WO2021204260A1 - 一种基于网际协议版本IPv6的无线网络通信方法和通信设备 - Google Patents
一种基于网际协议版本IPv6的无线网络通信方法和通信设备 Download PDFInfo
- Publication number
- WO2021204260A1 WO2021204260A1 PCT/CN2021/086217 CN2021086217W WO2021204260A1 WO 2021204260 A1 WO2021204260 A1 WO 2021204260A1 CN 2021086217 W CN2021086217 W CN 2021086217W WO 2021204260 A1 WO2021204260 A1 WO 2021204260A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- field
- message
- flow label
- plaintext
- ipv6
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 127
- 238000004891 communication Methods 0.000 title claims abstract description 62
- 230000005540 biological transmission Effects 0.000 claims abstract description 90
- 238000004364 calculation method Methods 0.000 claims description 78
- 238000003860 storage Methods 0.000 claims description 28
- 238000004590 computer program Methods 0.000 claims description 18
- 238000012545 processing Methods 0.000 description 77
- 230000006870 function Effects 0.000 description 34
- 238000010586 diagram Methods 0.000 description 16
- 239000012634 fragment Substances 0.000 description 14
- 238000005516 engineering process Methods 0.000 description 9
- 230000002776 aggregation Effects 0.000 description 8
- 238000004220 aggregation Methods 0.000 description 8
- 238000004422 calculation algorithm Methods 0.000 description 8
- 238000013467 fragmentation Methods 0.000 description 8
- 238000006062 fragmentation reaction Methods 0.000 description 8
- 238000005538 encapsulation Methods 0.000 description 7
- 238000007726 management method Methods 0.000 description 7
- 238000013461 design Methods 0.000 description 6
- 238000010295 mobile communication Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 230000001360 synchronised effect Effects 0.000 description 5
- 230000006399 behavior Effects 0.000 description 4
- 238000013507 mapping Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000009977 dual effect Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 235000008694 Humulus lupulus Nutrition 0.000 description 2
- 238000013475 authorization Methods 0.000 description 2
- 238000005259 measurement Methods 0.000 description 2
- 238000013439 planning Methods 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000003139 buffering effect Effects 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000013508 migration Methods 0.000 description 1
- 230000005012 migration Effects 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
- 230000011218 segmentation Effects 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000001228 spectrum Methods 0.000 description 1
- 230000007480 spreading Effects 0.000 description 1
- 238000003892 spreading Methods 0.000 description 1
- 238000010561 standard procedure Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W28/00—Network traffic management; Network resource management
- H04W28/02—Traffic management, e.g. flow control or congestion control
- H04W28/08—Load balancing or load distribution
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1101—Session protocols
- H04L65/1104—Session initiation protocol [SIP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W40/00—Communication routing or communication path finding
- H04W40/02—Communication route or path selection, e.g. power-based or shortest path routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/38—Flow based routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
- H04L45/7453—Address table lookup; Address filtering using hashing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
- H04W12/106—Packet or message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W28/00—Network traffic management; Network resource management
- H04W28/02—Traffic management, e.g. flow control or congestion control
- H04W28/0252—Traffic management, e.g. flow control or congestion control per individual bearer or channel
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W28/00—Network traffic management; Network resource management
- H04W28/02—Traffic management, e.g. flow control or congestion control
- H04W28/0252—Traffic management, e.g. flow control or congestion control per individual bearer or channel
- H04W28/0263—Traffic management, e.g. flow control or congestion control per individual bearer or channel involving mapping traffic to individual bearers or channels, e.g. traffic flow template [TFT]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/659—Internet protocol version 6 [IPv6] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
Definitions
- This application relates to the field of communication, and more specifically, to a wireless network communication method and communication device based on the Internet Protocol version IPv6.
- IPv4 Internet Protocol version 4
- IPv6 Internet Protocol version 6
- This application provides a wireless network communication method and communication equipment based on the Internet Protocol version IPv6.
- the communication method can realize that the IPv6 packets of the same bearer can be transmitted on the same path, and the IPv6 packets of different bearers can be hashed in Transmission through different transmission paths to achieve load balancing.
- a communication method based on the Internet Protocol version IPv6 is provided.
- the method can be executed by an access network device or a chip in an access network device, or the method can be executed by a core network device or a chip in a core network device.
- the method includes: determining the transmission path of the plaintext IPv6 message according to the tunnel endpoint identifier TEID field in the plaintext IPv6 message, the TEID field is used to indicate the bearer to which the plaintext IPv6 message belongs; State the transmission path of the plaintext IPv6 message to transmit the plaintext IPv6 message.
- the transmission path of the plaintext IPv6 message is determined according to the TEID field of the tunnel endpoint identifier in the plaintext IPv6 message.
- the TEID field of the tunnel endpoint identifier is the bearer identifier. Each bearer TEID field is different. Therefore, according to the plaintext IPv6 message
- the TEID field of the tunnel endpoint identifier in the inside determines the transmission path of the plaintext IPv6 packet, which can ensure that the IPv6 packets of the same bearer can be transmitted on the same path, or the IPv6 packets of different bearers can be hashed and transmitted on different transmission paths. , To achieve load balancing.
- the determining the transmission path of the plaintext IPv6 message according to the tunnel endpoint identifier TEID field in the plaintext IPv6 message includes: according to the plaintext IPv6 message The TEID field of the tunnel endpoint identifier is filled in the Flow Label field of the plaintext IPv6 packet; the first hash value is obtained by hash calculation according to the filled Flow Label field and the first parameter involved in the hash calculation, so The SIP and the DIP are SIP and DIP of the plaintext IPv6 message; the transmission path of the plaintext IPv6 message is determined according to the first hash value.
- the filling of the Flow Label field of the plaintext IPv6 packet according to the TEID field of the tunnel endpoint identifier of the plaintext IPv6 packet includes: adding the The N bits of the TEID field are filled in the N bits of the Flow Label field, and the Flow Label field includes N bits; or, the TEID field and the first parameter are hashed to obtain the second hash value, and the The N bits of the second hash value are filled in the N bits of the Flow Label field, and the Flow Label field includes N bits.
- the Flow Label field of the plaintext IPv6 message includes a first field and a second field
- the TEID field is based on the tunnel endpoint identifier of the plaintext IPv6 message
- Filling the Flow Label field of the flow label of the plaintext IPv6 message includes: intercepting the TEID field with the same length as the first or second field of the Flow Label field, and filling the first field of the Flow Label Or the second field; or, hash the TEID field and the first parameter to obtain a second hash value, and intercept the second hash value with the first field or the second field of the Flow Label field For parts with the same length, fill the first field or the second field of the Flow Label.
- the method further includes: according to each data code of the multiple data chips The FlowLabel field of the slice, the source address SIP and the destination address DIP are hashed to obtain the third hash value.
- the SIP and the DIP are the SIP and DIP of each data chip, where each data The content of the Flow Label field of the chip is the same as the content of the Flow Label field of the plaintext IPv6 message; the transmission path of each data chip is determined according to the third hash value.
- the method further includes: when the plaintext IPv6 message needs to be encrypted for transmission, according to the filled flow label FlowLabel field of the plaintext IPv6 message Fill in the Flow Label field of the ciphertext IPv6 message, the ciphertext IPv6 message is a message encrypted by the plaintext IPv6 message; according to the FlowLabel field of the ciphertext IPv6 message after filling and the hash calculation part Performing a hash calculation with two parameters to obtain a fourth hash value; and determining the transmission path of the ciphertext IPv6 message according to the fourth hash value.
- the filling of the Flow Label field of the ciphertext IPv6 packet according to the filled flow label Flow Label field of the plaintext IPv6 packet includes: the secret
- the content of the Flow Label field of the IPv6 message is the same as the content of the Flow Label field of the plaintext IPv6 message; or, the Flow Label field of the plaintext IPv6 message and the second parameter are combined with each other. It is hoped that a fifth hash value is obtained by calculation, and the Flow Label field of the ciphertext IPv6 packet is filled according to the fifth hash value.
- the Flow Label field of the cipher text message includes a third field and a fourth field, and the cipher text is filled in according to the fifth hash value
- the Flow Label field of an IPv6 message includes: N bits of the Flow Label field of the ciphertext IPv6 message are filled with N bits of the fifth hash value, and the Flow Label field includes N bits; or
- the fifth hash value intercepts the part with the same length as the third field or the fourth field of the Flow Label field of the ciphertext IPv6 message, and fills the third field of the Flow Label field of the ciphertext IPv6 message, or The fourth field.
- the method further includes: filling the Flow Label field of the ciphertext IPv6 packet according to the tunnel endpoint identifier TEID field in the plaintext IPv4 packet, and the secret
- the IPv6 message is the encrypted message of the plaintext message
- the sixth hash value is obtained by hash calculation according to the Flow Label field of the filled ciphertext IPv6 message and the second parameter; according to the sixth The hash value determines the transmission path of the ciphertext IPv6 message.
- the filling of the Flow Label field of the ciphertext IPv6 packet according to the TEID field of the tunnel endpoint identifier in the plaintext IPv4 packet includes: adding the TEID field Fill in the N bits of the Flow Label field of the ciphertext IPv6 message, and the Flow Label field of the ciphertext IPv6 message includes N bits; or, hash the TEID field and the second parameter The seventh hash value is calculated, and the N bits of the seventh hash value are filled into the N bits of the Flow Label field of the ciphertext IPv6 message, and the Flow Label field of the ciphertext IPv6 message includes N bits .
- the Flow Label field of the ciphertext IPv6 message includes a fifth field and a sixth field
- the TEID field is based on the tunnel endpoint identifier in the plaintext IPv6 message
- Filling the Flow Label field of the ciphertext IPv6 message includes: intercepting the TEID field with the same length as the fifth or sixth field of the FlowLabel field of the ciphertext IPv6 message, and filling the secret The fifth field or the sixth field of the Flow Label of the IPv6 message; or, hash the TEID field and the second parameter to obtain the eighth hash value, and intercept the eighth hash value with the The fifth field or the sixth field of the Flow Label field of the ciphertext IPv6 packet with the same length is filled in the fifth field or the sixth field of the Flow Label field of the ciphertext IPv6 packet.
- the method further includes: dividing the plaintext IPv4 message into multiple chips; Encrypt each of the multiple chips to obtain the ciphertext message of each chip; fill in the ciphertext of each chip according to the TEID field of the tunnel endpoint identifier in the plaintext Ipv4 message The Flow Label field of the message message; the ninth hash value is obtained by hash calculation according to the Flow Label field and the second parameter of the cipher message message; each ciphertext code is determined according to the ninth hash value The transmission path of the slice.
- the filling of the Flow Label field of the cipher text message of each chip according to the tunnel endpoint identifier TEID field in the plain text IPv4 message includes : Fill the N bits of the TEID field into the N bits of the Flow Label field of the cipher text message of each chip, and the Flow Label field of the cipher text message of each chip includes N bits; or , Hashing the TEID field and the second parameter to obtain the tenth hash value, and filling the N bits of the tenth hash value into the Flow Label field of the cipher text message of each chip N bits, the Flow Label field of the cipher text message of each chip includes N bits.
- the Flow Label field of the ciphertext message of each chip of the plaintext IPv4 message includes a seventh field and an eighth field
- the Filling the Flow Label field of the cipher text message of each chip in the TEID field of the tunnel endpoint identifier in the plain text message includes: intercepting the TEID field and the value of the cipher text message of each chip Fill the seventh or eighth field of the Flow Label field with the same length of the seventh field or eighth field of the cipher text message of each chip; or, combine the TEID field with the first A parameter is hashed to obtain a ninth hash value, and the ninth hash value is intercepted with the same length as the seventh field or the eighth field of the Flow Label field of the cipher text message of each chip , Filling the seventh field or the eighth field of the Flow Label field of the cipher text message of each chip.
- the first parameter includes at least one of the following parameters: SIP of the plaintext IPv6 message, DIP of the plaintext IPv6 message, and Next Header of the plaintext IPv6 message, the source port SPt of the plaintext IPv6 message, and the destination port DPt of the plaintext IPv6 message.
- the second parameter includes at least one of the following parameters: SIP of the ciphertext message, DIP of the ciphertext message, and Next Header of the ciphertext message.
- a communication method based on the Internet Protocol version IPv6 is provided, and the method can be executed by a security gateway device, or can be executed by a chip in the security gateway device.
- the method includes: receiving a plaintext message sent by a core network device; filling the Flow Label field of a ciphertext IPv6 message according to the TEID field of the tunnel endpoint identifier in the plaintext message, and the ciphertext IPv6 message is the The encrypted message of the plaintext message; the first hash value is obtained by hash calculation according to the Flow Label field of the filled ciphertext IPv6 message and the first parameter involved in the hash calculation; according to the first hash value Determine the transmission path of the ciphertext IPv6 message.
- the plaintext message is an IPv6 message or an IPv4 message
- the ciphertext IPv6 message is filled in according to the TEID field of the tunnel endpoint identifier in the plaintext message
- the Flow Label field of the message includes: filling N bits of the TEID field into the Flow Label field of the ciphertext IPv6 message, and the Flow Label field of the ciphertext IPv6 message includes N bits; Alternatively, perform a hash calculation on the TEID field and the first parameter to obtain a second hash value, and fill N bits of the second hash value into N in the Flow Label field of the ciphertext IPv6 packet.
- bit the Flow Label field of the ciphertext IPv6 packet includes N bits.
- the plaintext message is an IPv6 message or an IPv4 message
- the Flow Label field of the ciphertext IPv6 message includes a first field and a second field
- the filling of the Flow Label field of the ciphertext IPv6 message according to the TEID field of the tunnel endpoint identifier in the plaintext message includes: intercepting the TEID field and the first part of the FlowLabel field of the ciphertext IPv6 message.
- the first field or the second field of the Flow Label of the ciphertext IPv6 packet is filled in a field or a part of the second field with the same length; or, the TEID field and the first parameter are hashed to obtain the first field
- Three hash values, the third hash value is intercepted and the part of the same length as the first field or the second field of the FlowLabel field of the ciphertext IPv6 packet is filled in the FlowLabel of the ciphertext IPv6 packet.
