WO2023175915A1 - Dispositif de commande de session, système de commande de session, procédé de commande de session, et support lisible par ordinateur non transitoire - Google Patents

Dispositif de commande de session, système de commande de session, procédé de commande de session, et support lisible par ordinateur non transitoire Download PDF

Info

Publication number
WO2023175915A1
WO2023175915A1 PCT/JP2022/012650 JP2022012650W WO2023175915A1 WO 2023175915 A1 WO2023175915 A1 WO 2023175915A1 JP 2022012650 W JP2022012650 W JP 2022012650W WO 2023175915 A1 WO2023175915 A1 WO 2023175915A1
Authority
WO
WIPO (PCT)
Prior art keywords
network
session control
communication
data network
vpn
Prior art date
Application number
PCT/JP2022/012650
Other languages
English (en)
Japanese (ja)
Inventor
浩史 傅寳
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Priority to PCT/JP2022/012650 priority Critical patent/WO2023175915A1/fr
Publication of WO2023175915A1 publication Critical patent/WO2023175915A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup

Definitions

  • the present disclosure relates to a session control device, a session control system, a session control method, and a non-transitory computer-readable medium.
  • the 5G system used as a private network is being standardized as SNPN (Standalone Non Public Network) in 3GPP.
  • SNPN is constructed as a network independent from a public network.
  • Non-Patent Document 1 describes a connection configuration of multiple SNPNs. Further, Non-Patent Document 1 describes a plurality of scenarios regarding routes for establishing a PDU (Protocol Data Unit) session when a UE (User Equipment) moves from one SNPN to another SNPN. Specifically, it is described that when the UE moves from SNPN #1 to SNPN #2, the anchor point of the PDU session established by the UE is set to SNPN #1. A PDU session is established between the UE and a UPF (User Plane Function) entity (hereinafter referred to as UPF) that relays user plane data. That is, the PDU session is terminated at the UE and UPF.
  • UPF User Plane Function
  • a PDU session is established between the UE and the UPF located in SNPN #1 via SNPN #2.
  • a PDU session established between the UE and the UPF located at SNPN #1 reaches the UPF located at SNPN #1 from the UE via SNPN #2.
  • the UPF of SNPN #1 When a UE that can use SNPN #1 accesses SNPN #2, the UPF of SNPN #1, which serves as an anchor point, needs to manage connections of UEs that do not exist in SNPN #1.
  • IoT Internet of Things
  • the UPF of SNPN #1 will need to manage connections for a large number of IoT terminals as an anchor point. There is. As a result, there is a problem in that the load on the UPF of SNPN #1 increases, resulting in failure or congestion.
  • one object of the present disclosure is to provide a session control device, a session control system, a session control method, and a non-transitory computer-readable medium that can suppress an increase in load on communication devices that constitute a network.
  • Our goal is to provide the following.
  • a session control device configured to perform communication from a communication terminal located in a communication area formed by a first local network to a second data network connectable via a second local network.
  • a VPN service connectable to the second data network; and a communication device used for connection to the VPN service, the communication unit being disposed in the first local network. and a control unit that establishes a session between the communication terminal and the communication device.
  • a session control system includes a first session control system that controls a communication terminal located in a communication area formed by a first local network and a session established in the first local network.
  • a second session control device that controls a session established in a second local network connectable to a second data network, the second session control device controlling a session established in a second local network connectable to a second data network;
  • the communication terminal receives a request message from the control device indicating that it requests communication to the second data network, it transmits a first response message to the first session control device, and sends a first response message to the first session control device.
  • the response message includes VPN information indicating a VPN service connectable to the second data network
  • the first session control device is a communication device used for connection to the VPN service
  • the first session control device is a communication device used for connection to the VPN service
  • the communication device located in the local network of the communication terminal is identified, and a session is established between the communication terminal and the communication device.
  • a session control method includes communication from a communication terminal located in a communication area formed by a first local network to a second data network connectable via a second local network.
  • a VPN service capable of receiving a request message requesting a second data network and connecting to the second data network; and a communication device used for connecting to the VPN service, the communication device being located in the first local network.
  • a session is established between the communication terminal and the communication device.
  • a program requests communication from a communication terminal located in a communication area formed by a first local network to a second data network connectable via a second local network.
  • a VPN service capable of receiving a request message to connect to the second data network; and a communication device used for connection to the VPN service, the communication device disposed in the first local network. the computer to identify the communication terminal and establish a session between the communication terminal and the communication device.
  • a session control device a session control system, a session control method, and a non-transitory computer-readable medium that can suppress an increase in load on communication devices that constitute a network.
  • FIG. 1 is a configuration diagram of a session control device according to a first embodiment
  • FIG. 7 is a flowchart of session control processing according to the first embodiment
  • FIG. 2 is a configuration diagram of a communication system according to a second embodiment.
  • FIG. 7 is a diagram showing the flow of VPN setting processing according to the second embodiment.
  • FIG. 7 is a diagram showing the flow of VPN setting processing according to the second embodiment.
  • FIG. 7 is a diagram illustrating a communication path according to a second embodiment.
  • FIG. 2 is a configuration diagram of a session control device according to a second embodiment.
  • Session control device 10 may be a computer device that operates by a processor executing a program stored in memory.
  • the session control device 10 may be a node device or a communication device that constitutes a mobile communication network.
  • the session control device 10 includes a communication section 11, a specification section 12, and a control section 13.
  • the communication unit 11, the identification unit 12, and the control unit 13 may be software or modules whose processing is executed by a processor executing a program stored in a memory.
  • the communication section 11, the identification section 12, and the control section 13 may be hardware such as a circuit or a chip.
