CN114567548A - Base station security gateway configuration management method, system and electronic device - Google Patents

Base station security gateway configuration management method, system and electronic device Download PDF

Info

Publication number
CN114567548A
CN114567548A CN202210093882.5A CN202210093882A CN114567548A CN 114567548 A CN114567548 A CN 114567548A CN 202210093882 A CN202210093882 A CN 202210093882A CN 114567548 A CN114567548 A CN 114567548A
Authority
CN
China
Prior art keywords
security gateway
result
connection
configuration
base station
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210093882.5A
Other languages
Chinese (zh)
Other versions
CN114567548B (en
Inventor
邓阳
王海
高一波
陈志强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sunwave Communications Co Ltd
Original Assignee
Sunwave Communications Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sunwave Communications Co Ltd filed Critical Sunwave Communications Co Ltd
Priority to CN202210093882.5A priority Critical patent/CN114567548B/en
Publication of CN114567548A publication Critical patent/CN114567548A/en
Application granted granted Critical
Publication of CN114567548B publication Critical patent/CN114567548B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • H04L43/0811Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking connectivity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W16/00Network planning, e.g. coverage or traffic planning tools; Network deployment, e.g. resource partitioning or cells structures
    • H04W16/18Network planning tools
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/08Testing, supervising or monitoring using real traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Environmental & Geological Engineering (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application relates to a method, a system and an electronic device for managing the configuration of a security gateway of a base station, wherein the method for managing the configuration of the security gateway of the base station comprises the following steps: in the configuration process aiming at the security gateway, acquiring a connection state result of the connection between the security gateway and a core network; under the condition that the connection state result indicates that the security gateway is successfully connected, acquiring preset monitoring time, and starting a monitoring timer according to the preset monitoring time, so that the monitoring timer monitors the connection state result and obtains a monitoring result; and generating a configuration management result of the security gateway according to the monitoring result. By the method and the device, the problem that the security of the base station accessing the core network is low is solved, and the purpose of improving the effectiveness and the security of the base station security gateway accessing the core network is achieved.