- the plaintext message is an IPv6 message
- the flow label of the ciphertext IPv6 message is filled in according to the TEID field of the tunnel endpoint identifier in the plaintext message
- the Flow Label field includes: filling the flow label Flow Label field of the plaintext IPv6 packet according to the tunnel endpoint identification TEID field of the plaintext IPv6 packet; copying the filled flow label Flow Label field of the plaintext IPv6 packet The Flow Label field of the ciphertext IPv6 packet.
- the plaintext message is an IPv6 message
- the method further includes: according to the plaintext IPv6 The TEID field of the tunnel endpoint identifier of the message is filled in the Flow Label field of the plaintext IPv6 message; the plaintext IPv6 message after the FlowLabel field is filled is divided into multiple chips.
- Each chip contains the filled Flow Label field; the Flow Label field of each chip is copied to the Flow Label field of the encrypted cipher text message of each chip; according to the cipher text message Perform hash calculation on the FlowLabel field of the text and the first parameter to obtain a fourth hash value; and determine the transmission path of each cipher text message according to the fourth hash value.
- the filling of the Flow Label field of the plaintext IPv6 packet according to the TEID field of the tunnel endpoint identifier of the plaintext IPv6 packet includes: The N bits of the TEID field are filled with the N bits of the Flow Label field of the plaintext IPv6 message, and the Flow Label field of the plaintext IPv6 message includes N bits; or, the TEID field and the second parameter are hashed The fifth hash value is obtained, and the N bits of the fifth hash value are filled into the N bits of the Flow Label field of the plaintext IPv6 message, and the Flow Label field of the plaintext IPv6 message includes N bits.
- the Flow Label field of the plaintext IPv6 message includes a first field and a second field, and the TEID field according to the tunnel endpoint identifier of the plaintext IPv6 message
- Filling the Flow Label field of the plaintext IPv6 packet includes: intercepting the TEID field with the same length as the first field or the second field of the FlowLabel field of the plaintext IPv6 packet, and filling the plaintext The first field or the second field of the FlowLabel of the IPv6 message; or, hash the TEID field and the second parameter to obtain a sixth hash value, and intercept the sixth hash value with the plaintext
- the first field or the same length part of the second field of the Flow Label field of the IPv6 packet is filled with the first field or the second field of the Flow Label of the plaintext IPv6 packet.
- the plaintext message is an IPv4 message or an IPv6 message
- the method further includes: The plaintext message is divided into a plurality of chips; each of the plurality of chips is encrypted to obtain the ciphertext message of each chip; according to the tunnel endpoint identifier in the plaintext message
- the TEID field fills the Flow Label field of the cipher text message of each chip; performs hash calculation according to the Flow Label field of the cipher text message and the first parameter to obtain the seventh hash value;
- the seventh hash value determines the transmission path of each ciphertext message.
- the filling of the Flow Label field of the cipher text message of each chip according to the TEID field of the tunnel endpoint identifier in the plain text message includes: Fill the N bits of the TEID field into the N bits of the Flow Label field of the cipher text message of each chip, and the Flow Label field of the cipher text message of each chip includes N bits; or Performing hash calculation on the TEID field and the first parameter to obtain an eighth hash value,
- the Flow Label field of the ciphertext message of each chip includes a first field and a second field
- the The tunnel endpoint identifier TEID field fills the Flow Label field of the cipher text message of each chip, including: intercepting the TEID field with the first field of the Flow Label field of the cipher text message of each chip Or the same length part of the second field is filled in the first field or the second field of the Flow Label field of the ciphertext message of each chip; or, the TEID field and the first parameter are hashed to obtain
- the ninth hash value is to intercept the ninth hash value with the same length as the first field or the second field of the Flow Label field of the cipher text message of each chip, and fill in each code The first field or the second field of the Flow Label field of the ciphertext message of the slice.
- the first parameter includes at least one of the following parameters: SIP of the ciphertext message, DIP of the ciphertext message, and Next Header of the ciphertext message.
- the second parameter includes at least one of the following parameters: SIP of the plaintext message, DIP of the plaintext message, and the plaintext message Next Header of the message, the source port SPt of the plaintext message, and the destination port DPt of the plaintext message.
- a communication device including: a processing unit, configured to determine the transmission path of the plaintext IPv6 message according to the tunnel endpoint identifier TEID field in the plaintext IPv6 message; State the transmission path of the plaintext IPv6 message to transmit the plaintext IPv6 message.
- the processing unit is specifically configured to: fill in the Flow Label field of the plaintext IPv6 packet according to the tunnel endpoint identifier TEID field of the plaintext IPv6 packet Perform a hash calculation according to the filled Flow Label field and the first parameter involved in the hash calculation to obtain the first hash value; determine the transmission path of the plaintext IPv6 packet according to the first hash value.
- the processing unit is specifically configured to: fill the N bits of the TEID field into the N bits of the Flow Label field, and the Flow Label field includes N bits. bit; or, hash the TEID field and the first parameter to obtain the second hash value, and fill the N bits of the second hash value into the N bits of the Flow Label field, the Flow Label The field includes N bits.
- the Flow Label field of the plaintext IPv6 message includes a first field and a second field
- the processing unit is specifically configured to include: using the TEID field Intercept the part with the same length as the first field or the second field of the Flow Label field, and fill the first field or the second field of the Flow Label; or, perform a hash calculation on the TEID field and the first parameter to obtain
- the second hash value is a part of the second hash value that is the same length as the first field or the second field of the Flow Label field, and the first field or the second field of the Flow Label is filled.
- the processing unit when the plaintext IPv6 message is divided into multiple data chips, the processing unit is further configured to: according to each of the multiple data chips The Flow Label field of the data chip and the first parameter are hashed to obtain a third hash value, where the content of the Flow Label field of each data chip and the Flow Label field of the plaintext IPv6 packet are The content is the same; the transmission path of each data chip is determined according to the third hash value.
- the processing unit is further configured to: when the plaintext IPv6 message needs to be encrypted for transmission, according to the filled flow label Flow of the plaintext IPv6 message
- the Label field is filled with the Flow Label field of the ciphertext IPv6 message, and the ciphertext IPv6 message is the encrypted message of the plaintext IPv6 message; according to the Flow Label field of the ciphertext IPv6 message after filling and participating in the hash calculation
- the second parameter of the ciphertext IPv6 packet is hashed to obtain a fourth hash value, and the SIP and the DIP are the SIP and DIP of the ciphertext IPv6 packet; the ciphertext IPv6 packet is determined according to the fourth hash value
- the transmission path of the text is further configured to: when the plaintext IPv6 message needs to be encrypted for transmission, according to the filled flow label Flow of the plaintext IPv6 message
- the Label field is filled with the Flow Label field of the ciphertext IPv6 message, and
- the processing unit is further configured to: copy the Flow Label field of the plaintext IPv6 message to the FlowLabel field of the ciphertext IPv6 message Or, hash the flow label Flow Label field and the second parameter of the plaintext IPv6 message to obtain a fifth hash value, and fill the FlowLabel of the ciphertext IPv6 message according to the fifth hash value Field.
- the FlowLabel field of the ciphertext message includes a third field and a fourth field
- the processing unit is further configured to include:
- the N bits of the hash value are filled in the N bits of the Flow Label field of the ciphertext IPv6 packet, and the Flow Label field includes N bits; or, the fifth hash value is intercepted and the ciphertext IPv6 packet
- the third field or the fourth field of the same length part of the Flow Label field of the message is filled in the third field or the fourth field of the Flow Label field of the ciphertext IPv6 message.
- the processing unit is further configured to: fill in the Flow Label field of the ciphertext IPv6 packet according to the tunnel endpoint identifier TEID field in the plaintext IPv4 packet, so The ciphertext IPv6 message is a message after the plaintext message is encrypted; the processing unit is further configured to perform a hash calculation according to the Flow Label field of the filled ciphertext IPv6 message and the second parameter parameter The sixth hash value; the processing unit is further configured to determine the transmission path of the ciphertext IPv6 packet according to the sixth hash value.
- the processing unit is further configured to: fill the N bits of the TEID field into the N bits of the Flow Label field of the ciphertext IPv6 packet, so The Flow Label field of the ciphertext IPv6 message includes N bits; or, hashing the TEID field and the second parameter to obtain the seventh hash value,
- the N bits of the seventh hash value are filled into the N bits of the Flow Label field of the ciphertext IPv6 packet, and the Flow Label field of the ciphertext IPv6 packet includes N bits.
- the Flow Label field of the ciphertext IPv6 message includes a fifth field and a sixth field
- the processing unit is further configured to: intercept the TEID field
- the fifth field or the sixth field of the Flow Label field of the ciphertext IPv6 message is filled with the fifth field or the sixth field of the Flow Label field of the ciphertext IPv6 message; or
- the TEID field and the second parameter are hashed to obtain the eighth hash value, and the eighth hash value is truncated to the part with the same length as the fifth field or the sixth field of the Flow Label field of the ciphertext IPv6 packet , Filling the fifth field or the sixth field of the Flow Label of the ciphertext IPv6 packet.
- the processing unit when the plaintext IPv4 message is divided into multiple chips, is further configured to: divide the plaintext IPv4 message into multiple codes Chip; encrypt each of the multiple chips to obtain the ciphertext message of each chip; fill each chip according to the TEID field of the tunnel endpoint identifier in the plaintext Ipv4 message
- the Flow Label field of the cipher text message; the ninth hash value is obtained by hash calculation according to the Flow Label field and the second parameter of the cipher text message; the ninth hash value is determined according to the ninth hash value.
- the transmission path of the text chip when the plaintext IPv4 message is divided into multiple chips, the processing unit is further configured to: divide the plaintext IPv4 message into multiple codes Chip; encrypt each of the multiple chips to obtain the ciphertext message of each chip; fill each chip according to the TEID field of the tunnel endpoint identifier in the plaintext Ipv4 message
- the Flow Label field of the cipher text message; the ninth hash value is
- the processing unit is further configured to: fill the N bits of the TEID field into the Flow Label field of the cipher text message of each chip.
- N bits, the Flow Label field of the cipher text message of each chip includes N bits; or, hash calculation of the TEID field and the second parameter to obtain the tenth hash value, and the tenth hash value
- the desired N bits are filled in the N bits of the Flow Label field of the cipher text message of each chip, and the Flow Label field of the cipher text message of each chip includes N bits.
- the Flow Label field of the ciphertext message of each chip includes a seventh field and an eighth field
- the processing unit is further configured to:
- the TEID field intercepts the part with the same length as the seventh field or the eighth field of the Flow Label field of the cipher text message of each chip, and fills the part of the Flow Label field of the cipher text message of each chip.
- the seventh field or the eighth field of the Flow Label field of the text is filled with the seventh field or the eighth field of the Flow Label field of the cipher text message of each chip.
- the second parameter includes at least one of the following parameters: SIP of the plaintext message, DIP of the plaintext message, and the plaintext message Next Header of the message, the source port SPt of the plaintext message, and the destination port DPt of the plaintext message.
- the second parameter includes at least one of the following parameters: SIP of the ciphertext message, DIP of the ciphertext message, and Next Header of the ciphertext message.
- a security gateway device including: a transceiving unit, configured to receive a plaintext message sent by a core network device; and a processing unit, configured to fill a ciphertext according to the TEID field of the tunnel endpoint identifier in the plaintext message
- the Flow Label field of the IPv6 message, the ciphertext IPv6 message is a message encrypted by the plaintext message; the processing unit is also used to fill in the ciphertext IPv6 message according to the Flow Label field and The first parameter involved in the hash calculation is hashed to obtain the first hash value; the processing unit is further configured to determine the transmission path of the ciphertext IPv6 packet according to the first hash value.
- the plaintext message is an IPv6 message or an IPv4 message
- the processing unit is configured to: fill the N bits of the TEID field in the secret N bits of the Flow Label field of the IPv6 message, the Flow Label field of the ciphertext IPv6 message includes N bits; alternatively, the TEID field and the first parameter are hashed to obtain the second hash value, and the The N bits of the second hash value are filled with the N bits of the Flow Label field of the ciphertext IPv6 packet, and the Flow Label field of the ciphertext IPv6 packet includes N bits.
- the plaintext message is an IPv6 message or IPv4
- the Flow Label field of the ciphertext IPv6 message includes a first field and a second field.
- the processing unit is configured to intercept the TEID field with the same length as the first field or the second field of the FlowLabel field of the ciphertext IPv6 packet, and fill the first field of the FlowLabel field of the ciphertext IPv6 packet.
- the plaintext message is an IPv6 message
- the processing unit is configured to:
- the plaintext message is an IPv6 message
- the processing unit is further configured to:
- the TEID field of the tunnel endpoint identifier of the plaintext IPv6 message is filled with the Flow Label field of the plaintext IPv6 message;
- the plaintext IPv6 message after the FlowLabel field is filled is divided into multiple chips, the multiple chips
- Each chip in the chip includes the Filled Flow Label field;
- the Flow Label field of each chip is copied to the Flow Label field of the encrypted cipher text message of each chip;
- the processing unit is configured to: fill the N bits of the TEID field into the N bits of the Flow Label field of the plaintext IPv6 packet, and the plaintext
- the Flow Label field of the IPv6 message includes N bits; or, hash calculation of the TEID field and the second parameter to obtain a fifth hash value, and fill the N bits of the fifth hash value into the plaintext IPv6
- the N bits of the Flow Label field of the message, and the Flow Label field of the plaintext IPv6 message includes N bits.
- the Flow Label field of the plaintext IPv6 message includes a first field and a second field
- the processing unit is configured to: intercept the TEID field and State the part of the same length of the first field or the second field of the Flow Label field of the plaintext IPv6 message, and fill the first field or the second field of the Flow Label field of the plaintext IPv6 message; or, combine the TEID field with the first field Perform a hash calculation with two parameters to obtain a sixth hash value, and intercept the sixth hash value with the same length as the first field or the second field of the Flow Label field of the plaintext IPv6 message, and fill the plaintext The first field or the second field of the Flow Label of the IPv6 packet.