  • the communication unit 11 receives a request message requesting communication to a data network connectable via the second local network from a communication terminal located in the communication area formed by the first local network.
  • a local network may also be referred to as a private network.
  • the local network may not be a so-called public network, but may be a network that allows access only from specific users.
  • the local network may be a network that constitutes a company network such as a so-called intranet.
  • a company having multiple locations may construct a local network for each location and interconnect the local networks.
  • a company may construct a local network at its headquarter (Head Quarters, HQ) and a local network at a branch office (Branch office), and interconnect the respective local networks.
  • the first local network and the second local network may be networks at different locations.
  • the communication area formed by the local network is a communication area where communication terminals can access the local network.
  • a communication terminal accesses a local network using a wireless communication line or a wired communication line.
  • the communication area formed by the local network may be, for example, a communication area formed by wireless communication devices.
  • the data network may be, for example, a network that includes a server device in which data used by the user is stored, or a server device that the user wishes to access.
  • a network having a server device may also be referred to as a network to which the server device is connected.
  • the local network may be used as a network that relays communication between a communication terminal and a data network.
  • the data network may also be included in the local network. In other words, the data network may be a part of the network that constitutes the local network.
  • the identification unit 12 identifies a VPN (Virtual Private Network) service that can be connected to the data network and a communication device used for connection to the VPN service.
  • a communication device used to connect to the VPN service is located in the first local network.
  • a VPN service is, for example, a service that constructs a virtual private line on a public network such as the Internet.
  • a VPN service is a service that constructs a virtual dedicated line for connecting a first local network and a second local network in a public network. In the virtual dedicated line, the confidentiality of data is maintained by encrypting the data.
  • the VPN service may be, for example, an L2VPN service or an L3VPN service. These techniques are commonly used to interconnect private networks.
  • the L2VPN service interconnects LANs (Local Area Networks) built at different locations so that the entire network behaves as if it were one large LAN. As a result, even if a terminal moves from the head office to a branch office and accesses the LAN of the branch office, it is possible to use the same IP address because the IP subnet set on the LAN is the same.
  • the L3VPN service interconnects IP subnets that are separate from each other, and the L3VPN service acts like a router. As a result, the head office and branch offices can have separate network designs and can be updated independently of each other.
  • L2VPN services and L3VPN services can be isolated from other L2VPN services and L3VPN services. For example, even if duplicate private addresses are used in a VPN service for company X and a VPN service for company Y, they will be recognized as a private address for company X and a private address for company Y.
  • the L2VPN service may be, for example, EVPN (Ethernet VPN).
  • EVPN is implemented, for example, in an MPLS (Multi Protocol Label Switching) network or a Segment Routing network with Traffic Engineering.
  • a communication device is a device that allows access to a network that performs a VPN service.
  • the communication device may be a device located on a network that performs a VPN service, or may be a device that is connected to a data network used to access the network that performs a VPN service.
  • One local network for example, a branch office local network
  • the communication device may be a device located on the Edge side and connected to a data network used to access the network running the VPN service.
  • One local network may have a multi-stage configuration or distributed deployment, such as an Edge environment (for example, for each floor or building) and a Center environment (for example, a management room or server room).
  • the communication device may be a device located on the Center side and connected to a data network used to access the network that executes the VPN service.
  • the control unit 13 establishes a session between the communication terminal and the communication device identified by the identification unit 12. In other words, a session is established with the communication terminal and the communication device as end points. Establishing a session between the communication terminal and the communication device enables the communication terminal to communicate with the communication device, and further enables communication via the communication device. Also, since the communication device is located in the first local network, the session is established in the first local network. That is, the session is terminated at the first local network.
  • a communication terminal may establish a different session for each application service to be used, or may use a plurality of application services using one session.
  • a session between a communication terminal and a communication device may be referred to as a communication path between the communication terminal and the communication device.
  • the communication terminal By establishing a session between the communication terminal and the communication device, the communication terminal connects to the network that executes the VPN service via the communication device. Further, the communication terminal connects to the data network of the second local network via the communication device and the VPN service.
  • the communication unit 11 receives a request message requesting communication to a data network connectable via the second local network from a communication terminal located in the communication area formed by the first local network (S11 ).
  • the specifying unit 12 specifies a VPN service connectable to the data network and a communication device used for connection to the VPN service (S12).
  • the communication device is a device located in the first local network.
  • the control unit 13 establishes a session between the communication terminal and the communication device (S13).
  • the session control device 10 establishes a session with the first local network.
  • the data network is a network connectable via the second local network.
  • the communication terminal can communicate with the data network via the session established in the first local network and the VPN service without establishing a session with the second local network.
  • the second local network does not need to manage the connections of the communication terminals located in the first local network, so that the management load on the communication terminals can be reduced.
  • the communication system of FIG. 3 includes two local networks: an SNPN (Standalone Non Public Network) branch 20 and an SNPN head office 30.
  • SNPN is a network that is being standardized in 3GPP.
  • the SNPN branch 20 may have a PLMN (Public Land Mobile Network) ID (Identifier) different from that of the SNPN head office 30.