Description

Base station security gateway configuration management method, system and electronic device
Technical Field
The present application relates to the field of configuration management, and in particular, to a method, a system, and an electronic device for managing a security gateway configuration of a base station.
Background
The security gateway of the base station is mainly responsible for base station authentication, realizes bidirectional authentication between the core network and the base station, and protects base station management data, base station control signaling and access user data accessed by the base station by establishing a security tunnel, thereby ensuring the secure access of the integrated base station to a network manager and the core network. In the related art, for configuration management of a security gateway, a security tunnel is generally established in an authentication manner, and a base station is accessed to a core network. For example, CN109831783A discloses a technical solution for a micro base station to access a network through authentication and parameter acquisition; CN102711106B discloses a technical solution for a base station to establish a secure tunnel to access a core network based on an IPSec protocol.
In the process of implementing the invention, the inventor finds that at least the following problems exist in the prior art that in the prior art of configuration management of a security gateway of a base station, after the base station opens the connection from the security gateway to a core network, the validity of the security gateway in the connection can not be ensured, so that the security of the base station accessing the core network is low.
Aiming at the problem of low security of the base station accessing the core network in the related technology, no effective solution is provided at present.
Disclosure of Invention
In this embodiment, a method, a system, and an electronic device for managing security gateway configuration of a base station are provided to solve the problem of low security of a base station accessing a core network in the related art.
In a first aspect, in this embodiment, a method for managing a security gateway configuration of a base station is provided, including:
in the configuration process aiming at the security gateway, acquiring a connection state result of the connection between the security gateway and a core network;
under the condition that the connection state result indicates that the security gateway is successfully connected, acquiring preset monitoring time, and starting a monitoring timer according to the preset monitoring time, so that the monitoring timer monitors the connection state result and obtains a monitoring result;
And generating a configuration management result of the security gateway according to the monitoring result.
In some embodiments, after the generating a configuration management result of the security gateway according to the monitoring result, the method further includes:
under the condition that a security gateway connection signal in the configuration management result indicates that the security gateway connection fails, driving the security gateway to initiate connection with the core network, and generating a next connection state result;
generating a network diagnostic result for the security gateway based on the next connection state result.
In some of these embodiments, the generating the network diagnostic result for the security gateway comprises:
recording the generation times of the next connection state result to obtain a connection counting result;
and acquiring a preset connection counting threshold, and performing network diagnosis on the security gateway under the condition that the connection counting result exceeds the preset connection counting threshold to generate a network diagnosis result.
In some embodiments, after the generating the network diagnosis result for the security gateway, the method further comprises:
and generating first error prompt information according to the network diagnosis result, and sending the first error prompt information to terminal equipment for displaying.
In some embodiments, the obtaining a connection status result of the security gateway connected to the core network includes:
acquiring configuration information; the configuration information refers to initialization configuration information or configuration modification information sent by terminal equipment;
and generating the connection state result according to the configuration information.
In some of these embodiments, the generating the connection state result according to the configuration information includes:
acquiring a daemon process running result according to the configuration information, and starting the daemon process under the condition that the daemon process running result is failed to be acquired;
acquiring a connection parameter file and a connection switch according to the configuration information, and generating and sending second error prompt information to the terminal equipment for displaying under the condition that the acquisition of the connection parameter file fails or the connection switch indicates that the connection is closed;
acquiring a certificate file according to the configuration information, and generating a configuration file according to the certificate file, the daemon process operation result, the connection parameter file and the connection switch;
and generating the connection state result according to the configuration file.
In some embodiments, the generating a configuration file according to the certificate file, the daemon process operation result, the connection parameter file, and the connection switch includes:
And generating a configuration file by utilizing a shell script according to the certificate file, the daemon process running result, the connection parameter file and the connection switch.
In a second aspect, in this embodiment, a security gateway configuration management system for a base station is provided, including: a terminal device, a transmission device and a server device; the terminal equipment is connected with the server equipment through the transmission equipment;
the server device is used in the security gateway configuration management method of the base station in any one of the first aspect;
the transmission equipment is used for transmitting the first error prompt information and the second error prompt information to the terminal equipment;
the terminal equipment is used for displaying the first error prompt message and the second error prompt message.
In a third aspect, in this embodiment, an electronic apparatus is provided, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the computer program, the method for managing security gateway configuration of a base station according to the first aspect is implemented.
In a fourth aspect, in the present embodiment, there is provided a storage medium having stored thereon a computer program which, when executed by a processor, implements the security gateway configuration management method of the base station according to the first aspect.
Compared with the related art, the method, the system and the electronic device for managing the configuration of the security gateway of the base station, provided by the embodiment, acquire the connection state result of the connection between the security gateway and the core network in the configuration process of the security gateway; under the condition that the connection state result indicates that the security gateway is successfully connected, acquiring preset monitoring time, and starting a monitoring timer according to the preset monitoring time, so that the monitoring timer monitors the connection state result and obtains a monitoring result; and generating a configuration management result of the security gateway according to the monitoring result, solving the problem of low security of the base station accessing the core network, and achieving the purpose of improving the effectiveness and security of the security gateway of the base station accessing the core network.
The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below to provide a more thorough understanding of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
Fig. 1 is a diagram illustrating an application scenario of a security gateway configuration management method of a base station in an embodiment;
fig. 2 is a flowchart illustrating a security gateway configuration management method of a base station according to an embodiment;
fig. 3 is a flowchart illustrating a security gateway configuration management method of a base station in another embodiment;
FIG. 4 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