- the plaintext message is an IPv4 message or an IPv6 message
- the processing unit is further configured to : Divide the plaintext message into a plurality of chips; encrypt each of the plurality of chips to obtain the ciphertext message of each chip; according to the tunnel in the plaintext message
- the endpoint identifier TEID field fills the Flow Label field of the cipher text message of each chip; performs a hash calculation according to the Flow Label field of the cipher text message and the first parameter to obtain the seventh hash value;
- the seventh hash value determines the transmission path of each ciphertext message.
- the processing unit is further configured to: fill the N bits of the TEID field into the Flow Label field of the cipher text message of each chip.
- N bit the Flow Label field of the cipher text message of each chip includes N bits; or, hash calculation of the TEID field and the first parameter to obtain the eighth hash value, and the eighth hash value
- the desired N bits are filled in the N bits of the Flow Label field of the cipher text message of each chip, and the Flow Label field of the cipher text message of each chip includes N bits.
- the Flow Label field of the ciphertext message of each chip includes a first field and a second field
- the processing unit is further configured to:
- the TEID field intercepts the part with the same length as the first field or the second field of the Flow Label field of the cipher text message of each chip, and fills the part of the Flow Label field of the cipher text message of each chip.
- the first field or the second field of the same length part of the Flow Label field of the text is filled with the first field or the second field of the Flow Label field of the cipher text message of each chip.
- the first parameter includes at least one of the following parameters: SIP of the ciphertext message, DIP of the ciphertext message, and Next Header of the ciphertext message.
- the second parameter includes at least one of the following parameters: SIP of the plaintext message, DIP of the plaintext message, and the plaintext message The source port SPt of the message, the destination port DPt of the plaintext message, and the Next Header of the plaintext message.
- a communication device including a processor connected to a memory, the memory is used to store a computer program, and the processor is used to execute the computer program stored in the memory, so that the device executes the above-mentioned first A method in one aspect or any possible implementation of the first aspect, or a method in the second aspect or any possible implementation of the second aspect.
- a computer-readable storage medium stores a computer program. When the computer program is run, it implements the first aspect or any possible implementation of the first aspect. Method, or the second aspect or any possible implementation of the second aspect.
- a chip which is characterized by comprising a processor and an interface; the processor is used to read instructions to execute the method in the first aspect or any possible implementation of the first aspect, or the second aspect Aspect or any possible implementation of the second aspect.
- the chip may further include a memory in which instructions are stored, and the processor is configured to execute instructions stored in the memory or instructions derived from other sources.
- a communication system in an eighth aspect, includes a device capable of implementing the methods and various possible design functions of the above-mentioned first aspect and a device capable of implementing the various methods and various possible design functions of the above-mentioned second aspect. Device.
- Fig. 1 is a schematic diagram of an application scenario of an embodiment of the present application.
- Fig. 2 is a schematic diagram of an end-to-end load balancing behavior according to an embodiment of the present application.
- FIG. 3 is a schematic flowchart of data packets of the same session being forwarded on the same path in an embodiment of the present application to ensure that the data packets are not out of order.
- Fig. 4 is a schematic flowchart of a wireless network communication method based on the Internet Protocol version IPv6 according to an embodiment of the present application.
- FIG. 5 is a schematic diagram of the basic format of an IPv6 message.
- Fig. 6a is a schematic diagram of the first chip after fragmentation of an IPv6 packet in an embodiment of the present application.
- Fig. 6b is a schematic diagram of a second chip after fragmentation of an IPv6 packet in an embodiment of the present application.
- FIG. 7 is a schematic flowchart of another wireless network communication method based on the Internet Protocol version IPv6 according to an embodiment of the present application.
- Figure 8a shows a filling method in the IPsec AH encapsulation scenario.
- Figure 8b shows the filling mode of the IPsec ESP encapsulation scenario.
- FIG. 9 is a schematic diagram of the basic format of an IPv4 message.
- FIG. 10 is a schematic diagram of load balancing performed by the Ethernet link aggregation technology in a plaintext scenario in an embodiment of the present application.
- FIG. 11 is a schematic diagram of load balancing performed by an Ethernet link aggregation technology in a ciphertext scenario according to an embodiment of the present application.
- FIG. 12 is a schematic diagram of equal-cost routing load balancing in a plaintext scenario according to an embodiment of the present application.
- FIG. 13 is a schematic diagram for improving reliability by load balancing of equal-cost routing in a plaintext scenario in an embodiment of the present application.
- FIG. 14 is a schematic block diagram of a communication device according to an embodiment of the present application.
- FIG. 15 is a schematic structural diagram of an access network device provided by this application.
- GSM global system for mobile communications
- CDMA code division multiple access
- WCDMA broadband code division multiple access
- GPRS general packet radio service
- LTE long term evolution
- LTE frequency division duplex FDD
- TDD LTE Time division duplex
- UMTS universal mobile telecommunication system
- WiMAX worldwide interoperability for microwave access
- 5G fifth generation
- the system or new radio (NR) can also be applied to the use of subsequent evolutionary systems, such as the sixth-generation 6G communication system, and even the higher-level seventh-generation 7G communication system.
- the access network equipment in the embodiments of the present application may be equipment used to communicate with terminal equipment, may be a base station, or an access point, or a network equipment, or may refer to the access network through one or more devices on the air interface.
- Each sector is a device that communicates with the wireless terminal.
- the network device can be used to convert received air frames and IP packets into each other, as a router between the wireless terminal and the rest of the access network, where the rest of the access network can include an Internet Protocol (IP) network.
- IP Internet Protocol
- the network equipment can also coordinate the attribute management of the air interface.
- the access network equipment can be a base station (BTS) in Global System of Mobile Communications (GSM) or Code Division Multiple Access (CDMA), or it can be a broadband code division.
- GSM Global System of Mobile Communications
- CDMA Code Division Multiple Access
- the base station (NodeB, NB) in Wideband Code Division Multiple Access (WCDMA) can also be an evolved NodeB (eNB or eNodeB) in an LTE system, or it can be a cloud radio access network (cloud radio).
- the wireless controller in the access network, CRAN) scenario, or the access device can be a relay station, access point, in-vehicle device, wearable device, and access device in a 5G network or a network device in a future evolved PLMN network, etc. It may be an access point (access point, AP) in a WLAN, or a gNB in a new radio system (new radio, NR) system, and this embodiment of the application is not limited.
- the network device can also be divided into a control unit (Control Unit, CU) and a data unit (Data Unit, DU). Under a CU, there can be multiple DUs, where each DU and terminal are The measurement report method described in the embodiment of the present application can be used.
- the difference between the CU-DU separation scenario and the multi-TRP scenario is that the TRP is only a radio frequency unit or an antenna device, and the DU can implement the protocol stack function, for example, the DU can implement the physical layer function.
- the access network device is a device in an access network (radio access network, RAN), or in other words, a RAN node that connects a terminal device to a wireless network.
- RAN radio access network
- the access network device can include: gNB, transmission reception point (TRP), evolved Node B (eNB), radio network controller (radio network controller) , RNC), Node B (Node B, NB), base station controller (BSC), base transceiver station (base transceiver station, BTS), home base station (for example, home evolved NodeB, or home Node B, HNB) ), baseband unit (BBU), or wireless fidelity (Wifi) access point (AP), etc.
- TRP transmission reception point
- eNB evolved Node B
- RNC radio network controller
- Node B Node B
- BSC base station controller
- BTS base transceiver station
- BTS home base station
- BBU baseband unit
- Wifi wireless fidelity
- the access network equipment provides services for the cell, and the terminal equipment communicates with the access network equipment through the transmission resources (for example, frequency domain resources, or spectrum resources) used by the cell.
- the cell may be an access network equipment (for example, a base station). ) Corresponding cell.
- the cell can belong to a macro base station or a base station corresponding to a small cell.
- the small cell here can include: metro cell, micro cell, pico cell ), femto cells, etc. These small cells have the characteristics of small coverage and low transmit power, and are suitable for providing high-rate data transmission services.
- the core network device may be connected to the access network device, so that the terminal device can communicate with the core network device through the access network device.
- the core network equipment may include the following network elements or functions:
- Access management function Mainly responsible for access and mobility control, including registration management (RM) and connection management (CM), access authentication and access authorization, Reachability management and mobility management, etc.
- User plane function mainly provides user plane support, including connection points between PDU sessions and data networks, data packet routing and forwarding, data packet inspection and user plane policy execution, processing QoS for the user plane, and downlink data Packet buffering and triggering of downstream data notifications, etc.
- Packet control function Mainly a policy control function, including support for a unified policy framework to monitor network behavior and provide policy rules for the control plane to execute.
- Authentication server function (authentication server function, AUSF): Mainly responsible for providing security-related functions, such as authentication, authentication, etc.
- Unified data management responsible for functions related to user authentication, including: authentication credential processing, user identity processing, contract information management, access authorization, etc.
- Session Session is the basic unit of business, and a business can consist of one or more Sessions. The important thing is that the messages within a session need to be strictly preserved, and the messages of different sessions do not need to be preserved.
- the communication term "stream” and the "session” in the embodiments of this application can be equivalent.
- the streams and sessions mentioned in the embodiments of this application are one-way, and a session in this article can be understood as all triples "hash value" A collection of the same messages.
- PDN Public Data Network
- EPS Evolved Packet System
- PDN connection is a tunnel between UE and PGW
- Evolved Packet System (EPS) bearer is a smaller tunnel included in PDN connection, and the role of PDN connection Is to achieve IP connectivity.
- different EPS bearers represent different service qualities.
- an EPS bearer is established at the same time, which is called the default bearer.
- the EPS bearer established subsequently is called a dedicated bearer.
- Data packets in one direction of a bearer have the same TEID value (in the GTP header). If there is only a default bearer, it can be simply considered that a UE corresponds to a bearer.
- the bearer in this embodiment of the present application may be a 4G bearer or a 5G PDU Session, which will be described as a bearer in the following text.
- Hash algorithm The mapping rule for mapping binary strings of any length to fixed-length binary strings is called a hash algorithm, also called a hash algorithm, and the binary value obtained after mapping the original data It is called a hash value.
- Main features of hash algorithm :
- Fig. 1 shows a schematic diagram of an application scenario 100 of an embodiment of the present application.
- an access network device 110 and a core network device 120 are included.
- the access network device 110 works in an evolved universal mobile communication system terrestrial radio access (evolved UMTS terrestrial radio access, E-UTRA) system, or works in an NR system, or works in a next-generation communication system or In other communication systems.
- E-UTRA evolved universal mobile communication system terrestrial radio access
- the access network device 110 and the core network device 120 can transmit data to each other, and this communication system is also called a wireless backhaul network.
- the access network device in FIG. 1 is, for example, a base station.
- the access network equipment corresponds to different equipment in different systems.
- a 4G system it can correspond to an eNB
- a 5G system it corresponds to an access network equipment in 5G, such as gNB.
- the technical solutions provided by the embodiments of the present application can also be applied to future mobile communication systems. Therefore, the access network equipment in FIG. 1 can also correspond to the access network equipment in the future mobile communication system.
- Figure 1 takes the access network equipment as a base station as an example. In fact, the access network equipment can refer to the previous introduction.
- the communication system shown in FIG. 1 may also include more network nodes, such as terminal equipment, other access network equipment, security gateways, switches and other equipment.
- the access network included in the communication system shown in FIG. 1 The device or core network device may be the access network device or core network device in various forms described above. The embodiments of the present application are not shown one by one in the figure.
- IEEE 802.3ad is the standard method for performing link aggregation Ethernet link aggregation technology or equivalent routing
- the combination of load balancing is used to double the bandwidth, and it can also provide stronger data transmission reliability.
- a network node has multiple transmission paths PATH, in order to achieve the purpose of maximizing bandwidth utilization, it is necessary to divide the multiple data packets of the node on multiple PATHs as much as possible, and ensure that the data packets of the same Session are in one PATH Up forwarding to ensure that the data packets of the same Session or Flow will not be out of order.
- Figure 2 depicts the end-to-end load balancing behavior, where the forwarding node R1 has two PATHs for forwarding, black represents the first session, white represents the second session, and the data packet of the first session arrives through the forwarding node R2 and the forwarding node R3 Forwarding node R5, the data message of the second session passes through the forwarding node R4 to the forwarding node R5, and the data message of the same Session is forwarded on a Path to ensure that the data messages of the same Session will not be out of order.
- the forwarding node in Figure 2 may be the forwarding node between the access network device and the core network device shown in Figure 1.
- the data link between the access network device and the core network device includes forwarding nodes R1, R2, R3 , R4 and R5.
- FIG. 3 shows a schematic flow chart in which data messages of the same Session are forwarded on the same PATH to ensure that the data messages of the same Session will not be out of order.
- the numbers in Figure 3 represent the sequence numbers of data packets in their respective sessions.
- Figure 3 shows three sessions, namely the first session, the second session and the third session. Taking the first session as an example, the first one before forwarding The order of the data packets of the session is 1, 2, 3, and the order of the data packets of the first session after forwarding is still 1, 2, 3, and there is no disorder. Conversely, if data packets of the same Session are forwarded from different PATHs, disorder of 3, 1, 2 may occur, which affects service performance.
- quintuples are usually used (for example, it can include source IP address (Source IP, SIP), destination IP address (Destination IP, DIP), transport layer protocol (Protocol, Prot), source port (Source Port, SPt) , The destination port (Destination Port, DPt)) to determine whether a data message belongs to the same session, that is, a hash calculation is performed on the 5-tuple of the IPv4 message. If the hash calculation results of the two data messages are consistent, then These two data messages belong to the same Session.
- the process of calculating different hash values can also be called hash hashing. The more different hash values, the more sufficient the hash hashing is. From a statistical point of view, the easier it is to average the number of data packets. Forwarding is performed on the PATH in order to achieve the purpose of making full use of bandwidth.
- the network node calculates a 5-tuple hash value for all data messages, and each hash value uniquely represents a Session. In order to preserve the sequence of forwarding data messages of the same Session, that is, messages with the same hash value can be forwarded on the same PATH, and messages with different hash values can be forwarded on multiple PATHs.
