater than the target bandwidth, etc., only in the control network When the target rule issued by the element satisfies the relevant conditions, the supervisory manager sends the target rule to the target user plane network element.
  • the supervisory manager can uniformly control the target rules issued by the control plane network element, which can effectively prevent the target network slice from crossing the boundary and use unauthorized user plane atomic functions, thereby avoiding affecting the normal operation of other network slices.
  • the target configuration policy further includes the correspondence between the real network topology and the virtual network topology node in the target network slice, so that the target control plane network element cannot directly obtain the network node of the user plane network element, which is beneficial to the security of the user plane network element.
  • the Slicing administrator determines whether it is necessary to create a new GW-U and a policy, as shown in FIG.
  • the data interaction between the Slicing administrator, MANO, CP, Upvisor, and GW-U may include the following execution processes:
  • Step 9111 the Slicing administrator receives the network slice creation information.
  • the network slice creation information includes: single user maximum bandwidth, service delay, total throughput, redundancy, hot migration; busy time service size: number of users, number of SRs/releases, number of pages, number of bearers (default) + Dedicated), bearer activation rate, number of bearers per bearer, packet length, proportion of uplink and downlink traffic, topology requirements, slice atomic action set.
  • Step 9112 The Slicing administrator sends an instantiation slice network element instruction to the MANO.
  • the Slicing administrator proposes an instantiation slice network element instruction to the MANO.
  • the instruction includes the specifications of the CP to be created, the number of GW-U locations, and the capacity specification information.
  • the instruction may also include an Upvisor that needs to be instantiated, and the MANO instantiates the control plane.
  • the network element instantiates the user plane GW-U and instantiates the Upvisor if it receives the instantiated Upvisor request.
  • Step 9113 MANO sends a new network element response to the Slicing administrator.
  • Step 9114 The Slicing administrator sends a new network slice request to the Upvisor.
  • the Slicing administrator sends a new slice request Create_Slice_Request ⁇ CP IP, max_rate, max_width, action set, ⁇ (virtual GW-U IP, port[]), (GW-U IP, port[])>[]> to the Upvisor, carrying the slice
  • the eigenvalues CP IP and the policy contains the maximum rate of the rule issued by the CP, the maximum user bandwidth, the atomic action set (accounting, lawful interception, paging, DPI, IPsec, NAT, HTTP header enhancement, cache, etc.) Correspondence between the real network topology and the virtual network topology. The correspondence is the correspondence between the real IP address and the virtual IP address.
  • Step 9115 The GW-U sends a connection establishment request to the Upvisor.
  • Step 9116 The Upvisor sends a connection establishment request response to the GW-U.
  • Step 9117 The Upvisor sends a connection establishment request to the CP.
  • Step 9118 The CP sends a connection establishment response to the Upvisor.
  • Step 9119 The Upvisor sends a new network slice response to the Slicing administrator.
  • Step 9120 The CP sends a rule.
  • Step 9121 The Upvisor checks the rule sent by the CP.
  • the Upvisor finds the corresponding policy based on the slice feature value CP IP in the rule.
  • the rule checks the rule according to the policy. 1) Checks the rate at which the user sends the rule. If the rate of the rule is exceeded, the rate is exceeded. The rate specified in the policy prohibits the delivery of the rule. If the speed is less than the speed specified in the policy, check 2); 2) check the bandwidth of the user in the rule, less than or equal to the bandwidth specified by the policy, and then perform 3 Checking; 3) checking the action set in the rule. If the actions in the rule are in the action set of the policy, the rule is legal, otherwise the rule illegal.
  • Step 9122 When the Upvisor passes the rule check issued by the CP, the rule is allowed to be sent to the GW-U.
  • the real IP address corresponding to the GW-U IP is found according to the correspondence in the Policy.
  • the IP address is the IP address of the GW-U instantiated by the MANO, and corresponding to each slice control.
  • the virtual IP address of the slice stored in the face, and the corresponding relationship between the virtual IP address and the real IP address is saved in the Upvisor.
  • Step 9123 When the Upvisor fails to check the rule sent by the CP, the rule is not allowed to be sent to the GW-U.
  • Step 9124 If the rule check fails, the system sends a rule failure response to the CP.
  • the policy and the slice feature value of the slice are configured on the Upvisor, and the policy includes the atomic action set, the correspondence between the real topology and the virtual topology, and the maximum rate and maximum bandwidth of the rule.
  • the Upvisor When the created network slice starts working, when the Upvisor receives the rule sent by the CP, it first finds the corresponding policy of the slice according to the slice feature value, checks the rule of the slice according to the policy, and rejects the rule that does not comply with the policy. The rule is delivered. For the rule-compliant rule, the corresponding real GW-U IP is found according to the mapping between the virtual topology and the real topology. In this way, the atomic action in the rule issued by the control plane is limited, and the user plane cannot deliver the rule beyond the authorized user plane atomic function set; the Upvisor stores the correspondence between the virtual network topology and the real network topology, Upvisor The corresponding real GW-U IP can be found according to the virtual GW-U IP carried in the rule.
  • the Upvisor determines whether it is necessary to create a new GW-U and a CP, and the Upvisor and the MANO perform the rule checking process of the network slice and the control plane. Interaction, and the Policy rules of the slice are generated by the Upvisor.
  • the data interaction between the Slicing administrator, MANO, CP, Upvisor, and GW-U may include the following execution processes:
  • Step 9211 The operator server obtains network slice requirement information of the purchaser.
  • the slice purchaser fills in his own requirements through a web interface.
  • the requirements may include single user maximum bandwidth, service delay, total throughput, redundancy, and hot migration.
  • Busy business scale number of users, number of SRs/releases, and search Number of calls, number of bearers (default + dedicated), bearer activation rate, number of messages per bearer, data Packet length, uplink and downlink traffic ratio, topology requirements, slice atomic action sets and other indicators. Click the Generate Slice button to send a slice request to the carrier's server.
  • Step 9212 The operator server sends the network slice creation information to the Slicing administrator.
  • Step 9213 The Slicing administrator sends a new network slice request to the Upvisor.
  • Both the newly created network slice request and the network slice creation information carry the indicator information in the network slice requirement information.
  • step 9214 the Upvisor sends a new network element request to the MANO.
  • the Upvisor When receiving the new network slice request, the Upvisor determines the new control plane network element and the user plane network element, and sends a new network element request to MANO.
  • Step 9215 The MANO instantiates the control plane network element and the user plane network element.
  • MANO After receiving the request for creating a new NE, MANO instantiates the control plane and the user plane NE, sends a new NE response to the Upvisor, and sends the newly generated NE address and interface information to the Upvisor.
  • the Upvisor receives the new MANO.
  • After the slice response generate the slice's Policy ⁇ max_rate, max_width, action set, ⁇ (virtual GW-U IP,port[]), (GW-U IP,port[])>[]>>, and the Policy and CP IP
  • the mapping relationship is related.
  • the policy includes the maximum rate of the rule issued by the CP, the maximum user bandwidth, and the atomic action set (billing, lawful interception, paging, DPI, IPsec, NAT, HTTP header enhancement, cache, etc.). Correspondence between the real network topology and the virtual network topology, and the correspondence relationship between the real IP address and the virtual IP address
  • Step 9216 The MANO sends a new network element response to the Upvisor.
  • Step 9217 The MANO generates a new network element IP address and interface information, and sends the network element IP address and interface information to the Upvisor.
  • Step 9218 The Upvisor generates a policy of the network slice.
  • step 9219 the Upvisor sends a connection request to the GW-U.
  • connection establishment request for this step only occurs between the Upvisor and the newly created GW-U. If no new GW-U is generated, this step does not exist.
  • step 9220 the GW-U sends a connection establishment response to the Upvisor.
  • Step 9221 The Upvisor sends a connection request to the CP.
  • Step 9222 The CP sends a connection establishment response to the Upvisor.
  • step 9223 the Upvisor sends a new network slice response to the Slicing administrator.
  • Step 9224 the CP issues a rule.
  • Step 9225 The Upvisor checks the rule sent by the CP.
  • the Upvisor finds the corresponding policy based on the slice feature value CP IP in the rule.
  • the rule checks the rule according to the policy. 1) Checks the rate at which the user sends the rule. If the rate of the rule is exceeded, the rate is exceeded. The rate specified in the policy prohibits the delivery of the rule. If the speed is less than the speed specified in the policy, check 2); 2) check the bandwidth of the user in the rule, less than or equal to the bandwidth specified by the policy, and then perform 3 3) Check the action set in the rule. If the action in the rule is in the action set of the policy, the rule is legal, otherwise the rule is invalid.
  • Step 9226 When the Upvisor passes the rule check issued by the CP, the rule is allowed to be sent to the GW-U.
  • the real IP address corresponding to the GW-U IP is found according to the correspondence in the Policy.
  • the IP address is the IP address of the GW-U instantiated by the MANO, and corresponding to each slice control.
  • the virtual IP address of the slice stored in the face, and the corresponding relationship between the virtual IP address and the real IP address is saved in the Upvisor.
  • Step 9227 When the Upvisor fails to check the rule sent by the CP, the rule is not allowed to be sent to the GW-U.
  • step 9228 if the rule check fails, the Upvisor sends a rule failure response to the CP.
  • the Upvisor receives the information representing the sliced traffic model from the slice administrator, and combines the network element information of the existing user plane to plan the user plane network element and the control that need to be instantiated.
  • the surface network element sends a new network element request to the MANO. After receiving the response of the new network element, it establishes a connection with the control plane network element and the user plane network element respectively, and generates a sliced policy.
  • the policy contains an atomic action set, and the real topology and Correspondence of the virtual topology, the maximum rate at which the rule is delivered, and the maximum bandwidth of the user.
  • the Upvisor When the slice starts working, when the Upvisor receives the rule sent by the CP, it first finds the corresponding policy of the slice according to the slice feature value, and checks the rule of the slice according to the policy. For the rule that does not comply with the policy, the rule is rejected. For the rule-compliant rule, the corresponding real GW-U IP is found according to the correspondence between the virtual topology and the real topology, and the rule is delivered. In this way, for the control surface The atomic action in the issued rule is limited, the user plane can not exceed the radius of its own user plane atomic function; the Upvisor saves the correspondence between the virtual network topology and the real network topology, and the Upvisor can be based on the virtual carried in the rule. The GW-U IP finds the corresponding real GW-U IP.
  • the established network slice may be modified according to requirements, that is, the slice administrator sends a slice modification request to the Upvisor, where the request carries the policy information to be modified; after the modification succeeds, in the CP
  • the Upvisor manages the issued rule according to the modified policy information.
  • the data interaction between the Slicing administrator, MANO, CP, Upvisor, and GW-U can include the following execution processes. :
  • Step 9311 The operator server obtains network slice requirement information of the purchaser.
  • the slice purchaser fills in his own requirements through a web interface.
  • the requirements may include single user maximum bandwidth, service delay, total throughput, redundancy, and hot migration.
  • Busy business scale number of users, number of SRs/releases, and search Number of calls, number of bearers (default + dedicated), bearer activation rate, number of bearers per bearer, packet length, proportion of uplink and downlink traffic, topology requirements, slice atomic action set. Click the Generate Slice button to send a slice request to the carrier's server.
  • Step 9312 The operator server sends the network slice modification information to the Slicing administrator.
  • the slice administrator sends "Update_Slice_GW-U_Source ⁇ CP IP, max_rate, max_width, action set, ⁇ (virtual GW-U IP,port[]), (GW-U IP,port[])>[]>>" to the Upvisor,
  • the Policy information is based on the new traffic model of the slice.
  • step 9313 the Slicing administrator determines whether the user plane NE needs to be expanded or newly created, and whether the network slice policy needs to be modified.
  • Step 9314 If the user plane network element needs to be expanded or newly created, the Slicing administrator sends a capacity expansion request/new request to the MANO.
  • Step 9315 If the policy of the network slice needs to be modified, the Slicing administrator sends a modification request to the Upvisor.
  • step 9316 the Upvisor sends a connection request to the GW-U.
  • step 9317 the GW-U sends a new session response to the Upvisor.
  • Step 9318 The Upvisor checks the rule sent by the CP.
  • step 9319 if the rule is qualified, the Upvisor issues a rule to the GW-U.
  • step 9320 if the rule fails, Upvisor prohibits the release of the rule.
  • Step 9321 the Upvisor sends a rule failure response to the CP.
  • the slicing administrator sends the modified policy to the Upvisor, and the Upvisor reports the modified network slice policy information to the CP.
  • the Upvisor uses the modified policy information to the rule. Conduct unified management and control.
  • the slice administrator sends the slice modification signaling to the Upvisor, and carries the policy information to be modified by the network slice. After the modification succeeds, the Upvisor sends the rule information according to the new policy information.
  • the issued rules are managed.
  • the data interaction between the Slicing administrator, MANO, CP, Upvisor, and GW-U can include the following execution processes:
  • Step 9411 The operator server obtains the network slice requirement information of the purchaser.
  • the slice purchaser fills in his own requirements through a web interface.
  • the requirements may include single user maximum bandwidth, service delay, total throughput, redundancy, and hot migration.
  • Busy business scale number of users, number of SRs/releases, and search Number of calls, number of bearers (default + dedicated), bearer activation rate, number of bearers per bearer, packet length, proportion of uplink and downlink traffic, topology requirements, slice atomic action set. Click the Generate Slice button to send a slice request to the carrier's server.
  • Step 9412 The operator server sends the network slice modification information to the Slicing administrator.
  • step 9413 the Slicing administrator sends a slice modification request to the Upvisor.
  • step 9414 the Upvisor determines whether the user plane NE needs to be expanded or newly created, and whether the policy of the network slice needs to be modified.
  • the Upvisor determines whether it is necessary to create a new NE or to expand a certain NE, or whether to modify the policy of the slice. If the slicing administrator determines that a new NE or a certain NE is to be expanded, Send a new slice/expansion request.
  • Step 9415 If the user plane NE needs to be expanded or newly created, the Upvisor sends a capacity expansion request/new request to the MANO.
  • Step 9416 If the policy of the network slice needs to be modified, the Upvisor sends a modification request to the Slicing administrator.
  • step 9417 the Upvisor sends a connection request to the GW-U.
  • step 9418 the GW-U sends a new session response to the Upvisor.
  • step 9419 the Upvisor checks the rule sent by the CP.
  • step 9420 if the rule is qualified, the Upvisor issues a rule to the GW-U.
  • Step 9421 If the rule fails, Upvisor prohibits the release of the rule.
  • Step 9422 The Upvisor sends a rule failure response to the CP.
  • the slicing administrator sends the performance index of the slice to the Upvisor, and the Upvisor determines whether it needs to create or expand the GW-U according to the received indicator, and generates a new policy; when the CP sends a rule to the GW-U, The Upvisor controls the rule based on the modified policy information.
  • the supervisor manager obtains the target configuration policy of the target network slice; when the target control plane network element sends the target rule to the target user plane network element, the supervisory manager separately Determining whether the function set delivered by the target rule is a subset of the user plane atomic function set, whether the frequency of the target rule is less than the target frequency, and whether the bandwidth delivered by the target rule is greater than the target bandwidth, etc., only in the control network When the target rule issued by the element satisfies the relevant conditions, the supervisory manager sends the target rule to the target user plane network element.
  • the unified management and control of the target rules issued by the control plane network element can effectively prevent the target network slice from crossing the boundary using the unauthorized user plane atom function, thereby avoiding affecting the normal operation of other network slices.
  • the target configuration policy further includes the correspondence between the real network topology and the virtual network topology node in the target network slice, so that the target control plane network element cannot directly obtain the network node of the user plane network element, which is beneficial to the security of the user plane network element. .
  • you need to modify the established network slice you can also modify the network slice, such as expanding the user plane network element or modifying the configuration policy in the network slice.
  • the present invention can be implemented by means of software plus a necessary general hardware platform, and of course, can also be through hardware, but in many cases, the former is better.
  • Implementation Based on such understanding, the technical solution of the present invention, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium, including a plurality of instructions for causing a A computer device (which may be a personal computer, server, or network device, etc.) performs all or part of the steps of the methods described in various embodiments of the present invention.
  • the foregoing storage medium includes: a read only memory (ROM), and a random storage Take a variety of media that can store program code, such as memory (RAM), disk, or optical disk.
  • the embodiment of the present invention further provides a user plane sharing device based on a network slice, and the device is applied to a core network including a supervisory manager, as shown in FIG. include:
  • the target configuration policy obtaining module 10 is configured to acquire a target configuration policy of the target network slice, where the target configuration policy includes a user plane atom function set;
  • the target rule determining module 20 is configured to determine, when the target control plane network element sends the target rule to the target user plane network element, whether the function set delivered by the target rule is a child of the user plane atomic function set set;
  • the target rule issuance module 30 is configured to send the target rule to the target user plane network element when the function set sent by the target rule is a subset of the user plane atomic function set.
  • the target configuration policy further includes: a target frequency and a target bandwidth; the device further includes:
  • the frequency determining module 40 is configured to determine whether the frequency of the target rule delivery is less than the target frequency
  • the bandwidth judging module 50 is configured to determine whether the bandwidth delivered by the target rule is not greater than the target bandwidth when the frequency of the target rule is less than the target frequency.
  • the supervisory manager is respectively connected to the slice manager and the management orchestration domain, and the device further includes:
  • the first network slice creation information obtaining module 60 is configured to acquire network slice creation information.
  • the first network slice creation instruction sending module 70 is configured to send a network slice creation instruction to the management orchestration domain according to the network slice creation information
  • a first network slice creation module 80 configured to create a target control plane network element and a target user plane network element according to the network slice creation instruction
  • a first new network slice request sending module 90 configured to send a new network including the target configuration policy to the supervisor manager when the slice manager obtains a network slice creation response sent by the management orchestration domain Slice request.
  • the target configuration policy is further The method includes: a mapping between a real network topology and a virtual network topology, where the target rule is delivered by the module 30, including:
  • a virtual IP address obtaining sub-module 31, configured to acquire a virtual IP address in the virtual network topology
  • the real IP address determining sub-module 32 is configured to determine a real IP address corresponding to the virtual IP address according to the correspondence between the real network topology and the virtual network topology;
  • the target rule sending sub-module 33 is configured to send the target rule to the target user plane network element corresponding to the real IP address.
  • the apparatus further includes:
  • the target rule modification module 91 is configured to modify the target rule according to the target configuration policy when the function set in the target rule is not a subset of the user plane atom function set, obtain a modification target rule, and obtain the Transmitting a target rule to the target user plane network element, so that the function set in the modification target rule is a subset of the user plane atomic function set;
  • the target rule issuance module 92 is disabled to send the target rule to the target user plane network element.
  • the user plane atomic function set includes one or several combinations of the following: charging, lawful interception, paging, deep packet detection DPI, protocol security IPsec, and network address translation.
  • NAT Hypertext Transfer Protocol HTTP header enhancement and caching.
  • the target configuration policy obtaining module 10 includes:
  • the target feature value obtaining sub-module 11 is configured to acquire a target feature value of the target network slice.
  • the target configuration policy sub-module 12 is configured to acquire a target configuration policy corresponding to the target feature value.
  • the supervisor manager is respectively connected to the slice manager and the management orchestration domain, and the device further includes:
  • a second network slice creation information obtaining module 93 configured to acquire network slice creation information sent by the slice manager
  • a second network slice creation instruction sending module 94 configured to create information according to the network slice, to The management orchestration domain sends a network slice creation instruction
  • the second network slice creation module 95 is configured to create a target control plane network element and a target user plane network element according to the creating a network slice network element instruction.
  • the supervisor manager obtains the target configuration policy of the target network slice; when the target control plane network element sends the target rule to the target user plane network element, the supervisory manager separately Determining whether the function set delivered by the target rule is a subset of the user plane atomic function set, whether the frequency of the target rule is less than the target frequency, and whether the bandwidth delivered by the target rule is greater than the target bandwidth, etc., only in the control network When the target rule issued by the element satisfies the relevant conditions, the supervisory manager sends the target rule to the target user plane network element.
  • the unified management and control of the target rules issued by the control plane network element can effectively prevent the target network slice from crossing the boundary using the unauthorized user plane atom function, thereby avoiding affecting the normal operation of other network slices.
  • the target configuration policy further includes the correspondence between the real network topology and the virtual network topology node in the target network slice, so that the target control plane network element cannot directly obtain the network node of the user plane network element, which is beneficial to the security of the user plane network element. .
  • you need to modify the established network slice you can also modify the network slice, such as expanding the user plane network element or modifying the configuration policy in the network slice.
  • an embodiment of the present invention further provides a supervisor manager, and a hardware structure diagram thereof is shown in FIG. 21.
  • the supervisor manager includes a processor 510, a transceiver 520, a bus 530, and a memory 540.
  • the processor 510 and the transceiver 520 are in communication through a bus 530, and the memory 540 is configured to store the processor 510 executable instructions.
  • the transceiver 520 is configured to acquire a target configuration policy of the target network slice, where the target configuration policy includes a user plane atomic function set, where the target network slice includes a target control plane network element and a target user plane network element.
  • the processor 510 is configured to: when the target control plane network element sends the target rule to the target user plane network element, the supervisory manager determines whether the function set delivered by the target rule is the user plane atomic function set The subset manager sends the target rule to the target user plane network element when the function set delivered by the target rule is a subset of the user plane atomic function set.
  • the processor 510 is configured to use the frequency of the target rule to be sent. If the frequency of the target rule is less than the target frequency, it is determined whether the bandwidth delivered by the target rule is not greater than the target bandwidth; when the target rule is sent When the bandwidth is not greater than the target bandwidth, the target rule is sent to the target user plane network element.
  • the processor 510 is configured to acquire network slice creation information, send a network slice creation instruction to the management orchestration domain according to the network slice creation information, and create according to the network slice creation instruction.
  • the processor 510 is configured to acquire network slice creation information sent by the slice manager, and send a network slice creation instruction to the management orchestration domain according to the network slice creation information; Creating a network slice network element instruction, creating a target control plane network element and a target user plane network element; obtaining a target configuration policy of the target network slice when the supervisor manager obtains a network slice creation response sent by the management orchestration domain .
  • the processor 510 is configured to acquire a target feature value of the target network slice; and acquire a target configuration policy corresponding to the target feature value.
  • the processor 510 is configured to obtain a virtual IP address in the virtual network topology, and determine a location according to the correspondence between the real network topology and the virtual network topology.
  • the real IP address corresponding to the virtual IP address is sent to the target user plane network element corresponding to the real IP address.
  • the processor 510 is configured to modify, according to the target configuration policy, the target rule to be modified when the function set in the target rule is not a subset of the user plane atomic function set. a target rule, and sending the modification target rule to the target user plane network element, so that the function set in the modification target rule is a subset of the user plane atomic function set; or, prohibiting the target The rule is sent to the target user plane network element.
  • the present invention is applicable to a wide variety of general purpose or special purpose computing system environments or configurations.
  • the invention may be described in the general context of computer-executable instructions executed by a computer, such as a program module.
  • program modules include performing specific tasks or implementing specific abstract data types. Routines, programs, objects, components, data structures, and more.
  • the invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are connected through a communication network.
  • program modules can be located in both local and remote computer storage media including storage devices.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to a user plane sharing method, a device and a supervising management device based on network slicing, and is applied to a core network including the supervising management device. The method comprises: the supervising management device acquiring a target configuration policy of a target network slice; when a target control plane network element sends a target rule to a target user plane network element, the supervising management device respectively determining conditions of whether a function set issued based on the target rule is a sub-set of an original user plane sub-function set, whether a frequency issued based on the target rule is less than a target frequency, and whether a bandwidth issued based on the target rule is greater than a target bandwidth, and the supervising management device sending the target rule to the target user plane network element only when the target rule issued by the control plane network element satisfies said related conditions. By means of centralized management by the supervising management device of a target rule issued by a control plane network element, a target network slice is prevented from crossing over and using an unauthorized original user plane sub-function and further from affecting normal operation of other network slices.