For a clearer understanding of the objects, aspects and advantages of the present application, reference is made to the following description and accompanying drawings.
Unless defined otherwise, technical or scientific terms used herein shall have the same general meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The use of the terms "a" and "an" and "the" and similar referents in the context of this application do not denote a limitation of quantity, either in the singular or the plural. The terms "comprises," "comprising," "has," "having," and any variations thereof, as referred to in this application, are intended to cover non-exclusive inclusions; for example, a process, method, and system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to the listed steps or modules, but may include other steps or modules (elements) not listed or inherent to such process, method, article, or apparatus. Reference throughout this application to "connected," "coupled," and the like is not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. Reference to "a plurality" in this application means two or more. "and/or" describes an association relationship of associated objects, meaning that three relationships may exist, for example, "A and/or B" may mean: a exists alone, A and B exist simultaneously, and B exists alone. In general, the character "/" indicates a relationship in which the objects associated before and after are an "or". The terms "first," "second," "third," and the like in this application are used for distinguishing between similar items and not necessarily for describing a particular sequential or chronological order.
The method for managing the security gateway configuration of the base station can be applied to the application environment shown in fig. 1. Wherein the terminal device 102 communicates with the server device 104 over a network. The server device 104 acquires a connection state result of the security gateway and the core network in a configuration process for the security gateway; the server device 104, when the connection state result indicates that the secure gateway is successfully connected, acquires a preset monitoring time, and starts a monitoring timer according to the preset monitoring time, so that the monitoring timer monitors the connection state result and obtains a monitoring result; generating a configuration management result of the security gateway according to the monitoring result; the server device 104 may send the configuration management result to the terminal device 102 for display. The terminal device 102 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices, and the server device 104 may be implemented by an independent server or a server cluster formed by a plurality of servers; preferably, the server device 104 may be a macro base station, a pico base station, a home router, or the like.
In this embodiment, a method for managing a security gateway configuration of a base station is provided, and fig. 2 is a flowchart of the method for managing a security gateway configuration of a base station in this embodiment, as shown in fig. 2, the flowchart includes the following steps:
step S202, in the configuration process aiming at the security gateway, the connection state result of the connection between the security gateway and the core network is obtained.
Wherein the connection state result at least comprises two connection states of connection success and connection failure.
Step S204, under the condition that the connection state result indicates that the security gateway is successfully connected, acquiring preset monitoring time, and starting a monitoring timer according to the preset monitoring time, so that the monitoring timer monitors the connection state result and obtains a monitoring result.
Wherein, the preset monitoring time can be 30 seconds; the monitoring result is obtained by monitoring the connection between the security gateway and the core network after the preset monitoring duration, and the monitoring result at least comprises two connection states of connection success and connection failure.
Specifically, when the connection state result indicates that the secure gateway is successfully connected, a preset monitoring duration and a current connection duration are obtained, and when the current connection duration exceeds the preset monitoring duration, the server 104 starts a monitoring timer, so that the monitoring timer monitors the connection state result, and obtains a monitoring result; the current connection duration refers to a duration which is a timing starting point when a connection state result indicating that the connection is successful is obtained.
It should be noted that, in the case that the connection status result indicates that the secure gateway fails to connect, the server 104 drives the secure gateway and the core network to perform a connection reinitiation operation, and regenerates a connection status result; acquiring a preset reconnection time, and sending a connection abnormality warning message to the terminal device 102 for displaying when the operation time for re-initiating the connection exceeds the preset reconnection time or when the operation frequency for re-initiating the connection reaches 3 times.
And step S206, generating a configuration management result of the security gateway according to the monitoring result.
The configuration management result of the security gateway comprises security gateway connection parameters and security gateway connection signals; the security gateway connection parameters comprise a certificate file, a daemon process operation result, a connection parameter file, a connection switch and the like; the security gateway connection signal indicates the connection state of the security gateway and the core network, including connection success and connection failure.
One beneficial effect of the above embodiment is: through the steps, in the configuration process for the security gateway, the monitoring timer is started to monitor the connection state result according to the preset monitoring time length, so that the connection state of the security gateway can be monitored at regular time after the server device 104 opens the connection from the security gateway to the core network, the validity of the security gateway in the connection is ensured in the monitoring, the problem of low safety of the base station accessing the core network is solved, and the purpose of improving the validity and the safety of the base station security gateway accessing the core network is realized.
In some embodiments, after the generating a configuration management result of the security gateway according to the monitoring result, the method further includes:
under the condition that the security gateway connection signal in the configuration management result indicates that the security gateway is failed to connect, driving the security gateway to initiate connection with the core network, and generating a next connection state result;
and generating a network diagnosis result for the security gateway based on the next connection state result.
One beneficial effect of the above embodiment is: through the steps, in the configuration process for the security gateway, the server 104 is driven to generate the next connection state result for the security gateway according to the configuration management result, so that after the server device 104 opens the connection from the security gateway to the core network, the connection state of the security gateway can be subjected to network diagnosis, and the validity of the security gateway in the connection process can be guaranteed in the monitoring process, therefore, the problem of low security of the base station accessing the core network is solved, and the purpose of improving the validity and the security of the security gateway of the base station accessing the core network is realized.
In some of these embodiments, the generating the network diagnostic result for the security gateway includes:
Recording the generation times of the next connection state result to obtain a connection counting result;
and acquiring a preset connection counting threshold, and performing network diagnosis on the security gateway under the condition that the connection counting result exceeds the preset connection counting threshold to generate a network diagnosis result.
The preset connection count threshold may be 3 times or 4 times, for example, when the connection count result exceeds 3 times, network diagnosis is performed on the security gateway, and a network diagnosis result is generated.