  • the PLMN ID is generally an ID that identifies a network managed by a communication carrier.
  • a PLMN ID may be assigned to each SNPN.
  • one PLMN ID may be assigned to two or more SNPNs.
  • each SNPN may be assigned an NID (Network ID). That is, the SNPN may be identified by the NID.
  • the SNPN branch 20 and the SNPN head office 30 constitute one in-house network, with the SNPN head office 30 being the network at the head office and the SNPN branch 20 being the network at the branch office.
  • a local network is not limited to a network constructed at a head office and a branch office, but may be constructed at a factory, for each floor of a building, or for each division within a company.
  • the SNPN branch 20 is recognized as the equivalent SNPN of the SNPN head office 30.
  • the SNPN head office 30 is also recognized as the equivalent SNPN of the SNPN branch 20.
  • a UE 23 that has a Subscription and Credential for connecting to or being registered with the SNPN head office 30 will not be treated as roaming even if it moves from the communication area formed by the SNPN head office 30 to the communication area formed by the SNPN branch 20.
  • the UE 23 can use the Subscription and Credential for connecting to the SNPN head office 30.
  • Subscription indicates subscriber data
  • Credential indicates authentication data.
  • the SNPN branch 20 includes an AMF (Access and Mobility Function) entity 21, an SMF (Session Management Function) entity 22, a UE (User Equipment) 23, an (R)AN ((Radio) Access Network) 24, and a UPF (User Plane Function). It has an entity 25, a DN (Data Network) 26, an edge device 27, and an NSSMF (Network Slice Subnet Management Function) entity 28.
  • the AMF (Access and Mobility Function) entity 21 is hereinafter referred to as AMF21.
  • the SMF (Session Management Function) entity 22 will be referred to as SMF 22 below.
  • the UPF (User Plane Function) entity 25 will be referred to as UPF 25 below.
  • the NSSMF (Network Slice Subnet Management Function) entity 28 will be referred to as NSSMF 28 below.
  • the UE 23 is used as a general term for communication terminals in 3GPP.
  • the UE 23 may be, for example, a smartphone terminal, a tablet terminal, or an IoT (Internet of Things) terminal.
  • IoT Internet of Things
  • the AMF 21 performs mobility control and authentication processing regarding the UE 23.
  • the SMF 22 performs session control regarding the UE 23.
  • the SMF 22 corresponds to the session control device 10 in FIG. (R)AN 24 is an access network for connecting to the core network.
  • the (R)AN 24 may be configured using, for example, a gNB (gNode B), or may be configured using a wireless device that supports a wireless communication standard different from the wireless communication standard defined in 3GPP.
  • the (R)AN 24 may be a wireless device that performs wireless LAN (Local Area Network) communication.
  • the (R)AN 24 may be a device that provides a wired communication line.
  • the UPF 25 transfers or relays User Plane data.
  • User Plane data may be referred to as user data.
  • control data used to control the UPF 25 may be referred to as Control Plane data.
  • the DN 26 may be, for example, an IP network that performs communication using IP, which is used for the so-called Internet.
  • the DN 26 may be, for example, a LAN to which the UPF 25 is connected.
  • the DN26 may be a physically constructed network, or a virtual one using VLAN (Virtual LAN), VXLAN (Virtual eXtensible LAN), GRE (Generic Routing Encapsulation), etc. on the physically constructed network. It may also be a network built in In the following description, the name for identifying the DN 26 will be described as n6-site-branch. Note that the DN 26 is connected to the UPF 25 through an N6 interface in 3GPP.
  • the edge device 27 is a network device that terminates the n6-site-branch, and may be, for example, a router device or a Leaf/Spine switch.
  • the edge device 27 may be, for example, a Provider Edge router (PE router).
  • PE router may be a router managed by another network provider. For example, a company owns the SNPN head office 30 and the SNPN branch 20, but may use a VPN service provided by another network provider to interconnect the two.
  • the edge device 27 may have a virtual instance that provides a VPN service.
  • the virtual instance terminates, for example, EVPN, which is a VPN service that connects the SNPN branch 20 and the SNPN headquarters 30, and the n6-site-branch.
  • the virtual instance also forwards Ethernet frames.
  • the name for identifying the virtual instance that the edge device 27 has will be described as evpn-gw-branch.
  • Edge device 27 may be called a gateway device.
  • the NSSMF 28 provides Provisioning Management Service regarding the network slice subnets that constitute the SNPN branch 20.
  • a network slice is a logical network that virtually divides a single network infrastructure. For example, the operational policy or security policy may be different for each network slice. For example, network slices may be generated for each purpose, such as for each service provided.
  • a network slice subnet is a logical network that is further virtually divided into a network slice.
  • the SNPN headquarters 30 includes an SMF entity 31, an edge device 32, a DN 33, an AF (Application Function) entity 34, an NSMF (Network Slice Management) entity 35, and an NSSMF entity 36.
  • the SMF entity 31 will be referred to as SMF31 below.
  • the AF entity 34 will be referred to as AF34 below.
  • the NSMF entity 35 will be referred to as NSMF 35 below.
  • the NSSMF entity 36 will be referred to as NSSMF 36 below.
  • the SMF 31 performs session control regarding the UE 23. Further, the SMF 31 may perform session control regarding UEs located in the communication area formed by the SNPN headquarters 30.
  • the AF 34 may be a server device that provides application services or stores data, and may be an in-house server located at the SNPN headquarters 30, for example.
  • the DN 33 may be, for example, an IP network that performs communication using IP, which is used for the so-called Internet.
  • the DN 33 may be, for example, a LAN to which the AF 34 connects.
  • DN33 may be a physically constructed network, or may be virtually constructed using Virtual LAN, VXLAN (Virtual eXtensible LAN), GRE (Generic Routing Encapsulation), etc. on a physically constructed network. It may also be a network.
  • the name for identifying DN33 will be explained as n6-site-hq.
  • the edge device 32 is a network device that terminates n6-site-hq, and may be, for example, a router device or a Leaf/Spine switch.
  • the edge device 32 may be, for example, a Provider Edge router (PE router).
  • PE router Provider Edge router
  • the edge device 32 may have a virtual instance that provides VPN services.
  • the virtual instance terminates, for example, EVPN, which is a VPN service that connects the SNPN branch 20 and the SNPN headquarters 30, and n6-site-hq.
  • the virtual instance also forwards Ethernet frames.
  • the name for identifying the virtual instance that the edge device 32 has will be described as evpn-gw-hq.
  • Edge device 32 may be referred to as a gateway device.
  • the NSSMF 36 provides Provisioning Management Service regarding the network slice subnets that make up the SNPN headquarters 30.
  • the NSMF 35 provides Provisioning Management Service regarding network slices including the network slice subnets that make up the SNPN branch 20 and the network subslice subnets that make up the SNPN head office 30.