Description

基于网络切片的用户面共享方法、装置及监督管理器User plane sharing method, device and supervision manager based on network slice 技术领域Technical field
本发明实施例涉及通信技术领域,尤其涉及一种基于网络切片的用户面共享方法、装置及监督管理器。The embodiments of the present invention relate to the field of communications technologies, and in particular, to a network slice-based user plane sharing method, apparatus, and supervisor manager.
背景技术Background technique
为了增强网络的灵活性和可伸缩性,通常将EPC(Evolved Packet Core,演进分组核心网)中的功能项分解为CP(Control Plane Gateway,控制面网关)和GW-U(Gateway-user plane,用户面网关)。其中,GW-U主要用于数据报文的处理;CP主要用于定义GW-U对数据报文的处理动作,CP向GW-U发送数据包的处理rule(规则),当数据包到达GW-U时,GW-U根据CP下发的转发rule对数据包进行相应处理,从而完成用户数据包的处理和发送等。In order to enhance the flexibility and scalability of the network, the function items in the EPC (Evolved Packet Core) are decomposed into CP (Control Plane Gateway) and GW-U (Gateway-user plane, User plane gateway). The GW-U is mainly used for processing data packets; the CP is mainly used to define the processing action of the GW-U on the data packet, and the CP sends the processing rule (rule) of the data packet to the GW-U, when the data packet arrives at the GW. When the -U is used, the GW-U processes the data packet according to the forwarding rule sent by the CP, thereby completing the processing and transmission of the user data packet.
随着信息市场不断地朝着细化和垂直化的方向发展,核心网系统也需要支持新的多样化用例,网络运维也因网络复杂度的逐渐提高而变得异常复杂,使得单一网络架构下,过高的运维难度和运维成本成为应对多样化的应用场景时的最大挑战。因此,为了降低过高的运营难度和运维成本,通常需要将网络进一步抽象为网络切片,并且使每个网络切片之间相互隔离,以便不同的网络切片在相应的应用场景下实现其各自的功能,进而使网络的整体复杂度得以降维,这样使得网络在多样化应用场景下的运营难度和运营成本也会得到相应降低。As the information market continues to develop in the direction of refinement and verticalization, the core network system also needs to support new diversified use cases. Network operation and maintenance is also extremely complicated due to the gradual improvement of network complexity, resulting in a single network architecture. Under the hood, the difficulty of operation and maintenance and the cost of operation and maintenance become the biggest challenges in dealing with diversified application scenarios. Therefore, in order to reduce the excessive operation difficulty and operation and maintenance cost, it is usually necessary to further abstract the network into network slices, and isolate each network slice from each other so that different network slices can realize their respective under the corresponding application scenarios. The function, which further reduces the overall complexity of the network, so that the operational difficulty and operating cost of the network in a variety of application scenarios will be reduced accordingly.
而在CP和GW-U分离的网络架下进行网络切片时,由于每个网络切片都有各自独立的CP,且每个网络切片有一个或多个GW-U。为了降低时延,需要将网络切片中的GW-U下移。GW-U通常采用分布式部署,在大量的GW-U需要部署在网络边缘时,如果采用网络切片独享GW-U的方式,会导致每个网络切片因厚重的GW-U导致网络边缘的资源迅速耗尽,进而造成网络切片的可扩展性受到限制。因此,通常采用多个网络切片共享GW-U的方式,这样可以减少因创建GW-U而消耗的资源,以提高资源利用率。然而,在多个网络切片共享GW-U时,需要做到各网络切片之间互不影响,互相隔离。在创建网络切片时,网络切片对GW-U资源的使用情况进行了预先规划。在网络切片运行过程中,一旦网络切片没有在预先规划的范围内使 用GW-U中的资源,则严重会影响其他网络切片的正常使用,也就无法达到各网络切片间相互隔离的目的。因此,为了使各网络切片在预先规划的范围内使用GW-U的资源,需要对各网络切片在使用GW-U的资源时进行有效管理。When the network is sliced under the network frame separated by the CP and the GW-U, each network slice has its own independent CP, and each network slice has one or more GW-Us. In order to reduce the delay, the GW-U in the network slice needs to be moved down. GW-U usually adopts distributed deployment. When a large number of GW-Us need to be deployed at the edge of the network, if the network slice is used exclusively for GW-U, each network slice will cause network edge due to heavy GW-U. Resources are quickly exhausted, which in turn limits the scalability of network slices. Therefore, a method in which a plurality of network slices share a GW-U is generally adopted, so that resources consumed by creating a GW-U can be reduced to improve resource utilization. However, when multiple network slices share GW-U, it is necessary to make each network slice have no influence on each other and are isolated from each other. When creating a network slice, the network slice pre-plans the usage of the GW-U resource. During the network slicing process, once the network slice is not within the pre-planned scope The use of resources in GW-U will seriously affect the normal use of other network slices, and it will not be able to isolate each network slice. Therefore, in order to make each network slice use the resources of the GW-U within a pre-planned range, it is necessary to effectively manage each network slice when using the resources of the GW-U.
为了对各网络切片在使用GW-U的资源时进行有效管理,相关技术中,Flowvisor运用在OpenFlow协议中,以保证多个OpenFlow controller共享OpenFlow switch时各网络切片的隔离。其中,OpenFlow运用在传输网络中,是OpenFlow controller与OpenFlow switch之间的接口协议。OpenFlow controller是控制面网元,OpenFlow switch是用户面网元。当多个网络切片共享OpenFlow switch时,Flowvisor部署在OpenFlow controller与OpenFlow switch之间,通过在Flowvisor上配置各切片的Policy(配置策略),Flowvisor依据Policy中的内容对OpenFlow controller与OpenFlow switch之间的信令传递进行统一管控,实现切片共享OpenFlow switch时CPU(Central Processing Unit,中央处理器)、bandwidth(带宽)和topology(拓扑结构)等的隔离,使得切片在共享OpenFlow switch时不会相互影响。In the related art, the Flowvisor is used in the OpenFlow protocol to ensure isolation of network slices when multiple OpenFlow controllers share an OpenFlow switch. Among them, OpenFlow is used in the transmission network and is an interface protocol between the OpenFlow controller and the OpenFlow switch. The OpenFlow controller is the control plane network element, and the OpenFlow switch is the user plane network element. When multiple network slices share an OpenFlow switch, the Flowvisor is deployed between the OpenFlow controller and the OpenFlow switch. By configuring the policy of each slice on the Flowvisor, the Flowvisor configures the relationship between the OpenFlow controller and the OpenFlow switch according to the contents of the Policy. The signaling is managed in a unified manner to isolate the CPU (Central Processing Unit), bandwidth, and topology when the OpenFlow switch is shared, so that the slices do not affect each other when the OpenFlow switch is shared.
然而,相关技术中,将Flowvisor直接用来实现分布式网关CP、GW-U分离架构下共享GW-U会存在以下不足:However, in the related art, the use of the Flowvisor directly to implement the distributed gateway CP and the shared GW-U under the GW-U separation architecture has the following disadvantages:
由于Flowvisor运用在OpenFlow协议中,实现的隔离主要是底层物理资源的隔离,目前OpenFlow仅实现了基本的无状态快速转发,还未实现DPI、在线计费等功能,故Flowvisor并未考虑对每个网络切片用户面的原子功能进行隔离。然而,在现有核心网网关C、U分离的网络架构下,用户面GW-U除了有转发功能外,还有计费,DPI(Deep Packet Inspection,深度报文检测)等功能,在核心网中,每个网络切片有特定的原子功能集合,每个网络切片的原子功能集合是用户面原子功能全集的子集。由于Flowvisor未对网络切片的用户面原子功能集合进行隔离,很可能会出现网络切片使用规定范围之外的用户面原子功能,进而影响其他网络切片的正常运行。Since Flowvisor is used in the OpenFlow protocol, the isolation is mainly the isolation of the underlying physical resources. Currently, OpenFlow only implements basic stateless fast forwarding, and has not implemented DPI, online charging, etc., so Flowvisor does not consider each The atomic function of the network slice user plane is isolated. However, in the network architecture in which the existing core network gateways C and U are separated, the user plane GW-U has functions such as charging, DPI (Deep Packet Inspection, Deep Packet Inspection), etc. in the core network. Each network slice has a specific set of atomic functions, and the atomic function set of each network slice is a subset of the full set of user-side atomic functions. Since the Flowvisor does not isolate the user plane atomic function set of the network slice, it is likely that the network slice uses the user plane atom function outside the specified range, thereby affecting the normal operation of other network slices.
发明内容Summary of the invention
为克服相关技术中存在的问题,本发明提供一种基于网络切片的用户面共享方法、装置及监督管理器。To overcome the problems in the related art, the present invention provides a user plane sharing method, apparatus and supervisor manager based on network slicing.
根据本发明实施例的第一方面,提供一种基于网络切片的用户面共享方法,所述方法包括: According to a first aspect of the embodiments of the present invention, a network slice-based user plane sharing method is provided, where the method includes:
监督管理器获取目标网络切片的目标配置策略,所述目标配置策略包括用户面原子功能集合;The supervisor manager obtains a target configuration policy of the target network slice, where the target configuration policy includes a set of user plane atomic functions;
当所述目标控制面网元向所述目标用户面网元发送目标规则时,所述监督管理器判断所述目标规则下发的功能集合是否为所述用户面原子功能集合的子集;When the target control plane network element sends the target rule to the target user plane network element, the supervisory manager determines whether the function set delivered by the target rule is a subset of the user plane atomic function set;
当所述目标规则下发的功能集合为用户面原子功能集合的子集时,所述监督管理器将所述目标规则发送给所述目标用户面网元。When the function set delivered by the target rule is a subset of the user plane atomic function set, the supervisor manager sends the target rule to the target user plane network element.
通过监督管理器对控制面网元下发的目标规则统一管控,可以有效防止目标网络切片越界使用未授权的用户面原子功能,进而避免影响其他网络切片的正常运行。Through the unified management and control of the target rules delivered by the control plane network element, the supervisory network can effectively prevent the target network slice from crossing the boundary using unauthorized user plane atom functions, thereby avoiding affecting the normal operation of other network slices.
结合第一方面,在第一方面的第一种可能的实现方式中,所述目标配置策略,还包括:目标频度和目标带宽;所述方法还包括:With reference to the first aspect, in a first possible implementation manner of the first aspect, the target configuration policy further includes: a target frequency and a target bandwidth; the method further includes:
所述监督管理器判断所述目标规则下发的频度是否小于所述目标频度;The supervisory manager determines whether the frequency of the target rule delivery is less than the target frequency;
当所述目标规则下发的频度小于所述目标频度时,所述监督管理器判断所述目标规则下发的带宽是否不大于所述目标带宽;When the frequency of the target rule is less than the target frequency, the supervisory manager determines whether the bandwidth delivered by the target rule is not greater than the target bandwidth;
当所述目标规则下发的带宽不大于所述目标带宽时,执行所述监督管理器将所述目标规则发送给所述目标用户面网元的步骤。When the bandwidth delivered by the target rule is not greater than the target bandwidth, the step of the supervisor manager sending the target rule to the target user plane network element is performed.
在监督管理器对目标规则下发的功能集合、频度和带宽是可以是同时判断的,还可以是按照一定的判断顺序进行判断,监督管理器除了对目标规则中的功能集合、频度和带宽进行判断之外,根据需要,监督管理器还可以对目标规则下发的其他属性参数进行检测,进而判断是否符合要求,以防止目标网络切片越界使用未授权的用户面原子功能,进而导致影响其他网络切片的正常运行。The function set, frequency and bandwidth delivered by the supervisory manager to the target rule may be judged at the same time, or may be judged according to a certain judgment order, and the supervisor manager except the function set, the frequency and the target rule In addition to the bandwidth judgment, the supervisory manager can also detect other attribute parameters delivered by the target rule according to the requirements, and then determine whether the requirements are met, so as to prevent the target network slice from crossing the boundary using the unauthorized user plane atom function, thereby causing the impact. The normal operation of other network slices.
结合第一方面,在第一方面的第二种可能的实现方式中,所述监督管理器获取目标网络切片的目标配置策略,包括:With reference to the first aspect, in a second possible implementation manner of the first aspect, the supervisory manager obtains a target configuration policy of the target network slice, including:
所述监督管理器获取所述目标网络切片的目标特征值;The supervisor manager obtains a target feature value of the target network slice;
所述监督管理器获取与所述目标特征值相对应的目标配置策略。The supervisor manager obtains a target configuration policy corresponding to the target feature value.
由于特征值具有唯一性,因此特征值可以用控制面网元的IP地址来表示。监督管理器在多个配置策略中,查找与目标特征值对应的配置策略,即为目标 网络切片的目标配置策略。Since the feature value is unique, the feature value can be represented by the IP address of the control plane network element. The supervisor manager finds the configuration policy corresponding to the target feature value in multiple configuration policies, that is, the target Target configuration policy for network slicing.
结合第一方面,在第一方面的第三种可能的实现方式中,所述监督管理器分别与切片管理器、管理编排域通信连接,所述方法还包括:In conjunction with the first aspect, in a third possible implementation of the first aspect, the supervisory manager is in communication with the slice manager and the management orchestration domain, the method further comprising:
所述切片管理器获取网络切片创建信息;The slice manager obtains network slice creation information;
所述切片管理器根据所述网络切片创建信息,向所述管理编排域发送网络切片创建指令;The slice manager sends a network slice creation instruction to the management orchestration domain according to the network slice creation information;
所述管理编排域根据所述网络切片创建指令,创建目标控制面网元和目标用户面网元;The management orchestration domain creates a target control plane network element and a target user plane network element according to the network slice creation instruction;
在所述切片管理器获取到所述管理编排域发送的网络切片创建响应时,所述切片管理器向所述监督管理器发送包含所述目标配置策略的新建网络切片请求。When the slice manager obtains a network slice creation response sent by the management orchestration domain, the slice manager sends a new network slice request including the target configuration policy to the supervision manager.
管理编排域根据网络切片创建指令,分别创建目标控制面网元和目标用户面网元,即实例化目标用户面网元和目标控制面网元,另外,如果实例化网络切片网元指令中包括对监督管理器的实例化的要求,可以需要对监督管理器进行实例化。在管理编排域实例化完成之后,管理编排域向切片管理器发送网络切片创建响应,这时切片管理器向监督管理器发送携带目标网络切片的目标配置策略的新建网络切片请求。The management orchestration domain respectively creates a target control plane network element and a target user plane network element according to the network slice creation instruction, that is, instantiates the target user plane network element and the target control plane network element, and further includes if the instantiated network slice network element instruction is included The requirements for the instantiation of the supervisor manager may require the instantiation of the supervisor manager. After the management orchestration domain instantiation is completed, the management orchestration domain sends a network slice creation response to the slice manager, at which time the slice manager sends a new network slice request carrying the target configuration policy of the target network slice to the supervisor manager.
结合第一方面,在第一方面的第四种可能的实现方式中,所述监督管理器分别与切片管理器、管理编排域通信连接,所述方法还包括:In conjunction with the first aspect, in a fourth possible implementation of the first aspect, the supervisory manager is in communication with the slice manager and the management orchestration domain, the method further includes:
所述监督管理器获取所述切片管理器发送的网络切片创建信息;The supervisor manager acquires network slice creation information sent by the slice manager;
所述监督管理器根据所述网络切片创建信息,向所述管理编排域发送网络切片创建指令;The supervisor manager sends a network slice creation instruction to the management orchestration domain according to the network slice creation information;
所述管理编排域根据所述创建网络切片网元指令,创建目标控制面网元和目标用户面网元;The management orchestration domain creates a target control plane network element and a target user plane network element according to the step of creating a network slice network element;
在所述监督管理器获取到所述管理编排域发送的网络切片创建响应时,执行所述监督管理器获取目标网络切片的目标配置策略的步骤。And performing the step of the supervisor manager acquiring a target configuration policy of the target network slice when the supervisor manager obtains the network slice creation response sent by the management orchestration domain.
监督管理器向管理编排域发送网络切片创建指令。管理编排域根据网络切片创建指令,分别创建目标控制面网元和目标用户面网元,即实例化目标用户 面网元和目标控制面网元,另外,如果实例化网络切片网元指令中包括对监督管理器的实例化的要求,可以需要对监督管理器进行实例化。在管理编排域实例化完成之后,管理编排域向监督管理器发送网络切片创建响应,这时管理编排域向监督管理器发送携带目标网络切片的目标配置策略的新建网络切片请求,另外,还可以是切片管理器发送新建网络切片请求;以便监督管理器根据接收到的新建网络切片请求,提取出所需的目标切片的目标配置策略及特征值等信息。The supervisor manager sends a network slice creation instruction to the management orchestration domain. The management orchestration domain creates a target control plane network element and a target user plane network element according to the network slice creation instruction, that is, instantiates the target user. The face network element and the target control plane network element. In addition, if the instantiation network slice network element instruction includes the requirement for instantiation of the supervisory manager, the supervisor manager may need to be instantiated. After the management orchestration domain instantiation is completed, the management orchestration domain sends a network slice creation response to the supervisory manager, and the management orchestration domain sends a new network slice request carrying the target configuration policy of the target network slice to the supervisory manager, and may also The slice manager sends a new network slice request; so that the supervisor manager extracts the target configuration policy and the feature value of the target slice according to the received new network slice request.
结合第一方面,在第一方面的第五种可能的实现方式中,所述目标配置策略,还包括:真实网络拓扑结构与虚拟网络拓扑结构之间节点的对应关系,所述监督管理器将所述目标规则发送给所述目标用户面网元,包括:With reference to the first aspect, in a fifth possible implementation manner of the first aspect, the target configuration policy further includes: a correspondence between a real network topology and a virtual network topology, where the supervisor manager Sending the target rule to the target user plane network element, including:
所述监督管理器获取所述虚拟网络拓扑结构中的虚拟IP地址;The supervisor manager obtains a virtual IP address in the virtual network topology;
所述监督管理器根据所述真实网络拓扑结构与虚拟网络拓扑结构之间的对应关系,确定出所述虚拟IP地址对应的真实IP地址;Determining, by the supervisory manager, a real IP address corresponding to the virtual IP address according to a correspondence between the real network topology structure and the virtual network topology structure;
目标配置策略中包含网络切片的真实网络拓扑与虚拟网络拓扑节点间的对应关系,在监督管理器中的实现过程如下,在监督管理器接收到切片管理器发送的真实网络拓扑与虚拟网络拓扑间节点的对应关系后,监督管理器虚拟出与目标控制面网元间的控制端口IP,该端口IP为Virtual(虚拟)目标用户面网元的IP,这些Virtual目标用户面网元的IP与True(真实)目标用户面网元的控制端口IP具有一一对应或一对多的对应关系。The target configuration policy includes the correspondence between the real network topology of the network slice and the virtual network topology node. The implementation process in the supervisory manager is as follows: after the supervisor manager receives the real network topology sent by the slice manager and the virtual network topology. After the correspondence between the nodes, the supervisor manager virtualizes the control port IP between the network element and the target control plane. The IP address of the port is the IP of the virtual (virtual) target user plane network element. The IP and True of the virtual target user plane network element. The (real) control port IP of the target user plane network element has a one-to-one correspondence or a one-to-many correspondence relationship.
所述监督管理器将所述目标规则发送给所述真实IP地址对应的目标用户面网元。The supervisory manager sends the target rule to the target user plane network element corresponding to the real IP address.
如果Virtual目标用户面网元的IP与True目标用户面网元的控制端口IP具有一一对应关系,在目标控制面网元下发规则时,目标控制面网元是向Virtual目标用户面网元的IP下发,监督管理器根据virtual目标用户面网元IP可以找到对应的True目标用户面网元IP;若是一对多的关系则监督管理器收到目标控制面网元下发的规则时还要根据一定的算法找到对应的True目标用户面网元IP,从而完成规则的下发。If the IP address of the virtual target user plane network element has a one-to-one correspondence with the control port IP address of the True target user plane network element, when the target control plane network element sends the rule, the target control plane network element is the virtual target user plane network element. The IP is issued, and the supervisor manager can find the corresponding True target user plane network element IP according to the virtual target user plane network element IP; if the one-to-many relationship is received, the supervisory manager receives the rule issued by the target control plane network element. The corresponding True target user plane network element IP is also found according to a certain algorithm, so that the rule is delivered.
结合第一方面,在第一方面的第六种可能的实现方式中,所述方法还包括:In conjunction with the first aspect, in a sixth possible implementation manner of the first aspect, the method further includes:
当所述目标规则中的功能集合不是用户面原子功能集合的子集时,所述监 督管理器根据所述目标配置策略对所述目标规则修改,得到修改目标规则,并将所述修改目标规则发送给所述目标用户面网元,以使所述修改目标规则中的功能集合为所述用户面原子功能集合的子集;When the function set in the target rule is not a subset of the user face atomic function set, the supervisor The supervisor manager modifies the target rule according to the target configuration policy, obtains a modified target rule, and sends the modified target rule to the target user plane network element, so that the function set in the modified target rule is a subset of the user plane atomic function set;
或者,所述监督管理器禁止将所述目标规则下发给所述目标用户面网元。Alternatively, the supervisor manager prohibits sending the target rule to the target user plane network element.
当目标规则中的功能集合不是用户面原子功能集合的子集时,监督管理器根据目标配置策略对目标规则修改,得到修改目标规则,并将修改目标规则发送给目标用户面网元,以使修改目标规则中的功能集合为用户面原子功能集合的子集。或者,监督管理器禁止将目标规则下发给目标用户面网元。When the function set in the target rule is not a subset of the user-side atomic function set, the supervisor manager modifies the target rule according to the target configuration policy, obtains the modified target rule, and sends the modified target rule to the target user plane network element, so that Modify the feature set in the target rule to be a subset of the user face atomic feature set. Alternatively, the supervisor manager prohibits the delivery of the target rule to the target user plane network element.
结合本发明实施例第一至第六种的任一可能的实现方式中,在第一方面的第七种可能的实现方式中,所述用户面原子功能集合,包括下述的一种或几种组合:计费、合法监听、寻呼、深度报文检测DPI、协议安全性IPsec、网络地址转换NAT、超文本传输协议HTTP头增强和缓存。In a seventh possible implementation manner of the first aspect, the user plane atomic function set includes one or more of the following Combinations: billing, lawful interception, paging, deep packet inspection DPI, protocol security IPsec, network address translation NAT, hypertext transfer protocol HTTP header enhancement and caching.
根据本发明实施例的第二方面,提供一种基于网络切片的用户面共享装置,应用于包含监督管理器的核心网中,所述装置包括:According to a second aspect of the embodiments of the present invention, a network slice-based user plane sharing apparatus is provided, which is applied to a core network including a supervisory manager, where the apparatus includes:
目标配置策略获取模块,用于获取目标网络切片的目标配置策略,所述目标配置策略包括用户面原子功能集合;a target configuration policy obtaining module, configured to acquire a target configuration policy of the target network slice, where the target configuration policy includes a user plane atom function set;
目标规则判断模块,用于在所述目标控制面网元向所述目标用户面网元发送目标规则时,判断所述目标规则下发的功能集合是否为所述用户面原子功能集合的子集;a target rule judging module, configured to determine, when the target control plane network element sends a target rule to the target user plane network element, whether the function set delivered by the target rule is a subset of the user plane atomic function set ;
目标规则下发模块,用于在所述目标规则下发的功能集合为用户面原子功能集合的子集时,将所述目标规则发送给所述目标用户面网元。And a target rule sending module, configured to send the target rule to the target user plane network element when the function set sent by the target rule is a subset of the user plane atomic function set.
通过目标规则判断模块对控制面网元下发的目标规则统一管控,可以有效防止目标网络切片越界使用未授权的用户面原子功能,进而避免影响其他网络切片的正常运行。Through the target rule judgment module, the target rules issued by the control plane network element are uniformly controlled, which can effectively prevent the target network slice from crossing the boundary using the unauthorized user plane atom function, thereby avoiding affecting the normal operation of other network slices.
结合第二方面,在第二方面的第一种可能的实现方式中,所述目标配置策略,还包括:目标频度和目标带宽;所述装置还包括:With reference to the second aspect, in a first possible implementation manner of the second aspect, the target configuration policy further includes: a target frequency and a target bandwidth; the device further includes:
频度判断模块,用于判断所述目标规则下发的频度是否小于所述目标频度;a frequency judging module, configured to determine whether a frequency of the target rule is less than the target frequency;
带宽判断模块,用于在所述目标规则下发的频度小于所述目标频度时,所 述监督管理器判断所述目标规则下发的带宽是否不大于所述目标带宽。a bandwidth determining module, configured to: when the frequency of sending the target rule is less than the target frequency, The supervisory manager determines whether the bandwidth delivered by the target rule is not greater than the target bandwidth.
目标规则判断模块、频度判断模块和、带宽判断模块分别对目标规则下发的功能集合、频度和带宽是可以是同时判断的,还可以是按照一定的判断顺序进行判断,除了对目标规则中的功能集合、频度和带宽进行判断之外,根据需要,还可以对目标规则下发的其他属性参数进行检测,进而判断是否符合要求,以防止目标网络切片越界使用未授权的用户面原子功能,进而导致影响其他网络切片的正常运行。The target rule judgment module, the frequency judgment module, and the bandwidth judgment module respectively can determine the function set, the frequency, and the bandwidth delivered by the target rule at the same time, or can perform the judgment according to a certain judgment order, except for the target rule. In addition to the function set, frequency and bandwidth judgment, other attribute parameters delivered by the target rule may be detected according to requirements, thereby determining whether the requirements are met, so as to prevent the target network slice from crossing the boundary using unauthorized user plane atoms. Features that in turn affect the normal operation of other network slices.
结合第二方面,在第二方面的第二种可能的实现方式中,所述目标配置策略获取模块,包括:With reference to the second aspect, in a second possible implementation manner of the second aspect, the target configuration policy acquiring module includes:
目标特征值获取子模块,用于获取所述目标网络切片的目标特征值。The target feature value obtaining submodule is configured to acquire a target feature value of the target network slice.
目标配置策略子模块,用于获取与所述目标特征值相对应的目标配置策略。The target configuration policy sub-module is configured to acquire a target configuration policy corresponding to the target feature value.
由于特征值具有唯一性,因此特征值可以用控制面网元的IP地址来表示。目标配置策略子模块在多个配置策略中,查找与目标特征值对应的配置策略,即为目标网络切片的目标配置策略。Since the feature value is unique, the feature value can be represented by the IP address of the control plane network element. The target configuration policy sub-module searches for a configuration policy corresponding to the target feature value in multiple configuration policies, that is, a target configuration policy for the target network slice.
结合第二方面,在第二方面的第三种可能的实现方式中,所述监督管理器分别与切片管理器、管理编排域通信连接,所述装置还包括:In conjunction with the second aspect, in a third possible implementation of the second aspect, the supervisory manager is separately connected to the slice manager and the management orchestration domain, and the device further includes:
第一网络切片创建信息获取模块,用于获取网络切片创建信息;a first network slice creation information acquisition module, configured to acquire network slice creation information;
第一网络切片创建指令发送模块,用于根据所述网络切片创建信息,向所述管理编排域发送网络切片创建指令;a first network slice creation instruction sending module, configured to send a network slice creation instruction to the management orchestration domain according to the network slice creation information;
第一网络切片创建模块,用于根据所述网络切片创建指令,创建目标控制面网元和目标用户面网元;a first network slice creation module, configured to create a target control plane network element and a target user plane network element according to the network slice creation instruction;
新建网络切片请求发送模块,用于在在所述切片管理器获取到所述管理编排域发送的网络切片创建响应时,向所述监督管理器发送包含所述目标配置策略的新建网络切片请求。And a new network slice request sending module, configured to send a new network slice request including the target configuration policy to the supervisor manager when the slice manager obtains a network slice creation response sent by the management orchestration domain.
第一网络切片创建指令发送模块根据网络切片创建指令,分别创建目标控制面网元和目标用户面网元,即实例化目标用户面网元和目标控制面网元,另外,如果实例化网络切片网元指令中包括对监督管理器的实例化的要求,可以需要对监督管理器进行实例化。在管理编排域实例化完成之后,管理编排域向 切片管理器发送网络切片创建响应,这时切片管理器向监督管理器发送携带目标网络切片的目标配置策略的新建网络切片请求。The first network slice creation instruction sending module separately creates a target control plane network element and a target user plane network element according to the network slice creation instruction, that is, instantiating the target user plane network element and the target control plane network element, and if instantiating the network slice The NE instruction includes requirements for the instantiation of the supervisor manager, which may need to be instantiated. After the management orchestration domain is instantiated, manage the orchestration domain The slice manager sends a network slice creation response, at which time the slice manager sends a new network slice request to the supervisor manager that carries the target configuration policy for the target network slice.