It should be noted that the network diagnosis result may also be generation time for obtaining a next connection state result, and when the generation time exceeds the preset reconnection time, the network diagnosis is performed on the security gateway to generate a network diagnosis result; the network diagnosis result can also be a result obtained by ping the IP address of the security gateway; under the condition that the ping result of the ping operation indicates that the test is successful, the network diagnosis result indicates that the security gateway connection parameter configuration is wrong; in the case where the ping result of the ping operation indicates a test failure, the network diagnosis result indicates an IP address configuration error of the security gateway described above.
One beneficial effect of the above embodiment is: through the above steps, the network diagnosis result is generated according to the next connection state result, so that after the server device 104 opens the connection from the security gateway to the core network, the connection state of the security gateway can be subjected to network diagnosis, and the validity of the security gateway in the connection can be ensured in monitoring, thereby solving the problem of low security of the base station accessing the core network, and achieving the purpose of improving the validity and security of the base station security gateway accessing the core network.
In some embodiments, after the generating the network diagnosis result for the security gateway, the method further includes:
and generating first error prompt information according to the network diagnosis result, and sending the first error prompt information to the terminal equipment 102 for displaying.
One beneficial effect of the above embodiment is: through the steps, the network diagnosis result is sent to the terminal device 102 to be displayed, so that the user performs security gateway connection fault troubleshooting according to the displayed network diagnosis result, and after the server device 104 opens the connection from the security gateway to the core network, the connection state of the security gateway can be subjected to network diagnosis, so that the user can further troubleshoot the connection fault of the security gateway, the problem of low security of the base station accessing the core network is solved, and the purpose of improving the effectiveness and the security of the base station security gateway accessing the core network is achieved.
In some embodiments, the obtaining the connection status result of the security gateway connected to the core network includes:
acquiring configuration information; the configuration information refers to initialization configuration information, or configuration modification information sent by the terminal device 102;
and generating the connection state result according to the configuration information.
It should be noted that the initialization configuration information refers to configuration information obtained by starting the server device 104 for the first time, and the connection state result may be configured according to the initialization information; the configuration modification information sent by the terminal device 102 means that the terminal device 102 acquires configuration modification information, which is input by a user and modifies the initialization configuration information, and sends the configuration modification information to the server device 104, and after the server device 104 acquires the configuration modification information, a connection state result is regenerated according to the configuration modification information; in the case where the above configuration information acquisition fails, the server apparatus 104 transmits information of failure in acquiring the configuration information to the terminal apparatus 102 for display.
One beneficial effect of the above embodiment is: through the above steps, the server device 104 generates the connection state result of the secure gateway connected to the core network according to the acquired configuration information, so that after the server device 104 opens the connection from the secure gateway to the core network, the network connection can be monitored according to the connection state result, thereby solving the problem of low security of the base station accessing the core network, and achieving the purpose of improving the validity and security of the base station secure gateway accessing the core network.
In some of these embodiments, the generating the connection status result according to the configuration information includes:
acquiring a daemon process running result according to the configuration information, and starting the daemon process under the condition that the daemon process running result is failed to be acquired;
acquiring a connection parameter file and a connection switch according to the configuration information, and generating and sending second error prompt information to the terminal equipment for displaying under the condition that the acquisition of the connection parameter file fails or the connection switch indicates that the connection is closed;
acquiring a certificate file according to the configuration information, and generating a configuration file according to the certificate file, the daemon process operation result, the connection parameter file and the connection switch;
and generating the connection state result according to the configuration file.
Wherein, the daemon process can be charon; the connection switch may be referred to as an ipsec switch for instructing the security gateway to establish a secure connection tunnel; the configuration file may be a swanctl.conf configuration file; when the connection parameter file is failed to be acquired or the connection switch indicates that the connection is closed, if one of the two occurs, the server device 104 generates and sends a second error prompt message to the terminal device 102 for displaying; the connection parameter file is used for storing parameter names and parameter values required by connection, and comprises the following steps: an ipsec switch, status, segwop (security gateway ip), leftid (base station ID), rightid (security gateway ID), IKE ciphering integrity algorithm, ESP ciphering integrity algorithm, forcencaps (whether encapsulation is enforced or not), DPD operation (detection of dying nodes), DPD detection interval, re-authentication switch, re-negotiation switch, authentication type, and the like, and optional parameter values corresponding to the names of the above parameters are shown in table 1 below.
TABLE 1 parameter names and parameter values for secure gateway connections
Figure BDA0003490119620000081
The IP address of the security gateway, the ID name of the security gateway, the name of parameters such as a re-authentication switch and a re-negotiation switch and the like and parameter values; .
One beneficial effect of the above embodiment is: through the above steps, the server device 104 generates the configuration file according to the configuration information, and obtains the connection state result of the secure gateway connected to the core network according to the configuration file, thereby implementing secure connection between the secure gateway of the server device 104 and the core network, and thus solving the problem of low security of the base station accessing the core network, and implementing the purpose of improving the validity and security of the base station secure gateway accessing the core network.
In some embodiments, the generating a configuration file according to the certificate file, the daemon process operation result, the connection parameter file, and the connection switch includes:
and generating a configuration file by using a shell script according to the certificate file, the daemon process running result, the connection parameter file and the connection switch.
One beneficial effect of the above embodiment is: through the steps, the server device 104 generates the configuration file by adopting the shell script according to the configuration information, so that the secure connection from the security gateway of the server device 104 to the core network can be realized more quickly, and the effectiveness, efficiency and safety of the security gateway of the base station accessing the core network are improved.
The present embodiment is described and illustrated below by means of preferred embodiments.