- each part of the five-tuple is a hash key, and the five hash keys obtain a hash value through a hash algorithm; if one or more fields in the five-tuple are different, the resulting hash value may also be Not the same; a hash value uniquely identifies a session; data packets of the same session can be forwarded on one PATH, and data packets of different sessions can be forwarded on different PATHs, ensuring that any session is in the source node and the destination node Guarantee order.
- the IETF-RFC 6437 standard (The Internet Engineering Task Force, IETF), document requirements (Request For Comments, RFC), RFC from the Internet Published by the Engineering Task Force (IETF), the description can be split according to the hash of the triplet (for example, it can include SIP, DIP, Flow_Label), but the industry usage of the IPv6Flow_Label field is open, there is no convention usage, and there is no mandatory requirement in the standard.
- a current solution is to write all the 20bits of Flow_Label as 0, so according to the triple hash (SIP, DIP, flow label Flow_Label) hash to split the flow will determine that the transmission path of many data packets is the same, greatly Bandwidth was wasted.
- a five-tuple hash (SIP, DIP, Next Header, SPt, DPt) hash is also used for IPv6 packets to distribute traffic, that is, multiple IPv6 packets are scattered and forwarded on different PATHs.
- SIP Session Initiation Protocol
- DIP Downlink Initiation Protocol
- SPt Next Header
- DPt DPt
- the use of five-tuple hashing for IPv6 packets to distribute traffic cannot achieve sufficient load balancing in the following multiple scenarios.
- the PGW/UPF is configured with an IPv6 address
- the base station is configured
- the content of the triples or quintuples of all data packets is the same, so the hash values calculated based on the triples or quintuples of all data packets are consistent, as shown in Table 2.
- PGW/UPF is configured with two IPv6 addresses, namely IPv6_1 and IPv6_2; the base station is also configured with two IPv6 addresses, They are IPv6_1 and IPv6_2 respectively.
- the triple or quintuple hash values of all data packets can be distinguished in a limited way, as shown in Table 3.
- the number of IPv6 addresses configured by PGW/UPF/base station is limited, and data packets cannot be sufficient. Hashing, it is easy to cause the traffic to not be evenly distributed on multiple PATHs, and the load balancing performance is insufficient.
- the base station IP1 shown in Table 3 is a plaintext IPv6 address.
- IPsec Internet Protocol Security
- IKE Internet Key Exchange
- the encrypted SIP and DIP values of data messages of different users are the same, so the hash values of the encrypted cipher texts of all users’ data messages are the same (IPsec messages have no SPt regardless of ESP encapsulation or AH encapsulation.
- DPt field as shown in Table 4, which cannot be hashed, resulting in load balancing failure.
- the local IP of the tunnel in Table 4 is a ciphertext IPv6 address.
- IPv6 introduces the Maximum Transmission Unit (PMTU) mechanism of the path, which makes the fragmentation uncontrollable compared to IPv4.
- PMTU Maximum Transmission Unit
- the first fragment is retained after the source packet is fragmented.
- the subsequent fragments have only IPv6 headers and no User Datagram Protocol (UDP) headers.
- UDP User Datagram Protocol
- the slice hash value is different, different fragmented packets are forwarded in different PATHs, which may cause the same Session to be out of order.
- the second code of a user s data packet in Table 5
- the chip loses the UDP header information, so the hash value of the second chip is different from the hash value of the first chip, causing it to be forwarded from the two PATHs, which may arrive out of order at the sink node.
- the second code The chip arrives at the destination first, and reaches the destination after the first chip, which affects performance.
- the existing technology can only rely on the deployment of multiple SIPs or multiple DIPs in the source or destination of the backhaul network to achieve the purpose of hashing.
- the details are as follows: It is recommended that the client configure the multi-service IPv6 method to construct SIP/DIP in the plaintext scenario. To ensure the hash, and there are requirements for multiple SIP/DIP
- the access network equipment deploys 2 addresses, and the core network equipment deploys 2 addresses. Therefore, the hash values of data packets of different users are different, and load balancing may succeed. But it may also fail.
- the modulus calculation is performed to map the path (for example, dual-path load balancing is a modulo 2 calculation, that is, the hash value is divided by 2 and the remainder is obtained.
- the result is 0 chooses PATH1, the result is 1 chooses PATH2; if the three-path load balancing is modulo 3, that is, the hash value is divided by 3 to take the remainder, the result is 0 chooses PATH1, the result is 1 chooses PATH2, and the result is 2 chooses PATH3; And so on). It is necessary to ensure that the hash modulus calculated by multiple SIP/DIPs is not the same, otherwise the load balancing goal will still not be achieved. Therefore, when planning SIP/DIP, you must fully consider and calculate in advance to avoid the occurrence of the hash value obtained by the multi-group hash calculation. After the calculation, the result is unique and the load balancing fails. As shown in Table 6, Table 6 describes the base station deployment. Two IPv6 addresses, but because of improper selection of addresses, although the hash values of data packets of different users are different, the result of the modulo operation is the same, which causes load balancing to fail.
- Table 7 describes the deployment of two IPv6 addresses in the base station.
- the selected addresses are calculated in advance, and the hash values of data packets of different users are different, and the result of the modulo operation is also different, and the load balancing is successful.
- the above technology not only requires customers to deploy additional IPv6 addresses, but also fully guarantees the non-uniqueness of the modulus after the multi-group hash calculation, which may disrupt network design, evolution schemes and address planning, etc., increasing costs and product competitiveness. Decrease, and the degree of hashing is seriously insufficient. For example, when two SIPs are configured at the base station, only two types of hash values can be hashed through the hash algorithm.
- the corresponding two PATHs are used for load balancing, which is easy to cause serious inequality of load balancing ( One path has a lot of traffic, while the other path has a very small traffic), bandwidth resources cannot be fully utilized, and the value of load balancing is reduced; reliability depends on the detection mechanism of the transport layer (that is, the fourth layer protocol).
- the control plane relies on the SCTP Heartbreak mechanism to detect the link. When the link fails, it generally takes 45-50 seconds to converge. Among them, 45-50 is a typical value, which can be affected by configuration; the data plane relies on the GTP-U Echo mechanism to detect the chain When the link fails, it generally takes 15-75 seconds to converge. Among them, 15-75 is a typical value, which can be affected by configuration.
- a path fails and is switched it is easy to cause business disconnection and link disconnection for a long time, reducing service experience and reducing reliability.
- this application provides a wireless network communication method based on the Internet Protocol version IPv6, which can realize the hash hashing with the granularity of the bearer under the premise of not increasing SIP/DIP to make full use of bandwidth resources.
- FIG. 4 is a schematic flowchart of a wireless network communication method 200 based on the Internet Protocol version IPv6 according to an embodiment of the present application.
- the method 200 can be applied in the scenario shown in FIG. 1, of course, can also be applied in other communication scenarios, and the embodiment of the present application is not limited herein.
- the access network device and the core network device are taken as an example of the execution subject of the execution method to describe the method.
- the execution subject of the execution method may also be a chip, a chip system, or a processor applied to the access network device and the core network device.
- the method 200 shown in FIG. 4 may include S210 to S220.
- each step in the method 200 will be described in detail with reference to FIG. 4.
- S210 Determine the transmission path of the plaintext IPv6 packet according to the TEID field of the tunnel endpoint identifier in the plaintext IPv6 packet.
- S220 Transmit the plaintext IPv6 message according to the determined transmission path of the plaintext IPv6 message.
- the TEID field of the tunnel endpoint identifier is the identifier of the GTP tunnel.
- the TEID fields of the bearer description) are all different, so the transmission path of the plaintext IPv6 packet is determined according to the tunnel endpoint identifier TEID field in the plaintext IPv6 packet, which can ensure that IPv6 packets of the same bearer can be transmitted on the same path , It can also make the IPv6 packets of different bearers be fully hashed to achieve load balancing.
- the plaintext IPv6 message refers to the data service IPv6 message
- the plaintext IPv4 message refers to the data service IPv4 message.
- the plaintext message is only used to distinguish the ciphertext message in the encryption scenario.
- the IPv6 message refers to the above-mentioned plaintext IPv6 or plaintext IPv4 encrypted data service IPv6 message.
- step S210 is explained in detail below.
- IPv6 messages include IPv6 headers and payloads, and IPv6 headers include:
- Flow Label (20bit), Flow Label is used to mark the information carried by IPv6 data packets;
- Payload Length (16bit), the extended header is also included in the Payload length;
- Next Header (8bit), a new way of segmentation, security, mobility, loose source routing, record routing, etc.;
- Hop Limit (8bit): Define the maximum number of hops that an IP data packet can pass, and subtract 1 from this value for each hop;
- the Flow Label field of the IPv6 header of the IPv6 packet shown in Figure 5 is 0, and the hash values of the triples are consistent, and the purpose of load balancing cannot be achieved through the triples.
- This application determines the transmission path of the plaintext IPv6 message according to the TEID field of the tunnel endpoint identifier in the plaintext IPv6 message. Since the TEID field of the tunnel endpoint identifier in the plaintext IPv6 message of different bearers is different, it is determined according to the TEID field in the plaintext IPv6 message.
- the TEID field of the tunnel endpoint identifier determines the transmission path of the plaintext IPv6 packet, which can ensure that the packets of the bearer are forwarded on the same path, and ensure that the packets of the bearer are forwarded in order, and the hash values of different bearers are different. Different hash values fully hash the messages to achieve load balancing.
- step S210 includes: filling the TEID field of the tunnel endpoint identifier of the plaintext IPv6 packet into the Flow Label field of the plaintext IPv6 packet; according to the filled Flow Label field and the first hash calculation Performing hash calculation on the parameters to obtain the first hash value; and determining the transmission path of the plaintext IPv6 packet according to the first hash value.
- the TEID field of the tunnel endpoint identifier of the plaintext IPv6 packet is filled into the Flow Label field of the plaintext IPv6 packet, and then hashing is performed according to the filled Flow Label field and the first parameter participating in the hash calculation
- the first hash value is calculated. Since the TEID field identifies a unique bearer, the hash value of the same bearer is the same, and the hash value of different bearers is different.
- the transmission of the plaintext IPv6 packet is determined The path can ensure that the carried messages are forwarded on the same path, and ensure that the carried messages are forwarded in order, and the hash values of different bearers are different, and the messages are fully hashed according to the different hash values. Achieve load balancing.
- both the base station and the core network have deployed an IPv6 address, but the TEID identifiers of different users are different.
- the TEID is used to fill the flow label (Flow Label), and the flow after each user is filled
- the value of Label is not the same.
- the triplet hash value is calculated according to the filled Flow Label and SIP and DIP of each user, and different hash values are obtained. For example, the hash value of user 1 is 321, and the hash value of user 2 is 321. Is 432, the hash value of user 3 is 543, the hash value of user 4 is 654, and the hash value of user 5 is 765.
- the path is selected by modulo multiple different hash values, and the transmission path of user 1 is obtained as PATH2, the transmission path of user 2 is PATH1, the transmission path of user 3 is PATH2, the transmission path of user 4 is PATH1, and the transmission path of user 5 is PATH2, which achieves load balancing.
- the first parameter participating in the hash calculation may include any one or more of the following parameters: SIP of the plaintext IPv6 message, DIP of the plaintext IPv6 message, and the next parameter of the plaintext IPv6 message.
- SIP of the plaintext IPv6 message DIP of the plaintext IPv6 message
- DIP of the plaintext IPv6 message DIP of the plaintext IPv6 message
- the next parameter of the plaintext IPv6 message may include any one or more of the following parameters: SIP of the plaintext IPv6 message, DIP of the plaintext IPv6 message, and the next parameter of the plaintext IPv6 message.
- the Next Header the source port SPt of the plaintext IPv6 packet, and the destination port DPt of the plaintext IPv6 packet.
- the first hash value is obtained by hash calculation according to the filled Flow Label field and the first parameter involved in the hash calculation, which may be based on the triplet (SIP of the plaintext IPv6 packet, the plaintext IPv6 packet
- the DIP of the message and the filled Flow Label field) calculate the first hash value, or calculate the first hash value according to the six-tuple (SIP of the plaintext IPv6 message, DIP of the plaintext IPv6 message, and the value of the plaintext IPv6 message
- the next header Next Header, the source port SPt of the plaintext IPv6 message, the destination port DPt of the plaintext IPv6 message, and the filled-in FlowLabel field) calculate the first hash value.
- This application will not proceed to this limited.
- triples are taken as an example to illustrate how to determine the transmission path of a plaintext message or a ciphertext message.
- the intermediate node After the plaintext IPv6 message filled with the Flow Label field of the flow label is received by the intermediate node, the intermediate node also The transmission path of the plaintext IPv6 message can be determined according to the triplet, the intermediate node can also achieve load balancing, and at the same time, it can also realize the reasonable allocation of computing resources with bearing granularity.
- the receiver After the plaintext IPv6 packet filled with the Flow Label field is received by the receiver, if the receiver receives It includes multiple calculation processing units, and the receiver can determine the calculation processing unit for processing the plaintext IPv6 message according to the triplet, which realizes the reasonable allocation of the receiver's computing resources and avoids uneven allocation of the calculation units.
- the tunnel endpoint identifier TEID field of the plaintext IPv6 message is filled into the flow label Flow Label field of the plaintext IPv6 message , And then fragment the plaintext IPv6 packet, and then copy the filled flow label Flow Label field of the plaintext IPv6 packet to each fragment of the plaintext IPv6 packet to ensure that all fragments are triplet
- the hash value is the same.
- the tunnel endpoint identifier TEID field of the plaintext IPv6 packet is filled into the flow label Flow Label field of the plaintext IPv6 packet , And then fragment the plaintext IPv6 message.
- Fig. 6a and Fig. 6b show schematic diagrams of a data message divided into two pieces of messages.
- Table 9 shows the header information of the fragment message of the data message.
- the next layer of the plaintext IPv6 packet header is the User Datagram Protocol (UDP) header and the General Packet Radio Service Tunnelling Protocol (GTPv1) header.
- UDP User Datagram Protocol
- GTPv1 General Packet Radio Service Tunnelling Protocol
- the IPv6 packet shown in Figure 6a includes an IPv6 header, a fragment extension header, a UDP header, a GTPv1 header, and a payload.