  • FIG. 3 shows a configuration in which the SNPN branch 20 includes the NSSMF 28 and the SNPN head office 30 includes the NSMF 35 and the NSSMF 36
  • the present invention is not limited to this.
  • the NSMF 35 may be located at the SNPN branch 20 or at a different location from the SNPN branch 20 and the SNPN headquarters 30.
  • NSSMF 28 and NSSMF 36 may also be located at different locations than SNPN branch 20 and SNPN headquarters 30.
  • the NSMF 35, the NSSMF 36, and the NSSMF 28 may be referred to as management devices.
  • a service base architecture is applied to the AMF 21, SMF 22, NSSMF 28, SMF 31, NSMF 35, and NSSMF 36, and each is connected via a service base interface.
  • HTTP HyperText Transfer Protocol
  • evpn-gw-branch is set in the edge device 27, and evpn-gw-hq is set in the edge device 32. do.
  • EVPN which is an L2VPN service
  • Transport Network may be Transport Network Slice.
  • n6-site-hq is connected to evpn-gw-hq.
  • n6-site-branch is not connected to evpn-gw-hq.
  • n6-site-branch is not connected to evpn-gw-hq, that is, n6-site-branch is not connected to evpn-gw-hq. It has not been set, and the data communication route has not been set. Furthermore, assume that the UE 23 moves from the communication area formed by the SNPN head office 30 to the communication area formed by the SNPN branch 20. Specifically, it is assumed that the UE 23 has handed over from the communication area formed by the SNPN head office 30 to the communication area formed by the SNPN branch 20. Alternatively, assume that the UE 23 moves to the communication area formed by the SNPN branch 20 from a state where it is registered with the SNPN head office 30 but is not communicating. Alternatively, assume that the UE 23 holds subscriber data for connecting to the SNPN head office 30 and starts communication in the communication area formed by the SNPN branch 20.
  • the AMF 21 when the AMF 21 receives a PDU Session connection request message from the UE 23, it calls the Nsmf_PDUSession_CreateSMContext service of the SMF 22 (S21). Specifically, the AMF 21 sends a request message to the SMF 22 in order to call the Nsmf_PDUSession_CreateSMContext service of the SMF 22.
  • the AMF 21 specifies the resource sm-contexts and sends a request message in which the data ⁇ “SmContextCreateData”: ⁇ “dnn”: “n6-site-hq” ⁇ is set to the SMF 22.
  • SmContextCreateData is information regarding the PDU Session requested by the UE 23, and dnn (Data Network Name) is the name of the DN (Data Network) that the UE 23 desires to use.
  • dnn indicates the DN to which the UE 23 is connected.
  • the UE 23 specifies n6-site-hq as the dnn.
  • the UE 23 requests connection to the DN 33 of the SNPN head office 30 via the SNPN branch 20.
  • Ethernet is set as the service type in the PDU Session connection request message sent from the UE 23.
  • the SMF 22 calls the Nsmf_PDUSession_Create service of the SMF 31 (S22).
  • the SMF 22 may request information regarding the PDU session in order to connect to the DN 33 of the SNPN head office 30 using the VPN service.
  • the SMF 22 sends a request message to the SMF 31 in order to call the Nsmf_PDUSession_Create service of the SMF 31.
  • the SMF 22 sends a request message to the SMF 31 specifying the resource pdu-sessions and setting the data ⁇ “PduSessionCreateData”: ⁇ “dnn”: “n6-site-hq”, “requestedConnectivity”: “l2vpn-svc” ⁇ . Send to. Note that the SMF 22 may specify the SMF 31 based on the DN specified by dnn.
  • PduSessionCreateData is information regarding the PDU Session requested by the UE 23, and dnn is the name of the DN (Data Network) that the UE 23 desires to use.
  • requestedConnectivity is used to specify the service for connecting to n6-site-hq.
  • l2vpn-svc indicating an L2VPN service is specified as a service for connecting to n6-site-hq. Since the service type of the PDU Session specified by the UE 23 is Ethernet, the SMF 22 may specify l2vpn-svc.
  • IETF RFC8466 defines a YANG data model that can be used to configure L2VPN services, and l2vpn-svc indicates the parameters used in the YANG data model. Note that if the service type of the PDU Session designated by the UE 23 is IP, the SMF 22 may designate the L3VPN service.
  • the SMF 31 calls the Provisioning Management Service of the NSSMF 36 to update the DNFunction information (S23). Specifically, the SMF 31 sends a request message to the NSSMF 36 to call the Provisioning Management Service.
  • the SMF 31 specifies a resource called DNFunction and sends a request message to the NSSMF 36 in which the data ⁇ “managedVpnService”: ⁇ network-access-id”: “n6-site-hq” ⁇ is set as a filter condition.
  • the DNFunction information includes managedVpnService, vpn-id, network-access-id, site-id, and device-id.
  • managedVpnService indicates the VPN service type.
  • the VPN service type may indicate, for example, L2VPN or L3VPN.
  • VPN-ID is identification information for identifying a VPN service.
  • network-access-id indicates a data network accommodated in the VPN service type indicated in managedVpnService.
  • site-id indicates where the data network is located.
  • device-id indicates an edge device that is a physical device that terminates the VPN service indicated by vpn-id.
  • Step S23 in FIG. 4 indicates that the DNFunction information includes at least one managedVpnService information.
  • managedVpnService information may be described according to the YANG data model defined in IETF RFC8466. The word “described” may also be interpreted as “shown” or “set”. That is, managedVpnService information may include one l2vpn-svc.
  • the network-access-id is a parameter for extracting the DN33 accommodated in l2vpn-svc. Contained may also be referred to as connected.
  • network-access-id is used as a filter condition, and n6-site-hq is extracted as network-access-id.
  • the NSSMF 36 transmits a response message for updating the DNFunction information to the SMF 31 (S24).
  • the NSSMF 36 may use the managedVpnService information received in S23 as a filter condition and send matching DNFunction information to the SMF 31 as a response message.
  • the NSSMF36 has managedVpnService as l2vpn-svc, vpn-id as evpn, network-access-id as n6-site-hq, site-id as SNPN-hq, and device Assume that -id has DNFunction information that is pe-hq.
  • evpn is a parameter that identifies an EVPN service.
  • evpn may indicate that an EVPN service is requested.
  • SNPN-hq indicates the SNPN headquarters 30, and pe-hq indicates the edge device 32.
  • the NSSMF 36 Upon receiving the request message whose network-access-id is n6-site-hq, the NSSMF 36 transmits a response message including information indicating that the VPN-id is evpn to the SMF 31. That is, the NSSMF 36 notifies the SMF 31 that the identification information identifying the VPN service to which n6-site-hq connects is evpn.
  • the NSSMF 36 transmits to the SMF 31 a response message in which the data ⁇ “DNFunction”: ⁇ “managedVpnService”: ⁇ “l2vpn-svc”: ⁇ “vpn-id”: “evpn” ⁇ is set.
  • the SMF 31 transmits a response message to the SMF 22 in response to step S22 (S25).
  • the SMF 31 may send information regarding a PDU session for connecting to the DN 33 of the SNPN head office 30 using the VPN service to the SMF 22 as a response message to step S22.
  • the SMF 31 transmits to the SMF 22 a response message in which the data ⁇ “PduSessionCreateData”: ⁇ “managedVpnService”: ⁇ “l2vpn-svc”: ⁇ “vpn-id”: “evpn” ⁇ is set.
  • PduSessionCreateData includes PDU Session information generated in the SMF 31.
  • step S25 of FIG. 3 it is shown that the VPN-ID is evpn, and the SMF 22 acquires evpn as identification information of the L2VPN service used between the SNPN branch 20 and the SNPN head office 30.