结合第二方面,在第二方面的第四种可能的实现方式中,所述监督管理器分别与切片管理器、管理编排域通信连接,所述装置还包括:With reference to the second aspect, in a fourth possible implementation of the second aspect, the supervisory manager is separately connected to the slice manager and the management orchestration domain, and the device further includes:
第二网络切片创建信息获取模块,用于获取所述切片管理器发送的网络切片创建信息;a second network slice creation information acquiring module, configured to acquire network slice creation information sent by the slice manager;
第二网络切片创建指令发送模块,用于根据所述网络切片创建信息,向所述管理编排域发送网络切片创建指令;a second network slice creation instruction sending module, configured to send a network slice creation instruction to the management orchestration domain according to the network slice creation information;
第二网络切片创建模块,用于根据所述创建网络切片网元指令,创建目标控制面网元和目标用户面网元。And a second network slice creation module, configured to create a target control plane network element and a target user plane network element according to the creating a network slice network element instruction.
第二网络切片创建指令发送模块向管理编排域发送网络切片创建指令。管理编排域根据网络切片创建指令,分别创建目标控制面网元和目标用户面网元,即实例化目标用户面网元和目标控制面网元,另外,如果实例化网络切片网元指令中包括对监督管理器的实例化的要求,可以需要对监督管理器进行实例化。在管理编排域实例化完成之后,管理编排域向监督管理器发送网络切片创建响应,这时管理编排域向监督管理器发送携带目标网络切片的目标配置策略的新建网络切片请求,在其他实施例中,还可以是切片管理器发送新建网络切片请求;以便监督管理器根据接收到的新建网络切片请求,提取出所需的目标切片的目标配置策略及特征值等信息。The second network slice creation instruction sending module sends a network slice creation instruction to the management orchestration domain. The management orchestration domain respectively creates a target control plane network element and a target user plane network element according to the network slice creation instruction, that is, instantiates the target user plane network element and the target control plane network element, and further includes if the instantiated network slice network element instruction is included The requirements for the instantiation of the supervisor manager may require the instantiation of the supervisor manager. After the management orchestration domain instantiation is completed, the management orchestration domain sends a network slice creation response to the supervisory manager, and the management orchestration domain sends a new network slice request carrying the target configuration policy of the target network slice to the supervisory manager, in other embodiments. In addition, the slice manager may send a new network slice request; so that the supervisor manager extracts the target configuration policy and the feature value of the target slice according to the received new network slice request.
结合第二方面,在第二方面的第五种可能的实现方式中,所述目标配置策略,还包括:真实网络拓扑结构与虚拟网络拓扑结构之间节点的对应关系,所述目标规则下发模块,包括:With reference to the second aspect, in a fifth possible implementation manner of the second aspect, the target configuration policy further includes: a correspondence between a real network topology and a virtual network topology, where the target rule is delivered Modules, including:
虚拟IP地址获取子模块,用于获取所述虚拟网络拓扑结构中的虚拟IP地址;a virtual IP address obtaining submodule, configured to obtain a virtual IP address in the virtual network topology;
真实IP地址确定子模块,用于根据所述真实网络拓扑结构与虚拟网络拓扑结构之间的对应关系,确定出所述虚拟IP地址对应的真实IP地址;a real IP address determining submodule, configured to determine a real IP address corresponding to the virtual IP address according to the correspondence between the real network topology and the virtual network topology;
目标配置策略中包含网络切片的真实网络拓扑与虚拟网络拓扑节点间的对应关系,在监督管理器中的实现过程如下,在监督管理器接收到切片管理器发送的真实网络拓扑与虚拟网络拓扑间节点的对应关系后,监督管理器虚拟出与目标控制面网元间的控制端口IP,该端口IP为Virtual(虚拟)目标用户面网元 的IP,这些Virtual目标用户面网元的IP与True(真实)目标用户面网元的控制端口IP具有一一对应或一对多的对应关系。The target configuration policy includes the correspondence between the real network topology of the network slice and the virtual network topology node. The implementation process in the supervisory manager is as follows: after the supervisor manager receives the real network topology sent by the slice manager and the virtual network topology. After the correspondence between the nodes, the supervisor manager virtualizes the control port IP between the network element and the target control plane. The IP address of the port is a virtual (virtual) target user plane network element. IP, the IP of these Virtual target user plane network elements has a one-to-one correspondence or one-to-many correspondence relationship with the control port IP of the True (real) target user plane network element.
目标规则发送子模块,用于将所述目标规则发送给所述真实IP地址对应的目标用户面网元。The target rule sending submodule is configured to send the target rule to the target user plane network element corresponding to the real IP address.
如果Virtual目标用户面网元的IP与True目标用户面网元的控制端口IP具有一一对应关系,在目标控制面网元下发规则时,目标控制面网元是向Virtual目标用户面网元的IP下发,真实IP地址确定子模块根据virtual目标用户面网元IP可以找到对应的True目标用户面网元IP;若是一对多的关系则真实IP地址确定子模块收到目标控制面网元下发的规则时还要根据一定的算法找到对应的True目标用户面网元IP,从而完成规则的下发。If the IP address of the virtual target user plane network element has a one-to-one correspondence with the control port IP address of the True target user plane network element, when the target control plane network element sends the rule, the target control plane network element is the virtual target user plane network element. The IP address is sent, and the real IP address determining sub-module can find the corresponding True target user plane network element IP according to the virtual target user plane network element IP; if it is a one-to-many relationship, the real IP address determining sub-module receives the target control plane network. When the rule is issued by the element, the corresponding target network element IP of the True target is found according to a certain algorithm, so that the rule is delivered.
结合第二方面,在第二方面的第六种可能的实现方式中,所述装置还包括:In conjunction with the second aspect, in a sixth possible implementation manner of the second aspect, the device further includes:
目标规则修改模块,用于在所述目标规则中的功能集合不是用户面原子功能集合的子集时,根据所述目标配置策略对所述目标规则修改,得到修改目标规则,并将所述修改目标规则发送给所述目标用户面网元,以使所述修改目标规则中的功能集合为所述用户面原子功能集合的子集;a target rule modification module, configured to modify the target rule according to the target configuration policy when the function set in the target rule is not a subset of the user plane atomic function set, obtain a modified target rule, and modify the target Sending a target rule to the target user plane network element, so that the function set in the modification target rule is a subset of the user plane atomic function set;
或者,禁止目标规则下发模块,用于禁止将所述目标规则下发给所述目标用户面网元。Alternatively, the target rule issuance module is disabled, and the target rule is prohibited from being sent to the target user plane network element.
当目标规则中的功能集合不是用户面原子功能集合的子集时,目标规则修改模块根据目标配置策略对目标规则修改,得到修改目标规则,并将修改目标规则发送给目标用户面网元,以使修改目标规则中的功能集合为用户面原子功能集合的子集。或者,禁止目标规则下发模块禁止将目标规则下发给目标用户面网元。When the function set in the target rule is not a subset of the user face atomic function set, the target rule modification module modifies the target rule according to the target configuration policy, obtains the modified target rule, and sends the modified target rule to the target user plane network element, Makes the function in the modification target rule a subset of the user-side atomic feature set. Or, the target rule issuance module is forbidden to send the target rule to the target user plane network element.
结合第二方面第一至第六种的任一可能的实现方式中,在第二方面的第七种可能的实现方式中,所述用户面原子功能集合,包括下述的一种或几种组合:计费、合法监听、寻呼、深度报文检测DPI、协议安全性IPsec、网络地址转换NAT、超文本传输协议HTTP头增强和缓存。In conjunction with any of the possible implementations of the first to sixth aspects of the second aspect, in the seventh possible implementation of the second aspect, the user plane atomic function set includes one or more of the following Combination: billing, lawful interception, paging, deep packet inspection DPI, protocol security IPsec, network address translation NAT, hypertext transfer protocol HTTP header enhancement and caching.
根据本发明实施例的第三方面,提供一种监督管理器,包括:收发器和处理器;According to a third aspect of the embodiments of the present invention, a supervisory manager is provided, including: a transceiver and a processor;
所述收发器,用于获取目标网络切片的目标配置策略,所述目标配置策略 包括用户面原子功能集合;The transceiver is configured to acquire a target configuration policy of a target network slice, where the target configuration policy is Including the user plane atomic function set;
所述处理器用于:The processor is used to:
在所述目标控制面网元向所述目标用户面网元发送目标规则时,判断所述目标规则下发的功能集合是否为所述用户面原子功能集合的子集;When the target control plane network element sends the target rule to the target user plane network element, determining whether the function set delivered by the target rule is a subset of the user plane atomic function set;
当所述目标规则下发的功能集合为用户面原子功能集合的子集时,将所述目标规则发送给所述目标用户面网元。When the function set delivered by the target rule is a subset of the user plane atomic function set, the target rule is sent to the target user plane network element.
通过监督管理器中的处理器对控制面网元下发的目标规则统一管控,可以有效防止目标网络切片越界使用未授权的用户面原子功能,进而避免影响其他网络切片的正常运行。Through the unified control of the target rules delivered by the control plane network element by the processor in the supervisory manager, the target network slice can be effectively prevented from using the unauthorized user plane atomic function, thereby avoiding affecting the normal operation of other network slices.
结合第三方面,在第三方面的第一种可能的实现方式中,所述目标配置策略,还包括:目标频度和目标带宽;所述处理器还用于:With reference to the third aspect, in a first possible implementation manner of the third aspect, the target configuration policy further includes: a target frequency and a target bandwidth; the processor is further configured to:
判断所述目标规则下发的频度是否小于所述目标频度;Determining whether the frequency of the target rule delivery is less than the target frequency;
当所述目标规则下发的频度小于所述目标频度时,判断所述目标规则下发的带宽是否不大于所述目标带宽;When the frequency of the target rule is less than the target frequency, determining whether the bandwidth delivered by the target rule is not greater than the target bandwidth;
当所述目标规则下发的带宽不大于所述目标带宽时,执行所述将所述目标规则发送给所述目标用户面网元的步骤。And performing the step of sending the target rule to the target user plane network element when the bandwidth delivered by the target rule is not greater than the target bandwidth.
监督管理器的处理器对目标规则下发的功能集合、频度和带宽是可以是同时判断的,还可以是按照一定的判断顺序进行判断,除了对目标规则中的功能集合、频度和带宽进行判断之外,根据需要,还可以对目标规则下发的其他属性参数进行检测,进而判断是否符合要求,以防止目标网络切片越界使用未授权的用户面原子功能,进而导致影响其他网络切片的正常运行。The function set, frequency and bandwidth delivered by the processor of the supervisory manager to the target rule may be judged at the same time, or may be judged according to a certain judgment order, except for the function set, frequency and bandwidth in the target rule. In addition to the judgment, other attribute parameters delivered by the target rule may be detected according to the requirements, thereby determining whether the requirements are met, so as to prevent the target network slice from crossing the boundary using the unauthorized user plane atom function, thereby affecting other network slices. normal operation.
结合第三方面,在第三方面的第二种可能的实现方式中,所述监督管理器获取目标网络切片的目标配置策略,包括:With reference to the third aspect, in a second possible implementation manner of the third aspect, the monitoring manager obtains a target configuration policy of the target network slice, including:
获取所述目标网络切片的目标特征值;Obtaining a target feature value of the target network slice;
获取与所述目标特征值相对应的目标配置策略。Obtaining a target configuration policy corresponding to the target feature value.
由于特征值具有唯一性,因此特征值可以用控制面网元的IP地址来表示。处理器可以在多个配置策略中,查找与目标特征值对应的配置策略,即为目标网络切片的目标配置策略。 Since the feature value is unique, the feature value can be represented by the IP address of the control plane network element. The processor may search for a configuration policy corresponding to the target feature value in multiple configuration policies, that is, a target configuration policy for the target network slice.
结合第三方面,在第三方面的第三种可能的实现方式中,所述监督管理器分别与切片管理器、管理编排域通信连接,所述处理器还用于:In conjunction with the third aspect, in a third possible implementation manner of the third aspect, the supervisory manager is separately connected to the slice manager and the management orchestration domain, and the processor is further configured to:
所述切片管理器获取网络切片创建信息;The slice manager obtains network slice creation information;
所述切片管理器根据所述网络切片创建信息,向所述管理编排域发送网络切片创建指令;The slice manager sends a network slice creation instruction to the management orchestration domain according to the network slice creation information;
所述管理编排域根据所述网络切片创建指令,创建目标控制面网元和目标用户面网元;The management orchestration domain creates a target control plane network element and a target user plane network element according to the network slice creation instruction;
在所述切片管理器获取到所述管理编排域发送的网络切片创建响应时,所述切片管理器向所述监督管理器发送包含所述目标配置策略的新建网络切片请求。When the slice manager obtains a network slice creation response sent by the management orchestration domain, the slice manager sends a new network slice request including the target configuration policy to the supervision manager.
管理编排域根据网络切片创建指令,分别创建目标控制面网元和目标用户面网元,即实例化目标用户面网元和目标控制面网元,另外,如果实例化网络切片网元指令中包括对监督管理器的实例化的要求,可以需要对监督管理器进行实例化。在管理编排域实例化完成之后,管理编排域向切片管理器发送网络切片创建响应,这时切片管理器向监督管理器发送携带目标网络切片的目标配置策略的新建网络切片请求。The management orchestration domain respectively creates a target control plane network element and a target user plane network element according to the network slice creation instruction, that is, instantiates the target user plane network element and the target control plane network element, and further includes if the instantiated network slice network element instruction is included The requirements for the instantiation of the supervisor manager may require the instantiation of the supervisor manager. After the management orchestration domain instantiation is completed, the management orchestration domain sends a network slice creation response to the slice manager, at which time the slice manager sends a new network slice request carrying the target configuration policy of the target network slice to the supervisor manager.
结合第三方面,在第三方面的第四种可能的实现方式中,所述监督管理器分别与切片管理器、管理编排域通信连接,所述处理器还用于:In conjunction with the third aspect, in a fourth possible implementation of the third aspect, the supervisory manager is separately connected to the slice manager and the management orchestration domain, and the processor is further configured to:
获取所述切片管理器发送的网络切片创建信息;Obtaining network slice creation information sent by the slice manager;
根据所述网络切片创建信息,向所述管理编排域发送网络切片创建指令;And sending, according to the network slice creation information, a network slice creation instruction to the management orchestration domain;
所述管理编排域根据所述创建网络切片网元指令,创建目标控制面网元和目标用户面网元;The management orchestration domain creates a target control plane network element and a target user plane network element according to the step of creating a network slice network element;
获取到所述管理编排域发送的网络切片创建响应时,执行所述获取目标网络切片的目标配置策略的步骤。When the network slice creation response sent by the management orchestration domain is obtained, the step of acquiring the target configuration policy of the target network slice is performed.
监督管理器的处理器向管理编排域发送网络切片创建指令。管理编排域根据网络切片创建指令,分别创建目标控制面网元和目标用户面网元,即实例化目标用户面网元和目标控制面网元,另外,如果实例化网络切片网元指令中包括对监督管理器的实例化的要求,可以需要对监督管理器进行实例化。在管理 编排域实例化完成之后,管理编排域向监督管理器发送网络切片创建响应,这时管理编排域向监督管理器发送携带目标网络切片的目标配置策略的新建网络切片请求,在其他实施例中,还可以是切片管理器发送新建网络切片请求;以便监督管理器根据接收到的新建网络切片请求,提取出所需的目标切片的目标配置策略及特征值等信息。The supervisor manager's processor sends a network slice creation instruction to the management orchestration domain. The management orchestration domain respectively creates a target control plane network element and a target user plane network element according to the network slice creation instruction, that is, instantiates the target user plane network element and the target control plane network element, and further includes if the instantiated network slice network element instruction is included The requirements for the instantiation of the supervisor manager may require the instantiation of the supervisor manager. In management After the orchestration domain instantiation is completed, the management orchestration domain sends a network slice creation response to the supervisory manager, where the management orchestration domain sends a new network slice request carrying the target configuration policy of the target network slice to the supervisory manager, in other embodiments, The slice manager may also send a new network slice request; so that the supervisor manager extracts the target configuration policy and the feature value of the target slice according to the received new network slice request.
结合第三方面,在第三方面的第五种可能的实现方式中,所述目标配置策略,还包括:真实网络拓扑结构与虚拟网络拓扑结构之间节点的对应关系,所述监督管理器将所述目标规则发送给所述目标用户面网元,包括:With reference to the third aspect, in a fifth possible implementation manner of the third aspect, the target configuration policy further includes: a correspondence between a real network topology and a virtual network topology, where the supervisor manager Sending the target rule to the target user plane network element, including:
获取所述虚拟网络拓扑结构中的虚拟IP地址;Obtaining a virtual IP address in the virtual network topology;
根据所述真实网络拓扑结构与虚拟网络拓扑结构之间的对应关系,确定出所述虚拟IP地址对应的真实IP地址;Determining a real IP address corresponding to the virtual IP address according to the correspondence between the real network topology and the virtual network topology;
将所述目标规则发送给所述真实IP地址对应的目标用户面网元。Sending the target rule to the target user plane network element corresponding to the real IP address.
目标配置策略中包含网络切片的真实网络拓扑与虚拟网络拓扑节点间的对应关系,在监督管理器中的实现过程如下,在监督管理器接收到切片管理器发送的真实网络拓扑与虚拟网络拓扑间节点的对应关系后,监督管理器虚拟出与目标控制面网元间的控制端口IP,该端口IP为Virtual目标用户面网元的IP,这些Virtual目标用户面网元的IP与True目标用户面网元的控制端口IP具有一一对应或一对多的对应关系。The target configuration policy includes the correspondence between the real network topology of the network slice and the virtual network topology node. The implementation process in the supervisory manager is as follows: after the supervisor manager receives the real network topology sent by the slice manager and the virtual network topology. After the correspondence between the nodes, the supervisor manager virtualizes the control port IP between the network element and the target control plane network. The IP address of the virtual target user plane network element is the IP address of the virtual target user plane network element and the True target user plane. The control port IP of the network element has a one-to-one correspondence or a one-to-many correspondence.
所述监督管理器将所述目标规则发送给所述真实IP地址对应的目标用户面网元。The supervisory manager sends the target rule to the target user plane network element corresponding to the real IP address.
如果Virtual目标用户面网元的IP与True目标用户面网元的控制端口IP具有一一对应关系,在目标控制面网元下发规则时,目标控制面网元是向Virtual目标用户面网元的IP下发,处理器根据virtual目标用户面网元IP可以找到对应的True目标用户面网元IP;若是一对多的关系则监督管理器收到目标控制面网元下发的规则时还要根据一定的算法找到对应的True目标用户面网元IP,从而完成规则的下发。If the IP address of the virtual target user plane network element has a one-to-one correspondence with the control port IP address of the True target user plane network element, when the target control plane network element sends the rule, the target control plane network element is the virtual target user plane network element. The IP is delivered, and the processor can find the corresponding True target user plane network element IP according to the virtual target user plane network element IP; if the one-to-many relationship is received, the supervisory manager receives the rule delivered by the target control plane network element. The corresponding True target user plane network element IP is found according to a certain algorithm, so that the rule is delivered.
结合第三方面,在第三方面的第六种可能的实现方式中,所述处理器还用于:In conjunction with the third aspect, in a sixth possible implementation manner of the third aspect, the processor is further configured to:
当所述目标规则中的功能集合不是用户面原子功能集合的子集时,根据所 述目标配置策略对所述目标规则修改,得到修改目标规则,并将所述修改目标规则发送给所述目标用户面网元,以使所述修改目标规则中的功能集合为所述用户面原子功能集合的子集;When the function set in the target rule is not a subset of the user face atomic function set, Modifying the target rule by the target configuration policy, obtaining a modified target rule, and sending the modified target rule to the target user plane network element, so that the function set in the modified target rule is the user plane atom a subset of the feature set;
或者,禁止将所述目标规则下发给所述目标用户面网元。Alternatively, the target rule is prohibited from being sent to the target user plane network element.
当目标规则中的功能集合不是用户面原子功能集合的子集时,监督管理器的处理器根据目标配置策略对目标规则修改,得到修改目标规则,并将修改目标规则发送给目标用户面网元,以使修改目标规则中的功能集合为用户面原子功能集合的子集。或者,监督管理器的处理器禁止将目标规则下发给目标用户面网元。When the function set in the target rule is not a subset of the user plane atomic function set, the processor of the supervisor manager modifies the target rule according to the target configuration policy, obtains the modified target rule, and sends the modified target rule to the target user plane network element. To make the set of functions in the modified target rule a subset of the set of user-side atomic functions. Alternatively, the supervisor manager's processor prohibits the delivery of the target rule to the target user plane network element.
结合第三方面的第一至第六种任一可能的实现方式中,在第三方面的第七种可能的实现方式中,所述用户面原子功能集合,包括下述的一种或几种组合:计费、合法监听、寻呼、深度报文检测DPI、协议安全性IPsec、网络地址转换NAT、超文本传输协议HTTP头增强和缓存。With reference to any of the first to sixth possible implementation manners of the third aspect, in the seventh possible implementation manner of the third aspect, the user plane atomic function set includes one or more of the following Combination: billing, lawful interception, paging, deep packet inspection DPI, protocol security IPsec, network address translation NAT, hypertext transfer protocol HTTP header enhancement and caching.
本发明的实施例提供的技术方案可以包括以下有益效果:The technical solutions provided by the embodiments of the present invention may include the following beneficial effects:
本发明实施例提供的基于网络切片的用户面共享方法、装置及监督管理器,监督管理器通过获取目标网络切片的目标配置策略,在目标网络切片中的目标控制面网元向目标用户面网元发送目标规则时,该监督管理器判断该目标规则下发的功能集合是否为用户面原子功能集合的子集,如果是,监督管理器将该目标规则发送给目标用户面网元;否则,监督管理器根据新建网络切片请求携带的目标配置策略对目标规则修改,或者禁止将该目标规则下发给目标用户面网元。通过监督管理器对控制面网元下发的目标规则统一管控,可以有效防止目标网络切片越界使用未授权的用户面原子功能,进而避免影响其他网络切片的正常运行。The network slice-based user plane sharing method, device and supervisor manager provided by the embodiment of the present invention, the supervisor manager obtains the target network layer's target configuration policy, and the target control plane network element in the target network slice is directed to the target user plane network. When the element sends the target rule, the supervisor manager determines whether the function set delivered by the target rule is a subset of the user face atomic function set, and if so, the supervisor manager sends the target rule to the target user plane network element; otherwise, The supervisory manager modifies the target rule according to the target configuration policy carried in the new network slice request, or prohibits the target rule from being delivered to the target user plane network element. Through the unified management and control of the target rules delivered by the control plane network element, the supervisory network can effectively prevent the target network slice from crossing the boundary using unauthorized user plane atom functions, thereby avoiding affecting the normal operation of other network slices.
应当理解的是,以上的一般描述和后文的细节描述仅是示例性和解释性的,并不能限制本发明。The above general description and the following detailed description are intended to be illustrative and not restrictive.
附图说明DRAWINGS
此处的附图被并入说明书中并构成本说明书的一部分,示出了符合本发明的实施例,并与说明书一起用于解释本发明的原理。The accompanying drawings, which are incorporated in the specification of FIG
图1是根据一示例性实施例示出的一种场景应用示意图图; FIG. 1 is a schematic diagram of a scenario application according to an exemplary embodiment;
图2是根据一示例性实施例示出的一种场景应用示意图图;FIG. 2 is a schematic diagram of a scenario application according to an exemplary embodiment;
图3是根据一示例性实施例示出的一种场景应用示意图图;FIG. 3 is a schematic diagram of a scenario application according to an exemplary embodiment;
图4是根据一示例性实施例示出的一种场景应用示意图图;FIG. 4 is a schematic diagram of a scenario application according to an exemplary embodiment;
图5是根据一示例性实施例示出的一种基于网络切片的用户面共享方法的流程图;FIG. 5 is a flowchart of a network slice-based user plane sharing method according to an exemplary embodiment;
图6是根据一示例性实施例示出的一种基于网络切片的用户面共享方法的流程图;FIG. 6 is a flowchart of a network slice-based user plane sharing method according to an exemplary embodiment;
图7是根据一示例性实施例示出的一种基于网络切片的用户面共享方法的流程图;FIG. 7 is a flowchart of a network slice-based user plane sharing method according to an exemplary embodiment;
图8是根据一示例性实施例示出的图5中步骤S540的流程图;FIG. 8 is a flowchart of step S540 of FIG. 5 according to an exemplary embodiment;
图9是根据一示例性实施例示出的一种基于网络切片的用户面共享方法的流程图;FIG. 9 is a flowchart of a network slice-based user plane sharing method according to an exemplary embodiment;
图10是根据一示例性实施例示出的网络切片创建流程信令图;FIG. 10 is a schematic diagram of a network slice creation process signaling according to an exemplary embodiment;
图11是根据一示例性实施例示出的网络切片创建流程信令图;FIG. 11 is a signaling diagram of a network slice creation process according to an exemplary embodiment;
图12是根据一示例性实施例示出的网络切片修改流程信令图;FIG. 12 is a network slice modification flow signaling diagram according to an exemplary embodiment; FIG.
图13是根据一示例性实施例示出的网络切片修改流程信令图;FIG. 13 is a network slice modification flow signaling diagram according to an exemplary embodiment; FIG.
图14是根据一示例性实施例示出的一种基于网络切片的用户面共享装置的结构示意图;FIG. 14 is a schematic structural diagram of a network slice-based user plane sharing apparatus according to an exemplary embodiment;
图15是根据一示例性实施例示出的一种基于网络切片的用户面共享装置的结构示意图;FIG. 15 is a schematic structural diagram of a network slice-based user plane sharing apparatus according to an exemplary embodiment;
图16是根据一示例性实施例示出的一种基于网络切片的用户面共享装置的结构示意图;FIG. 16 is a schematic structural diagram of a network slice-based user plane sharing apparatus according to an exemplary embodiment;
图17是根据一示例性实施例示出的图14中目标规则下发模块的示意图;FIG. 17 is a schematic diagram of the target rule issuing module of FIG. 14 according to an exemplary embodiment; FIG.
图18是根据一示例性实施例示出的一种基于网络切片的用户面共享装置的结构示意图;FIG. 18 is a schematic structural diagram of a network slice-based user plane sharing apparatus according to an exemplary embodiment;
图19是根据一示例性实施例示出的图14中目标配置策略获取模块的示意图; FIG. 19 is a schematic diagram of the target configuration policy acquisition module of FIG. 14 according to an exemplary embodiment; FIG.
图20是根据一示例性实施例示出的一种基于网络切片的用户面共享装置的结构示意图;FIG. 20 is a schematic structural diagram of a network slice-based user plane sharing apparatus according to an exemplary embodiment;
图21是根据一示例性实施例示出的一种监督管理器的结构示意图。FIG. 21 is a schematic structural diagram of a supervisor manager according to an exemplary embodiment.
具体实施方式detailed description
这里将详细地对示例性实施例进行说明,其示例表示在附图中。下面的描述涉及附图时,除非另有表示,不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施方式并不代表与本发明相一致的所有实施方式。相反,它们仅是与如所附权利要求书中所详述的、本发明的一些方面相一致的装置和方法的例子。Exemplary embodiments will be described in detail herein, examples of which are illustrated in the accompanying drawings. The following description refers to the same or similar elements in the different figures unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present invention. Instead, they are merely examples of devices and methods consistent with aspects of the invention as detailed in the appended claims.
图1为本发明实施例中提供的一种场景应用示意图。如图1所示,在核心网中,图1包括:控制面网元CP 100、监督管理器Upvisor(监督管理器)200、用户面网元GW-U 300、切片管理器SA(Slicing Administrator,切片管理器)400和管理编排域MANO(Management and Orchestration,管理编排域)500。其中,FIG. 1 is a schematic diagram of a scenario application according to an embodiment of the present invention. As shown in FIG. 1, in the core network, FIG. 1 includes: a control plane network element CP 100, a supervisor manager Upvisor (supervisor manager) 200, a user plane network element GW-U 300, and a slice manager SA (Slicing Administrator, The slice manager 400 and the management orchestration domain MANO (Management and Orchestration) 500. among them,