- the GTPv1 header is a type of GTP header, and the GTPv1 header Including the TEID field of the tunnel endpoint identification.
- the first fragment When an IPv6 packet is fragmented, the first fragment will inherit the header of the original packet, while the remaining fragments just copy the IPv6 header.
- the tunnel endpoint of the plaintext IPv6 packet The identification TEID field is filled into the Flow Label field of the plaintext IPv6 packet, and then the plaintext IPv6 packet is fragmented, and then the filled flow label of the plaintext IPv6 packet is copied to the plaintext IPv6 packet.
- Figure 6a is the first chip, which includes IPv6 header, UDP header, GTPv1 header and payload
- Figure 6b is the second chip, which includes IPv6 header and payload
- Figure 6a corresponds to the first chip of the message in Table
- Figure 6b corresponds to the second chip of the message in Table 9
- the first chip and the flow label of the IPv6 header of the second chip The contents of the Flow Label field are the same. Therefore, the hash results obtained by calculating the triplet hash values for the first chip and the second chip are the same, and the paths of the two packets are determined to be consistent according to the hash result.
- the following specifically describes how to fill the TEID field of the tunnel endpoint identifier of the plaintext IPv6 packet into the Flow Label field of the plaintext IPv6 packet.
- the N bits of the TEID field are filled into the N bits of the Flow Label field, and the Flow Label field includes N bits; or, the TEID field and the first parameter are hashed to obtain the second Ha It is hoped that the N bits of the second hash value are filled into the N bits of the Flow Label field, and the Flow Label field includes N bits.
- the Flow Label field of the plaintext IPv6 packet is filled according to the TEID field.
- the TEID field is 32 bits and the Flow Label field is 20 bits.
- the N bits of the TEID field can be the first 20 bits of the TEID field or The last 20 bits can also be selected randomly or in a certain order in the TEID field.
- the first parameter when the transmission path of the plaintext IPv6 packet is determined by hash calculation according to the filled Flow Label field and the first parameter involved in the hash calculation, and The TEID field and the first parameter are hashed to obtain the second hash value, and the first parameter used to fill the Flow Label field according to the second hash value may be the same or different.
- the Flow Label field of the plaintext IPv6 message includes a first field and a second field
- the TEID field is truncated with the same length as the first field or the second field of the Flow Label field, and the The first field or the second field of the Flow Label; or, the TEID field and the first parameter are hashed to obtain the second hash value, and the second hash value is intercepted with the first field of the Flow Label field or The same length part of the second field is filled with the first field or the second field of the Flow Label.
- the TEID field includes 32 bits
- the Flow Label field includes 20 bits
- the Flow Label field is divided into a first field and a second field
- the first field includes 18 bits
- the first field includes 2 bits.
- the TEID field can be intercepted by 18 bits and filled into the first field of the Flow Label field; or the TEID field and the first parameter can be hashed to obtain the second hash value, and the second hash value can be intercepted by 18 bits and filled into The first field of the Flow Label field.
- one field in the Flow Label field is filled, and the other field is reserved.
- the reserved field can be used for other purposes, such as QoS identification, which is not limited in this application.
- the number of bits in the first field and the second field may be valued according to specific application scenarios, which is not limited in this application.
- the first parameter includes at least one of the following parameters: SIP of the plaintext IPv6 message, DIP of the plaintext IPv6 message, source port SPt of the plaintext IPv6 message, and the plaintext IPv6 message The destination port DPt of the message and the Next Header of the plaintext IPv6 message.
- the above description is the implementation of flow load balancing based on bearer granularity in the IPv6 plaintext scenario Flow Label filling.
- the following describes the implementation of flow load balancing based on bearer granularity in the IPv6 IPsec tunnel mode ciphertext scenario Flow Label filling.
- the uplink data is encrypted by the access network device
- the downlink data is encrypted by the Security Gateway (SeGW)
- the core network device can also encrypt the downlink data.
- SeGW Security Gateway
- the plaintext message that is, the inner message
- the plaintext message can be an IPv6 message or IPv4 message
- the cipher message that is, the outer message
- FIG. 7 is a schematic flowchart of another wireless network communication method 300 based on the Internet Protocol version IPv6 according to an embodiment of the present application.
- the method 300 can be applied to FIG. In the scenario shown in 1, of course, it can also be applied in other communication scenarios, and the embodiment of the present application does not limit it here.
- the method is described by taking the access network device and the security gateway as the execution subject of the execution method as an example.
- the execution subject of the execution method may also be a chip, a chip system, or a processor applied to the access network device and the security gateway.
- the method 300 shown in FIG. 7 may include S310 to S330. Each step in the method 300 will be described in detail below in conjunction with FIG. 7.
- S310 Fill in the Flow Label field of the ciphertext IPv6 packet according to the TEID field of the tunnel endpoint identifier of the plaintext IPv6 packet.
- S320 Perform hash calculation according to the filled Flow Label field and the first parameter involved in the hash calculation to obtain the first hash value.
- S330 Determine a transmission path of the ciphertext IPv6 packet according to the first hash value.
- the Flow Label field of the ciphertext IPv6 packet is associated with the bearer, and the first hash is calculated according to the filled Flow Label field and the first parameter involved in the hash calculation.
- the transmission path of the ciphertext IPv6 packet is determined according to the first hash value, that is, it can ensure that the ciphertext IPv6 packets of the same bearer can be transmitted on the same path, or the ciphertext IPv6 packets of different bearers can be transmitted on the same path.
- the text is fully hashed to achieve load balancing.
- Table 10 describes the load balancing of ciphertext packets after filling the flow label (Flow Label) with TEID and calculating the triplet hash value in the dual PATH scenario. The local IP of the tunnel and the opposite end of the tunnel are described in Table 10 IP is a ciphertext IPv6 address.
- the first parameter participating in the hash calculation may include any one or more of the following parameters: SIP of the ciphertext IPv6 message, DIP of the ciphertext IPv6 message, and the ciphertext IPv6 message Next Header of the article.
- the Perform hash calculation according to the filled Flow Label field and the first parameter involved in the hash calculation to obtain the first hash value which may be based on triples (SIP of the ciphertext IPv6 message, the ciphertext
- the DIP of the IPv6 message and the filled Flow Label field) calculate the first hash value, which is not limited in this application.
- triples are taken as an example to illustrate how to determine the transmission path of a plaintext message or a ciphertext message.
- the N bits of the TEID field are filled into the N bits of the Flow Label field of the ciphertext IPv6 message, and the Flow Label field of the ciphertext IPv6 message Including N bits; or, hash the TEID field and the first parameter to obtain the second hash value, and fill the N bits of the second hash value into the N bits of the Flow Label field of the ciphertext IPv6 packet ,
- the Flow Label field of the ciphertext IPv6 packet includes N bits.
- the Flow Label field of the ciphertext IPv6 message includes a first field and a second field
- the TEID field is intercepted with the Flow Label field of the ciphertext IPv6 message.
- Three hash values intercept the third hash value with the same length as the first field or the second field of the Flow Label field of the ciphertext IPv6 packet, and fill in the first field of the Flow Label field of the ciphertext IPv6 packet Field or second field.
- the plaintext message is an IPv6 message
- the Flow Label field of the plaintext IPv6 message is filled according to the TEID field of the tunnel endpoint identifier of the plaintext IPv6 message; the flow label field of the plaintext IPv6 message is filled in;
- the Flow Label field duplicates the Flow Label field of the ciphertext IPv6 packet.
- Figure 8a shows a filling method in the IPsec authentication header (Authentication Header, AH) encapsulation scenario.
- the IPv6 header (Inner IPv6) of the plaintext message fills the TEID field into the FlowLabel field, and then encapsulates the ciphertext IPv6 header after encryption Outer IPv6, the Flow Label field of the plaintext message is then filled into the Flow Label field of the IPv6 header of the cipher text message.
- the Flow Label of the cipher text message of different bearer services is different, so the hash value can be based on the bearer Hash it.
- FIG. 8b shows the filling method of the IPsec Encapsulating Security Payload (ESP) encapsulation scenario. You can refer to one of the filling methods in the IPsec AH encapsulation scenario described above, which will not be repeated here.
- ESP IPsec Encapsulating Security Payload
- the plaintext message is an IPv6 message
- the Flow Label field of the plaintext IPv6 message is populated according to the TEID field of the tunnel endpoint identifier of the plaintext IPv6 message;
- the Flow Label field is filled with the Flow Label field of the ciphertext IPv6 packet.
- the filling of the flow label Flow Label field of the ciphertext IPv6 message according to the filled flow label Flow Label field of the plaintext IPv6 message includes: adding the flow label Flow Label of the plaintext IPv6 message Perform hash calculation on the field and the first parameter to obtain a fourth hash value, and fill the Flow Label field of the ciphertext IPv6 message according to the fourth hash value.
- the Flow Label field of the cipher text message includes a third field and a fourth field
- filling the Flow Label field of the cipher text IPv6 message according to the fourth hash value includes : Fill the N bits of the fourth hash value into the N bits of the Flow Label field of the ciphertext IPv6 packet, where the Flow Label field includes N bits; or, intercept the fourth hash value with The third field or the fourth field of the same length part of the Flow Label field of the ciphertext IPv6 packet is filled in the third field or the fourth field of the Flow Label field of the ciphertext IPv6 packet.
- the plaintext message is an IPv6 message
- the flow label Flow of the plaintext IPv6 message is filled in according to the TEID field of the tunnel endpoint identifier of the plaintext IPv6 message.
- Label field divide the plaintext IPv6 message after filling the Flow Label field into multiple chips, each of the multiple chips contains the filled Flow Label field; the Flow of each chip The Label field is copied to the Flow Label field of the encrypted cipher text message for each chip.
- the plaintext message is an IPv6 message
- the method further includes: dividing the plaintext message into multiple chips; Each chip in the chip is encrypted to obtain the cipher text message of each chip; the Flow Label field of the cipher text message of each chip is filled according to the TEID field of the tunnel endpoint identifier in the plain text message; The Flow Label field of the cipher text message and the second parameter involved in the hash calculation are hashed to obtain a fifth hash value, and the transmission path of the cipher text message is determined according to the fifth hash value.
- the filling of the Flow Label field of the cipher text message of each chip according to the TEID field of the tunnel endpoint identifier in the plain text message includes: filling the N bits of the TEID field into each N bits of the Flow Label field of the cipher text message of the chip, the Flow Label field of the cipher text message of each chip includes N bits; alternatively, the TEID field and the first parameter are hashed to obtain the sixth Hash value, fill the N bits of the sixth hash value into the N bits of the Flow Label field of the cipher text message of each chip, and the Flow Label field of the cipher text message of each chip includes N bit.
- the Flow Label field of the ciphertext message of each chip includes the fifth field and the sixth field, and the TEID field of the tunnel endpoint identifier in the plaintext message is filled in for each chip.
- the Flow Label field of the cipher text message includes: intercepting the TEID field with the same length as the fifth or sixth field of the Flow Label field of the cipher text message of each chip, and filling each chip The fifth or sixth field of the Flow Label field of the ciphertext message; or, hash the TEID field and the first parameter to obtain the seventh hash value, and intercept the ninth hash value with the The fifth or sixth field of the Flow Label field of the cipher text message of each chip is filled with the fifth field or the sixth field of the Flow Label field of the cipher text message of each chip.
- the first parameter includes at least one of the following parameters:
- the SIP of the cipher text message The SIP of the cipher text message, the DIP of the cipher text message, and the Next Header of the cipher text message.
- the second parameter includes at least one of the following parameters:
- Out and Inner represent the IPv6 header of the outer ciphertext and inner plaintext of the IPsec tunnel mode.
- the following describes how to determine the transmission path of the ciphertext IPv6 message according to the TEID field of the tunnel endpoint identifier in the plaintext message when the plaintext message is an IPv4 message.
- Ipv4 message includes Ipv4 header and payload.
- Ipv4 header includes:
- TOS Type of Service
- Total Length This 16-bit field indicates the length of the IP datagram in bytes. This length includes the IP header and data payload;
- This 16-bit field is a value that increases in sequence and is assigned to the message sent by the source IP.
- IP will split the message into multiple datagrams, and assign the same identification number to these datagrams, and the receiving end uses these values to reorganize into Original message
- Flags the length of this field is three bits, the first bit is not used.
- the second bit is the "No Fragmentation” bit, set to 1 means that the intermediate forwarding node cannot segment it.
- the third bit is the "Fragmented” bit. Set to 1 to indicate that there are fragmented messages in the follow-up.
- this field is a value, and the IP of the destination device uses this value to reorganize the fragments in the correct order;
- the Time To Live (TTL) field indicates the number of router hops that a data message can retain before being discarded. Every router will check this field and subtract 1 from it at least. When the value of this field is 0, the data message will be discarded;
- Protocol this field indicates the protocol used by the payload data
- Header Checksum and Header Checksum this field is only used to check the validity of the header itself. Each router that the datagram passes through will recalculate this value, because the value of the TTL field is constantly changing;
- Source IP address (Source IP Address, SIP);
- DIP Destination IP address
- Options field Options this field supports some optional header settings, mainly for testing, debugging and security purposes.
- the IPv4 message does not have the Flow Label field. Therefore, in one implementation, when the plaintext message is an IPv4 message, the ciphertext IPv6 message should be filled with the TEID field of the tunnel endpoint identifier in the plaintext message.
- the Flow Label field of the message includes: filling the N bits of the TEID field into the N bits of the Flow Label field of the ciphertext IPv6 message, and the Flow Label field of the ciphertext IPv6 message includes N bits; or
- the TEID field and the first parameter are hashed to obtain the eighth hash value, and the N bits of the eighth hash value are filled into the N bits of the Flow Label field of the ciphertext IPv6 packet, and the ciphertext IPv6 packet
- the Flow Label field includes N bits.
- the plaintext message is IPv4
- the FlowLabel field of the ciphertext IPv6 message includes the seventh field and the eighth field
- the ciphertext IPv6 is filled in according to the tunnel endpoint identifier TEID field in the plaintext message.