  • the SMF 22 calls the Provisioning Management Service of the NSMF 35 and obtains the DNFunction information (S26). Since the SMF 22 uses the VPN service (here, evpn) acquired in S25, it may request the NSMF 35 for information on the edge device 27 at the SNPN branch that supports the VPN service. Specifically, the SMF 22 sends a request message to the NSMF 35 to call the Provisioning Management Service.
  • the SMF22 specifies a resource called DNFunction and uses ⁇ “managedVpnService”: ⁇ “l2vpn-svc”: ⁇ “vpn-id”: “evpn”, “site-id”: “SNPN-Branch” ⁇ as a filter condition. ⁇ A request message with a message set therein is sent to the NSMF 35.
  • the NSMF 35 transmits a response message in response to step S26 to the SMF 22 (S27).
  • the NSMF 35 may transmit information on the edge device 27 at the SNPN branch office that supports the VPN service to the SMF 22 as a response message to step S26.
  • NSMF35 has managedVpnService as l2vpn-svc, vpn-id as evpn, network-access-id as n6-site-branch, site-id as SNPN-branch, and device-id as pe. Assume that it has DNFunction information that is -branch. pe-branch indicates the edge device 27.
  • the NSMF 35 finds DNFunction information that matches the filter conditions in which the vpn-id is evpn and the site-id is SNPN-Branch. As a result, the NSMF35 uses branch”, “network-access-id”: n6-site-branch ⁇ is sent to the SMF 22.
  • the SMF 22 selects a UPF (S28).
  • the SMF 22 selects the UPF 25 as the UPF that can connect to the n6-site-branch included in the DNFunction acquired in step S27.
  • the SMF 22 calls the Provisioning Management Service of the NSMF 35 and updates the UPFFunction information. (S29).
  • the SMF 22 calls the Provisioning Management Service of the NSMF 35 and executes processing for connecting the n6-site-branch to the UPF 25.
  • the SMF 22 may request the NSMF 35 to make settings for connecting the UPF 25 and the edge device 27.
  • the SMF 22 specifies a resource called UPFFunction and registers ⁇ “EP_N6”: ⁇ “localAddress”: “Bearer IP address of UPF”, “remoteAddress”: “Bearer IP address of pe-branch” ⁇
  • a request message with data set is sent to the NSSMF 36.
  • the Bearer IP address of UPF set as localAddress is the IP address of the physical network interface set in the UPF 25.
  • the Bearer IP address of pe-branch set as remoteAddress is the IP address of the physical network interface set in the edge device 27.
  • EP_N6 indicates Endpoint information of the N6 interface.
  • the N6 interface is an interface defined in 3GPP as an interface between the UPF and the DN. Endpoint is Bearer IP address of UPF and Bearer IP address of pe-branch.
  • the NSMF 35 calls the Provisioning Management Service of the NSSMF 28 and updates the UPFFunction information.
  • S30 Specifically, NSMF35 specifies a resource called UPFFunction and registers ⁇ “EP_N6”: ⁇ “localAddress”: “Bearer IP address of UPF”, “remoteAddress”: “Bearer IP address of pe-branch” ⁇ A request message with data set is sent to the NSSMF 28.
  • the NSSMF 28 updates the EP_N6 information in the UPF 25 (S31).
  • the NSSMF 28 may request the UPF 25 to make settings for connecting the UPF 25 and the edge device 27.
  • the NSSMF 28 sends a request message in which the registration data ⁇ “EP_N6”: ⁇ “localAddress”: “Bearer IP address of UPF”, “remoteAddress”: “Bearer IP address of pe-branch” ⁇ is set.
  • Send to UPF25 For example, an IP address used by UPF, such as 192.168.0.10, is set as the Bearer IP address of UPF.
  • an IP address used by pe-branch such as 192.168.0.254, is set as Bearer IP address of pe-branch.
  • an IP address is set in the physical interface of the UPF 25, and furthermore, the IP address of the edge device 27, which is the endpoint of the N6 interface, is recognized.
  • the UPF 25 can set the IP address of the physical interface of the UPF 25 as the source address of the transmission data, and set the IP address of the edge device 27 as the destination address. As a result, it becomes possible for the UPF 25 and the edge device 27 to communicate.
  • the NSSMF 28 executes processing to connect the UPF 25 and the edge device 27 via VXLAN. Specifically, the NSSMF 28 transmits a request message including the VXLAN configuration to the UPF 25 (S32). The UPF 25 acquires the VXLAN configuration and sets the VXLAN endpoint as the endpoint of the N6 interface. Next, the NSSMF 28 generates a VXLAN end point in the edge device 27, and connects the generated VXLAN end point to the evpn-gw-branch (S33). By executing the processes of steps S32 and S33, the UPF 25 can connect to the EVPN via VXLAN.
  • FIG. 6 shows a communication path regarding the UE 23.
  • (R)AN 37 and UPF 38 constitute the SNPN headquarters 30. Further, it indicates that the UE 23 connected to the (R)AN 37 has moved to the SNPN branch 20.
  • the processes shown in FIGS. 4 and 5 are executed, and the UE 23 receives a response message to the PDU Session connection request message, thereby establishing a PDU Session between the UE 23 and the UPF 25.
  • VXLAN is set as the communication path between the UPF 25 and the DN 26.
  • DN26 and DN33 are connected via EVPN.
  • the UE 23 communicates with the AF 34 according to the communication path shown in FIG.
  • the UE 23 is connected to the L2VPN service set between the SNPN branch 20 and the SNPN headquarters 30.
  • EVPN can be used.
  • the UE 23 can communicate with the AF 34 connected to n6-site-hq in the SNPN headquarters 30. That is, when the UE 23 communicates with the AF 34, it does not establish a PDU Session with the UPF in the SNPN headquarters 30 as the anchor point. Thereby, it is possible to prevent the load on the UPF within the SNPN headquarters 30 from increasing.
  • Modification 1 of Embodiment 2 a first modification of the second embodiment will be described.
  • the SMF 22 may manage the network name set in the dnn included in the request message in association with the VPN-id that accommodates the network. If the SMF 22 determines that it has previously received a request message specifying n6-site-hq, that is, if it manages n6-site-hq, the SMF 22 selects the VPN- associated with n6-site-hq. Identify the id.
  • the SMF 22 may use the vpn-id corresponding to n6-site-hq, which was previously received as a message corresponding to step S25 in FIG.
  • the message corresponding to step S25 in FIG. 4 may be a message for a UE different from the UE 23.
  • the SMF 22 identifies evpn as the VPN service that accommodates n6-site-hq.
  • the SMF 22 can skip steps S22 to S25 in FIG.
  • the SMF 22 manages n6-site-hq, vpn-id, and even n6-site-branch in the SNPN branch 20 in association with each other.
  • the SMF 22 upon receiving a request message specifying n6-site-hq, the SMF 22 can specify n6-site-branch.
  • the SMF 22 can skip steps S22 to S27 in FIG.
  • step S22 onward in FIG. 4 the processes from step S22 onward in FIG. 4 are executed.
  • the NSMF 35 determines that it has previously executed the process for connecting to the VPN service with n6-site-hq, it sends a response message containing the data set in step S27 in FIG. 4 to the SMF 22. Good too. This allows the SMF 22 to skip the processing from steps S22 to S26.
  • FIG. 7 is a block diagram showing a configuration example of the session control device 10 described in the above embodiment.
  • the session control device 10 includes a network interface 1201, a processor 1202, and a memory 1203.
  • Network interface 1201 may be used to communicate with network nodes.
  • the network interface 1201 may include, for example, a network interface card (NIC) compliant with the IEEE 802.3 series. IEEE stands for Institute of Electrical and Electronics Engineers.
  • the processor 1202 reads software (computer program) from the memory 1203 and executes it, thereby performing the processing of the session control device 10 explained using the flowchart in the above embodiment.
  • Processor 1202 may be, for example, a microprocessor, MPU, or CPU.
  • Processor 1202 may include multiple processors.
  • the memory 1203 is configured by a combination of volatile memory and nonvolatile memory.
  • Memory 1203 may include storage located remotely from processor 1202.
  • processor 1202 may access memory 1203 via an I/O (Input/Output) interface, which is not shown.
  • I/O Input/Output
  • memory 1203 is used to store software modules.
  • the processor 1202 can perform the processing of the session control device 10 described in the above embodiment by reading out and executing these software module groups from the memory 1203.
  • each of the processors included in the session control device 10 in the above embodiment executes one or more programs including a group of instructions for causing a computer to execute the algorithm explained using the drawings. Execute.
  • the program includes instructions (or software code) that, when loaded into a computer, cause the computer to perform one or more of the functions described in the embodiments.
  • the program may be stored on a non-transitory computer readable medium or a tangible storage medium.
  • computer readable or tangible storage media may include random-access memory (RAM), read-only memory (ROM), flash memory, solid-state drive (SSD) or other memory technology, CD - Including ROM, digital versatile disc (DVD), Blu-ray disc or other optical disc storage, magnetic cassette, magnetic tape, magnetic disc storage or other magnetic storage device.
  • the program may be transmitted on a transitory computer-readable medium or a communication medium.
  • transitory computer-readable or communication media includes electrical, optical, acoustic, or other forms of propagating signals.
  • a communication unit that receives a request message requesting communication from a communication terminal located in a communication area formed by the first local network to a second data network connectable via the second local network; a Virtual Private Network (VPN) service connectable to the second data network; and a communication device used for connection to the VPN service, the communication device located in the first local network. a specific part to specify;
  • a session control device comprising: a control unit that establishes a session between the communication terminal and the communication device.
  • the communication department includes: After receiving the request message, transmitting a first inquiry message inquiring about the VPN service to another session control device that controls a session established in the second local network; The session control device according to supplementary note 1, which receives a first response message including VPN information indicating the VPN service from the other session control device.
  • the communication department includes: transmitting a second inquiry message to a management device inquiring about a first data network connectable to the VPN service; receiving a second response message including network identification information indicating the first data network connectable to the VPN service; The specific part is after receiving the second response message, identifying the communication device connectable to the first data network;
  • the session control device according to appendix 1 or 2 wherein the first data network is a data network in the first local network.
  • the identifying unit identifies the communication device connectable to the first data network based on the network identification information.
  • the identification unit includes: The session control device according to any one of Supplementary Notes 1 to 5, which specifies the communication device based on the managed VPN information.
  • the second session control device includes: When the communication terminal receives a first request message indicating that it requests communication to the second data network from the first session control device, it sends a first response message to the first session control device.
  • the first response message includes VPN information indicating a VPN service connectable to the second data network;
  • the first session control device includes: session control for identifying the communication device used for connection to the VPN service and located in the first local network and establishing a session between the communication terminal and the communication device; system.
  • the first session control device includes: transmitting a first inquiry message inquiring about an access network connectable to the VPN service to a first management device; receiving a second response message; and specifying the communication device connectable to the access network.
  • the second response message includes network identification information indicating a first data network connectable to the VPN service, and the first data network is a data network in the first local network.
  • Session control system described. The second session control device includes: Supplementary note: transmitting, to a second management device, a third inquiry message inquiring about a VPN service connectable to the second data network, and receiving a third response message including the VPN information indicating the VPN service; 9.
  • (Appendix 12) transmitting a second inquiry message to a management device inquiring about a first data network connectable to the VPN service; receiving a second response message including network identification information indicating the first data network connectable to the VPN service; after receiving the second response message, identifying the communication device connectable to the first data network;
  • (Appendix 13) The session control method according to appendix 12, wherein the second inquiry message includes VPN information indicating the VPN service.
  • (Appendix 14) The session control method according to appendix 12, wherein the communication device connectable to the first data network is specified based on the network identification information.
  • (Appendix 17) After receiving the request message, transmitting a first inquiry message inquiring about the VPN service to another session control device that controls a session established in the second local network; 17.
  • a non-transitory computer-readable medium storing the program according to appendix 16, which causes a computer to receive a first response message including VPN information indicating the VPN service from the other session control device.
  • (Appendix 18) transmitting a second inquiry message to a management device inquiring about a first data network connectable to the VPN service; receiving a second response message including network identification information indicating the first data network connectable to the VPN service; after receiving the second response message, identifying the communication device connectable to the first data network;
  • the first data network is a data network in the first local network.
  • Session control device 11 Communication unit 12 Specification unit 13 Control unit 20 SNPN branch 21 AMF 22 SMF 23 U.E. 24 (R)AN 25 UPF 26 DN 27 Edge device 28 NSSMF 30 SNPN Head Office 31 SMF 32 Edge device 33 DN 34 AF 35 NSMF 36 NSSMF

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Le but de la présente invention est de fournir un dispositif de commande de session avec lequel il est possible de supprimer toute augmentation de la charge sur un dispositif de communication constituant un réseau. Un dispositif de commande de session (10) selon la présente divulgation comprend : une unité de communication (11) pour recevoir, en provenance d'un terminal de communication positionné dans une zone de communication à l'intérieur de laquelle un premier réseau local est formé, un message de demande demandant une communication avec un second réseau de données apte à se connecter à un second réseau local ; une unité d'identification (12) pour identifier un service VPN apte à se connecter au second réseau de données et un dispositif de communication utilisé en connexion avec le service VPN, le dispositif de communication étant disposé à l'intérieur du premier réseau local ; et une unité de commande (13) pour établir une session entre le terminal de communication et le dispositif de communication.
PCT/JP2022/012650 2022-03-18 2022-03-18 Dispositif de commande de session, système de commande de session, procédé de commande de session, et support lisible par ordinateur non transitoire WO2023175915A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/012650 WO2023175915A1 (fr) 2022-03-18 2022-03-18 Dispositif de commande de session, système de commande de session, procédé de commande de session, et support lisible par ordinateur non transitoire

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/012650 WO2023175915A1 (fr) 2022-03-18 2022-03-18 Dispositif de commande de session, système de commande de session, procédé de commande de session, et support lisible par ordinateur non transitoire

Publications (1)

Publication Number Publication Date
WO2023175915A1 true WO2023175915A1 (fr) 2023-09-21

Family

ID=88022649

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2022/012650 WO2023175915A1 (fr) 2022-03-18 2022-03-18 Dispositif de commande de session, système de commande de session, procédé de commande de session, et support lisible par ordinateur non transitoire

Country Status (1)

Country Link
WO (1) WO2023175915A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11355272A (ja) * 1998-05-08 1999-12-24 Lucent Technol Inc 多重ホップ・ポイント・ツ―・ポイント・プロトコル
US20050083883A1 (en) * 2003-10-20 2005-04-21 Jan-Ming Ho Mobile network agent
US20060013197A1 (en) * 2004-04-28 2006-01-19 Anderson Eric C Automatic remote services provided by a home relationship between a device and a server
EP2575297A2 (fr) * 2011-09-28 2013-04-03 Samsung SDS Co., Ltd. Appareil et procédé de fourniture de services de réseau privé virtuel basés sur une authentification mutuelle
US20200059977A1 (en) * 2018-08-16 2020-02-20 Industrial Technology Research Institute Method of providing 5glan service and terminal device and server using the same

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11355272A (ja) * 1998-05-08 1999-12-24 Lucent Technol Inc 多重ホップ・ポイント・ツ―・ポイント・プロトコル
US20050083883A1 (en) * 2003-10-20 2005-04-21 Jan-Ming Ho Mobile network agent
US20060013197A1 (en) * 2004-04-28 2006-01-19 Anderson Eric C Automatic remote services provided by a home relationship between a device and a server
EP2575297A2 (fr) * 2011-09-28 2013-04-03 Samsung SDS Co., Ltd. Appareil et procédé de fourniture de services de réseau privé virtuel basés sur une authentification mutuelle
US20200059977A1 (en) * 2018-08-16 2020-02-20 Industrial Technology Research Institute Method of providing 5glan service and terminal device and server using the same

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Procedures for the 5G System (5GS); Stage 2 (Release 17)", 3GPP TS 23.502, no. V17.3.0, 23 December 2021 (2021-12-23), pages 1 - 727, XP052083265 *
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Study on enhanced support of Non-Public Networks (NPN) (Release 17)", TR 23.700-07, no. V17.0.0, 31 March 2021 (2021-03-31), pages 1 - 248, XP052000256 *
HUAWEI, HISILICON, SAMSUNG, CATT, CHINA MOBILE, CHINA TELECOM, CHINA UNICOM, ZTE, JUNIPER, SK TELECOM, KT CORP, LG UPLUS, KPN, SIE: "New SID on generic group management, exposure and communication enhancements", 3GPP TSG-WG SA2 MEETING #148E E-MEETING, S2 2108574, 8 November 2021 (2021-11-08), XP052076572 *

Similar Documents

Publication Publication Date Title
US11778035B2 (en) Selecting a user plane function (UPF) for layer 2 networks
EP3668025B1 (fr) Système, dispositif et procédé de commande de routage
JP4270888B2 (ja) Wlan相互接続におけるサービス及びアドレス管理方法
EP3419224B1 (fr) Sélection d'un noeud de bordure dans un réseau de communication à accès fixe
RU2576492C2 (ru) Устройство управления, система связи, способ связи и носитель записи с записанной на нем программой связи
US20210112127A1 (en) Communication method and apparatus
CN111512653B (zh) 通过桥接实体路由漫游用户设备的注册请求的技术
US10447603B2 (en) Control signaling transmission method and device
EP4175255B1 (fr) Dispositif, système et procédé de passerelle pour la fourniture d'une politique de transfert
US12089271B2 (en) Utilizing a transport protocol for fifth generation (5G) client devices to carry messages on wireline access
EP4030864B1 (fr) Liaison de plusieurs sessions
KR101977005B1 (ko) 모바일 통신 시스템에서 근접 서비스를 사용하기 위한 인증 획득
CN115769634A (zh) 用于将会话引导到应用服务器的方法和装置
WO2023175915A1 (fr) Dispositif de commande de session, système de commande de session, procédé de commande de session, et support lisible par ordinateur non transitoire
CN108259292B (zh) 建立隧道的方法及装置
EP3402168A1 (fr) Système et procédé de communication
US20240276342A1 (en) System and Method for Establishing a Dual-Layer PDU Session
WO2024195282A1 (fr) Nœud de réseau central, procédé de génération de données, programme, et système de communication
JP4802238B2 (ja) ローカルネットワーク相互接続における移動端末に対してネットワークに基づくトンネルを設定する方法
CN116938809A (zh) 接入交换机中的角色信息传播
CN118101475A (zh) 用于提供转发策略的网关装置、系统和方法
CN117203938A (zh) 用于分割多云架构内的中转能力的系统和方法
JP2008054184A (ja) トラヒックポリシー制御ネットワークシステムおよびトラヒック制御方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22932187

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2024507417

Country of ref document: JP

Kind code of ref document: A