Fig. 3 is a flowchart of a security gateway configuration management method of another base station according to the preferred embodiment. As shown in fig. 3, starting to execute secure gateway connection, first acquiring configuration information, and determining whether the configuration information is successfully acquired; under the condition that the configuration information fails to be acquired, the server device 104 sends information that the configuration information fails to be acquired to the terminal device 102 for display, and ends the connection; the configuration information refers to commands compiled by the Strongswan open source component, such as charon, ipsec, swanctl and the like; acquiring a daemon process running result under the condition that the configuration information is successfully acquired; restarting the daemon process under the condition that the operation result of the daemon process is failed to obtain; the daemon process may be a charon process; further acquiring a certificate file, and storing the file name of the acquired certificate file in a global variable, so that the file name of the certificate file can be conveniently acquired when a subsequent security gateway is connected with a core network, and the certificate file can be further acquired; continuing to acquire the connection parameter file and the connection switch, generating and sending second error prompt information to the terminal equipment 102 for displaying and ending connection under the condition that the acquisition of the connection parameter file fails or the connection switch indicates that the connection is closed; the connection parameter file may be a file in xml format or a file in txt format, and is stored in a specified directory corresponding to the secure gateway connection operation in the server device 104; under the condition of obtaining the connection parameter file and the connection switch, obtaining a certificate file according to the configuration information, and generating a swanctl.conf configuration file by adopting a shell script according to the certificate file, the daemon process operation result, the connection parameter file and the connection switch; starting the configuration file by using a swanctl-load-all, then initiating an ipsec connection by using a swanctl-I-child host, and generating a connection state result; checking whether the connection is successful according to the connection state result, acquiring a preset monitoring time length under the condition that the connection state result indicates that the security gateway is successfully connected, and starting a monitoring timer according to the preset monitoring time length so that the monitoring timer monitors the connection state result and obtains a monitoring result; generating a configuration management result of the security gateway according to the monitoring result; under the condition that the security gateway connection signal in the configuration management result indicates that the security gateway connection fails, driving the security gateway to initiate connection with the core network, and generating a next connection state result; recording the generation times of the next connection state result to obtain a connection counting result; acquiring a preset connection counting threshold, and performing network diagnosis on the security gateway under the condition that the connection counting result exceeds the preset connection counting threshold to generate a network diagnosis result; in this embodiment, the preset connection count threshold is 3 times, and a network diagnosis result is generated when the connection count result reaches 3 times; the network diagnosis result can also be a result obtained by ping the IP address of the security gateway; under the condition that the ping result of the ping operation indicates that the test is successful, the network diagnosis result indicates that the security gateway connection parameter configuration is wrong; in case that the ping result of the ping operation indicates a test failure, the network diagnosis result indicates an IP address configuration error of the security gateway; and finally, generating first error prompt information according to the network diagnosis result, and sending the first error prompt information to the terminal equipment 102 for displaying.
It should be understood that although the various steps in the flow charts of fig. 2-3 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2-3 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternating with other steps or at least some of the sub-steps or stages of other steps.
In this embodiment, a security gateway configuration management system of a base station is further provided, where the system includes: a terminal device 102, a transmission device, and a server device 104; wherein the terminal device 102 is connected to the server device 104 through the transmission device;
the server device 104 is configured to execute the security gateway configuration management method of any base station in the foregoing embodiments;
The transmission device is configured to transmit the first error prompt message and the second error prompt message to the terminal device 102;
the terminal device 102 is configured to display the first error prompt message and the second error prompt message.
There is also provided in this embodiment an electronic device comprising a memory having a computer program stored therein and a processor arranged to run the computer program to perform the steps of any of the above method embodiments.
Optionally, the electronic apparatus may further include a transmission device and an input/output device, wherein the transmission device is connected to the processor, and the input/output device is connected to the processor.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
and S1, acquiring the connection state result of the security gateway and the core network in the configuration process of the security gateway.
S2, when the connection status result indicates that the security gateway is successfully connected, acquiring a preset monitoring duration, and starting a monitoring timer according to the preset monitoring duration, so that the monitoring timer monitors the connection status result and obtains a monitoring result.
And S3, generating the configuration management result of the security gateway according to the monitoring result.
It should be noted that, for specific examples in this embodiment, reference may be made to the examples described in the foregoing embodiments and optional implementations, and details are not described again in this embodiment.
In addition, in combination with the method for managing security gateway configuration of a base station provided in the foregoing embodiment, a storage medium may also be provided in this embodiment. The storage medium has a computer program stored thereon; the computer program, when executed by a processor, implements the security gateway configuration management method of any one of the base stations in the above embodiments.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 4. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing the configuration information, the certificate file, the connection parameter file, the connection switch, the configuration file and the like. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a method for security gateway configuration management for a base station.
Those skilled in the art will appreciate that the architecture shown in fig. 4 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
It should be understood that the specific embodiments described herein are merely illustrative of this application and are not intended to be limiting. All other embodiments, which can be derived by a person skilled in the art from the examples provided herein without any inventive step, shall fall within the scope of protection of the present application.
It is obvious that the drawings are only examples or embodiments of the present application, and it is obvious to those skilled in the art that the present application can be applied to other similar cases according to the drawings without creative efforts. Moreover, it should be appreciated that in the development of any such actual implementation, as in any engineering or design project, numerous implementation-specific decisions must be made to achieve the developers' specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another.
The term "embodiment" is used herein to mean that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the present application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is to be expressly or implicitly understood by one of ordinary skill in the art that the embodiments described in this application may be combined with other embodiments without conflict.
The above-mentioned embodiments only express several implementation modes of the present application, and the description thereof is specific and detailed, but not construed as limiting the scope of the patent protection. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, and these are all within the scope of protection of the present application. Therefore, the protection scope of the present application should be subject to the appended claims.