图1中示例性的给出了三个CP 100和多个GW-U 300,本发明实施例中在核心网中创建的网络切片,包括一个CP 100、Upvisor 200和多个GW-U 300。在创建网络切片时,核心网根据用户的需求,创建对应的CP 100,并根据需要,可以利用已有的GW-U 300,与其他网络切片共享使用,或者创建新的GW-U300。其中,创建出新的GW-U 300可以与其他网络切片共享使用。GW-U 300主要用于数据报文的处理;CP 100主要用于定义GW-U 300对数据报文的处理动作。The network slice created in the core network in the embodiment of the present invention includes a CP 100, an Upvisor 200, and a plurality of GW-Us 300, exemplarily shown in FIG. When creating a network slice, the core network creates a corresponding CP 100 according to the needs of the user, and can use the existing GW-U 300 to share with other network slices or create a new GW-U300. Among them, the creation of a new GW-U 300 can be shared with other network slices. The GW-U 300 is mainly used for processing data packets. The CP 100 is mainly used to define the processing action of the GW-U 300 on data packets.
在核心网中,可以包括多个网络切片,每个网络切片包括一个CP 100、多个GW-U 300,Upvisor 200中有每个网络切片的配置策略,在某网络切片中的CP 100向对应的GW-U 300下发规则时,Upvisor 200根据该网络切片的特征值,找到与该网络切片相匹配的配置策略,根据该配置策略判断GW-U 300下发的规则是否满足条件,如果满足才将该规则下发到对应的GW-U 300,否则,需要将该规则修改为满足相关条件时才能下发,或者Upvisor 200禁止GP 100将该规则下发给对应的GW-U 300。In the core network, multiple network slices may be included. Each network slice includes one CP 100 and multiple GW-Us 300. The Upvisor 200 has a configuration policy for each network slice, and the CP 100 corresponds to a network slice. When the GW-U 300 delivers the rule, the Upvisor 200 finds a configuration policy that matches the network slice according to the feature value of the network slice, and determines whether the rule delivered by the GW-U 300 satisfies the condition according to the configuration policy, if the condition is met. The GW-U 300 is delivered to the corresponding GW-U 300. Otherwise, the IPS 100 is not required to be sent to the corresponding GW-U 300.
结合图2,在SA 400接收到网络切片创建信息时,SA 400向MANO 500发 送实例化网络切片网元指令。当然,也可以是在Upvisor 200接收到网络切片创建信息时,Upvisor 200向MANO 500发送实例化网络切片网元指令。其中,该网络切片创建信息包括:单用户最大带宽、业务时延、总吞吐率、冗余、热迁移、忙时业务规模和切片原子动作集。忙时业务规模,包括:用户数、SR数/释放数、寻呼数、承载数(缺省+专用)、承载激活速率、每承载话单数、数据包长、上下行流量占比、拓扑需求。实例化网络切片网元指令,包括:需要创建的CP 100的规格、所需GW-U 300的数量、位置和容量规格信息。其中,SA400包括:配置策略执行模块Policy Execution 201和配置策略数据库Policy database 202,Policy Execution 201分别建立与CP 100、GW-U 300之间的通信连接,对CP 100与GW-U 300之间传输的信息检测;Policy database 202主要用于存储Policy等数据。MANO 500在创建GW-U 300时,根据指令,可以创建信息的GW-U 300,还可以是指定已有的GW-U 300,与其他网络切片的GW-U 300共享使用。In conjunction with Figure 2, the SA 400 sends a message to the MANO 500 when the SA 400 receives the network slice creation information. Send instantiation network slice network element instructions. Of course, when the Upvisor 200 receives the network slice creation information, the Upvisor 200 sends an instantiated network slice network element instruction to the MANO 500. The network slice creation information includes: single user maximum bandwidth, service delay, total throughput, redundancy, hot migration, busy hour service size, and slice atomic action set. Busy-time service size, including: number of users, number of SRs/releases, number of pages, number of bearers (default + dedicated), bearer activation rate, number of bearers per packet, length of data packets, proportion of uplink and downlink traffic, and topology requirements . The network slice network element instruction is instantiated, including: a specification of the CP 100 to be created, a quantity, location, and capacity specification information of the required GW-U 300. The SA400 includes: a policy execution module Policy Execution 201 and a configuration policy database Policy database 202, and the Policy Execution 201 establishes a communication connection with the CP 100 and the GW-U 300, respectively, and transmits between the CP 100 and the GW-U 300. Information detection; Policy database 202 is mainly used to store data such as Policy. When the GW-U 300 is created, the MANO 500 can create the GW-U 300 of information according to the command, or can designate the existing GW-U 300 and share it with the GW-U 300 of other network slices.
结合图1及图2,在MANO 500创建完成相应的CP 100和GW-U 300时,MANO 500向SA 400发送新建网元响应,在SA 400接收到MANO 500发送的新建网元响应时,SA 400向Upvisor 200发送新建网络切片请求。其中,该新建网络切片请求携带有新创建的网络切片的特征值和配置策略Policy,并且Policy中包含CP 100下发规则的最大速率、用户带宽的最大值、原子动作集(包括:计费、合法监听、寻呼、DPI、IPsec、NAT、HTTP头增强及缓存等)、真实网络拓扑与虚拟网络拓扑的对应关系(该对应关系为真实网络拓扑的IP地址与虚拟网络拓扑的IP地址间的对应关系)。In conjunction with FIG. 1 and FIG. 2, when the corresponding CP 100 and GW-U 300 are created and completed by the MANO 500, the MANO 500 sends a new network element response to the SA 400. When the SA 400 receives the new network element response sent by the MANO 500, the SA 400 sends a new network slice request to the Upvisor 200. The new network slice request carries the feature value of the newly created network slice and the configuration policy policy, and the policy includes the maximum rate of the CP 100 delivery rule, the maximum user bandwidth, and the atomic action set (including: charging, Lawful interception, paging, DPI, IPsec, NAT, HTTP header enhancement and caching, etc.), the correspondence between the real network topology and the virtual network topology (the correspondence is between the IP address of the real network topology and the IP address of the virtual network topology) Correspondence).
Upvisor 200获取SA 400发送的网络切片创建信息时,该网络切片创建信息携带有新创建的网络切片的特征值和配置策略Policy,其中,该网络切片的特征值具有唯一性,由于每个网络切片的CP 100都不同,因此,可以用网络切片中CP 100的IP来表示该新创建的网络切片的特征值;该Policy中包含网络切片的真实网络拓扑与虚拟网络拓扑节点间的对应关系、授权的原子动作集、CP 100与GW-U 300之间通信的频度、用户最大带宽等限定切片对GW-U 300中物理资源使用额度的指标。在新创建的网络切片中CP 100下发规则给对应的GW-U 300时,Upvisor 200分别与CP 100以及GW-U 300建立通信连接。在Upvisor 200与CP 100建立连接时,Upvisor 200将网络切片中的虚拟拓扑上报给CP 100。其中,可以将新创建的网络切片成为目标网络切片,与该目标网络切片相对应的 配置策略成为目标配置策略,该目标网络切片中的CP 100称为目标CP 100,该目标网络切片中的GW-U 300称为目标GW-U 300。When the Upvisor 200 obtains the network slice creation information sent by the SA 400, the network slice creation information carries the feature value of the newly created network slice and the configuration policy Policy, wherein the feature value of the network slice is unique, because each network slice The CP 100 is different. Therefore, the IP value of the CP 100 in the network slice can be used to represent the feature value of the newly created network slice; the policy includes the correspondence between the real network topology of the network slice and the virtual network topology node, and the authorization. The atomic action set, the frequency of communication between the CP 100 and the GW-U 300, and the maximum bandwidth of the user define an indicator of the amount of physical resources used by the slice in the GW-U 300. When the CP 100 sends a rule to the corresponding GW-U 300 in the newly created network slice, the Upvisor 200 establishes a communication connection with the CP 100 and the GW-U 300, respectively. When the Upvisor 200 establishes a connection with the CP 100, the Upvisor 200 reports the virtual topology in the network slice to the CP 100. Wherein, the newly created network slice can be a target network slice corresponding to the target network slice. The configuration policy becomes the target configuration policy, and the CP 100 in the target network slice is referred to as the target CP 100, and the GW-U 300 in the target network slice is referred to as the target GW-U 300.
在所需创建的网络切片创建完成之后,在网络切片中的CP 100向GW-U 300下发规则rule时,Upvisor 200根据该rule中的网络切片特征值,获取对应的Policy,Upvisor 200依据该Policy对CP 100向GW-U 300下发规则rule进行检查,包括,1)对rule中的功能集合检查,如果rule中的功能集合为Policy中用户面原子功能集合的子集,则进行2);2)对rule下发的频度检查,如果rule下发的频度小于Policy中规定的频度,那么进行3);3)对rule下发的带宽进行检查,如果rule下发的带宽小于或等于Policy中规定的带宽,则根据rule的目的控制端口GW-U 300的IP地址找到对应的用户面真实的控制端口GW-U 300的IP,完成rule的下发;如果rule中的功能集合不是Policy中用户面原子功能集合的子集、rule下发的频度大于Policy中规定的频度,或者rule下发的带宽大于Policy中规定的带宽,那么对rule进行修改或者拒绝rule下发。After the network slice is created, the CP 100 sends a rule rule to the GW-U 300. The Upvisor 200 obtains the corresponding policy according to the network slice feature value in the rule. The Upvisor 200 is configured according to the rule. The policy checks the number of rules issued by the CP 100 to the GW-U 300, including: 1) checking the function set in the rule, and if the function set in the rule is a subset of the user-side atomic function set in the policy, 2) 2) If the frequency of the rule is checked, if the frequency of the rule is less than the frequency specified in the policy, then 3); 3) check the bandwidth sent by the rule, if the bandwidth delivered by the rule is less than Or the bandwidth specified in the policy, the IP address of the port GW-U 300 is controlled according to the purpose of the rule, and the IP of the real user control port GW-U 300 is found, and the rule is sent; if the function set in the rule If the frequency of the user-side atomic function set in the policy is not greater than the frequency specified in the policy, or the bandwidth sent by the rule is greater than the bandwidth specified in the policy, modify the rule or reject the rule. .
Policy中包含网络切片的真实网络拓扑与虚拟网络拓扑节点间的对应关系,在Upvisor 200中的实现过程如下,在Upvisor 200接收到SA 400发送的真实网络拓扑与虚拟网络拓扑间节点的对应关系后,Upvisor 200虚拟出与CP 100间的控制端口IP,该端口IP为Virtual(虚拟)GW-U 300的IP,这些Virtual GW-U 300的IP与True(真实)GW-U 300的控制端口IP具有一一对应或一对多的对应关系。如果Virtual GW-U 300的IP与True GW-U 300的控制端口IP具有一一对应关系,在CP 100下发rule时,CP 100是向Virtual GW-U 300的IP下发,Upvisor 200根据virtual GW-U 300 IP可以找到对应的True GW-U 300 IP;若是一对多的关系则Upvisor 200收到CP 100下发的rule时还要根据一定的算法找到对应的True GW-U 300 IP,从而完成rule的下发。The policy includes the mapping between the real network topology of the network slice and the virtual network topology node. The implementation process in the Upvisor 200 is as follows: After the Upvisor 200 receives the correspondence between the real network topology sent by the SA 400 and the virtual network topology node, The Upvisor 200 virtualizes the control port IP between the CP 100 and the CP 100. The IP of the port is the IP of the Virtual GW-U 300. The IP of these Virtual GW-U 300s and the control port IP of the True GW-U 300. There is a one-to-one correspondence or a one-to-many correspondence. If the IP address of the Virtual GW-U 300 has a one-to-one correspondence with the control port IP address of the True GW-U 300, the CP 100 is delivered to the IP of the Virtual GW-U 300 when the CP 100 sends the rule. The Upvisor 200 is based on the virtual. The GW-U 300 IP can find the corresponding True GW-U 300 IP; if it is a one-to-many relationship, the Upvisor 200 must find the corresponding True GW-U 300 IP according to a certain algorithm when receiving the rule issued by the CP 100. Thus complete the release of the rule.
另外,示例性的,如图3所示,Virtual GW-U以及True GW-U间的用户面网元端口也有对应关系,用户面网元端口是用来接收或者发送用户面网元的数据。如果将用户面网元GW-U1与GW-U2抽象为一个Virtual GW-U,则Virtual GW-U IP对应于True GW-U1 IP以及True GW-U2 IP,并且端口号1/2可以对应于Ture GW-U1 A/B,端口号3/4可以对应于True GW-U2的E/F,这里只举例一种对应关系,还可以有其他的方式。此外,为了完成对链路的抽象,当两个GW-U间进行数据的传输时,先根据拓扑的节点对应关系找到对应的真实GW-U,GW-U间的路径由Upvisor重新规划,数据包根据Upvisor规划的路径完成数据的传送, 如图4所示,切片控制面以为数据包是在GW-U1与GW-U4间直接传输的,但事实上数据包是先从GW-U1传输到GW-U2,再由GW-U2传输到GW-U4,由Upvisor完成路径的重新规划。其中,图3中的203为Virtual GW-U IP,601为Ture GW-U1 IP,701为Ture GW-U2 IP。In addition, as shown in FIG. 3, the user plane network element port between the Virtual GW-U and the True GW-U also has a corresponding relationship, and the user plane network element port is used to receive or send data of the user plane network element. If the user plane network elements GW-U1 and GW-U2 are abstracted into one Virtual GW-U, the Virtual GW-U IP corresponds to the True GW-U1 IP and the True GW-U2 IP, and the port number 1/2 may correspond to Ture GW-U1 A/B, port number 3/4 can correspond to the E/F of True GW-U2. Here, only one correspondence is exemplified, and there are other ways. In addition, in order to complete the abstraction of the link, when the data is transmitted between the two GW-Us, the corresponding real GW-U is first found according to the node correspondence relationship of the topology, and the path between the GW-Us is re-planned by the Upvisor. The package completes the transfer of data according to the path planned by Upvisor. As shown in Figure 4, the slice control plane assumes that the data packet is directly transmitted between GW-U1 and GW-U4, but in fact the data packet is transmitted from GW-U1 to GW-U2 first, and then transmitted by GW-U2. GW-U4, the path is re-planned by Upvisor. Among them, 203 in FIG. 3 is Virtual GW-U IP, 601 is Ture GW-U1 IP, and 701 is Ture GW-U2 IP.
需要说明的是,本发明提供的实施例中,MANO,主要负责对整个NFV(Network Function Virtualization,网络功能虚拟化)资源的管理和编排,在本发明实施例中主要用于控制面网元和用户面网元的生成;It should be noted that, in the embodiment provided by the present invention, the MANO is mainly responsible for the management and arrangement of the entire NFV (Network Function Virtualization) resource, and is mainly used for the control plane network element in the embodiment of the present invention. User plane network element generation;
Slice administrator:主要用于对网络分片及其资源的生命周期管理,向上接受业务需求的输入,向下对IaaS(Infrastructure as a Service,基础设施即服务)资源和VNF资源进行管理;Slice administrator: It is mainly used for lifecycle management of network fragmentation and its resources, accepting input of business requirements upwards, and managing IaaS (Infrastructure as a Service) resources and VNF resources downwards;
CP:用于在用户附着或者新建会话请求时,将rule下发给GW-U;The CP is used to send the rule to the GW-U when the user attaches or creates a new session request.
GW-U:用于执行CP下发的rule,完成数据的转发;GW-U: It is used to execute the rule delivered by the CP and complete the forwarding of data.
Upvisor:位于CP与GW-U之间,用于实现各网络切片间的隔离以及用户面网络拓扑的抽象。Upvisor: Located between the CP and GW-U, it is used to isolate the network slices and abstract the user plane network topology.
为了详细阐述上述实施例的执行流程,结合上述实施例,在本发明提供的又一实施例中,如图5所示,提供了一种基于网络切片的用户面共享方法,该方法应用在核心网中,并且该核心网包括监督管理器Upvisor,该方法可以包括如下步骤:In order to elaborate the execution flow of the foregoing embodiment, in combination with the foregoing embodiment, in another embodiment provided by the present invention, as shown in FIG. 5, a user plane sharing method based on network slice is provided, and the method is applied to the core. In the network, and the core network includes a supervisor manager Upvisor, the method may include the following steps:
在步骤S510中,监督管理器获取目标网络切片的目标配置策略。In step S510, the supervisor manager obtains a target configuration policy of the target network slice.
本发明实施例中,由上述实施例可知,监督管理器首先获取切片管理器发送的新建网络切片请求,由于该新建网络切片请求携带有目标网络切片的特征值和配置策略等数据信息,因此,可以通过提取该新建网络切片请求中的配置策略,即实现获取目标网络切片的目标配置策略的目的。并且该目标配置策略中包含控制面网元下发规则的最大速率、用户带宽的最大值、原子动作集、真实网络拓扑与虚拟网络拓扑的对应关系(该对应关系为真实网络拓扑的IP地址与虚拟网络拓扑的IP地址间的对应关系)。其中,原子动作集包括:计费、合法监听、寻呼、DPI(Deep Packet Inspection,深度报文检测)、Ipsec(Internet Protocol Security,网络协议安全性)、NAT(Network Address Translation,网络地址转换)、 HTTP头增强及缓存等。其中,在本发明实施例中,将新建网络切片请求中携带配置策略作为目标配置策略,该目标配置策略包括用户面原子功能集合。其中,目标网络切片包括目标控制面网元和目标用户面网元。In the embodiment of the present invention, the supervisory manager first obtains a new network slice request sent by the slice manager, and the new network slice request carries the data information such as the feature value and the configuration policy of the target network slice. The purpose of obtaining the target configuration policy of the target network slice can be achieved by extracting the configuration policy in the newly created network slice request. And the target configuration policy includes a maximum rate of the control plane network element delivery rule, a maximum user bandwidth, an atomic action set, a correspondence between the real network topology and the virtual network topology (the corresponding relationship is the IP address of the real network topology and Correspondence between IP addresses of virtual network topologies). The atomic action set includes: accounting, lawful interception, paging, DPI (Deep Packet Inspection), IPsec (Internet Protocol Security), and Network Address Translation (NAT). , HTTP header enhancements and caching, etc. In the embodiment of the present invention, the configuration policy is carried in the newly created network slice request as a target configuration policy, where the target configuration policy includes a user plane atomic function set. The target network slice includes a target control plane network element and a target user plane network element.
本发明实施例中的目标网络切片,可以包括一个目标控制面网元、监督管理器和多个目标用户面网元。其中,新建网络切片请求携带有所需创建目标网络切片的特征值,由于该特征值具有唯一性,因此该特征值在本发明实施例中以控制面网元的IP地址来表示,但实施例中并不限于此。并可以根据该控制面网元的IP地址来确定控制面网元中的目标控制面网元。需要说明的是,实施例中可以将监督管理器作为网络切片的一部分,也可以不将监督管理器作为网络切片的部分,监督管理器的主要作用是对网络切片中控制面网元与用户面网元之间传输的数据进行检查,判断是否满足要求。The target network slice in the embodiment of the present invention may include a target control plane network element, a supervisor manager, and a plurality of target user plane network elements. The new network slice request carries the feature value of the required target network slice, and the feature value is represented by the IP address of the control plane network element in the embodiment of the present invention, but the embodiment is This is not limited to this. The target control plane network element in the control plane network element may be determined according to the IP address of the control plane network element. It should be noted that, in the embodiment, the supervisor manager may be used as part of the network slice, or the supervisor manager may not be part of the network slice. The main function of the supervisor manager is to control the network element and the user plane in the network slice. The data transmitted between the network elements is checked to determine whether the requirements are met.
另外,还可以根据新建网络切片请求中携带的目标配置策略来确定核心网中的多个目标用户面网元,所确定的目标用户面网元可以是共享核心网中已有的用户面网元,还可以是根据需要,新生成的用户面网元,其中,这些新生成的用户面网元还可以被核心网中的其他网络切片所共享。In addition, the target user plane network element in the core network may be determined according to the target configuration policy carried in the new network slice request, and the determined target user plane network element may be the existing user plane network element in the shared core network. It may also be a newly generated user plane network element as needed, wherein the newly generated user plane network elements may also be shared by other network slices in the core network.
在步骤S520中,在目标控制面网元向目标用户面网元发送目标规则时,监督管理器判断目标规则下发的功能集合是否为用户面原子功能集合的子集。In step S520, when the target control plane network element sends the target rule to the target user plane network element, the supervisory manager determines whether the function set delivered by the target rule is a subset of the user plane atomic function set.
当目标规则下发的功能集合为用户面原子功能集合的子集时,在步骤S530中,监督管理器将目标规则发送给目标用户面网元。When the function set delivered by the target rule is a subset of the user plane atomic function set, in step S530, the supervisor manager sends the target rule to the target user plane network element.
当目标规则中的功能集合不是用户面原子功能集合的子集时,在步骤S540中,监督管理器根据目标配置策略对目标规则修改,得到修改目标规则,并将修改目标规则发送给目标用户面网元,以使修改目标规则中的功能集合为用户面原子功能集合的子集。或者,监督管理器禁止将目标规则下发给目标用户面网元。When the function set in the target rule is not a subset of the user plane atomic function set, in step S540, the supervisor manager modifies the target rule according to the target configuration policy, obtains the modified target rule, and sends the modified target rule to the target user plane. The network element is such that the function set in the modification target rule is a subset of the user plane atomic function set. Alternatively, the supervisor manager prohibits the delivery of the target rule to the target user plane network element.
将目标网络切片中的目标控制面网元向目标用户面网元发送的规则(rule)作为目标规则,在目标网络切片中的目标控制面网元向目标用户面网元发送目标规则时,由于目标网络切片与核心网中的其他网络切片共享某些用户面网元,为了防止目标网络切片越界使用未授权的用户面原子功能,进而影响其他网络切片的正常运行,监督管理器需要判断目标规则下发的功能集合是否为用户面原子功能集合的子集,确保目标网络切片不会越界使用用户面功能。只有在目 标规则下发的功能集合为用户面原子功能集合的子集时,监督管理器才能允许将目标规则发送给目标用户面网元。否则,监督管理器根据目标配置策略对目标规则修改,以使修改后的目标规则中的功能集合为用户面原子功能集合的子集。当然,根据需要,监督管理器还可以禁止将目标规则下发给目标用户面网元。A rule (rule) sent by the target control plane network element in the target network slice to the target user plane network element is used as a target rule, and when the target control plane network element in the target network slice sends the target rule to the target user plane network element, The target network slice shares some user plane network elements with other network slices in the core network. In order to prevent the target network slice from crossing the boundary using unauthorized user plane atomic functions, thereby affecting the normal operation of other network slices, the supervisor manager needs to determine the target rule. Whether the delivered feature set is a subset of the user-side atomic feature set ensures that the target network slice does not cross the boundary using the user face feature. Only in the eyes When the function set delivered by the standard rule is a subset of the user face atomic function set, the supervisor manager can allow the target rule to be sent to the target user plane network element. Otherwise, the supervisor manager modifies the target rule according to the target configuration policy, so that the function set in the modified target rule is a subset of the user-side atomic function set. Of course, the supervisor manager can also prohibit the delivery of the target rule to the target user plane network element as needed.
本发明实施例提供的基于网络切片的用户面共享方法,监督管理器通过获取目标网络切片的目标配置策略,在目标网络切片中的目标控制面网元向目标用户面网元发送目标规则时,该监督管理器判断该目标规则下发的功能集合是否为用户面原子功能集合的子集,如果是,监督管理器将该目标规则发送给目标用户面网元;否则,监督管理器根据网络切片创建信息携带的目标配置策略对目标规则修改,或者禁止将该目标规则下发给目标用户面网元。通过监督管理器对控制面网元下发的目标规则统一管控,可以有效防止目标网络切片越界使用未授权的用户面原子功能,进而避免影响其他网络切片的正常运行。According to the network slice-based user plane sharing method provided by the embodiment of the present invention, the supervisor manager obtains the target configuration policy of the target network slice, and when the target control plane network element in the target network slice sends the target rule to the target user plane network element, The supervisor manager determines whether the function set delivered by the target rule is a subset of the user plane atomic function set, and if so, the supervisor manager sends the target rule to the target user plane network element; otherwise, the supervisor manager performs the network slice according to the network The target configuration policy carried in the information modification is modified to the target rule, or the target rule is prohibited from being delivered to the target user plane network element. Through the unified management and control of the target rules delivered by the control plane network element, the supervisory network can effectively prevent the target network slice from crossing the boundary using unauthorized user plane atom functions, thereby avoiding affecting the normal operation of other network slices.
在目标控制面网元向目标用户面发送目标规则时,监督管理器除了检测该目标规则中的目标规则下发的功能集合是否为用户面原子功能集合的子集之外,还会检测目标规则下发的频度及带宽是否符合要求,因此,作为图5方法的细化,在本发明提供的又一实施例中,目标配置策略还包括目标频度和目标带宽,如图6所示,该方法还可以包括以下步骤:When the target control plane network element sends the target rule to the target user plane, the supervisor manager detects the target rule in addition to detecting whether the function set delivered by the target rule in the target rule is a subset of the user plane atomic function set. Whether the frequency and the bandwidth of the delivery are in compliance with the requirements, therefore, as a refinement of the method of FIG. 5, in another embodiment provided by the present invention, the target configuration policy further includes a target frequency and a target bandwidth, as shown in FIG. The method can also include the following steps:
在步骤S550中,监督管理器判断目标规则下发的频度是否小于目标频度。In step S550, the supervisory manager determines whether the frequency of the target rule delivery is less than the target frequency.
当目标规则下发的频度小于目标频度时,在步骤S560中,监督管理器判断目标规则下发的带宽是否不大于目标带宽。When the frequency of the target rule is less than the target frequency, in step S560, the supervisory manager determines whether the bandwidth delivered by the target rule is not greater than the target bandwidth.
当目标规则下发的带宽不大于目标带宽时,执行步骤S530。When the bandwidth delivered by the target rule is not greater than the target bandwidth, step S530 is performed.
结合上述实施例,在监督管理器对目标规则下发的功能集合、频度和带宽是可以是同时判断的,还可以是按照上述实施例中的其他判断顺序进行判断,本发明实施例不限于此。另外,监督管理器除了对目标规则中的功能集合、频度和带宽进行判断之外,根据需要,监督管理器还可以对目标规则下发的其他属性参数进行检测,进而判断是否符合要求,以防止目标网络切片越界使用未授权的用户面原子功能,进而导致影响其他网络切片的正常运行。In combination with the foregoing embodiment, the function set, the frequency, and the bandwidth that are sent by the supervisory manager to the target rule may be determined at the same time, and may be determined according to other determination orders in the foregoing embodiment, and the embodiment of the present invention is not limited to this. In addition, in addition to the function set, frequency, and bandwidth of the target rule, the supervisory manager can also detect other attribute parameters delivered by the target rule according to requirements, and then determine whether the requirements are met. Prevents the target network slice from crossing the boundary using unauthorized user plane atomic functions, which in turn affects the normal operation of other network slices.
另外,结合图1及上述各实施例,监督管理器分别与切片管理器、管理编 排域通信连接,作为图5方法的细化,在本发明提供的又一实施例中,在步骤S510之前,如图7所示,该方法还可以包括如下步骤:In addition, in conjunction with FIG. 1 and the foregoing embodiments, the supervisor manager and the slice manager and the management editor respectively In a further embodiment of the present invention, before the step S510, as shown in FIG. 7, the method may further include the following steps:
在步骤S501中,切片管理器获取网络切片创建信息。In step S501, the slice manager acquires network slice creation information.
在步骤S502中,切片管理器根据新建网络切片创建信息,向所述管理编排域发送网络切片创建指令。In step S502, the slice manager sends a network slice creation instruction to the management orchestration domain according to the newly created network slice creation information.
可以结合上述实施例及图1、图2,该网络切片创建信息包括:单用户最大带宽、业务时延、总吞吐率等等,实例化网络切片网元指令,包括:需要创建的控制面网元的创建规格、所需用户面网元的数量等等,可以参考上述实施例,这里不在赘述。The network slice creation information includes: a single user maximum bandwidth, a service delay, a total throughput rate, and the like, and an instantiation of a network slice network element instruction, including: a control plane network to be created, may be combined with the foregoing embodiment and FIG. For the creation specifications of the element, the number of required user plane network elements, and the like, reference may be made to the above embodiments, and details are not described herein.
其中,管理编排域主要负责对整个NFV资源的管理和编排,在本发明实施例中主要用于控制面网元和用户面网元的生成;切片管理器主要用于对网络分片及其资源的生命周期管理,向上接受业务需求的输入,向下对IaaS资源和VNF资源进行管理。The management orchestration domain is mainly responsible for the management and orchestration of the entire NFV resource. In the embodiment of the present invention, it is mainly used for generating the control plane network element and the user plane network element; the slice manager is mainly used for the network fragmentation and its resources. Lifecycle management, accepting input from business requirements, and managing IaaS resources and VNF resources downwards.
在步骤S503中,管理编排域根据网络切片创建指令,创建目标控制面网元和目标用户面网元。In step S503, the management orchestration domain creates a target control plane network element and a target user plane network element according to the network slice creation instruction.
在步骤S504中,在切片管理器获取到管理编排域发送的网络切片创建响应时,切片管理器向监督管理器发送包含所述目标配置策略的新建网络切片请求。In step S504, when the slice manager acquires the network slice creation response sent by the management orchestration domain, the slice manager sends a new network slice request including the target configuration policy to the supervision manager.
管理编排域根据网络切片创建指令,分别创建目标控制面网元和目标用户面网元,即实例化目标用户面网元和目标控制面网元,另外,如果实例化网络切片网元指令中包括对监督管理器的实例化的要求,可以需要对监督管理器进行实例化。在管理编排域实例化完成之后,管理编排域向切片管理器发送网络切片创建响应,这时切片管理器向监督管理器发送携带目标网络切片的目标配置策略的新建网络切片请求。The management orchestration domain respectively creates a target control plane network element and a target user plane network element according to the network slice creation instruction, that is, instantiates the target user plane network element and the target control plane network element, and further includes if the instantiated network slice network element instruction is included The requirements for the instantiation of the supervisor manager may require the instantiation of the supervisor manager. After the management orchestration domain instantiation is completed, the management orchestration domain sends a network slice creation response to the slice manager, at which time the slice manager sends a new network slice request carrying the target configuration policy of the target network slice to the supervisor manager.
作为图5方法的细化,在本发明提供的又一实施例中,目标配置策略,还包括:真实网络拓扑结构与虚拟网络拓扑结构之间节点的对应关系,如图8所示,步骤S540还可以包括如下步骤:As a refinement of the method of FIG. 5, in another embodiment provided by the present invention, the target configuration policy further includes: a correspondence between nodes between the real network topology structure and the virtual network topology structure, as shown in FIG. 8, step S540. It can also include the following steps:
在步骤S541中,监督管理器获取虚拟网络拓扑结构中的虚拟IP地址。In step S541, the supervisor manager obtains the virtual IP address in the virtual network topology.
在步骤S542中,监督管理器根据真实网络拓扑结构与虚拟网络拓扑结构之间的对应关系,确定出虚拟IP地址对应的真实IP地址。 In step S542, the supervisory manager determines the real IP address corresponding to the virtual IP address according to the correspondence between the real network topology and the virtual network topology.
在步骤S543中,监督管理器将目标规则发送给真实IP地址对应的目标用户面网元。In step S543, the supervisor manager sends the target rule to the target user plane network element corresponding to the real IP address.
结合上述实施例及图3,目标配置策略中包含网络切片的真实网络拓扑与虚拟网络拓扑节点间的对应关系,在监督管理器中的实现过程如下,在监督管理器接收到切片管理器发送的真实网络拓扑与虚拟网络拓扑间节点的对应关系后,监督管理器虚拟出与目标控制面网元间的控制端口IP,该端口IP为Virtual(虚拟)目标用户面网元的IP,这些Virtual目标用户面网元的IP与True(真实)目标用户面网元的控制端口IP具有一一对应或一对多的对应关系。如果Virtual目标用户面网元的IP与True目标用户面网元的控制端口IP具有一一对应关系,在目标控制面网元下发规则时,目标控制面网元是向Virtual目标用户面网元的IP下发,监督管理器根据virtual目标用户面网元IP可以找到对应的True目标用户面网元IP;若是一对多的关系则监督管理器收到目标控制面网元下发的规则时还要根据一定的算法找到对应的True目标用户面网元IP,从而完成规则的下发。With reference to the foregoing embodiment and FIG. 3, the target configuration policy includes the correspondence between the real network topology of the network slice and the virtual network topology node, and the implementation process in the supervisor manager is as follows, and the supervisor manager receives the slice manager. After the correspondence between the real network topology and the nodes of the virtual network topology, the supervisor manager virtualizes the control port IP between the target control plane network element, and the port IP is the IP of the virtual (virtual) target user plane network element, and these virtual targets The IP of the user plane network element has a one-to-one correspondence or a one-to-many correspondence relationship with the control port IP of the True (real) target user plane network element. If the IP address of the virtual target user plane network element has a one-to-one correspondence with the control port IP address of the True target user plane network element, when the target control plane network element sends the rule, the target control plane network element is the virtual target user plane network element. The IP is issued, and the supervisor manager can find the corresponding True target user plane network element IP according to the virtual target user plane network element IP; if the one-to-many relationship is received, the supervisory manager receives the rule issued by the target control plane network element. The corresponding True target user plane network element IP is also found according to a certain algorithm, so that the rule is delivered.
为了详细阐述监督管理器如何获取新创建的目标网络切片对应的目标配置策略,作为图5方法的细化,在本发明提供的又一实施例中,步骤S510还可以包括如下步骤:In order to further explain how the supervisory manager obtains the target configuration policy corresponding to the newly created target network slice, as a refinement of the method of FIG. 5, in another embodiment provided by the present invention, step S510 may further include the following steps:
在步骤S511中,监督管理器获取目标网络切片的目标特征值。In step S511, the supervisory manager acquires the target feature value of the target network slice.
在步骤S512中,监督管理器获取与目标特征值相对应的目标配置策略。In step S512, the supervisor manager acquires a target configuration policy corresponding to the target feature value.
由于特征值具有唯一性,因此特征值在本发明实施例中以控制面网元的IP地址来表示。监督管理器在多个配置策略中,查找与目标特征值相对应的配置策略,即为目标网络切片的目标配置策略。Since the feature value is unique, the feature value is represented by the IP address of the control plane network element in the embodiment of the present invention. The supervisor manager searches for a configuration policy corresponding to the target feature value in multiple configuration policies, that is, a target configuration policy for the target network slice.
作为图5方法的细化,在本发明提供的又一实施例中,结合其他实施例,在步骤S510之前,监督管理器分别与切片管理器、管理编排域通信连接,如图9所示,该方法还可以包括如下步骤:As a refinement of the method of FIG. 5, in another embodiment provided by the present invention, in combination with other embodiments, before step S510, the supervisory manager communicates with the slice manager and the management orchestration domain respectively, as shown in FIG. The method may further comprise the following steps:
在步骤S505中,监督管理器获取切片管理器发送的网络切片创建信息。In step S505, the supervisor manager acquires network slice creation information transmitted by the slice manager.
在步骤S506中,监督管理器根据网络切片创建信息,向管理编排域发送网络切片创建指令。In step S506, the supervisor manager sends a network slice creation instruction to the management orchestration domain according to the network slice creation information.
在步骤S507中,管理编排域根据创建网络切片网元指令,创建目标控制面 网元和目标用户面网元。In step S507, the management orchestration domain creates a target control plane according to the instruction of creating a network slice network element. NE and target user plane network element.
在监督管理器获取到管理编排域发送的网络切片创建响应时,执行步骤S510。When the supervisor manager obtains the network slice creation response sent by the management orchestration domain, step S510 is performed.
在本实施例中,是由监督管理器向管理编排域发送网络切片创建指令。管理编排域根据网络切片创建指令,分别创建目标控制面网元和目标用户面网元,即实例化目标用户面网元和目标控制面网元,另外,如果实例化网络切片网元指令中包括对监督管理器的实例化的要求,可以需要对监督管理器进行实例化。在管理编排域实例化完成之后,管理编排域向监督管理器发送网络切片创建响应,这时管理编排域向监督管理器发送携带目标网络切片的目标配置策略的新建网络切片请求,在其他实施例中,还可以是切片管理器发送新建网络切片请求;以便监督管理器根据接收到的新建网络切片请求,提取出所需的目标切片的目标配置策略及特征值等信息。In this embodiment, the network manager creation instruction is sent by the supervisor manager to the management orchestration domain. The management orchestration domain respectively creates a target control plane network element and a target user plane network element according to the network slice creation instruction, that is, instantiates the target user plane network element and the target control plane network element, and further includes if the instantiated network slice network element instruction is included The requirements for the instantiation of the supervisor manager may require the instantiation of the supervisor manager. After the management orchestration domain instantiation is completed, the management orchestration domain sends a network slice creation response to the supervisory manager, and the management orchestration domain sends a new network slice request carrying the target configuration policy of the target network slice to the supervisory manager, in other embodiments. In addition, the slice manager may send a new network slice request; so that the supervisor manager extracts the target configuration policy and the feature value of the target slice according to the received new network slice request.
本发明实施例提供的基于网络切片的用户面共享方法,监督管理器获取到目标网络切片的目标配置策略;在目标控制面网元向目标用户面网元发送目标规则时,监督管理器会分别判断目标规则下发的功能集合是否为用户面原子功能集合的子集、目标规则下发的频度是否小于目标频度以及目标规则下发的带宽是否大于目标带宽等条件,只有在控制面网元下发的目标规则满足相关条件时,监督管理器才将目标规则发送给目标用户面网元。这样通过监督管理器对控制面网元下发的目标规则统一管控,可以有效防止目标网络切片越界使用未授权的用户面原子功能等情况,进而避免影响其他网络切片的正常运行。并且目标配置策略还包括目标网络切片中真实网络拓扑与虚拟网络拓扑节点间的对应关系,使得目标控制面网元不能直接获取用户面网元真是的网络节点,有利于用户面网元的安全性。According to the network slice-based user plane sharing method provided by the embodiment of the present invention, the supervisor manager obtains the target configuration policy of the target network slice; when the target control plane network element sends the target rule to the target user plane network element, the supervisory manager separately Determining whether the function set delivered by the target rule is a subset of the user plane atomic function set, whether the frequency of the target rule is less than the target frequency, and whether the bandwidth delivered by the target rule is greater than the target bandwidth, etc., only in the control network When the target rule issued by the element satisfies the relevant conditions, the supervisory manager sends the target rule to the target user plane network element. In this way, the supervisory manager can uniformly control the target rules issued by the control plane network element, which can effectively prevent the target network slice from crossing the boundary and use unauthorized user plane atomic functions, thereby avoiding affecting the normal operation of other network slices. And the target configuration policy further includes the correspondence between the real network topology and the virtual network topology node in the target network slice, so that the target control plane network element cannot directly obtain the network node of the user plane network element, which is beneficial to the security of the user plane network element. .
为了详细阐述网络切片的创建及对控制面网元下发的规则检查过程,在本发明提供的又一实施例中,由Slicing administrator判断是否需要创建新的GW-U及Policy,如图10所示,Slicing administrator、MANO、CP、Upvisor及GW-U相互间的数据交互可以包括以下执行流程:In order to elaborate the creation of the network slice and the rule checking process for the control plane network element, in another embodiment provided by the present invention, the Slicing administrator determines whether it is necessary to create a new GW-U and a policy, as shown in FIG. The data interaction between the Slicing administrator, MANO, CP, Upvisor, and GW-U may include the following execution processes:
步骤9111、Slicing administrator接收网络切片创建信息。Step 9111, the Slicing administrator receives the network slice creation information.
该网络切片创建信息,包括:单用户最大带宽、业务时延、总吞吐率、冗余、热迁移;忙时业务规模:用户数、SR数/释放数、寻呼数、承载数(缺省+ 专用)、承载激活速率、每承载话单数、数据包长、上下行流量占比、拓扑需求,切片原子动作集。The network slice creation information includes: single user maximum bandwidth, service delay, total throughput, redundancy, hot migration; busy time service size: number of users, number of SRs/releases, number of pages, number of bearers (default) + Dedicated), bearer activation rate, number of bearers per bearer, packet length, proportion of uplink and downlink traffic, topology requirements, slice atomic action set.
步骤9112、Slicing administrator向MANO发送实例化切片网元指令。Step 9112: The Slicing administrator sends an instantiation slice network element instruction to the MANO.
Slicing administrator向MANO提出实例化切片网元指令,指令中包含需要创建的CP的规格,GW-U的个数位置以及容量规格信息,指令中还可能包括需要实例化的Upvisor,MANO实例化控制面网元,实例化用户面GW-U,若接收到实例化Upvisor请求则实例化Upvisor。The Slicing administrator proposes an instantiation slice network element instruction to the MANO. The instruction includes the specifications of the CP to be created, the number of GW-U locations, and the capacity specification information. The instruction may also include an Upvisor that needs to be instantiated, and the MANO instantiates the control plane. The network element instantiates the user plane GW-U and instantiates the Upvisor if it receives the instantiated Upvisor request.
步骤9113、MANO向Slicing administrator发送新建网元响应。Step 9113, MANO sends a new network element response to the Slicing administrator.
步骤9114、Slicing administrator向Upvisor发送新建网络切片请求。Step 9114: The Slicing administrator sends a new network slice request to the Upvisor.
Slicing administrator向Upvisor发送新建切片请求Create_Slice_Request<CP IP,max_rate,max_width,action set,<(virtual GW-U IP,port[]),(GW-U IP,port[])>[]>,携带切片的特征值CP IP以及Policy,Policy中包含CP下发rule的最大速率,用户带宽的最大值,原子动作集(计费、合法监听、寻呼、DPI、IPsec、NAT、HTTP头增强、缓存等),真实网络拓扑与虚拟网络拓扑的对应关系,此对应关系为真实IP地址与虚拟IP地址的对应关系。The Slicing administrator sends a new slice request Create_Slice_Request<CP IP, max_rate, max_width, action set, <(virtual GW-U IP, port[]), (GW-U IP, port[])>[]> to the Upvisor, carrying the slice The eigenvalues CP IP and the policy, the policy contains the maximum rate of the rule issued by the CP, the maximum user bandwidth, the atomic action set (accounting, lawful interception, paging, DPI, IPsec, NAT, HTTP header enhancement, cache, etc.) Correspondence between the real network topology and the virtual network topology. The correspondence is the correspondence between the real IP address and the virtual IP address.
步骤9115、GW-U向Upvisor发送连接建立请求。Step 9115: The GW-U sends a connection establishment request to the Upvisor.
步骤9116、Upvisor向GW-U发送连接建立请求响应。Step 9116: The Upvisor sends a connection establishment request response to the GW-U.
步骤9117、Upvisor向CP发送连接建立请求。Step 9117: The Upvisor sends a connection establishment request to the CP.
步骤9118、CP向Upvisor发送建立连接响应。Step 9118: The CP sends a connection establishment response to the Upvisor.
步骤9119、Upvisor向Slicing administrator发送新建网络切片响应。Step 9119: The Upvisor sends a new network slice response to the Slicing administrator.
步骤9120、CP下发rule。Step 9120: The CP sends a rule.
步骤9121、Upvisor对CP下发的rule检查。Step 9121: The Upvisor checks the rule sent by the CP.
当CP向Upvisor下发rule时,Upvisor根据rule中的切片特征值CP IP找到对应的Policy,根据Policy对rule进行检查,1)对用户下发rule的速率进行检查,若下发rule的速率超过Policy中规定的速率,则禁止rule的下发,若小于Policy中规定的速度,则进行2)的检查;2)对rule中的用户带宽进行检查,小于等于Policy的规定的带宽,则进行3)的检查;3)对rule中的动作集进行检查,若rule中的动作都在Policy的动作集中,则说明rule是合法的,否则rule 不合法。When the CP sends a rule to the Upvisor, the Upvisor finds the corresponding policy based on the slice feature value CP IP in the rule. The rule checks the rule according to the policy. 1) Checks the rate at which the user sends the rule. If the rate of the rule is exceeded, the rate is exceeded. The rate specified in the policy prohibits the delivery of the rule. If the speed is less than the speed specified in the policy, check 2); 2) check the bandwidth of the user in the rule, less than or equal to the bandwidth specified by the policy, and then perform 3 Checking; 3) checking the action set in the rule. If the actions in the rule are in the action set of the policy, the rule is legal, otherwise the rule illegal.
步骤9122、Upvisor对CP下发的rule检查合格时,允许将rule下发给GW-U。Step 9122: When the Upvisor passes the rule check issued by the CP, the rule is allowed to be sent to the GW-U.
若对rule的检查都合法,则根据Policy中的对应关系找到GW-U IP对应的真实IP地址,此IP地址是MANO实例化的GW-U的IP地址,与之对应的是每个切片控制面中存储的切片的虚拟IP地址,在Upvisor中保存虚拟IP地址与真实IP地址的对应关系。If the check of the rule is legal, the real IP address corresponding to the GW-U IP is found according to the correspondence in the Policy. The IP address is the IP address of the GW-U instantiated by the MANO, and corresponding to each slice control. The virtual IP address of the slice stored in the face, and the corresponding relationship between the virtual IP address and the real IP address is saved in the Upvisor.
步骤9123、Upvisor对CP下发的rule检查不合格时,不允许将rule下发给GW-U。Step 9123: When the Upvisor fails to check the rule sent by the CP, the rule is not allowed to be sent to the GW-U.
步骤9124、如果rule检查不合格,向CP发送下发rule失败响应。Step 9124: If the rule check fails, the system sends a rule failure response to the CP.
在本发明实施例中新建切片时,将切片的Policy以及切片特征值配置到Upvisor上,Policy中包含原子动作集,真实拓扑与虚拟拓扑的对应关系,下发rule的最大速率,最大带宽。When a new slice is created in the embodiment of the present invention, the policy and the slice feature value of the slice are configured on the Upvisor, and the policy includes the atomic action set, the correspondence between the real topology and the virtual topology, and the maximum rate and maximum bandwidth of the rule.
当创建的网络切片开始工作过程中,在Upvisor收到CP下发的rule时,首先根据切片特征值找到切片对应的Policy,根据Policy对切片的rule进行检查,对于不符合Policy的rule,则拒绝rule的下发,对于符合Policy的rule,根据虚拟拓扑与真实拓扑的对应关系,找到对应的真实GW-U IP,完成rule的下发。这样,对于控制面下发的rule中的原子动作做了限定,用户面不能超过自己的授权的用户面原子功能集合下发rule;Upvisor中保存了虚拟网络拓扑与真实网络拓扑的对应关系,Upvisor能够根据rule中携带的虚拟GW-U IP找到对应的真实GW-U IP。When the created network slice starts working, when the Upvisor receives the rule sent by the CP, it first finds the corresponding policy of the slice according to the slice feature value, checks the rule of the slice according to the policy, and rejects the rule that does not comply with the policy. The rule is delivered. For the rule-compliant rule, the corresponding real GW-U IP is found according to the mapping between the virtual topology and the real topology. In this way, the atomic action in the rule issued by the control plane is limited, and the user plane cannot deliver the rule beyond the authorized user plane atomic function set; the Upvisor stores the correspondence between the virtual network topology and the real network topology, Upvisor The corresponding real GW-U IP can be found according to the virtual GW-U IP carried in the rule.
为了详细阐述网络切片的创建过及对控制面网元下发的规则检查程,在本发明提供的又一实施例中,由Upvisor判断是否需要创建新的GW-U及CP,Upvisor与MANO进行交互,并且由Upvisor生成切片的Policy规则,如图11所示,Slicing administrator、MANO、CP、Upvisor及GW-U等相互间的数据交互可以包括以下执行流程:In another embodiment provided by the present invention, the Upvisor determines whether it is necessary to create a new GW-U and a CP, and the Upvisor and the MANO perform the rule checking process of the network slice and the control plane. Interaction, and the Policy rules of the slice are generated by the Upvisor. As shown in FIG. 11, the data interaction between the Slicing administrator, MANO, CP, Upvisor, and GW-U may include the following execution processes:
步骤9211、运营商服务器获取购买者的网络切片需求信息。Step 9211: The operator server obtains network slice requirement information of the purchaser.
切片购买者通过一个Web界面填写自己的需求,需求中可能包括单用户最大带宽、业务时延、总吞吐率、冗余、热迁移;忙时业务规模:用户数、SR数/释放数、寻呼数、承载数(缺省+专用)、承载激活速率、每承载话单数、数据 包长、上下行流量占比、拓扑需求,切片原子动作集等指标信息。点击生成切片按钮,向运营商的服务器发送切片请求。The slice purchaser fills in his own requirements through a web interface. The requirements may include single user maximum bandwidth, service delay, total throughput, redundancy, and hot migration. Busy business scale: number of users, number of SRs/releases, and search Number of calls, number of bearers (default + dedicated), bearer activation rate, number of messages per bearer, data Packet length, uplink and downlink traffic ratio, topology requirements, slice atomic action sets and other indicators. Click the Generate Slice button to send a slice request to the carrier's server.
步骤9212、运营商服务器向Slicing administrator发送网络切片创建信息。Step 9212: The operator server sends the network slice creation information to the Slicing administrator.
步骤9213、Slicing administrator向Upvisor发送新建网络切片请求。Step 9213: The Slicing administrator sends a new network slice request to the Upvisor.
新建网络切片请求和网络切片创建信息均携带有上述网络切片需求信息中的指标信息。Both the newly created network slice request and the network slice creation information carry the indicator information in the network slice requirement information.
步骤9214、Upvisor向MANO发送新建网元请求。In step 9214, the Upvisor sends a new network element request to the MANO.
Upvisor接收到新建网络切片请求时,判断需要新建的控制面网元以及用户面网元,并向MANO发送新建网元请求。When receiving the new network slice request, the Upvisor determines the new control plane network element and the user plane network element, and sends a new network element request to MANO.
步骤9215、MANO实例化控制面网元和用户面网元。Step 9215: The MANO instantiates the control plane network element and the user plane network element.
MANO收到新建网元请求后,实例化控制面以及用户面网元,向Upvisor发送新建网元响应,并且将新生成的网元的IP地址以及接口信息发送给Upvisor,Upvisor收到MANO的新建切片响应后生成切片的Policy<max_rate,max_width,action set,<(virtual GW-U IP,port[]),(GW-U IP,port[])>[]>>,并且将Policy与CP IP的映射关系进行关联,Policy中包含CP下发rule的最大速率,用户带宽的最大值,原子动作集(计费、合法监听、寻呼、DPI、IPsec、NAT、HTTP头增强、缓存等),真实网络拓扑与虚拟网络拓扑的对应关系,对应关系包含真实IP地址与虚拟IP地址的对应关系After receiving the request for creating a new NE, MANO instantiates the control plane and the user plane NE, sends a new NE response to the Upvisor, and sends the newly generated NE address and interface information to the Upvisor. The Upvisor receives the new MANO. After the slice response, generate the slice's Policy<max_rate, max_width, action set, <(virtual GW-U IP,port[]), (GW-U IP,port[])>[]>>, and the Policy and CP IP The mapping relationship is related. The policy includes the maximum rate of the rule issued by the CP, the maximum user bandwidth, and the atomic action set (billing, lawful interception, paging, DPI, IPsec, NAT, HTTP header enhancement, cache, etc.). Correspondence between the real network topology and the virtual network topology, and the correspondence relationship between the real IP address and the virtual IP address
步骤9216、MANO向Upvisor发送新建网元响应。Step 9216: The MANO sends a new network element response to the Upvisor.
步骤9217、MANO生成新的网元IP地址及接口信息,并将该网元IP地址及接口信息发送给Upvisor。Step 9217: The MANO generates a new network element IP address and interface information, and sends the network element IP address and interface information to the Upvisor.
步骤9218、Upvisor生成网络切片的Policy。Step 9218: The Upvisor generates a policy of the network slice.
步骤9219、Upvisor向GW-U发送连接请求。In step 9219, the Upvisor sends a connection request to the GW-U.
此步的连接建立请求只发生在Upvisor与新建的GW-U之间,若没有新的GW-U产生,则此步不存在。The connection establishment request for this step only occurs between the Upvisor and the newly created GW-U. If no new GW-U is generated, this step does not exist.
步骤9220、GW-U向Upvisor发送连接建立响应。In step 9220, the GW-U sends a connection establishment response to the Upvisor.
步骤9221、Upvisor向CP发送连接请求。 Step 9221: The Upvisor sends a connection request to the CP.
步骤9222、CP向Upvisor发送连接建立响应。Step 9222: The CP sends a connection establishment response to the Upvisor.
步骤9223、Upvisor向Slicing administrator发送新建网络切片响应。In step 9223, the Upvisor sends a new network slice response to the Slicing administrator.
步骤9224、CP下发rule。Step 9224, the CP issues a rule.
步骤9225、Upvisor对CP下发的rule检查。Step 9225: The Upvisor checks the rule sent by the CP.
当CP向Upvisor下发rule时,Upvisor根据rule中的切片特征值CP IP找到对应的Policy,根据Policy对rule进行检查,1)对用户下发rule的速率进行检查,若下发rule的速率超过Policy中规定的速率,则禁止rule的下发,若小于Policy中规定的速度,则进行2)的检查;2)对rule中的用户带宽进行检查,小于等于Policy的规定的带宽,则进行3)的检查;3)对rule中的动作集进行检查,若rule中的动作都在Policy的动作集中,则说明rule是合法的,否则rule不合法。When the CP sends a rule to the Upvisor, the Upvisor finds the corresponding policy based on the slice feature value CP IP in the rule. The rule checks the rule according to the policy. 1) Checks the rate at which the user sends the rule. If the rate of the rule is exceeded, the rate is exceeded. The rate specified in the policy prohibits the delivery of the rule. If the speed is less than the speed specified in the policy, check 2); 2) check the bandwidth of the user in the rule, less than or equal to the bandwidth specified by the policy, and then perform 3 3) Check the action set in the rule. If the action in the rule is in the action set of the policy, the rule is legal, otherwise the rule is invalid.
步骤9226、Upvisor对CP下发的rule检查合格时,允许将rule下发给GW-U。Step 9226: When the Upvisor passes the rule check issued by the CP, the rule is allowed to be sent to the GW-U.
若对rule的检查都合法,则根据Policy中的对应关系找到GW-U IP对应的真实IP地址,此IP地址是MANO实例化的GW-U的IP地址,与之对应的是每个切片控制面中存储的切片的虚拟IP地址,在Upvisor中保存虚拟IP地址与真实IP地址的对应关系。If the check of the rule is legal, the real IP address corresponding to the GW-U IP is found according to the correspondence in the Policy. The IP address is the IP address of the GW-U instantiated by the MANO, and corresponding to each slice control. The virtual IP address of the slice stored in the face, and the corresponding relationship between the virtual IP address and the real IP address is saved in the Upvisor.
步骤9227、Upvisor对CP下发的rule检查不合格时,不允许将rule下发给GW-U。Step 9227: When the Upvisor fails to check the rule sent by the CP, the rule is not allowed to be sent to the GW-U.
步骤9228、如果rule检查不合格,Upvisor向CP发送下发rule失败响应。In step 9228, if the rule check fails, the Upvisor sends a rule failure response to the CP.
本发明实施例中,在新建切片时,Upvisor从slice administrator收到表征切片的话务模型的信息后,结合已有的用户面的网元信息,规划出需要实例化的用户面网元以及控制面网元,向MANO发送新建网元请求,在收到新建网元响应后与控制面网元以及用户面网元分别建立连接,并生成切片的Policy,Policy中包含原子动作集,真实拓扑与虚拟拓扑的对应关系,下发rule的最大速率,用户最大带宽等。In the embodiment of the present invention, after the new profile is received, the Upvisor receives the information representing the sliced traffic model from the slice administrator, and combines the network element information of the existing user plane to plan the user plane network element and the control that need to be instantiated. The surface network element sends a new network element request to the MANO. After receiving the response of the new network element, it establishes a connection with the control plane network element and the user plane network element respectively, and generates a sliced policy. The policy contains an atomic action set, and the real topology and Correspondence of the virtual topology, the maximum rate at which the rule is delivered, and the maximum bandwidth of the user.
当切片开始工作时,Upvisor收到CP下发的rule时,首先根据切片特征值找到切片对应的Policy,根据Policy对切片的rule进行检查,对于不符合Policy的rule,则拒绝rule的下发,对于符合Policy的rule,根据虚拟拓扑与真实拓扑的对应关系,找到对应的真实GW-U IP,完成rule的下发。这样,对于控制面 下发的rule中的原子动作做了限定,用户面不能超过自己的用户面原子功能范围下发rule;Upvisor中保存了虚拟网络拓扑与真实网络拓扑的对应关系,Upvisor能够根据rule中携带的虚拟GW-U IP找到对应的真实GW-U IP。When the slice starts working, when the Upvisor receives the rule sent by the CP, it first finds the corresponding policy of the slice according to the slice feature value, and checks the rule of the slice according to the policy. For the rule that does not comply with the policy, the rule is rejected. For the rule-compliant rule, the corresponding real GW-U IP is found according to the correspondence between the virtual topology and the real topology, and the rule is delivered. In this way, for the control surface The atomic action in the issued rule is limited, the user plane can not exceed the radius of its own user plane atomic function; the Upvisor saves the correspondence between the virtual network topology and the real network topology, and the Upvisor can be based on the virtual carried in the rule. The GW-U IP finds the corresponding real GW-U IP.
在本发明提供的又一实施例中,根据需要,还可以对建立的网络切片进行修改,即slice administrator向Upvisor发送切片修改请求,该请求携带所需修改的Policy信息;修改成功后,在CP在下发rule时,Upvisor则根据修改后的Policy信息对下发的rule进行管理,如下图12所示,Slicing administrator、MANO、CP、Upvisor及GW-U等相互间的数据交互可以包括以下执行流程:In another embodiment provided by the present invention, the established network slice may be modified according to requirements, that is, the slice administrator sends a slice modification request to the Upvisor, where the request carries the policy information to be modified; after the modification succeeds, in the CP When the rule is delivered, the Upvisor manages the issued rule according to the modified policy information. As shown in Figure 12, the data interaction between the Slicing administrator, MANO, CP, Upvisor, and GW-U can include the following execution processes. :
步骤9311、运营商服务器获取购买者的网络切片需求信息。Step 9311: The operator server obtains network slice requirement information of the purchaser.
切片购买者通过一个Web界面填写自己的需求,需求中可能包括单用户最大带宽、业务时延、总吞吐率、冗余、热迁移;忙时业务规模:用户数、SR数/释放数、寻呼数、承载数(缺省+专用)、承载激活速率、每承载话单数、数据包长、上下行流量占比、拓扑需求,切片原子动作集。点击生成切片按钮,向运营商的服务器发送切片请求。The slice purchaser fills in his own requirements through a web interface. The requirements may include single user maximum bandwidth, service delay, total throughput, redundancy, and hot migration. Busy business scale: number of users, number of SRs/releases, and search Number of calls, number of bearers (default + dedicated), bearer activation rate, number of bearers per bearer, packet length, proportion of uplink and downlink traffic, topology requirements, slice atomic action set. Click the Generate Slice button to send a slice request to the carrier's server.
步骤9312、运营商服务器向Slicing administrator发送网络切片修改信息。Step 9312: The operator server sends the network slice modification information to the Slicing administrator.
slice administrator向Upvisor发送“Update_Slice_GW-U_Source<CP IP,max_rate,max_width,action set,<(virtual GW-U IP,port[]),(GW-U IP,port[])>[]>>”,其中的Policy信息是根据切片新的话务模型制定的。The slice administrator sends "Update_Slice_GW-U_Source<CP IP, max_rate, max_width, action set, <(virtual GW-U IP,port[]), (GW-U IP,port[])>[]>>" to the Upvisor, The Policy information is based on the new traffic model of the slice.
步骤9313、Slicing administrator判断是否需要对用户面网元扩容或新建,以及判断是否需要修改网络切片的Policy。In step 9313, the Slicing administrator determines whether the user plane NE needs to be expanded or newly created, and whether the network slice policy needs to be modified.
步骤9314、如果需要对用户面网元扩容或新建,Slicing administrator向MANO发送扩容请求/新建请求。Step 9314: If the user plane network element needs to be expanded or newly created, the Slicing administrator sends a capacity expansion request/new request to the MANO.
步骤9315、如果需要修改网络切片的Policy,Slicing administrator向Upvisor发送修改请求。Step 9315: If the policy of the network slice needs to be modified, the Slicing administrator sends a modification request to the Upvisor.
步骤9316、Upvisor向GW-U发送连接请求。In step 9316, the Upvisor sends a connection request to the GW-U.
步骤9317、GW-U向Upvisor发送新建会话响应。In step 9317, the GW-U sends a new session response to the Upvisor.
步骤9318、Upvisor对CP下发的rule检查。Step 9318: The Upvisor checks the rule sent by the CP.
步骤9319、如果rule合格,Upvisor向GW-U下发rule。 In step 9319, if the rule is qualified, the Upvisor issues a rule to the GW-U.
步骤9320、如果rule不合格,Upvisor禁止rule下发。In step 9320, if the rule fails, Upvisor prohibits the release of the rule.
步骤9321、Upvisor向CP发送rule失败响应。Step 9321, the Upvisor sends a rule failure response to the CP.
本发明实施例中,slicing administrator将修改后的Policy发送给Upvisor,Upvisor将需要修改的网络切片Policy信息上报给CP;在CP向GW-U下发rule时,Upvisor根据修改后的policy信息对rule进行统一管控。In the embodiment of the present invention, the slicing administrator sends the modified policy to the Upvisor, and the Upvisor reports the modified network slice policy information to the CP. When the CP sends a rule to the GW-U, the Upvisor uses the modified policy information to the rule. Conduct unified management and control.
在对网络切片进行修改的又一实施例中,slice administrator向Upvisor发送切片修改信令,携带网络切片所需修改的Policy信息;修改成功后,CP在下发rule时,Upvisor则根据新的Policy信息对下发的rule进行管理,如下图13所示,Slicing administrator、MANO、CP、Upvisor及GW-U等相互间的数据交互可以包括以下执行流程:In another embodiment of modifying the network slice, the slice administrator sends the slice modification signaling to the Upvisor, and carries the policy information to be modified by the network slice. After the modification succeeds, the Upvisor sends the rule information according to the new policy information. The issued rules are managed. As shown in Figure 13, the data interaction between the Slicing administrator, MANO, CP, Upvisor, and GW-U can include the following execution processes:
步骤9411、运营商服务器获取购买者的网络切片需求信息。Step 9411: The operator server obtains the network slice requirement information of the purchaser.
切片购买者通过一个Web界面填写自己的需求,需求中可能包括单用户最大带宽、业务时延、总吞吐率、冗余、热迁移;忙时业务规模:用户数、SR数/释放数、寻呼数、承载数(缺省+专用)、承载激活速率、每承载话单数、数据包长、上下行流量占比、拓扑需求,切片原子动作集。点击生成切片按钮,向运营商的服务器发送切片请求。The slice purchaser fills in his own requirements through a web interface. The requirements may include single user maximum bandwidth, service delay, total throughput, redundancy, and hot migration. Busy business scale: number of users, number of SRs/releases, and search Number of calls, number of bearers (default + dedicated), bearer activation rate, number of bearers per bearer, packet length, proportion of uplink and downlink traffic, topology requirements, slice atomic action set. Click the Generate Slice button to send a slice request to the carrier's server.
步骤9412、运营商服务器向Slicing administrator发送网络切片修改信息。Step 9412: The operator server sends the network slice modification information to the Slicing administrator.
步骤9413、Slicing administrator向Upvisor发送切片修改请求。In step 9413, the Slicing administrator sends a slice modification request to the Upvisor.
步骤9414、Upvisor判断是否需要对用户面网元扩容或新建,以及判断是否需要修改网络切片的Policy。In step 9414, the Upvisor determines whether the user plane NE needs to be expanded or newly created, and whether the policy of the network slice needs to be modified.
Upvisor根据收到的一些指标判断是否需要新建网元或者对某些网元进行扩容,或者是否需要修改切片的Policy,若slicing administrator判断需要新建网元或者对某些网元进行扩容,则向MANO发送新建切片/扩容请求。The Upvisor determines whether it is necessary to create a new NE or to expand a certain NE, or whether to modify the policy of the slice. If the slicing administrator determines that a new NE or a certain NE is to be expanded, Send a new slice/expansion request.
步骤9415、如果需要对用户面网元扩容或新建,Upvisor向MANO发送扩容请求/新建请求。Step 9415: If the user plane NE needs to be expanded or newly created, the Upvisor sends a capacity expansion request/new request to the MANO.
步骤9416、如果需要修改网络切片的Policy,Upvisor向Slicing administrator发送修改请求。Step 9416: If the policy of the network slice needs to be modified, the Upvisor sends a modification request to the Slicing administrator.
步骤9417、Upvisor向GW-U发送连接请求。 In step 9417, the Upvisor sends a connection request to the GW-U.
步骤9418、GW-U向Upvisor发送新建会话响应。In step 9418, the GW-U sends a new session response to the Upvisor.
步骤9419、Upvisor对CP下发的rule检查。In step 9419, the Upvisor checks the rule sent by the CP.
可以参见上述实施例,这里不再赘述。For details, refer to the above embodiments, and details are not described herein again.
步骤9420、如果rule合格,Upvisor向GW-U下发rule。In step 9420, if the rule is qualified, the Upvisor issues a rule to the GW-U.
步骤9421、如果rule不合格,Upvisor禁止rule下发。Step 9421. If the rule fails, Upvisor prohibits the release of the rule.
步骤9422、Upvisor向CP发送rule失败响应。Step 9422: The Upvisor sends a rule failure response to the CP.
本发明实施例中,slicing administrator将切片的性能指标发送给Upvisor,Upvisor根据收到的指标判断是否需要新建或者扩容GW-U,并且生成新的Policy;在CP向GW-U下发rule时,Upvisor根据修改后的policy信息对rule进行统一管控。In the embodiment of the present invention, the slicing administrator sends the performance index of the slice to the Upvisor, and the Upvisor determines whether it needs to create or expand the GW-U according to the received indicator, and generates a new policy; when the CP sends a rule to the GW-U, The Upvisor controls the rule based on the modified policy information.
本发明实施例提供的基于网络切片的用户面共享方法,监督管理器获取到目标网络切片的目标配置策略;在目标控制面网元向目标用户面网元发送目标规则时,监督管理器会分别判断目标规则下发的功能集合是否为用户面原子功能集合的子集、目标规则下发的频度是否小于目标频度以及目标规则下发的带宽是否大于目标带宽等条件,只有在控制面网元下发的目标规则满足相关条件时,监督管理器才将目标规则发送给目标用户面网元。这样通过监督管理器对控制面网元下发的目标规则统一管控,可以有效防止目标网络切片越界使用未授权的用户面原子功能,进而避免影响其他网络切片的正常运行。并且目标配置策略还包括目标网络切片中真实网络拓扑与虚拟网络拓扑节点间的对应关系,使得目标控制面网元不能直接获取用户面网元真是的网络节点,有利于用户面网元的安全性。在需要对建立的网络切片进行修改时,还可以对网络切片进行修改,如对用户面网元扩容,或者修改网络切片中的配置策略等。According to the network slice-based user plane sharing method provided by the embodiment of the present invention, the supervisor manager obtains the target configuration policy of the target network slice; when the target control plane network element sends the target rule to the target user plane network element, the supervisory manager separately Determining whether the function set delivered by the target rule is a subset of the user plane atomic function set, whether the frequency of the target rule is less than the target frequency, and whether the bandwidth delivered by the target rule is greater than the target bandwidth, etc., only in the control network When the target rule issued by the element satisfies the relevant conditions, the supervisory manager sends the target rule to the target user plane network element. In this way, the unified management and control of the target rules issued by the control plane network element can effectively prevent the target network slice from crossing the boundary using the unauthorized user plane atom function, thereby avoiding affecting the normal operation of other network slices. And the target configuration policy further includes the correspondence between the real network topology and the virtual network topology node in the target network slice, so that the target control plane network element cannot directly obtain the network node of the user plane network element, which is beneficial to the security of the user plane network element. . When you need to modify the established network slice, you can also modify the network slice, such as expanding the user plane network element or modifying the configuration policy in the network slice.
通过以上的方法实施例的描述,所属领域的技术人员可以清楚地了解到本发明可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:只读存储器(ROM)、随机存 取存储器(RAM)、磁碟或者光盘等各种可以存储程序代码的介质。Through the description of the above method embodiments, those skilled in the art can clearly understand that the present invention can be implemented by means of software plus a necessary general hardware platform, and of course, can also be through hardware, but in many cases, the former is better. Implementation. Based on such understanding, the technical solution of the present invention, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium, including a plurality of instructions for causing a A computer device (which may be a personal computer, server, or network device, etc.) performs all or part of the steps of the methods described in various embodiments of the present invention. The foregoing storage medium includes: a read only memory (ROM), and a random storage Take a variety of media that can store program code, such as memory (RAM), disk, or optical disk.
另外,作为对上述各实施例的实现,本发明实施例还提供了一种基于网络切片的用户面共享装置,该装置应用于包含监督管理器的核心网中,如图14所示,该装置包括:In addition, as an implementation of the foregoing embodiments, the embodiment of the present invention further provides a user plane sharing device based on a network slice, and the device is applied to a core network including a supervisory manager, as shown in FIG. include:
目标配置策略获取模块10,用于获取目标网络切片的目标配置策略,所述目标配置策略包括用户面原子功能集合;The target configuration policy obtaining module 10 is configured to acquire a target configuration policy of the target network slice, where the target configuration policy includes a user plane atom function set;
目标规则判断模块20,用于在所述目标控制面网元向所述目标用户面网元发送目标规则时,判断所述目标规则下发的功能集合是否为所述用户面原子功能集合的子集;The target rule determining module 20 is configured to determine, when the target control plane network element sends the target rule to the target user plane network element, whether the function set delivered by the target rule is a child of the user plane atomic function set set;
目标规则下发模块30,用于在所述目标规则下发的功能集合为用户面原子功能集合的子集时,将所述目标规则发送给所述目标用户面网元。The target rule issuance module 30 is configured to send the target rule to the target user plane network element when the function set sent by the target rule is a subset of the user plane atomic function set.
在本发明又一实施例中,基于图14,如图15所示,所述目标配置策略,还包括:目标频度和目标带宽;所述装置还包括:In another embodiment of the present invention, based on FIG. 14, as shown in FIG. 15, the target configuration policy further includes: a target frequency and a target bandwidth; the device further includes:
频度判断模块40,用于判断所述目标规则下发的频度是否小于所述目标频度;The frequency determining module 40 is configured to determine whether the frequency of the target rule delivery is less than the target frequency;
带宽判断模块50,用于在所述目标规则下发的频度小于所述目标频度时,所述监督管理器判断所述目标规则下发的带宽是否不大于所述目标带宽。The bandwidth judging module 50 is configured to determine whether the bandwidth delivered by the target rule is not greater than the target bandwidth when the frequency of the target rule is less than the target frequency.
在本发明又一实施例中,基于图14,如图16所示,所述监督管理器分别与切片管理器、管理编排域通信连接,所述装置还包括:In another embodiment of the present invention, based on FIG. 14, as shown in FIG. 16, the supervisory manager is respectively connected to the slice manager and the management orchestration domain, and the device further includes:
第一网络切片创建信息获取模块60,用于获取网络切片创建信息;The first network slice creation information obtaining module 60 is configured to acquire network slice creation information.
第一网络切片创建指令发送模块70,用于根据所述网络切片创建信息,向所述管理编排域发送网络切片创建指令;The first network slice creation instruction sending module 70 is configured to send a network slice creation instruction to the management orchestration domain according to the network slice creation information;
第一网络切片创建模块80,用于根据所述网络切片创建指令,创建目标控制面网元和目标用户面网元;a first network slice creation module 80, configured to create a target control plane network element and a target user plane network element according to the network slice creation instruction;
第一新建网络切片请求发送模块90,用于在在所述切片管理器获取到所述管理编排域发送的网络切片创建响应时,向所述监督管理器发送包含所述目标配置策略的新建网络切片请求。a first new network slice request sending module 90, configured to send a new network including the target configuration policy to the supervisor manager when the slice manager obtains a network slice creation response sent by the management orchestration domain Slice request.
在本发明又一实施例中,基于图14,如图17所示,所述目标配置策略,还 包括:真实网络拓扑结构与虚拟网络拓扑结构之间节点的对应关系,所述目标规则下发模块30,包括:In still another embodiment of the present invention, based on FIG. 14, as shown in FIG. 17, the target configuration policy is further The method includes: a mapping between a real network topology and a virtual network topology, where the target rule is delivered by the module 30, including:
虚拟IP地址获取子模块31,用于获取所述虚拟网络拓扑结构中的虚拟IP地址;a virtual IP address obtaining sub-module 31, configured to acquire a virtual IP address in the virtual network topology;
真实IP地址确定子模块32,用于根据所述真实网络拓扑结构与虚拟网络拓扑结构之间的对应关系,确定出所述虚拟IP地址对应的真实IP地址;The real IP address determining sub-module 32 is configured to determine a real IP address corresponding to the virtual IP address according to the correspondence between the real network topology and the virtual network topology;
目标规则发送子模块33,用于将所述目标规则发送给所述真实IP地址对应的目标用户面网元。The target rule sending sub-module 33 is configured to send the target rule to the target user plane network element corresponding to the real IP address.
在本发明又一实施例中,基于图14,如图18所示,所述装置还包括:In still another embodiment of the present invention, based on FIG. 14, as shown in FIG. 18, the apparatus further includes:
目标规则修改模块91,用于在所述目标规则中的功能集合不是用户面原子功能集合的子集时,根据所述目标配置策略对所述目标规则修改,得到修改目标规则,并将所述修改目标规则发送给所述目标用户面网元,以使所述修改目标规则中的功能集合为所述用户面原子功能集合的子集;The target rule modification module 91 is configured to modify the target rule according to the target configuration policy when the function set in the target rule is not a subset of the user plane atom function set, obtain a modification target rule, and obtain the Transmitting a target rule to the target user plane network element, so that the function set in the modification target rule is a subset of the user plane atomic function set;
或者,禁止目标规则下发模块92,用于禁止将所述目标规则下发给所述目标用户面网元。Alternatively, the target rule issuance module 92 is disabled to send the target rule to the target user plane network element.
其中,本发明实施例中,所述用户面原子功能集合,包括下述的一种或几种组合:计费、合法监听、寻呼、深度报文检测DPI、协议安全性IPsec、网络地址转换NAT、超文本传输协议HTTP头增强和缓存。In the embodiment of the present invention, the user plane atomic function set includes one or several combinations of the following: charging, lawful interception, paging, deep packet detection DPI, protocol security IPsec, and network address translation. NAT, Hypertext Transfer Protocol HTTP header enhancement and caching.
在本发明又一实施例中,基于图14,如图19所示,所述目标配置策略获取模块10,包括:In another embodiment of the present invention, based on FIG. 14, as shown in FIG. 19, the target configuration policy obtaining module 10 includes:
目标特征值获取子模块11,用于获取所述目标网络切片的目标特征值。The target feature value obtaining sub-module 11 is configured to acquire a target feature value of the target network slice.
目标配置策略子模块12,用于获取与所述目标特征值相对应的目标配置策略。The target configuration policy sub-module 12 is configured to acquire a target configuration policy corresponding to the target feature value.
在本发明又一实施例中,基于图14,如图20所示,所述监督管理器分别与切片管理器、管理编排域通信连接,所述装置还包括:In another embodiment of the present invention, based on FIG. 14, as shown in FIG. 20, the supervisor manager is respectively connected to the slice manager and the management orchestration domain, and the device further includes:
第二网络切片创建信息获取模块93,用于获取所述切片管理器发送的网络切片创建信息;a second network slice creation information obtaining module 93, configured to acquire network slice creation information sent by the slice manager;
第二网络切片创建指令发送模块94,用于根据所述网络切片创建信息,向 所述管理编排域发送网络切片创建指令;a second network slice creation instruction sending module 94, configured to create information according to the network slice, to The management orchestration domain sends a network slice creation instruction;
第二网络切片创建模块95,用于根据所述创建网络切片网元指令,创建目标控制面网元和目标用户面网元。The second network slice creation module 95 is configured to create a target control plane network element and a target user plane network element according to the creating a network slice network element instruction.
关于上述实施例中的装置,其中各个模块执行操作的具体方式已经在有关该方法的实施例中进行了详细描述,此处将不做详细阐述说明。With regard to the apparatus in the above embodiments, the specific manner in which the respective modules perform the operations has been described in detail in the embodiment relating to the method, and will not be explained in detail herein.
本发明实施例提供的基于网络切片的用户面共享装置,监督管理器获取到目标网络切片的目标配置策略;在目标控制面网元向目标用户面网元发送目标规则时,监督管理器会分别判断目标规则下发的功能集合是否为用户面原子功能集合的子集、目标规则下发的频度是否小于目标频度以及目标规则下发的带宽是否大于目标带宽等条件,只有在控制面网元下发的目标规则满足相关条件时,监督管理器才将目标规则发送给目标用户面网元。这样通过监督管理器对控制面网元下发的目标规则统一管控,可以有效防止目标网络切片越界使用未授权的用户面原子功能,进而避免影响其他网络切片的正常运行。并且目标配置策略还包括目标网络切片中真实网络拓扑与虚拟网络拓扑节点间的对应关系,使得目标控制面网元不能直接获取用户面网元真是的网络节点,有利于用户面网元的安全性。在需要对建立的网络切片进行修改时,还可以对网络切片进行修改,如对用户面网元扩容,或者修改网络切片中的配置策略等。According to the network slice-based user plane sharing device provided by the embodiment of the present invention, the supervisor manager obtains the target configuration policy of the target network slice; when the target control plane network element sends the target rule to the target user plane network element, the supervisory manager separately Determining whether the function set delivered by the target rule is a subset of the user plane atomic function set, whether the frequency of the target rule is less than the target frequency, and whether the bandwidth delivered by the target rule is greater than the target bandwidth, etc., only in the control network When the target rule issued by the element satisfies the relevant conditions, the supervisory manager sends the target rule to the target user plane network element. In this way, the unified management and control of the target rules issued by the control plane network element can effectively prevent the target network slice from crossing the boundary using the unauthorized user plane atom function, thereby avoiding affecting the normal operation of other network slices. And the target configuration policy further includes the correspondence between the real network topology and the virtual network topology node in the target network slice, so that the target control plane network element cannot directly obtain the network node of the user plane network element, which is beneficial to the security of the user plane network element. . When you need to modify the established network slice, you can also modify the network slice, such as expanding the user plane network element or modifying the configuration policy in the network slice.
另外,本发明实施例还提供了一种监督管理器,其硬件结构示意图如图21所示。该监督管理器包括处理器510、收发器520、总线530和存储器540。其中,处理器510、收发器520通过总线530通信,存储器540用于存储处理器510可执行指令。In addition, an embodiment of the present invention further provides a supervisor manager, and a hardware structure diagram thereof is shown in FIG. 21. The supervisor manager includes a processor 510, a transceiver 520, a bus 530, and a memory 540. The processor 510 and the transceiver 520 are in communication through a bus 530, and the memory 540 is configured to store the processor 510 executable instructions.
收发器520用于获取目标网络切片的目标配置策略,所述目标配置策略包括用户面原子功能集合,所述目标网络切片包括目标控制面网元和目标用户面网元。The transceiver 520 is configured to acquire a target configuration policy of the target network slice, where the target configuration policy includes a user plane atomic function set, where the target network slice includes a target control plane network element and a target user plane network element.
处理器510用于在所述目标控制面网元向所述目标用户面网元发送目标规则时,所述监督管理器判断所述目标规则下发的功能集合是否为所述用户面原子功能集合的子集;当所述目标规则下发的功能集合为用户面原子功能集合的子集时,所述监督管理器将所述目标规则发送给所述目标用户面网元。The processor 510 is configured to: when the target control plane network element sends the target rule to the target user plane network element, the supervisory manager determines whether the function set delivered by the target rule is the user plane atomic function set The subset manager sends the target rule to the target user plane network element when the function set delivered by the target rule is a subset of the user plane atomic function set.
在一种可选的实施方式中,处理器510用于所述目标规则下发的频度是否 小于所述目标频度,当所述目标规则下发的频度小于所述目标频度时,判断所述目标规则下发的带宽是否不大于所述目标带宽;当所述目标规则下发的带宽不大于所述目标带宽时,将所述目标规则发送给所述目标用户面网元。In an optional implementation manner, the processor 510 is configured to use the frequency of the target rule to be sent. If the frequency of the target rule is less than the target frequency, it is determined whether the bandwidth delivered by the target rule is not greater than the target bandwidth; when the target rule is sent When the bandwidth is not greater than the target bandwidth, the target rule is sent to the target user plane network element.
在一种可选的实施方式中,处理器510用于获取网络切片创建信息;根据所述网络切片创建信息,向所述管理编排域发送网络切片创建指令;根据所述网络切片创建指令,创建目标控制面网元和目标用户面网元;在获取到网络切片创建响应时,发送包含所述目标配置策略的新建网络切片请求。In an optional implementation manner, the processor 510 is configured to acquire network slice creation information, send a network slice creation instruction to the management orchestration domain according to the network slice creation information, and create according to the network slice creation instruction. The target control plane network element and the target user plane network element; when the network slice creation response is obtained, the new network slice request including the target configuration policy is sent.
在一种可选的实施方式中,处理器510用于获取所述切片管理器发送的网络切片创建信息;根据所述网络切片创建信息,向所述管理编排域发送网络切片创建指令;根据所述创建网络切片网元指令,创建目标控制面网元和目标用户面网元;在所述监督管理器获取到所述管理编排域发送的网络切片创建响应时,获取目标网络切片的目标配置策略。In an optional implementation manner, the processor 510 is configured to acquire network slice creation information sent by the slice manager, and send a network slice creation instruction to the management orchestration domain according to the network slice creation information; Creating a network slice network element instruction, creating a target control plane network element and a target user plane network element; obtaining a target configuration policy of the target network slice when the supervisor manager obtains a network slice creation response sent by the management orchestration domain .
在一种可选的实施方式中,处理器510用于获取所述目标网络切片的目标特征值;并获取与所述目标特征值相对应的目标配置策略。In an optional implementation manner, the processor 510 is configured to acquire a target feature value of the target network slice; and acquire a target configuration policy corresponding to the target feature value.
在一种可选的实施方式中,处理器510用于获取所述虚拟网络拓扑结构中的虚拟IP地址;并根据所述真实网络拓扑结构与虚拟网络拓扑结构之间的对应关系,确定出所述虚拟IP地址对应的真实IP地址;将所述目标规则发送给所述真实IP地址对应的目标用户面网元。In an optional implementation manner, the processor 510 is configured to obtain a virtual IP address in the virtual network topology, and determine a location according to the correspondence between the real network topology and the virtual network topology. The real IP address corresponding to the virtual IP address is sent to the target user plane network element corresponding to the real IP address.
在一种可选的实施方式中,处理器510用于当所述目标规则中的功能集合不是用户面原子功能集合的子集时,根据所述目标配置策略对所述目标规则修改,得到修改目标规则,并将所述修改目标规则发送给所述目标用户面网元,以使所述修改目标规则中的功能集合为所述用户面原子功能集合的子集;或者,禁止将所述目标规则下发给所述目标用户面网元。In an optional implementation manner, the processor 510 is configured to modify, according to the target configuration policy, the target rule to be modified when the function set in the target rule is not a subset of the user plane atomic function set. a target rule, and sending the modification target rule to the target user plane network element, so that the function set in the modification target rule is a subset of the user plane atomic function set; or, prohibiting the target The rule is sent to the target user plane network element.
可以理解的是,本发明可用于众多通用或专用的计算系统环境或配置中。例如:个人计算机、服务器计算机、手持设备或便携式设备、平板型设备、多处理器系统、基于微处理器的系统、置顶盒、可编程的消费电子设备、网络PC、小型计算机、大型计算机、包括以上任何系统或设备的分布式计算环境等等。It will be appreciated that the present invention is applicable to a wide variety of general purpose or special purpose computing system environments or configurations. For example: personal computers, server computers, handheld or portable devices, tablet devices, multiprocessor systems, microprocessor based systems, set-top boxes, programmable consumer electronics devices, network PCs, small computers, mainframe computers, including A distributed computing environment of any of the above systems or devices, and the like.
本发明可以在由计算机执行的计算机可执行指令的一般上下文中描述,例如程序模块。一般地,程序模块包括执行特定任务或实现特定抽象数据类型的 例程、程序、对象、组件、数据结构等等。也可以在分布式计算环境中实践本发明,在这些分布式计算环境中,由通过通信网络而被连接的远程处理设备来执行任务。在分布式计算环境中,程序模块可以位于包括存储设备在内的本地和远程计算机存储介质中。The invention may be described in the general context of computer-executable instructions executed by a computer, such as a program module. Generally, program modules include performing specific tasks or implementing specific abstract data types. Routines, programs, objects, components, data structures, and more. The invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are connected through a communication network. In a distributed computing environment, program modules can be located in both local and remote computer storage media including storage devices.
需要说明的是,在本文中,诸如“第一”和“第二”等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。It should be noted that, in this context, relational terms such as "first" and "second" are used merely to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply these There is any such actual relationship or order between entities or operations. Furthermore, the term "comprises" or "comprises" or "comprises" or any other variations thereof is intended to encompass a non-exclusive inclusion, such that a process, method, article, or device that comprises a plurality of elements includes not only those elements but also Other elements, or elements that are inherent to such a process, method, item, or device. An element that is defined by the phrase "comprising a ..." does not exclude the presence of additional equivalent elements in the process, method, item, or device that comprises the element.
本领域技术人员在考虑说明书及实践这里公开的发明后,将容易想到本发明的其它实施方案。本申请旨在涵盖本发明的任何变型、用途或者适应性变化,这些变型、用途或者适应性变化遵循本发明的一般性原理并包括本发明未公开的本技术领域中的公知常识或惯用技术手段。说明书和实施例仅被视为示例性的,本发明的真正范围和精神由下面的权利要求指出。Other embodiments of the invention will be apparent to those skilled in the <RTIgt; The present application is intended to cover any variations, uses, or adaptations of the present invention, which are in accordance with the general principles of the present invention and include common general knowledge or conventional technical means in the art that are not disclosed in the present invention. . The specification and examples are to be considered as illustrative only,
应当理解的是,本发明并不局限于上面已经描述并在附图中示出的精确结构,并且可以在不脱离其范围进行各种修改和改变。本发明的范围仅由所附的权利要求来限制。 It is to be understood that the invention is not limited to the details of the details of The scope of the invention is limited only by the appended claims.