- the Flow Label field of the flow label of the message includes: intercepting the TEID field with the same length as the seventh or eighth field of the Flow Label field of the ciphertext IPv6 message, and padding the FlowLabel of the ciphertext IPv6 message Or the seventh field or the eighth field of the ciphertext; or, hash the TEID field and the first parameter to obtain the ninth hash value, and intercept the ninth hash value with the Flow Label field of the ciphertext IPv6 packet
- the seventh field or the eighth field with the same length is filled with the seventh field or the eighth field of the Flow Label of the ciphertext IPv6 packet.
- the plaintext message is IPv4, and the plaintext message is divided into multiple chips; each of the multiple chips is encrypted to obtain the ciphertext IPv6 message of each chip Text; Fill the Flow Label field of the ciphertext IPv6 packet of each chip according to the TEID field of the tunnel endpoint identifier in the plaintext packet.
- the plaintext message is IPv4
- the method of filling the Flow Label field of the ciphertext IPv6 message of each chip according to the TEID field of the tunnel endpoint identifier in the plaintext message can refer to the foregoing that the plaintext message is IPv6.
- the method of filling the Flow Label field of the ciphertext IPv6 packet of each chip according to the TEID field of the tunnel endpoint identifier in the plaintext packet will not be repeated here.
- the first parameter includes at least one of the following parameters:
- the SIP of the cipher text message The SIP of the cipher text message, the DIP of the cipher text message, and the Next Header of the cipher text message.
- the second parameter includes at least one of the following parameters:
- the SIP of the plaintext message The SIP of the plaintext message, the DIP of the plaintext message, the Next Header of the plaintext message, the source port SPt of the plaintext message, and the destination port DPt of the plaintext message.
- the access network device can directly Fill the Flow Label field of the ciphertext IPv6 message according to the Flow Label field of the plaintext IPv6 message.
- the specific filling method can refer to the above method. In order to avoid repetition, it will not be repeated here.
- the uplink plain and cipher text only uses 1 pair of service IPv6 scenarios and 1 pair of Internet key exchange IKE IPv6 address scenarios in the access network equipment.
- the uplink plain cipher text can be transmitted on multiple transmission ports of the access network equipment. It realizes the flow load balancing of the load-bearing granularity, and effectively and fully utilizes the transmission bandwidth.
- the downlink plaintext uses only one pair of service IPv6 scenarios in the core network equipment, and the downlink plaintext achieves load balancing of the load-bearing granularity on multiple transmission ports of the core network, effectively making full use of the transmission bandwidth.
- the downlink ciphertext uses only one pair of business IPv6 and one pair of IKE IPv6 addresses in the security gateway. After the downlink packets are encrypted by the security gateway, the load balancing of the load-bearing granularity is realized on multiple transmission ports, and the transmission bandwidth is effectively and fully utilized.
- the filling of field 1 into field 2 in the embodiment of the present application refers to filling the value of field 1 into field 2, that is, the value of field 1 and the value of field 2 are equal.
- the TEID field is intercepted with the same length as the first field of the Flow Label field, and the first field of the Flow Label is filled, it means that the value of the intercepted part of the TEID field is filled into the Flow Label.
- the first field of that is, the value of the intercepted part of the TEID field is equal to the value of the first field of the Flow Label.
- the N bits of field 1 are filled into the N bits of field 2, which means that the value of the Nbit of field 1 is filled into the N bit of field 2.
- the value of N bits in field 1 and the value of N bits in field 2 are the same.
- filling the N bits of the TEID field into the N bits of the Flow Label field means filling the value of the TEID field into the Flow Label field, that is to say, the value of the TEID field and the Flow Label field are The values are equal.
- Figure 10 describes the "IEEE 802.3ad Ethernet link aggregation" technology for load balancing.
- Ethernet link aggregation is the aggregation of multiple Ethernet links together to form an aggregation group to achieve load sharing among member ports , It also provides higher connection reliability.
- Figure 10 includes an access network device 410, a switch 420, and a router 430.
- the two lines in Figure 10 represent that two links are aggregated.
- the link to which the message is sent depends on the hash value, which corresponds to the implementation of this application.
- the access network device 410 may execute the content described in the method 200, which corresponds to the flow in FIG. 4.
- Different styles of packets in the figure represent packets of different bearers.
- the same bearer packets are transmitted on the same PATH because of the same hash value.
- Different bearer packets can be hashed and transmitted on different PATHs. If one of the PATHs fails, The stream packets that should have been transmitted on the failed PATH can be immediately transferred to other PATHs for transmission to increase reliability.
- Figure 11 ciphertext scenario source and intermediate nodes implement bearer-based flow load balancing based on hash calculation.
- Figure 11 is the ciphertext scenario of Figure 10, which includes access network equipment 510, switch 520, security gateway 530, and router 540.
- the access network device 510 may execute the content described in method 200 and copy the Flow Label filled with the plaintext message to the ciphertext message, so that the ciphertext message also obtains the bearer information.
- the load balancing can be performed in the manner shown in FIG. 10.
- the security gateway 530 can execute the content described in the method 300, that is, corresponding to the flow in FIG. 7.
- Figure 12 the equal-cost routing scenario source and intermediate nodes implement bearer-based flow load balancing based on hash calculation.
- Figure 12 includes access network equipment 610, switch 620, router 630, and router 640. Two switches are configured on switch 620.
- the access network device 610 can execute the content described in method 200, that is, corresponding to the flow in Figure 4, the access network device 610 calculates the hash value according to the filled Flow Label and the second parameter, and decides to use a different The route forwards the message to different PATHs to achieve load balancing of multiple PATHs.
- Figure 13 includes access network equipment 710, switch 720, router 730, and router 740. Two routes with the same priority are configured on switch 720.
- switch 720 fails, such as switch 720 to router If the 740 path fails, the service will quickly switch to the normal PATH for transmission to increase reliability, which will be much faster than the reliability switch of the fourth layer protocol.
- the source device is the message sender, which may be an access network device or a core network device, and the intermediate node may be a router, a switch, and so on.
- FIG. 14 shows a schematic block diagram of a communication device 800 according to an embodiment of the present application.
- the apparatus 800 may be an access network device, or a chip or circuit, for example, a chip or circuit that can be provided in an access network device.
- the apparatus 800 may be a core network device, or a chip or circuit, such as a chip or circuit that can be provided in a core network device.
- the device 800 may be a security gateway device, or a chip or circuit, for example, a chip or circuit that can be provided in a security gateway device.
- the device 800 may include a processing unit 810 (that is, an example of a processor) and a transceiver unit 830.
- the processing unit 810 may also be referred to as a determining unit.
- the transceiving unit 830 may include a receiving unit and a sending unit.
- the transceiver unit 830 may be implemented by a transceiver or a transceiver-related circuit or interface circuit.
- the device may further include a storage unit 820.
- the storage unit 820 is used to store instructions.
- the storage unit may also be used to store data or information.
- the storage unit 820 may be implemented by a memory.
- the processing unit 810 is configured to execute the instructions stored in the storage unit 820, so that the apparatus 800 implements the steps performed by the terminal device in the foregoing method.
- the processing unit 810 may be used to call the data of the storage unit 820, so that the apparatus 800 implements the steps performed by the terminal device in the foregoing method.
- the processing unit 810 is configured to execute the instructions stored in the storage unit 820, so that the apparatus 800 implements the steps performed by the access network device in the foregoing method.
- the processing unit 810 may be used to call the data of the storage unit 820, so that the apparatus 800 implements the steps performed by the access network device in the foregoing method.
- the processing unit 810, the storage unit 820, and the transceiving unit 830 may communicate with each other through an internal connection path to transfer control and/or data signals.
- the storage unit 820 is used to store a computer program, and the processing unit 810 can be used to call and run the calculation program from the storage unit 820 to control the transceiver unit 830 to receive signals and/or send signals to complete the above method. Steps for terminal equipment or access network equipment.
- the storage unit 820 may be integrated in the processing unit 810, or may be provided separately from the processing unit 810.
- the transceiver unit 830 includes a receiver and a transmitter.
- the receiver and the transmitter may be the same or different physical entities. When they are the same physical entity, they can be collectively referred to as transceivers.
- the transceiver unit 830 includes an input interface and an output interface.
- the function of the transceiving unit 830 may be implemented by a transceiving circuit or a dedicated chip for transceiving.
- the processing unit 810 may be implemented by a dedicated processing chip, a processing circuit, a processing unit, or a general-purpose chip.
- a general-purpose computer may be considered to implement the communication device (such as a terminal device or an access network device) provided in the embodiment of the present application. That is, the program code for realizing the functions of the processing unit 810 and the transceiving unit 830 is stored in the storage unit 820, and the general processing unit implements the functions of the processing unit 810 and the transceiving unit 830 by executing the code in the storage unit 820.
- the apparatus 800 may be an access network device or a core network device, or a chip or circuit provided in the access network device or the core network device.
- the processing unit 810 is configured to determine the TEID field according to the tunnel endpoint identifier TEID field in the plaintext IPv6 message.
- the transmission path of the plaintext IPv6 message; the transceiver unit 830 is configured to transmit the plaintext IPv6 message according to the determined transmission path of the plaintext IPv6 message.
- the processing unit 810 is specifically configured to: fill the flow label Flow Label field of the plaintext IPv6 packet according to the tunnel endpoint identifier TEID field of the plaintext IPv6 packet; according to the filled Flow Label field Performing hash calculation with the first parameter participating in the hash calculation to obtain a first hash value, where the SIP and the DIP are the SIP and DIP of the plaintext IPv6 message; and the first hash value is determined according to the first hash value. Transmission path of plaintext IPv6 packets.
- the processing unit 810 is specifically configured to: fill the N bits of the TEID field into the N bits of the Flow Label field, and the Flow Label field includes N bits; or, the TEID The field and the first parameter are hashed to obtain the second hash value, and N bits of the second hash value are filled in the N bits of the Flow Label field, and the Flow Label field includes N bits.
- the FlowLabel field of the plaintext IPv6 message includes a first field and a second field
- the processing unit 810 is specifically configured to include: intercepting the TEID field and the FlowLabel field The first field or the part of the second field with the same length is filled in the first field or the second field of the Flow Label; or, the TEID field and the first parameter are hashed to obtain the second hash value, and all The second hash value intercepts a part of the same length as the first field or the second field of the Flow Label field, and fills the first field or the second field of the Flow Label.
- the processing unit 810 is further configured to: copy the Flow Label field of the plaintext IPv6 message to the Flow Label field of the ciphertext IPv6 message; or, transfer the plaintext IPv6 A fifth hash value is obtained by hashing the Flow Label field and the second parameter of the flow label of the message, and the Flow Label field of the ciphertext IPv6 message is filled according to the fifth hash value.
- each module or unit in the device 800 can be used to perform various actions or processes performed by the access network device or core network device in the above method.
- the access network device or core network device in the above method.
- detailed descriptions are omitted.
- the device 800 may be a security gateway, or a chip or circuit provided in the security gateway.
- the transceiver unit 830 is configured to receive a clear text message sent by a core network device;
- the processing unit 810 is configured to identify TEID according to the tunnel endpoint in the clear text message
- the field is filled with the Flow Label field of the ciphertext IPv6 message, and the ciphertext IPv6 message is a message encrypted by the plaintext message; the processing unit is also used for filling the flow label field of the ciphertext IPv6 message according to the filled ciphertext IPv6 message.
- the Flow Label field and the first parameter involved in the hash calculation are hashed to obtain the first hash value, where the SIP and the DIP are SIP and DIP of the ciphertext IPv6 packet; the processing unit is further configured to The transmission path of the ciphertext IPv6 packet is determined according to the first hash value.
- the plaintext message is an IPv6 message or an IPv4 message
- the processing unit 810 is configured to: fill N bits of the TEID field into the Flow Label field of the ciphertext IPv6 message
- the Flow Label field of the ciphertext IPv6 message includes N bits; or, the TEID field and the first parameter are hashed to obtain the second hash value, and the second hash value is N bits are filled in the N bits of the Flow Label field of the ciphertext IPv6 message, and the Flow Label field of the ciphertext IPv6 message includes N bits.
- the plaintext message is an IPv6 message or IPv4
- the Flow Label field of the ciphertext IPv6 message includes a first field and a second field
- the processing unit 810 is configured to:
- the TEID field intercepts the part with the same length as the first field or the second field of the Flow Label field of the ciphertext IPv6 packet, and fills the first field or the second field of the Flow Label field of the ciphertext IPv6 packet; or, Hashing the TEID field and the first parameter to obtain a third hash value, and intercepting the third hash value to be the same as the first field or the second field of the Flow Label field of the ciphertext IPv6 packet
- the length part is filled in the first field or the second field of the Flow Label of the ciphertext IPv6 packet.
- the plaintext message is an IPv6 message
- the processing unit 810 is configured to: fill in the flow label Flow Label of the plaintext IPv6 message according to the tunnel endpoint identifier TEID field of the plaintext IPv6 message Field; copy the filled flow label Flow Label field of the plaintext IPv6 message to the flow label Flow Label field of the ciphertext IPv6 message.
- the plaintext message is an IPv6 message
- the processing unit 810 is further configured to: according to the tunnel endpoint identifier of the plaintext IPv6 message
- the TEID field fills the Flow Label field of the plaintext IPv6 packet; the plaintext IPv6 packet filled with the FlowLabel field is divided into multiple chips, and each of the multiple chips includes Filled in the Flow Label field; copy the Flow Label field of each chip to the Flow Label field of the encrypted cipher text message of each chip;
- the processing unit 810 is configured to: fill the N bits of the TEID field into the N bits of the Flow Label field of the plaintext IPv6 packet, and the Flow Label field of the plaintext IPv6 packet includes N bit; or, hash the TEID field and the second parameter to obtain a fifth hash value, and fill N bits of the fifth hash value into N in the Flow Label field of the plaintext IPv6 packet bit, the Flow Label field of the plaintext IPv6 message includes N bits.
- the FlowLabel field of the plaintext IPv6 message includes a first field and a second field
- the processing unit 810 is configured to: intercept the TEID field with the FlowLabel field of the plaintext IPv6 message.