Claims (10)

1. A method for managing security gateway configuration of a base station is characterized by comprising the following steps:
in the configuration process aiming at the security gateway, acquiring a connection state result of the connection between the security gateway and a core network;
under the condition that the connection state result indicates that the security gateway is successfully connected, acquiring preset monitoring time, and starting a monitoring timer according to the preset monitoring time, so that the monitoring timer monitors the connection state result and obtains a monitoring result;
and generating a configuration management result of the security gateway according to the monitoring result.
2. The method for managing the configuration of the security gateway of the base station according to claim 1, wherein after the generating the configuration management result of the security gateway according to the monitoring result, the method further comprises:
Under the condition that a security gateway connection signal in the configuration management result indicates that the security gateway is failed to connect, driving the security gateway to initiate connection with the core network, and generating a next connection state result;
generating a network diagnostic result for the security gateway based on the next connection state result.
3. The method for security gateway configuration management of a base station of claim 2, wherein generating the network diagnostic result for the security gateway comprises:
recording the generation times of the next connection state result to obtain a connection counting result;
and acquiring a preset connection counting threshold, and performing network diagnosis on the security gateway under the condition that the connection counting result exceeds the preset connection counting threshold to generate a network diagnosis result.
4. The method for managing security gateway configuration of base station according to claim 2, further comprising, after said generating the network diagnosis result for the security gateway:
and generating first error prompt information according to the network diagnosis result, and sending the first error prompt information to terminal equipment for displaying.
5. The method for managing security gateway configuration of a base station according to any one of claims 1 to 4, wherein the obtaining of the connection status result of the security gateway and the core network comprises:
acquiring configuration information; the configuration information refers to initialization configuration information or configuration modification information sent by terminal equipment;
and generating the connection state result according to the configuration information.
6. The method of claim 5, wherein the generating the connection status result according to the configuration information comprises:
acquiring a daemon process running result according to the configuration information, and starting the daemon process under the condition that the daemon process running result is failed to be acquired;
acquiring a connection parameter file and a connection switch according to the configuration information, and generating and sending second error prompt information to the terminal equipment for displaying under the condition that the acquisition of the connection parameter file fails or the connection switch indicates that the connection is closed;
acquiring a certificate file according to the configuration information, and generating a configuration file according to the certificate file, the daemon process operation result, the connection parameter file and the connection switch;
And generating the connection state result according to the configuration file.
7. The method for managing security gateway configuration of a base station according to claim 6, wherein the generating a configuration file according to the certificate file, the daemon operation result, the connection parameter file, and the connection switch comprises:
and generating a configuration file by using a shell script according to the certificate file, the daemon process running result, the connection parameter file and the connection switch.
8. A security gateway configuration management system for a base station, comprising: a terminal device, a transmission device, and a server device; the terminal equipment is connected with the server equipment through the transmission equipment;
the server device is configured to execute the security gateway configuration management method of the base station according to any one of claims 1 to 7;
the transmission equipment is used for transmitting the first error prompt information and the second error prompt information to the terminal equipment;
the terminal equipment is used for displaying the first error prompt message and the second error prompt message.
9. An electronic device comprising a memory and a processor, wherein the memory has stored therein a computer program, and the processor is configured to execute the computer program to perform the security gateway configuration management method of a base station according to any one of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the security gateway configuration management method of a base station of any one of claims 1 to 7.
CN202210093882.5A 2022-01-26 2022-01-26 Security gateway configuration management method, system and electronic device of base station Active CN114567548B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210093882.5A CN114567548B (en) 2022-01-26 2022-01-26 Security gateway configuration management method, system and electronic device of base station