Claims (24)

  1. 一种基于网络切片的用户面共享方法,其特征在于,所述方法包括:A network slice-based user plane sharing method, the method comprising:
    监督管理器获取目标网络切片的目标配置策略,所述目标配置策略包括用户面原子功能集合,所述目标网络切片包括目标控制面网元和目标用户面网元;The supervisory manager obtains a target configuration policy of the target network slice, where the target configuration policy includes a user plane atomic function set, where the target network slice includes a target control plane network element and a target user plane network element;
    当所述目标控制面网元向所述目标用户面网元发送目标规则时,所述监督管理器判断所述目标规则下发的功能集合是否为所述用户面原子功能集合的子集;When the target control plane network element sends the target rule to the target user plane network element, the supervisory manager determines whether the function set delivered by the target rule is a subset of the user plane atomic function set;
    当所述目标规则下发的功能集合为用户面原子功能集合的子集时,所述监督管理器将所述目标规则发送给所述目标用户面网元。When the function set delivered by the target rule is a subset of the user plane atomic function set, the supervisor manager sends the target rule to the target user plane network element.
  2. 根据权利要求1所述的方法,其特征在于,所述目标配置策略,还包括:目标频度和目标带宽;所述方法还包括:The method of claim 1, wherein the target configuration policy further comprises: a target frequency and a target bandwidth; the method further comprising:
    所述监督管理器判断所述目标规则下发的频度是否小于所述目标频度;The supervisory manager determines whether the frequency of the target rule delivery is less than the target frequency;
    当所述目标规则下发的频度小于所述目标频度时,所述监督管理器判断所述目标规则下发的带宽是否不大于所述目标带宽;When the frequency of the target rule is less than the target frequency, the supervisory manager determines whether the bandwidth delivered by the target rule is not greater than the target bandwidth;
    当所述目标规则下发的带宽不大于所述目标带宽时,执行所述监督管理器将所述目标规则发送给所述目标用户面网元的步骤。When the bandwidth delivered by the target rule is not greater than the target bandwidth, the step of the supervisor manager sending the target rule to the target user plane network element is performed.
  3. 根据权利要求1所述的方法,其特征在于,所述监督管理器获取目标网络切片的目标配置策略,包括:The method according to claim 1, wherein the supervisor manager obtains a target configuration policy of the target network slice, including:
    所述监督管理器获取所述目标网络切片的目标特征值;The supervisor manager obtains a target feature value of the target network slice;
    所述监督管理器获取与所述目标特征值相对应的目标配置策略。The supervisor manager obtains a target configuration policy corresponding to the target feature value.
  4. 根据权利要求1所述的方法,其特征在于,所述监督管理器分别与切片管理器、管理编排域通信连接,所述方法还包括:The method according to claim 1, wherein the supervisory manager is in communication with the slice manager and the management orchestration domain, the method further comprising:
    所述切片管理器获取网络切片创建信息;The slice manager obtains network slice creation information;
    所述切片管理器根据所述网络切片创建信息,向所述管理编排域发送网络切片创建指令;The slice manager sends a network slice creation instruction to the management orchestration domain according to the network slice creation information;
    所述管理编排域根据所述网络切片创建指令,创建目标控制面网元和目标用户面网元; The management orchestration domain creates a target control plane network element and a target user plane network element according to the network slice creation instruction;
    在所述切片管理器获取到所述管理编排域发送的网络切片创建响应时,所述切片管理器向所述监督管理器发送包含所述目标配置策略的新建网络切片请求。When the slice manager obtains a network slice creation response sent by the management orchestration domain, the slice manager sends a new network slice request including the target configuration policy to the supervision manager.
  5. 根据权利要求1所述的方法,其特征在于,所述监督管理器分别与切片管理器、管理编排域通信连接,所述方法还包括:The method according to claim 1, wherein the supervisory manager is in communication with the slice manager and the management orchestration domain, the method further comprising:
    所述监督管理器获取所述切片管理器发送的网络切片创建信息;The supervisor manager acquires network slice creation information sent by the slice manager;
    所述监督管理器根据所述网络切片创建信息,向所述管理编排域发送网络切片创建指令;The supervisor manager sends a network slice creation instruction to the management orchestration domain according to the network slice creation information;
    所述管理编排域根据所述创建网络切片网元指令,创建目标控制面网元和目标用户面网元;The management orchestration domain creates a target control plane network element and a target user plane network element according to the step of creating a network slice network element;
    在所述监督管理器获取到所述管理编排域发送的网络切片创建响应时,执行所述监督管理器获取目标网络切片的目标配置策略的步骤。And performing the step of the supervisor manager acquiring a target configuration policy of the target network slice when the supervisor manager obtains the network slice creation response sent by the management orchestration domain.
  6. 根据权利要求1所述的方法,其特征在于,所述目标配置策略,还包括:真实网络拓扑结构与虚拟网络拓扑结构之间节点的对应关系,所述监督管理器将所述目标规则发送给所述目标用户面网元,包括:The method according to claim 1, wherein the target configuration policy further comprises: a correspondence between nodes between the real network topology and the virtual network topology, and the supervisor manager sends the target rule to The target user plane network element includes:
    所述监督管理器获取所述虚拟网络拓扑结构中的虚拟IP地址;The supervisor manager obtains a virtual IP address in the virtual network topology;
    所述监督管理器根据所述真实网络拓扑结构与虚拟网络拓扑结构之间的对应关系,确定出所述虚拟IP地址对应的真实IP地址;Determining, by the supervisory manager, a real IP address corresponding to the virtual IP address according to a correspondence between the real network topology structure and the virtual network topology structure;
    所述监督管理器将所述目标规则发送给所述真实IP地址对应的目标用户面网元。The supervisory manager sends the target rule to the target user plane network element corresponding to the real IP address.
  7. 根据权利要求1所述的方法,其特征在于,所述方法还包括:The method of claim 1 further comprising:
    当所述目标规则中的功能集合不是用户面原子功能集合的子集时,所述监督管理器根据所述目标配置策略对所述目标规则修改,得到修改目标规则,并将所述修改目标规则发送给所述目标用户面网元,以使所述修改目标规则中的功能集合为所述用户面原子功能集合的子集;When the function set in the target rule is not a subset of the user plane atomic function set, the supervisor manager modifies the target rule according to the target configuration policy, obtains a modified target rule, and the modified target rule Sending to the target user plane network element, so that the function set in the modification target rule is a subset of the user plane atomic function set;
    或者,所述监督管理器禁止将所述目标规则下发给所述目标用户面网元。Alternatively, the supervisor manager prohibits sending the target rule to the target user plane network element.
  8. 根据权利要求1至7中任一所述的方法,其特征在于,所述用户面原子功能集合,包括下述的一种或几种组合:计费、合法监听、寻呼、深度 报文检测DPI、协议安全性IPsec、网络地址转换NAT、超文本传输协议HTTP头增强和缓存。The method according to any one of claims 1 to 7, wherein the user plane atomic function set comprises one or several combinations of the following: billing, lawful interception, paging, depth Packet detection DPI, protocol security IPsec, network address translation NAT, hypertext transfer protocol HTTP header enhancement and caching.
  9. 一种基于网络切片的用户面共享装置,其特征在于,应用于包含监督管理器的核心网中,所述装置包括:A network slice-based user plane sharing device is characterized in that it is applied to a core network including a supervisor manager, and the device includes:
    目标配置策略获取模块,用于获取目标网络切片的目标配置策略,所述目标配置策略包括用户面原子功能集合,所述目标网络切片包括目标控制面网元和目标用户面网元;a target configuration policy acquisition module, configured to acquire a target configuration policy of the target network slice, where the target configuration policy includes a user plane atomic function set, where the target network slice includes a target control plane network element and a target user plane network element;
    目标规则判断模块,用于在所述目标控制面网元向所述目标用户面网元发送目标规则时,判断所述目标规则下发的功能集合是否为所述用户面原子功能集合的子集;a target rule judging module, configured to determine, when the target control plane network element sends a target rule to the target user plane network element, whether the function set delivered by the target rule is a subset of the user plane atomic function set ;
    目标规则下发模块,用于在所述目标规则下发的功能集合为用户面原子功能集合的子集时,将所述目标规则发送给所述目标用户面网元。And a target rule sending module, configured to send the target rule to the target user plane network element when the function set sent by the target rule is a subset of the user plane atomic function set.
  10. 根据权利要求9所述的装置,其特征在于,所述目标配置策略,还包括:目标频度和目标带宽;所述装置还包括:The device according to claim 9, wherein the target configuration policy further includes: a target frequency and a target bandwidth; the device further includes:
    频度判断模块,用于判断所述目标规则下发的频度是否小于所述目标频度;a frequency judging module, configured to determine whether a frequency of the target rule is less than the target frequency;
    带宽判断模块,用于在所述目标规则下发的频度小于所述目标频度时,所述监督管理器判断所述目标规则下发的带宽是否不大于所述目标带宽。The bandwidth judging module is configured to: when the frequency of the target rule is less than the target frequency, the supervisory manager determines whether the bandwidth delivered by the target rule is not greater than the target bandwidth.
  11. 根据权利要求9所述的装置,其特征在于,所述目标配置策略获取模块,包括:The apparatus according to claim 9, wherein the target configuration policy acquisition module comprises:
    目标特征值获取子模块,用于获取所述目标网络切片的目标特征值;a target feature value obtaining submodule, configured to acquire a target feature value of the target network slice;
    目标配置策略子模块,用于获取与所述目标特征值相对应的目标配置策略。The target configuration policy sub-module is configured to acquire a target configuration policy corresponding to the target feature value.
  12. 根据权利要求9所述的装置,其特征在于,所述监督管理器分别与切片管理器、管理编排域通信连接,所述装置还包括:The device according to claim 9, wherein the supervisory manager is in communication with the slice manager and the management orchestration domain, and the device further comprises:
    第一网络切片创建信息获取模块,用于获取网络切片创建信息;a first network slice creation information acquisition module, configured to acquire network slice creation information;
    第一网络切片创建指令发送模块,用于根据所述网络切片创建信息,向所述管理编排域发送网络切片创建指令;a first network slice creation instruction sending module, configured to send a network slice creation instruction to the management orchestration domain according to the network slice creation information;
    第一网络切片创建模块,用于根据所述网络切片创建指令,创建目标控 制面网元和目标用户面网元;a first network slice creation module, configured to create a target control according to the network slice creation instruction Face network element and target user plane network element;
    新建网络切片请求发送模块,用于在在所述切片管理器获取到所述管理编排域发送的网络切片创建响应时,向所述监督管理器发送包含所述目标配置策略的新建网络切片请求。And a new network slice request sending module, configured to send a new network slice request including the target configuration policy to the supervisor manager when the slice manager obtains a network slice creation response sent by the management orchestration domain.
  13. 根据权利要求9所述的装置,其特征在于,所述监督管理器分别与切片管理器、管理编排域通信连接,所述装置还包括:The device according to claim 9, wherein the supervisory manager is in communication with the slice manager and the management orchestration domain, and the device further comprises:
    第二网络切片创建信息获取模块,用于获取所述切片管理器发送的网络切片创建信息;a second network slice creation information acquiring module, configured to acquire network slice creation information sent by the slice manager;
    第二网络切片创建指令发送模块,用于根据所述网络切片创建信息,向所述管理编排域发送网络切片创建指令;a second network slice creation instruction sending module, configured to send a network slice creation instruction to the management orchestration domain according to the network slice creation information;
    第二网络切片创建模块,用于根据所述创建网络切片网元指令,创建目标控制面网元和目标用户面网元。And a second network slice creation module, configured to create a target control plane network element and a target user plane network element according to the creating a network slice network element instruction.
  14. 根据权利要求9所述的装置,其特征在于,所述目标配置策略,还包括:真实网络拓扑结构与虚拟网络拓扑结构之间节点的对应关系,所述目标规则下发模块,包括:The apparatus according to claim 9, wherein the target configuration policy further comprises: a correspondence between a node between the real network topology and the virtual network topology, and the target rule delivery module includes:
    虚拟IP地址获取子模块,用于获取所述虚拟网络拓扑结构中的虚拟IP地址;a virtual IP address obtaining submodule, configured to obtain a virtual IP address in the virtual network topology;
    真实IP地址确定子模块,用于根据所述真实网络拓扑结构与虚拟网络拓扑结构之间的对应关系,确定出所述虚拟IP地址对应的真实IP地址;a real IP address determining submodule, configured to determine a real IP address corresponding to the virtual IP address according to the correspondence between the real network topology and the virtual network topology;
    目标规则发送子模块,用于将所述目标规则发送给所述真实IP地址对应的目标用户面网元。The target rule sending submodule is configured to send the target rule to the target user plane network element corresponding to the real IP address.
  15. 根据权利要求9所述的装置,其特征在于,所述装置还包括:The device according to claim 9, wherein the device further comprises:
    目标规则修改模块,用于在所述目标规则中的功能集合不是用户面原子功能集合的子集时,根据所述目标配置策略对所述目标规则修改,得到修改目标规则,并将所述修改目标规则发送给所述目标用户面网元,以使所述修改目标规则中的功能集合为所述用户面原子功能集合的子集;a target rule modification module, configured to modify the target rule according to the target configuration policy when the function set in the target rule is not a subset of the user plane atomic function set, obtain a modified target rule, and modify the target Sending a target rule to the target user plane network element, so that the function set in the modification target rule is a subset of the user plane atomic function set;
    或者,禁止目标规则下发模块,用于禁止将所述目标规则下发给所述目标用户面网元。Alternatively, the target rule issuance module is disabled, and the target rule is prohibited from being sent to the target user plane network element.
  16. 根据权利要求9至15中任一所述的装置,其特征在于,所述用户 面原子功能集合,包括下述的一种或几种组合:计费、合法监听、寻呼、深度报文检测DPI、协议安全性IPsec、网络地址转换NAT、超文本传输协议HTTP头增强和缓存。Apparatus according to any one of claims 9 to 15 wherein said user A set of atomic functions, including one or several of the following: billing, lawful interception, paging, deep packet inspection DPI, protocol security IPsec, network address translation NAT, hypertext transfer protocol HTTP header enhancement, and caching .
  17. 一种监督管理器,其特征在于,包括:收发器和处理器;A supervisory manager, comprising: a transceiver and a processor;
    所述收发器,用于获取目标网络切片的目标配置策略,所述目标配置策略包括用户面原子功能集合,所述目标网络切片包括目标控制面网元和目标用户面网元;The transceiver is configured to acquire a target configuration policy of a target network slice, where the target configuration policy includes a user plane atomic function set, where the target network slice includes a target control plane network element and a target user plane network element;
    所述处理器用于:The processor is used to:
    在所述目标控制面网元向所述目标用户面网元发送目标规则时,判断所述目标规则下发的功能集合是否为所述用户面原子功能集合的子集;When the target control plane network element sends the target rule to the target user plane network element, determining whether the function set delivered by the target rule is a subset of the user plane atomic function set;
    当所述目标规则下发的功能集合为用户面原子功能集合的子集时,将所述目标规则发送给所述目标用户面网元。When the function set delivered by the target rule is a subset of the user plane atomic function set, the target rule is sent to the target user plane network element.
  18. 根据权利要求17所述的监督管理器,其特征在于,所述目标配置策略,还包括:目标频度和目标带宽;所述处理器还用于:The supervisory manager according to claim 17, wherein the target configuration policy further comprises: a target frequency and a target bandwidth; and the processor is further configured to:
    判断所述目标规则下发的频度是否小于所述目标频度;Determining whether the frequency of the target rule delivery is less than the target frequency;
    当所述目标规则下发的频度小于所述目标频度时,判断所述目标规则下发的带宽是否不大于所述目标带宽;When the frequency of the target rule is less than the target frequency, determining whether the bandwidth delivered by the target rule is not greater than the target bandwidth;
    当所述目标规则下发的带宽不大于所述目标带宽时,执行所述将所述目标规则发送给所述目标用户面网元的步骤。And performing the step of sending the target rule to the target user plane network element when the bandwidth delivered by the target rule is not greater than the target bandwidth.
  19. 根据权利要求17所述的监督管理器,其特征在于,所述获取目标网络切片的目标配置策略,包括:The supervisory manager according to claim 17, wherein the acquiring a target configuration policy of the target network slice comprises:
    获取所述目标网络切片的目标特征值;Obtaining a target feature value of the target network slice;
    获取与所述目标特征值相对应的目标配置策略。Obtaining a target configuration policy corresponding to the target feature value.
  20. 根据权利要求17所述的监督管理器,其特征在于,所述监督管理器分别与切片管理器、管理编排域通信连接,所述处理器还用于:The supervisory manager according to claim 17, wherein the supervisor manager is in communication with a slice manager and a management orchestration domain, and the processor is further configured to:
    所述切片管理器获取网络切片创建信息;The slice manager obtains network slice creation information;
    所述切片管理器根据所述网络切片创建信息,向所述管理编排域发送网络切片创建指令; The slice manager sends a network slice creation instruction to the management orchestration domain according to the network slice creation information;
    所述管理编排域根据所述网络切片创建指令,创建目标控制面网元和目标用户面网元;The management orchestration domain creates a target control plane network element and a target user plane network element according to the network slice creation instruction;
    在获取到所述管理编排域发送的网络切片创建响应时,所述切片管理器向所述监督管理器发送包含所述目标配置策略的新建网络切片请求。Upon acquiring the network slice creation response sent by the management orchestration domain, the slice manager sends a new network slice request including the target configuration policy to the supervisor manager.
  21. 根据权利要求17所述的监督管理器,其特征在于,所述监督管理器分别与切片管理器、管理编排域通信连接,所述处理器还用于:The supervisory manager according to claim 17, wherein the supervisor manager is in communication with a slice manager and a management orchestration domain, and the processor is further configured to:
    获取所述切片管理器发送的网络切片创建信息;Obtaining network slice creation information sent by the slice manager;
    根据所述网络切片创建信息,向所述管理编排域发送网络切片创建指令;And sending, according to the network slice creation information, a network slice creation instruction to the management orchestration domain;
    根据所述创建网络切片网元指令,创建目标控制面网元和目标用户面网元;Creating a target control plane network element and a target user plane network element according to the creating a network slice network element instruction;
    在获取到所述管理编排域发送的网络切片创建响应时,执行所述获取目标网络切片的目标配置策略的步骤。And performing the step of acquiring a target configuration policy of the target network slice when acquiring the network slice creation response sent by the management orchestration domain.
  22. 根据权利要求17所述的监督管理器,其特征在于,所述目标配置策略,还包括:真实网络拓扑结构与虚拟网络拓扑结构之间节点的对应关系,所述将所述目标规则发送给所述目标用户面网元,包括:The supervisory manager according to claim 17, wherein the target configuration policy further comprises: a correspondence between nodes between the real network topology and the virtual network topology, and the sending the target rule to the The target user plane network element, including:
    获取所述虚拟网络拓扑结构中的虚拟IP地址;Obtaining a virtual IP address in the virtual network topology;
    根据所述真实网络拓扑结构与虚拟网络拓扑结构之间的对应关系,确定出所述虚拟IP地址对应的真实IP地址;Determining a real IP address corresponding to the virtual IP address according to the correspondence between the real network topology and the virtual network topology;
    将所述目标规则发送给所述真实IP地址对应的目标用户面网元。Sending the target rule to the target user plane network element corresponding to the real IP address.
  23. 根据权利要求17所述的监督管理器,其特征在于,所述处理器还用于:The supervisory manager according to claim 17, wherein the processor is further configured to:
    当所述目标规则中的功能集合不是用户面原子功能集合的子集时,根据所述目标配置策略对所述目标规则修改,得到修改目标规则,并将所述修改目标规则发送给所述目标用户面网元,以使所述修改目标规则中的功能集合为所述用户面原子功能集合的子集;When the function set in the target rule is not a subset of the user plane atomic function set, modify the target rule according to the target configuration policy, obtain a modification target rule, and send the modification target rule to the target a user plane network element, such that the function set in the modification target rule is a subset of the user plane atom function set;
    或者,禁止将所述目标规则下发给所述目标用户面网元。Alternatively, the target rule is prohibited from being sent to the target user plane network element.
  24. 根据权利要求17至23中任一所述的监督管理器,其特征在于,所述用户面原子功能集合,包括下述的一种或几种组合:计费、合法监听、寻 呼、深度报文检测DPI、协议安全性IPsec、网络地址转换NAT、超文本传输协议HTTP头增强和缓存。 The supervisory manager according to any one of claims 17 to 23, wherein said user plane atomic function set comprises one or more of the following combinations: billing, lawful interception, and locating Call, Depth Message Detection DPI, Protocol Security IPsec, Network Address Translation NAT, Hypertext Transfer Protocol HTTP Header Enhancement and Cache.
PCT/CN2016/098997 2016-09-14 2016-09-14 User plane sharing method, device and supervising management device based on network slicing WO2018049583A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/098997 WO2018049583A1 (en) 2016-09-14 2016-09-14 User plane sharing method, device and supervising management device based on network slicing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/098997 WO2018049583A1 (en) 2016-09-14 2016-09-14 User plane sharing method, device and supervising management device based on network slicing

Publications (1)

Publication Number Publication Date
WO2018049583A1 true WO2018049583A1 (en) 2018-03-22

Family

ID=61618578

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/098997 WO2018049583A1 (en) 2016-09-14 2016-09-14 User plane sharing method, device and supervising management device based on network slicing

Country Status (1)

Country Link
WO (1) WO2018049583A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111147436A (en) * 2018-11-05 2020-05-12 华为技术有限公司 Network slice authorization method and communication device
WO2022047749A1 (en) * 2020-09-04 2022-03-10 Oppo广东移动通信有限公司 Communication method and apparatus
CN114827079A (en) * 2022-03-25 2022-07-29 阿里云计算有限公司 Capacity expansion method, equipment and storage medium for network address conversion gateway
CN114980359A (en) * 2022-07-28 2022-08-30 阿里巴巴(中国)有限公司 Data forwarding method, device, equipment, system and storage medium
CN114827079B (en) * 2022-03-25 2024-04-30 阿里云计算有限公司 Capacity expansion method, device and storage medium of network address translation gateway

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103236945A (en) * 2013-04-08 2013-08-07 北京天地互连信息技术有限公司 OpenFlow-based FlowVisor network system
CN103905523A (en) * 2013-12-23 2014-07-02 浪潮(北京)电子信息产业有限公司 Cloud computing network virtualization method and system based on SDN
CN105471954A (en) * 2014-09-11 2016-04-06 北京智梵网络科技有限公司 SDN based distributed control system and user flow optimization method
US20160156596A1 (en) * 2014-11-28 2016-06-02 Wistron Corporation Network security method and network security servo system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103236945A (en) * 2013-04-08 2013-08-07 北京天地互连信息技术有限公司 OpenFlow-based FlowVisor network system
CN103905523A (en) * 2013-12-23 2014-07-02 浪潮(北京)电子信息产业有限公司 Cloud computing network virtualization method and system based on SDN
CN105471954A (en) * 2014-09-11 2016-04-06 北京智梵网络科技有限公司 SDN based distributed control system and user flow optimization method
US20160156596A1 (en) * 2014-11-28 2016-06-02 Wistron Corporation Network security method and network security servo system

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111147436A (en) * 2018-11-05 2020-05-12 华为技术有限公司 Network slice authorization method and communication device
CN111147436B (en) * 2018-11-05 2022-03-11 华为技术有限公司 Network slice authorization method and communication device
WO2022047749A1 (en) * 2020-09-04 2022-03-10 Oppo广东移动通信有限公司 Communication method and apparatus
CN114827079A (en) * 2022-03-25 2022-07-29 阿里云计算有限公司 Capacity expansion method, equipment and storage medium for network address conversion gateway
CN114827079B (en) * 2022-03-25 2024-04-30 阿里云计算有限公司 Capacity expansion method, device and storage medium of network address translation gateway
CN114980359A (en) * 2022-07-28 2022-08-30 阿里巴巴(中国)有限公司 Data forwarding method, device, equipment, system and storage medium
CN114980359B (en) * 2022-07-28 2022-12-27 阿里巴巴(中国)有限公司 Data forwarding method, device, equipment, system and storage medium

Similar Documents

Publication Publication Date Title
US11750455B2 (en) Secure configuration of cloud computing nodes
WO2021017279A1 (en) Cluster security management method and apparatus based on kubernetes and network domain, and storage medium
WO2017152754A1 (en) Method and apparatus for secure communication of software defined network (sdn)
CN105684391B (en) Access control rule based on label automatically generates
WO2018095416A1 (en) Information processing method, device and system
US10558407B2 (en) Availability of devices based on location
EP2283670B1 (en) Security message processing within constrained time
CN103685608B (en) A kind of method and device for automatically configuring secure virtual machine IP address
JP6441950B2 (en) Centralized network configuration in distributed systems
CN103236945A (en) OpenFlow-based FlowVisor network system
CN115118705B (en) Industrial edge management and control platform based on micro-service
WO2023056722A1 (en) Distributed firewall definition method and system
CN104253820A (en) Software defined network safety control system and control method
WO2018049583A1 (en) User plane sharing method, device and supervising management device based on network slicing
WO2019072165A1 (en) Method and device for automatically managing virtualized flow mirroring policy, and storage medium
CN110226155A (en) Context property is collected and handled on host
KR102020049B1 (en) Switch and method for supporting QOS of Multi-Tenant Cloud Service and System having the same switch
Gilani et al. SDN-based multi-level framework for smart home services
CN105683943B (en) Use the distributed network security of the Policy model of logic-based multidimensional label
CN108111461B (en) Method, device, gateway and system for realizing virtual machine access management network
CN115883471A (en) Application gateway and flow management and control method thereof
CN108270718A (en) A kind of control method and system based on Hadoop clusters
Yi et al. SDN/NFV‐enabled performance estimation framework for SFC optimization
Yin Research on security gateway of system wide information management
CN109885379A (en) A kind of cloud invades automation osmosis system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16915968

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16915968

Country of ref document: EP

Kind code of ref document: A1