- the first field or the second field of the field with the same length is filled in the first field or the second field of the Flow Label of the plaintext IPv6 message; or, the TEID field and the second parameter are hashed to obtain the first field
- Six hash values the sixth hash value is intercepted with the same length as the first field or the second field of the FlowLabel field of the plaintext IPv6 message, and the first field of the FlowLabel field of the plaintext IPv6 message is filled in.
- the plaintext message is an IPv8 message or an IPv6 message
- the processing unit 810 is further configured to: divide the plaintext message into Is a plurality of chips; each chip of the plurality of chips is encrypted to obtain the ciphertext message of each chip; and each of the ciphertext messages is filled according to the TEID field of the tunnel endpoint identification in the plaintext message.
- each module or unit in the device 800 can be used to perform various actions or processing procedures performed by the security gateway in the foregoing method.
- each module or unit in the device 800 can be used to perform various actions or processing procedures performed by the security gateway in the foregoing method.
- detailed descriptions are omitted.
- the access network equipment 900 includes one or more radio frequency units, such as a remote radio unit (RRU) 910 and one or more baseband units (BBU) (also referred to as digital units, digital units, DU)920.
- RRU remote radio unit
- BBU baseband units
- the RRU 910 may be called a transceiver unit, a transceiver, a transceiver circuit, or a transceiver, etc., and it may include at least one antenna 911 and a radio frequency unit 912.
- the RRU910 part is mainly used for receiving and sending radio frequency signals and converting radio frequency signals and baseband signals, for example, for sending the signaling messages described in the foregoing embodiments to terminal equipment.
- the BBU920 part is mainly used to perform baseband processing, control the base station, and so on.
- the RRU 910 and the BBU 920 may be physically set together, or may be physically separated, that is, a distributed base station.
- the BBU 920 is the control center of the base station, and may also be called a processing unit, which is mainly used to complete baseband processing functions, such as channel coding, multiplexing, modulation, and spreading.
- the BBU (processing unit) 920 may be used to control the base station 40 to execute the operation procedure of the network device in the foregoing method embodiment.
- the BBU 920 may be composed of one or more single boards, and multiple single boards may jointly support a radio access network of a single access standard (such as an LTE system or a 9G system), and may also support different access networks respectively. Enter the standard wireless access network.
- the BBU 920 further includes a memory 921 and a processor 922.
- the memory 921 is used to store necessary instructions and data.
- the memory 921 stores the codebook in the above-mentioned embodiment and the like.
- the processor 922 is configured to control the base station to perform necessary actions, for example, to control the base station to execute the operation procedure of the network device in the foregoing method embodiment.
- the memory 921 and the processor 922 may serve one or more single boards. In other words, the memory and the processor can be set separately on each board. It can also be that multiple boards share the same memory and processor. In addition, necessary circuits can be provided on each board.
- SoC system-on-chip
- all or part of the functions of part 920 and part 910 can be realized by SoC technology, for example, a base station function chip Realization, the base station function chip integrates a processor, a memory, an antenna interface and other devices, the program of the base station related functions is stored in the memory, and the processor executes the program to realize the relevant functions of the base station.
- the base station function chip can also read a memory external to the chip to implement related functions of the base station.
- FIG. 15 the structure of the access network device illustrated in FIG. 15 is only a possible form, and should not constitute any limitation in the embodiment of the present application. This application does not exclude the possibility of other types of base station structures that may appear in the future.
- the processor may be a central processing unit (central processing unit, CPU), and the processor may also be other general-purpose processors, digital signal processors (digital signal processors, DSP), and dedicated integration Circuit (application specific integrated circuit, ASIC), ready-made programmable gate array (field programmable gate array, FPGA) or other programmable logic devices, discrete gates or transistor logic devices, discrete hardware components, etc.
- the general-purpose processor may be a microprocessor or the processor may also be any conventional processor or the like.
- the memory in the embodiments of the present application may be volatile memory or non-volatile memory, or may include both volatile and non-volatile memory.
- the non-volatile memory can be read-only memory (ROM), programmable read-only memory (programmable ROM, PROM), erasable programmable read-only memory (erasable PROM, EPROM), and electrically available Erase programmable read-only memory (electrically EPROM, EEPROM) or flash memory.
- the volatile memory may be random access memory (RAM), which is used as an external cache.
- RAM random access memory
- static random access memory static random access memory
- DRAM dynamic random access memory
- DRAM synchronous dynamic random access memory
- Access memory synchronous DRAM, SDRAM
- double data rate synchronous dynamic random access memory double data rate SDRAM, DDR SDRAM
- enhanced synchronous dynamic random access memory enhanced SDRAM, ESDRAM
- synchronous connection dynamic random access memory Take memory (synchlink DRAM, SLDRAM) and direct memory bus random access memory (direct rambus RAM, DR RAM).
- the above-mentioned embodiments may be implemented in whole or in part by software, hardware, firmware or any other combination.
- the above-mentioned embodiments may be implemented in the form of a computer program product in whole or in part.
- the computer program product includes one or more computer instructions or computer programs.
- the computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable devices.
- the computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium.
- the computer instructions may be transmitted from a website, computer, server, or data center. Transmission to another website, computer, server or data center via wired (such as infrared, wireless, microwave, etc.).
- the computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server or a data center that includes one or more sets of available media.
- the usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, and a magnetic tape), an optical medium (for example, a DVD), or a semiconductor medium.
- the semiconductor medium may be a solid state drive.
- the embodiments of the present application also provide a computer-readable medium on which a computer program is stored.
- the steps performed by the access network device in any of the above-mentioned embodiments or the core network device is executed. Steps, or steps performed by the security gateway device.
- the embodiments of the present application also provide a computer program product that, when executed by a computer, implements the steps performed by the access network device in any of the above embodiments, or the steps performed by the core network device, or the security gateway device. A step of.
- An embodiment of the present application also provides a system chip, which includes: a communication unit and a processing unit.
- the processing unit may be a processor, for example.
- the communication unit may be, for example, a communication interface, an input/output interface, a pin or a circuit, or the like.
- the processing unit can execute computer instructions so that the chip in the communication device executes the steps performed by the access network device provided in the embodiments of the present application, or the steps performed by the core network device, or the steps performed by the security gateway device.
- the computer instructions are stored in a storage unit.
- the embodiment of the present application also provides a communication system, which includes the aforementioned access network device, core network device, and security gateway device.
- various aspects or features of the present application can be implemented as methods, devices, or products using standard programming and/or engineering techniques.
- article of manufacture used in this application encompasses a computer program accessible from any computer-readable device, carrier, or medium.
- computer-readable media may include, but are not limited to: magnetic storage devices (for example, hard disks, floppy disks, or tapes, etc.), optical disks (for example, compact discs (CD), digital versatile discs (DVD)) Etc.), smart cards and flash memory devices (for example, erasable programmable read-only memory (EPROM), cards, sticks or key drives, etc.).
- various storage media described herein may represent one or more devices and/or other machine-readable media for storing information.
- machine-readable medium may include, but is not limited to, wireless channels and various other media capable of storing, containing, and/or carrying instructions and/or data.
- hash values there are multiple hash values in this application, such as “first hash value”, “second hash value”, “third hash value”, etc.
- the “first hash value”, “Second Hash Value”, “Third Hash Value”, etc. respectively indicate the hash values obtained by performing hash operations according to different parameters.
- the “first hash value”, “second hash value” and “first hash value” The specific value of the “three hash value” is determined by the hash parameters, and "first", “second”, “third”, etc. do not impose any restrictions on the hash value.
- the disclosed system, device, and method can be implemented in other ways.
- the device embodiments described above are merely illustrative, for example, the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components may be combined or It can be integrated into another system, or some features can be ignored or not implemented.
- the displayed or discussed mutual couplings or direct couplings or communication connections may be indirect couplings or communication connections between devices or units through some interfaces, and may be in electrical, mechanical or other forms.
- the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
- the functional units in the various embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
- the function is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium.
- the technical solution of the present application essentially or the part that contributes to the existing technology or the part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium, including Several instructions are used to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the methods described in the various embodiments of the present application.
- the aforementioned storage media include: U disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or optical disk and other media that can store program code .
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Power Engineering (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Multimedia (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Claims (26)
- 一种基于网际协议版本IPv6的无线网络通信方法,其特征在于,包括:根据明文IPv6报文内的隧道端点标识TEID字段确定所述明文IPv6报文的传输路径,所述TEID字段用于指示所述明文IPv6报文所属的承载;根据确定的所述明文IPv6报文的传输路径传输所述明文IPv6报文。
- 根据权利要求1所述的方法,其特征在于,所述根据明文IPv6报文内的隧道端点标识TEID字段确定所述明文IPv6报文的传输路径,包括:根据所述明文IPv6报文的隧道端点标识TEID字段填充所述明文IPv6报文的流标签Flow Label字段;根据填充后的所述Flow Label字段和第一参数进行哈希计算得到第一哈希值;根据所述第一哈希值确定所述明文IPv6报文的传输路径。
- 根据权利要求2所述的方法,其特征在于,所述Flow Label字段包括N bit,所述根据所述明文IPv6报文的隧道端点标识TEID字段填充所述明文IPv6报文的流标签Flow Label字段,包括:将所述TEID字段的N bit填入所述Flow Label字段的N bit;或者,将所述TEID字段和所述第一参数进行哈希计算得到第二哈希值,将所述第二哈希值的N bit填入所述Flow Label字段的N bit。
- 根据权利要求2所述的方法,其特征在于,所述明文IPv6报文的Flow Label字段包括第一字段和第二字段,所述根据所述明文IPv6报文的隧道端点标识TEID字段填充所述明文IPv6报文的流标签Flow Label字段,包括:将所述TEID字段截取与所述Flow Label字段的第一字段或者第二字段相同长度的部分,填充所述Flow Label的第一字段或者第二字段;或者,将所述TEID字段和第一参数进行哈希计算得到第二哈希值,将所述第二哈希值截取与所述Flow Label字段的第一字段或者第二字段相同长度的部分,填充所述Flow Label的第一字段或者第二字段。
- 根据权利要求1至4中任一项所述的方法,其特征在于,所述方法还包括:根据明文Ipv4报文内的隧道端点标识TEID字段填充密文IPv6报文的流标签Flow Label字段,所述密文IPv6报文为所述明文报文加密后的报文;根据填充后的密文IPv6报文的Flow Label字段和所述第二参数进行哈希计算得到第六哈希值;根据所述第三哈希值确定所述密文IPv6报文的传输路径。
- 根据权利要求5所述的方法,其特征在于,所述根据明文Ipv4报文内的隧道端点标识TEID字段填充密文IPv6报文的流标签Flow Label字段,包括:将所述TEID字段的N bit填入所述密文IPv6报文的Flow Label字段的N bit,所述密文IPv6报文的Flow Label字段包括N bit;或者,将所述TEID字段和所述第二参数进行哈希计算得到第四哈希值,将所述第四哈希值的N bit填入所述密文IPv6报文的Flow Label字段的N bit,所述密文IPv6报文的Flow Label字段包括N bit。
- 根据权利要求6所述的方法,其特征在于,所述密文IPv6报文的Flow Label字段包 括第三字段和第四字段,所述根据明文Ipv4报文内的隧道端点标识TEID字段填充密文IPv6报文的流标签Flow Label字段,包括:将所述TEID字段截取与所述密文IPv6报文的Flow Label字段的第三字段或者第四字段相同长度的部分,填充所述密文IPv6报文的Flow Label的第三字段或者第四字段;或者,将所述TEID字段和所述第二参数进行哈希计算得到第五哈希值,将所述第五哈希值截取与所述密文IPv6报文的Flow Label字段的第三字段或者第四字段相同长度的部分,填充所述密文IPv6报文的Flow Label的第三字段或者第四字段。
- 根据权利要求5所述的方法,其特征在于,所述明文Ipv4报文包括多个码片,所述方法还包括:对所述多个码片中的每个码片加密得到所述每个码片的密文报文;根据所述明文Ipv4报文内的隧道端点标识TEID字段填充所述每个码片的密文报文的Flow Label字段;根据所述密文报文的Flow Label字段和第二参数进行哈希计算得到第六哈希值;根据所述第三哈希值确定所述密文IPv6报文的传输路径,包括:根据所述第六哈希值确定所述每个密文码片的传输路径。
- 根据权利要求8所述的方法,其特征在于,所述根据所述明文Ipv4报文内的隧道端点标识TEID字段填充所述每个码片的密文报文的Flow Label字段,包括:将所述TEID字段的N bit填入所述每个码片的密文报文的Flow Label字段的N bit,所述每个码片的密文报文的Flow Label字段包括N bit;或者,将所述TEID字段和所述第二参数进行哈希计算得到第七哈希值,将所述第七哈希值的N bit填入所述每个码片的密文报文的Flow Label字段的N bit,所述每个码片的密文报文的Flow Label字段包括N bit。
- 根据权利要求8所述的方法,其特征在于,所述每个码片的密文报文的Flow Label字段包括第五字段和第六字段,所述根据所述明文报文内的隧道端点标识TEID字段填充所述每个码片的密文报文的Flow Label字段,包括:将所述TEID字段截取与所述每个码片的密文报文的Flow Label字段的第五字段或者第六字段相同长度的部分,填充所述每个码片的密文报文的Flow Label字段的第五字段或者第六字段;或者,将所述TEID字段和所述第二参数进行哈希计算得到第八哈希值,将所述第八哈希值截取与所述每个码片的密文报文的Flow Label字段的第五字段或者第六字段相同长度的部分,填充所述每个码片的密文报文的Flow Label字段的第五字段或者第六字段。
- 一种基于网际协议版本IPv6的通信方法,其特征在于,包括:从核心网设备接收明文报文;根据所述明文报文内的隧道端点标识TEID字段填充密文IPv6报文的流标签Flow Label字段,所述密文IPv6报文为所述明文报文加密后的报文;根据填充后的密文IPv6报文的Flow Label字段和第一参数进行哈希计算得到第一哈希值;根据所述第一哈希值确定所述密文IPv6报文的传输路径。
- 根据权利要求11所述的方法,其特征在于,所述明文报文为IPv6报文或者Ipv4报文,所述根据所述明文报文内的隧道端点标识TEID字段填充密文IPv6报文的流标签Flow Label字段,包括:将所述TEID字段的N bit填入所述密文IPv6报文的Flow Label字段的N bit,所述密文IPv6报文的Flow Label字段包括N bit;或者,将所述TEID字段和所述第一参数进行哈希计算得到第二哈希值,将所述第二哈希值的N bit填入所述密文IPv6报文的Flow Label字段的N bit,所述密文IPv6报文的Flow Label字段包括N bit。
- 根据权利要求11所述的方法,其特征在于,所述明文报文为IPv6报文或者Ipv4,所述密文IPv6报文的Flow Label字段包括第一字段和第二字段,所述根据所述明文报文内的隧道端点标识TEID字段填充密文IPv6报文的流标签Flow Label字段,包括:将所述TEID字段截取与所述密文IPv6报文的Flow Label字段的第一字段或者第二字段相同长度的部分,填充所述密文IPv6报文的Flow Label的第一字段或者第二字段;或者,将所述TEID字段和所述第一参数进行哈希计算得到第三哈希值,将所述第三哈希值截取与所述密文IPv6报文的Flow Label字段的第一字段或者第二字段相同长度的部分,填充所述密文IPv6报文的Flow Label的第一字段或者第二字段。
- 根据权利要求11所述的方法,其特征在于,所述明文报文为IPv6报文,所述根据所述明文报文内的隧道端点标识TEID字段填充密文IPv6报文的流标签Flow Label字段,包括:根据所述明文IPv6报文的隧道端点标识TEID字段填充所述明文IPv6报文的流标签Flow Label字段;将填充的所述明文IPv6报文的流标签Flow Label字段复制所述密文IPv6报文的流标签Flow Label字段。
- 根据权利要求11所述的方法,其特征在于,所述明文报文为IPv6报文,所述明文报文分为多个码片时,所述方法还包括:根据所述明文IPv6报文的隧道端点标识TEID字段填充所述明文IPv6报文的流标签Flow Label字段;将填充Flow Label字段后的所述明文IPv6报文分为多个码片,所述多个码片中的每个码片均包含填充的所述Flow Label字段;将所述每个码片的Flow Label字段复制到所述每个码片加密的密文报文的Flow Label字段;根据所述密文报文的Flow Label字段和所述第一参数进行哈希计算得到第四哈希值;根据所述第四哈希值确定所述每个密文报文的传输路径。
- 根据权利要求14或15所述的方法,其特征在于,所述根据所述明文IPv6报文的隧道端点标识TEID字段填充所述明文IPv6报文的流标签Flow Label字段,包括:将所述TEID字段的N bit填入所述明文IPv6报文的Flow Label字段的N bit,所述明文IPv6报文的Flow Label字段包括N bit;或者,将所述TEID字段和所述第二参数进行哈希计算得到第五哈希值,将所述第五哈希值的N bit填入所述明文IPv6报文的Flow Label字段的N bit,所述明文 IPv6报文的Flow Label字段包括N bit。
- 根据权利要求14或15所述的方法,其特征在于,所述明文IPv6报文的Flow Label字段包括第一字段和第二字段,所述根据所述明文IPv6报文的隧道端点标识TEID字段填充所述明文IPv6报文的流标签Flow Label字段,包括:将所述TEID字段截取与所述明文IPv6报文的Flow Label字段的第一字段或者第二字段相同长度的部分,填充所述明文IPv6报文的Flow Label的第一字段或者第二字段;或者,将所述TEID字段和所述第二参数进行哈希计算得到第六哈希值,将所述第六哈希值截取与所述明文IPv6报文的Flow Label字段的第一字段或者第二字段相同长度的部分,填充所述明文IPv6报文的Flow Label的第一字段或者第二字段。
- 根据权利要求11所述的方法,其特征在于,所述明文报文为Ipv4报文或者IPv6报文,所述明文报文分为多个码片时,所述方法还包括:将所述明文报文分为多个码片;对所述多个码片中的每个码片加密得到所述每个码片的密文报文;根据所述明文报文内的隧道端点标识TEID字段填充所述每个码片的密文报文的Flow Label字段;根据所述密文报文的Flow Label字段和所述第一参数进行哈希计算得到第七哈希值;根据所述第七哈希值确定所述每个密文报文的传输路径。
- 根据权利要求18所述的方法,其特征在于,所述根据所述明文报文内的隧道端点标识TEID字段填充所述每个码片的密文报文的Flow Label字段,包括:将所述TEID字段的N bit填入所述每个码片的密文报文的Flow Label字段的N bit,所述每个码片的密文报文的Flow Label字段包括N bit;或者,将所述TEID字段和所述第一参数进行哈希计算得到第八哈希值,将所述第八哈希值的N bit填入所述每个码片的密文报文的Flow Label字段的N bit,所述每个码片的密文报文的Flow Label字段包括N bit。
- 根据权利要求19所述的方法,其特征在于,所述每个码片的密文报文的Flow Label字段包括第一字段和第二字段,所述根据所述明文报文内的隧道端点标识TEID字段填充所述每个码片的密文报文的Flow Label字段,包括:将所述TEID字段截取与所述每个码片的密文报文的Flow Label字段的第一字段或者第二字段相同长度的部分,填充所述每个码片的密文报文的Flow Label字段的第一字段或者第二字段;或者,将所述TEID字段和所述第一参数进行哈希计算得到第九哈希值,将所述第九哈希值截取与所述每个码片的密文报文的Flow Label字段的第一字段或者第二字段相同长度的部分,填充所述每个码片的密文报文的Flow Label字段的第一字段或者第二字段。
- 一种通信装置,包括处理器,所述处理器与存储器相连,所述存储器用于存储计算机程序,所述处理器用于执行所述存储器中存储的计算机程序,以使得所述装置执行如权利要求1至10中任一项所述的方法或者如权利要求11至20中任一项所述的方法。
- 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有计算机程序,当所述计算机程序被运行时,实现如权利要求1至10中任一项所述的方法或者如权 利要求11至20中任一项所述的方法。
- 一种芯片,其特征在于,包括处理器和接口;所述处理器用于读取指令以执行权利要求1至10中任一项所述的方法或者权利要求11至20中任一项所述的方法。
- 一种通信系统,包括执行权利要求1-10任意一项所述的方法的通信设备和执行权利要求11-20任意一项所述的方法的通信设备。
- 一种计算机程序产品,其特征在于,所述程序产品包括程序,当所述程序被运行时,使得行权利要求1-20任一项所述的方法被执行。
- 一种通信装置,其特征在于,所述通信装置用于执行权利要求1-20任一项所述的方法。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020227037606A KR20220160648A (ko) | 2020-04-10 | 2021-04-09 | 인터넷 프로토콜 버전 IPv6 기반 무선 네트워크 통신 방법 및 통신 디바이스 |
EP21785520.4A EP4120731A4 (en) | 2020-04-10 | 2021-04-09 | WIRELESS NETWORK COMMUNICATION METHOD AND DEVICE BASED ON INTERNET PROTOCOL VERSION IPV6 |
US18/045,145 US20230074712A1 (en) | 2020-04-10 | 2022-10-08 | Internet protocol version 6 (ipv6) based wireless network communication method and communication device |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010281148.2 | 2020-04-10 | ||
CN202010281148.2A CN113518387B (zh) | 2020-04-10 | 2020-04-10 | 一种基于网际协议版本IPv6的无线网络通信方法和通信设备 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US18/045,145 Continuation US20230074712A1 (en) | 2020-04-10 | 2022-10-08 | Internet protocol version 6 (ipv6) based wireless network communication method and communication device |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021204260A1 true WO2021204260A1 (zh) | 2021-10-14 |
Family
ID=78022450
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2021/086217 WO2021204260A1 (zh) | 2020-04-10 | 2021-04-09 | 一种基于网际协议版本IPv6的无线网络通信方法和通信设备 |
Country Status (5)
Country | Link |
---|---|
US (1) | US20230074712A1 (zh) |
EP (1) | EP4120731A4 (zh) |
KR (1) | KR20220160648A (zh) |
CN (1) | CN113518387B (zh) |
WO (1) | WO2021204260A1 (zh) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20230065679A1 (en) * | 2021-08-25 | 2023-03-02 | Cisco Technology, Inc. | Lightweight path maximum transmission unit for wireless multicast overlay |
CN114301592B (zh) * | 2021-12-30 | 2023-06-23 | 李秦豫 | 一种网络加密算法 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102594694A (zh) * | 2012-03-06 | 2012-07-18 | 北京中创信测科技股份有限公司 | 数据分流方法和设备 |
WO2014101062A1 (zh) * | 2012-12-27 | 2014-07-03 | 华为技术有限公司 | 用户面数据传输方法、移动管理网元、演进型基站及系统 |
US8855071B1 (en) * | 2012-01-04 | 2014-10-07 | Juniper Networks, Inc. | Handling errors in subscriber session management within mobile networks |
CN110430136A (zh) * | 2019-07-16 | 2019-11-08 | 广州爱浦路网络技术有限公司 | 一种基于gtp协议的接口与路由分发方法和装置 |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CA2408993C (en) * | 2000-05-16 | 2008-01-08 | Siemens Aktiengesellschaft | Method for transferring a tunnel between nodes in a gprs system |
KR100785776B1 (ko) * | 2005-12-09 | 2007-12-18 | 한국전자통신연구원 | Ip 버전 6 라우터에서 패킷 처리 장치 및 그 방법 |
CN102244688B (zh) * | 2010-05-11 | 2014-07-16 | 华为技术有限公司 | 一种报文转发的方法、装置及系统 |
US10091102B2 (en) * | 2013-01-09 | 2018-10-02 | Cisco Technology, Inc. | Tunnel sub-interface using IP header field |
CN104363176A (zh) * | 2014-10-24 | 2015-02-18 | 杭州华三通信技术有限公司 | 一种报文控制的方法和设备 |
CN105591874B (zh) * | 2015-12-22 | 2020-10-13 | 新华三技术有限公司 | 一种数据发送方法及装置 |
-
2020
- 2020-04-10 CN CN202010281148.2A patent/CN113518387B/zh active Active
-
2021
- 2021-04-09 EP EP21785520.4A patent/EP4120731A4/en active Pending
- 2021-04-09 WO PCT/CN2021/086217 patent/WO2021204260A1/zh active Application Filing
- 2021-04-09 KR KR1020227037606A patent/KR20220160648A/ko active Search and Examination
-
2022
- 2022-10-08 US US18/045,145 patent/US20230074712A1/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8855071B1 (en) * | 2012-01-04 | 2014-10-07 | Juniper Networks, Inc. | Handling errors in subscriber session management within mobile networks |
CN102594694A (zh) * | 2012-03-06 | 2012-07-18 | 北京中创信测科技股份有限公司 | 数据分流方法和设备 |
WO2014101062A1 (zh) * | 2012-12-27 | 2014-07-03 | 华为技术有限公司 | 用户面数据传输方法、移动管理网元、演进型基站及系统 |
CN110430136A (zh) * | 2019-07-16 | 2019-11-08 | 广州爱浦路网络技术有限公司 | 一种基于gtp协议的接口与路由分发方法和装置 |
Non-Patent Citations (1)
Title |
---|
1 November 2011 (2011-11-01), B. CARPENTER UNIV. OF AUCKLAND S. AMANTE LEVEL: "Using the IPv6 Flow Label for Equal Cost Multipath Routing and Link Aggregation in Tunnels; rfc6438.txt", XP015081334, Database accession no. 6438 * |
Also Published As
Publication number | Publication date |
---|---|
EP4120731A4 (en) | 2023-08-16 |
KR20220160648A (ko) | 2022-12-06 |
CN113518387A (zh) | 2021-10-19 |
EP4120731A1 (en) | 2023-01-18 |
CN113518387B (zh) | 2023-07-21 |
US20230074712A1 (en) | 2023-03-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11510131B2 (en) | Configuration method, data transmission method, and apparatus | |
US9819463B2 (en) | Method and apparatus for transmitting data in a wireless communication system | |
US10798638B2 (en) | Apparatus and method for controller and slice-based security gateway for 5G | |
CN112368980B (zh) | 用于将一个或多个在网业务添加到mpls网络中的方法 | |
CN110115065B (zh) | 在网络环境中实现不等成本多径路由的系统和方法 | |
EP3586489B1 (en) | Methods and network elements for multi-connectivity control | |
US20230074712A1 (en) | Internet protocol version 6 (ipv6) based wireless network communication method and communication device | |
JP2018057025A (ja) | 多接続通信用の統合副層 | |
US20200196384A1 (en) | Communication processing method and apparatus using relay | |
WO2021000827A1 (zh) | 数据传输链路建立方法、装置以及计算机可读存储介质 | |
US10764813B2 (en) | Managing mobility between a cellular network and a wireless local area network (WLAN) | |
WO2021160140A1 (zh) | 网络编码方法和通信装置 | |
US20200396789A1 (en) | Terminal apparatus, method, and integrated circuit | |
EP4106482A1 (en) | Communication method and apparatus | |
US11159985B2 (en) | Terminal apparatus and method | |
WO2021062803A1 (zh) | 一种数据包传输方法及装置 | |
WO2020135011A1 (zh) | 传输方法、装置、报文发送端和接收端 | |
Tilli et al. | Data plane protocols and fragmentation for 5G | |
US11483733B2 (en) | Transporting a multi-transport network context-identifier (MTNC- ID) across multiple domains | |
JP2023176001A (ja) | 端末装置、通信方法、および基地局装置 | |
RU2803196C1 (ru) | Способ передачи пакета данных и устройство | |
WO2023123335A1 (zh) | 通信方法和设备 | |
WO2023197105A1 (zh) | 配置信息的方法、装置和通信系统 | |
WO2023001010A1 (zh) | 一种通信方法以及装置 | |
WO2020062176A1 (zh) | 无线通信方法、终端设备和接入网设备 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21785520 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2021785520 Country of ref document: EP Effective date: 20221011 |
|
ENP | Entry into the national phase |
Ref document number: 20227037606 Country of ref document: KR Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 522440879 Country of ref document: SA |