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210093882.5A CN114567548B (en) 2022-01-26 2022-01-26 Security gateway configuration management method, system and electronic device of base station

Publications (2)

Publication Number Publication Date
CN114567548A true CN114567548A (en) 2022-05-31
CN114567548B CN114567548B (en) 2023-11-07

Family

ID=81714665

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210093882.5A Active CN114567548B (en) 2022-01-26 2022-01-26 Security gateway configuration management method, system and electronic device of base station

Country Status (1)

Country Link
CN (1) CN114567548B (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010110711A1 (en) * 2009-03-27 2010-09-30 Telefonaktiebolaget L M Ericsson (Publ) Overlaod avoidance with home node b gateway (henb gw) in lte
CN102711106A (en) * 2012-05-21 2012-10-03 中兴通讯股份有限公司 Method and system for establishing IPSec (internet protocol security) tunnel
CN103517223A (en) * 2012-06-25 2014-01-15 北京三星通信技术研究有限公司 Monitoring method of base station of small cell and security gateway of small cell base station
CN107295578A (en) * 2016-03-30 2017-10-24 中兴通讯股份有限公司 A kind of information processing method and device
CN108076461A (en) * 2016-11-18 2018-05-25 华为技术有限公司 A kind of method for authenticating, base station, user equipment and core network element
CN108668278A (en) * 2018-05-21 2018-10-16 王歆歆 A kind of communication means based on terminal
CN108882278A (en) * 2018-07-02 2018-11-23 京信通信***(中国)有限公司 Data link monitoring method, unit and computer readable storage medium
CN109218106A (en) * 2018-10-11 2019-01-15 广东超讯通信技术股份有限公司 A kind of small base station open station method
CN109831783A (en) * 2017-11-23 2019-05-31 中国电信股份有限公司 Open the method and system of micro-base station
CN110213798A (en) * 2019-07-17 2019-09-06 京信通信***(中国)有限公司 A kind of shunt method and device based on Femto gateway
CN110677336A (en) * 2019-09-02 2020-01-10 京信通信***(中国)有限公司 Station opening method and device, computer equipment and storage medium

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010110711A1 (en) * 2009-03-27 2010-09-30 Telefonaktiebolaget L M Ericsson (Publ) Overlaod avoidance with home node b gateway (henb gw) in lte
CN102711106A (en) * 2012-05-21 2012-10-03 中兴通讯股份有限公司 Method and system for establishing IPSec (internet protocol security) tunnel
CN103517223A (en) * 2012-06-25 2014-01-15 北京三星通信技术研究有限公司 Monitoring method of base station of small cell and security gateway of small cell base station
CN107295578A (en) * 2016-03-30 2017-10-24 中兴通讯股份有限公司 A kind of information processing method and device
CN108076461A (en) * 2016-11-18 2018-05-25 华为技术有限公司 A kind of method for authenticating, base station, user equipment and core network element
CN109831783A (en) * 2017-11-23 2019-05-31 中国电信股份有限公司 Open the method and system of micro-base station
CN108668278A (en) * 2018-05-21 2018-10-16 王歆歆 A kind of communication means based on terminal
CN108882278A (en) * 2018-07-02 2018-11-23 京信通信***(中国)有限公司 Data link monitoring method, unit and computer readable storage medium
CN109218106A (en) * 2018-10-11 2019-01-15 广东超讯通信技术股份有限公司 A kind of small base station open station method
CN110213798A (en) * 2019-07-17 2019-09-06 京信通信***(中国)有限公司 A kind of shunt method and device based on Femto gateway
CN110677336A (en) * 2019-09-02 2020-01-10 京信通信***(中国)有限公司 Station opening method and device, computer equipment and storage medium

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
""3_DRAFT_Work_plan_3gpp_100318"", 3GPP TSG_CT\\TSG_CT, pages 1 - 132 *
""DRAFT_Work_plan_3gpp_100324"", 3GPP TSG_SA\\TSG_SA *
张萌: "LTE/LTE-A核心网IP化带来的安全问题研究", 《中国优秀硕士学位论文全文数据库》 *

Also Published As

Publication number Publication date
CN114567548B (en) 2023-11-07

Similar Documents

Publication Publication Date Title
EP3013086B1 (en) Method, apparatus and electronic device for connection management
CN112738805B (en) Device control method and apparatus, storage medium, and electronic device
CN107623698B (en) Method and device for remotely debugging network equipment
CN111428225A (en) Data interaction method and device, computer equipment and storage medium
CN112671907B (en) Terminal equipment debugging method and device, terminal equipment and storage medium
CN111193698A (en) Data processing method, device, terminal and storage medium
CN112468571B (en) Intranet and extranet data synchronization method and device, electronic equipment and storage medium
CN112738117A (en) Data transmission method, device and system, storage medium and electronic device
CN111614548A (en) Message pushing method and device, computer equipment and storage medium
CN110213247A (en) A kind of method and system improving pushed information safety
CN106571907A (en) Method and system for securely transmitting data between upper computer and USB flash disk
CN111371817A (en) Equipment control system, method and device, electronic equipment and storage medium
CN110995683A (en) Hardware information acquisition method and device based on Web page and computer equipment
CN103476025B (en) Progress management method, progress management system and mobile terminal
CN112492004B (en) Method, device, system and storage medium for establishing local communication link
CN114567548A (en) Base station security gateway configuration management method, system and electronic device
CN109088731B (en) Internet of things cloud communication method and device
CN112073470A (en) Industrial control system communication method and device, computer equipment and storage medium
EP3171543B1 (en) Local information acquisition method, apparatus and system
CN109286665B (en) Real-time mobile game long link processing method and device
EP3313039A1 (en) Home gateway, communication management method and communication system thereof
CN113162922B (en) Client data acquisition method and device, storage medium and electronic equipment
CN112804201B (en) Method and device for acquiring equipment information
Zhao et al. Seed: a sim-based solution to 5g failures
CN107566473A (en) A kind of electric power secondary system equipment check method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant