WO2019042321A1 - Method and apparatus for separating management data of network section sub-network instances - Google Patents

Method and apparatus for separating management data of network section sub-network instances Download PDF

Info

Publication number
WO2019042321A1
WO2019042321A1 PCT/CN2018/102987 CN2018102987W WO2019042321A1 WO 2019042321 A1 WO2019042321 A1 WO 2019042321A1 CN 2018102987 W CN2018102987 W CN 2018102987W WO 2019042321 A1 WO2019042321 A1 WO 2019042321A1
Authority
WO
WIPO (PCT)
Prior art keywords
network slice
nssi
subnet instance
slice subnet
network
Prior art date
Application number
PCT/CN2018/102987
Other languages
French (fr)
Chinese (zh)
Inventor
涂小勇
叶敏雅
周俊超
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2019042321A1 publication Critical patent/WO2019042321A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/02Arrangements for optimising operational condition

Definitions

  • the present disclosure relates to the field of mobile communication technologies, but is not limited to the field of mobile communication technologies, and in particular, to a method and apparatus for managing data isolation of a network slice subnet instance.
  • FIG. 1 A 5G network architecture of the prior art is shown in FIG. 1 , wherein the functions of each network element are as follows:
  • the UE User Equipment, terminal accesses the 5G network through the wireless air interface and obtains the service.
  • the terminal exchanges information through the air interface and the base station, and passes through the NAS (Non-Access Stratum, non-access stratum signaling) and the core network AMF (Access). And Mobility Management function, access and mobility management functions).
  • NAS Non-Access Stratum, non-access stratum signaling
  • AMF Access Mobility Management function, access and mobility management functions).
  • the RAN Radio Access Network
  • the RAN is responsible for the air interface resource scheduling of the terminal access network and the connection management of the air interface.
  • the core network control plane entity is mainly responsible for user mobility management, including registration and temporary identity allocation; maintaining idle and connection status and state transition; switching in the connected state; triggering paging in the idle state of the user.
  • AUSF Authentication Server Function
  • UDM Unified Data Management
  • the core network control plane entity The home user server, and permanently stores user subscription data.
  • SMF Session Management Function
  • PDU Protocol Data Unit
  • QoS Quality of Service
  • the core user plane function entity is responsible for forwarding user data packets and also collecting statistics on user data packets for accounting.
  • PCF Policy Control Functionality
  • the core network control plane entity is responsible for the policy, charging rule function entity, access and mobility management policies.
  • the function entity is mainly based on service information and user subscription information and carrier configuration information. Generate QoS rules, charging rules, and mobility and access control rules that control user data delivery.
  • NEF Network Exposure Function
  • NRF Network Repository Function
  • the core network control plane entity responsible for dynamic registration of network function service capabilities and network function discovery.
  • NSSF Network Slice Selection Function
  • the core network control plane entity is responsible for the selection of the target NSI (Network Slice Instance).
  • the scenarios supported by the 5G network are diverse. Different scenarios have different requirements on the functions and performance of the network.
  • Network slicing allows operators to segment multiple virtual logical end-to-end networks on the same hardware infrastructure as needed. Each network slice is logically isolated to accommodate different feature requirements of various types of services. Meet the high bandwidth, low latency, large connectivity and multi-service network needs.
  • An embodiment of the present disclosure provides a method for managing data isolation of a network slice subnet instance, where the method includes the following steps:
  • NSSI identifier Obtaining an NSSI identifier, where the NSSI identifier is used to distinguish different network slice subnet instances
  • the management data of the network slice subnet instance is isolated according to the NSSI identifier.
  • An embodiment of the present disclosure provides a method for managing data isolation of a network slice subnet instance, where the method includes:
  • the network slice management function NSMF receives the user and/or service characteristic information supported by the network slice subnet instance delivered by the network slice selection function NSSF;
  • the NSSI identifier is used for isolating management data of the network slice subnet instance.
  • An embodiment of the present disclosure further provides an apparatus for managing data isolation of a network slice subnet instance, where the apparatus includes:
  • An NSSI identifier obtaining unit configured to acquire an NSSI identifier, where the NSSI identifier is used to distinguish different network slice subnet instances;
  • the isolation unit is configured to isolate management data of the network slice subnet instance according to the NSSI identifier.
  • An embodiment of the present disclosure provides a method for managing data isolation of a network slice subnet instance, where the method includes:
  • the acquiring unit is configured to receive the user and/or service characteristic information supported by the network slice subnet instance delivered by the network slice selection function NSSF by the network slice management function NSMF;
  • a determining unit configured to determine, according to user and/or service characteristic information supported by the network slice subnet instance, a network slice subnet instance NSSI identifier of the network slice subnet instance included in the network slice instance;
  • the NSSI identifier is used for isolating management data of the network slice subnet instance.
  • Embodiments of the present disclosure further provide a computer storage medium storing computer executable code; after the computer executable code is executed by a processor, capable of implementing management data isolation of any of the foregoing network slice subnet instances Methods.
  • Figure 1 is a 5G network architecture diagram
  • FIG. 2 is a management architecture diagram of a 5G network slice
  • FIG. 3 is a flowchart of a method for managing data isolation of a network slice subnet instance according to an embodiment of the present disclosure
  • FIG. 4 is a structural diagram of an apparatus for managing data isolation of a network slice subnet instance according to an embodiment of the present disclosure
  • FIG. 5 is a flowchart of a registration process after the NSMF delivers user and/or service characteristic information supported by the network slice subnet instance to the NSSF according to the embodiment of the present disclosure
  • FIG. 6 is a flowchart of a procedure for establishing a PDU Session after the NSMF delivers the user and/or service characteristic information supported by the network slice subnet instance to the NSSF according to the embodiment of the present disclosure
  • FIG. 7 is a flowchart of performance statistics data of an NSMF generated network slice subnet instance according to an embodiment of the present disclosure
  • FIG. 8 is a flowchart of alarm data generated by an NSMF generated network slice subnet instance according to an embodiment of the present disclosure
  • FIG. 9 is a flowchart of a method for managing data isolation of a network slice subnet instance according to an implementation of the present disclosure
  • FIG. 10 is a flowchart of a method for managing data isolation of a network slice subnet instance provided by the implementation of the present disclosure
  • FIG. 11 is a structural diagram of an apparatus for managing data isolation of a network slice subnet instance according to an embodiment of the present disclosure.
  • the present disclosure provides a method and apparatus for managing data isolation of a network slice subnet instance based on the security of the network sliced subnet instance management data isolation.
  • a management architecture of a 5G network slice can be as shown in FIG. 2, wherein the functions of each management network element can be as follows:
  • CSMF Communication Service Management Function
  • the user communication service completes the conversion of information such as network slicing and SLA (Service Level Agreement), capacity, and deployment features. Maintain a network slice instance set. Interact with the NSMF to pass parameters such as the network slice selected by the user and the corresponding SLA.
  • NSMF Network Slice Management Function
  • NSSMF Network Slice Subnet Management Function
  • a network slice can consist of multiple NSS (Network Slice Subnet).
  • NSS Network Slice Subnet
  • MVNO Mobile Virtaul Network Operator
  • leases a network slice and then may continue to be divided into network slice subnets according to different services, or one slice service multiple tenants, and different tenants correspond to different networks.
  • Slice the subnet.
  • the management data may be isolated based on the network slice subnet instance; and data isolation is performed to implement data isolation of different network slice subnet instances, so that the data of the network slice subnet instance A does not Mixing into the data of the network slice subnet instance B, thus reducing the security phenomenon caused by confusing data applications, reducing the inconvenience caused by data management and data application retrieval caused by data confusion, and improving data security and Convenience in data management and applications.
  • data isolation if you need to perform unified operations on the data of a certain network sliced subnet instance, you do not need to search and sort the data in many data. Therefore, it is obvious that data management is convenient. If you need to use a certain network sliced subnet instance The data is not queried in all network slice subnet instances, which improves the query rate.
  • the embodiment of the present disclosure provides a method for managing data isolation of a network slice subnet instance, where the method includes:
  • NSSI identifier Obtaining a network slice subnet instance NSSI identifier, where the NSSI identifier is used to distinguish different network slice subnet instances;
  • the management data of the network slice subnet instance is isolated according to the NSSI identifier.
  • This method can be applied to AMF, but is not limited to AMF.
  • the obtaining the NSSI identifier comprises:
  • the access and mobility management function AMF queries the network slice selection function NSSF for the NSSI identification information.
  • the isolating the management data of the network slice subnet instance according to the NSSI identifier including:
  • the AMF After receiving the NSSI identifier information returned by the NSSF, the AMF isolates the management data of the network slice subnet instance according to the NSSI identifier information.
  • the acquiring the NSSI identifier further includes:
  • the AMF When the AMF sends a message to the first network function NF, if there is NSSI identification information, the AMF carries the NSSI identification information in the message.
  • the NSSI identification information carried in the message sent to the first NF is used, after the first NF receives the message sent by the AMF, according to the NSSI carried in the message.
  • the identification information isolates the management data of the network sliced subnet instance.
  • the NSSI identification information is further used to be carried in the second NF to send a message to the third NF.
  • the NSSI identification information is further carried in the second NF when the third NF sends a message, and the third NF receives the message sent by the second NF, according to the message.
  • the NSSI identification information carried in the message isolates the management data of the network slice subnet instance.
  • the NSSI identification information is identified based on user and/or service characteristic information supported by the network slice subnet instance.
  • the management data includes performance statistics, alarm data, and/or configuration data.
  • an embodiment of the present disclosure provides a method for managing data isolation of a network slice subnet instance, where the method includes:
  • the network slice management function NSMF receives the user and/or service characteristic information supported by the network slice subnet instance delivered by the network slice selection function NSSF;
  • the NSSI identifier is used for isolating management data of the network slice subnet instance.
  • This method can be applied to NSMF.
  • the method includes: transmitting the NSSI identification information to an access and network slice selection function NSSF; or transmitting the NSSI identification information to an access and network slice subnet management data management function NSSMF .
  • the management data includes performance statistics, alarm data, and/or configuration data.
  • an embodiment of the present disclosure provides an apparatus for managing data isolation of a network slice subnet instance, including:
  • the acquiring unit, the network slice management function NSMF receives the user and/or service characteristic information supported by the network slice subnet instance delivered by the network slice selection function NSSF;
  • a determining unit configured to determine, according to user and/or service characteristic information supported by the network slice subnet instance, a network slice subnet instance NSSI identifier of the network slice subnet instance included in the network slice instance;
  • the NSSI identifier is used for isolating management data of the network slice subnet instance.
  • the device further includes: a sending unit configured to send the NSSI identification information to an access and network slice selection function NSSF; or send the NSSI identification information to an access and network slice subnet management data management function NSSMF .
  • a sending unit configured to send the NSSI identification information to an access and network slice selection function NSSF; or send the NSSI identification information to an access and network slice subnet management data management function NSSMF .
  • the management data includes performance statistics, alarm data, and/or configuration data.
  • a method for managing data isolation of a network slice subnet instance in the embodiment of the present disclosure is to first obtain an NSSI (Network Slice Subnet Instance) identifier, where the NSSI identifier is used to distinguish different The network slices the subnet instance; and then isolates the management data of the network slice subnet instance according to the NSSI identifier, where the management data includes performance statistics, alarm data, and/or configuration data.
  • NSSI Network Slice Subnet Instance
  • Step 101 The NSMF sends the user and/or service characteristic information supported by the network slice instance to the NSSF, and simultaneously delivers the user and/or service characteristic information supported by the network slice subnet instance.
  • the NSMF sends the user and/or service characteristic information supported by the network slice subnet instance to the NSSF through the NSSMF and the EM.
  • Step 102 When the AMF queries the NSSF, the NSSF returns NSSI identification information to the AMF.
  • the NSSF not only queries the target NSI identifier of the user, but also queries the NSSI identifier of the user, and returns the NSSI identifier information to the AMF.
  • Step 103 After receiving the NSSI identification information returned by the NSSF, the AMF isolates the management data of the network slice subnet instance according to the NSSI identification information. In this embodiment, the AMF completes the isolation of the management data according to the NSSI identifier, such as performing performance statistics, alarms, and configuration according to the NSSI identifier.
  • NFs Network Functions
  • NSSI identification information if there is NSSI identification information, it is also carried in the message to notify other NFs, so that other NFs can perform network according to the information.
  • Manage data isolation for sliced subnet instances Specifically, the following steps are included:
  • Step 104 When the AMF sends a message to the first NF, if there is NSSI identification information, the AMF carries the NSSI identification information in the message.
  • Step 105 After receiving the message sent by the AMF, the first NF isolates the management data of the network slice subnet instance according to the NSSI identification information carried in the message.
  • Step 106 When the second NF sends a message to the third NF, if there is NSSI identification information, the NSF carries the NSSI identification information.
  • Step 107 After receiving the message sent by the second NF, the third NF isolates the management data of the network slice subnet instance according to the NSSI identification information carried in the message.
  • the management data to be isolated is reported to the network slice subnet management data management function according to the object, and the network slice subnet management data management function is supported by the user supported by the network slice subnet instance. And/or service feature information, merge objects, and generate management data to be isolated under the network slice subnet instance.
  • the network slice subnet management data management function is NSMF or NSSMF.
  • a device for managing data isolation of a network slice subnet instance includes an NSSI identity acquisition unit 21 and an isolation unit 22, and the NSSI identifier acquisition unit 21 and the isolation unit. 22 connections.
  • the NSSI identifier obtaining unit 21 is configured to acquire an NSSI identifier, where the NSSI identifier is used to distinguish different network slice subnet instances, and the isolation unit 22 is configured to perform management data on the network slice subnet instance according to the NSSI identifier. isolation.
  • the management data includes performance statistics, alarm data, and/or configuration data.
  • the flow of the NSSF post-networking subnet instance supported by the NSMF to the NSSF post-registration process is as shown in FIG. 5, and specifically includes the following steps:
  • Step 301 The NSMF needs to notify the NSSF after the operation of creating/modifying/deleting the NSI.
  • Step 302 The NSMF sends an information notification message to the NSSF, and carries the user and/or service characteristic information supported by the network slice instance, and also carries the user and/or service characteristic information supported by the network slice subnet instance.
  • Step 303 The NSSF returns a message notification confirmation message.
  • Step 304 The AMF receives the registration request message of the UE.
  • Step 305 AMF normally processes the registration request message
  • Step 306 The AMF sends a query request message to the NSSF.
  • Step 307 The NSSF queries the user target NSI information according to the information carried by the AMF, and the local policy, and also queries the user NSSI information.
  • Step 308 The NSSF returns an inquiry response message to the AMF, and carries information such as an NSSI identifier.
  • Step 309 The AMF continues to process the registration process. If it needs to send a message to other NFs, the message carries the NSSI identification information.
  • Step 310 The AMF performs isolation of the NSSI management data under the NSI according to the NSSI identification information. Perform performance statistics, alarms, and configuration based on the NSSI ID.
  • Step 311 Other NFs, if there is NSSI identification information, complete performance statistics, alarms, configurations, and the like according to the NSSI identifier.
  • step 401 the NSMF needs to notify the NSSF after the operation of creating/modifying/deleting the NSI.
  • Step 402 The NSMF sends an information notification message to the NSSF, and carries the user and/or service characteristic information supported by the network slice instance, and also carries the user and/or service characteristic information supported by the network slice subnet instance.
  • Step 403 The NSSF returns a notification notification message.
  • Step 404 The AMF receives the PDU Session Establishment Request message of the UE.
  • Step 405 The AMF normally processes the PDU Session Establishment Request message.
  • Step 406 The AMF sends a query request message to the NSSF.
  • Step 407 The NSSF queries the user target NSI information according to the information carried by the AMF, and the local policy, and also queries the user NSSI information.
  • Step 408 The NSSF returns an inquiry response message to the AMF, and carries information such as an NSSI identifier.
  • Step 409 The AMF continues to process the PDU Session establishment request process, and if it needs to send a message to other NFs, the message carries the NSSI identification information.
  • Step 410 The AMF performs isolation of the NSSI management data under the NSI according to the NSSI identification information. Perform performance statistics, alarms, and configuration based on the NSSI ID.
  • Step 411 Other NFs, if there is NSSI identification information, perform performance statistics, alarms, configurations, and the like according to the NSSI identifier.
  • the flow of the performance statistics data generated by the NSMF in the network slice subnet instance of the embodiment of the present disclosure is as shown in FIG. 7 , and specifically includes the following steps:
  • step 501 after the NSI is newly created/modified/deleted, the NSMF notifies the foreground NF that the performance statistics object has changed.
  • Step 502 The NSMF sends a performance statistics request message according to the object to the foreground NF.
  • Step 503 The foreground NF returns a performance statistics response message according to the object.
  • Step 504 The foreground NF reports performance statistics according to the object.
  • Step 505 The NSMF merges the objects according to the user and/or service characteristic information supported by the network slice subnet instance, and generates performance statistics data under the network slice subnet instance.
  • the flow of the alarm data generated by the NSMF in the network slicing subnet instance of the embodiment of the present disclosure is as shown in FIG. 8 , and specifically includes the following steps:
  • step 601 after the NSI is newly created/modified/deleted, the NSMF notifies the foreground NF that the alarm object has been changed.
  • Step 602 The police information is reported on the foreground NF, and the alarm information carries information that distinguishes the network slice subnet instance.
  • Step 603 The NSMF generates alarm data in the network slice subnet instance according to the user and/or service characteristic information supported by the network segment subnet instance.
  • the present disclosure provides a method and device for managing data isolation of a network slice subnet instance, which can effectively isolate management data of a network sliced subnet instance, improve network transparency, and complement and improve standard protocols. .
  • the embodiment of the present invention provides a computer storage medium, where the computer storage medium stores computer executable code; after the computer executable code is executed by the processor, the management of any one or more network slice subnet instances can be implemented.
  • the method of data isolation for example, any of the methods shown in FIG. 3 and FIG. 6 to FIG.
  • the computer storage medium can be a non-transitory storage medium.
  • a functional entity including:
  • the transceiver is configured to send and receive information
  • a memory configured to store information
  • a processor coupled to the transceiver and the memory, respectively, configured to implement a method of managing data isolation of a network slice subnet instance provided by any of the foregoing by executing computer executable code stored on the memory.
  • the processor further controls the transceiving of the transceiver and the storage of information of the memory by execution of computer executable code.
  • the processor can be coupled to the transceiver and the processor via various bus interfaces.
  • embodiments of the present disclosure can be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of a hardware embodiment, a software embodiment, or a combination of software and hardware aspects. Moreover, the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage and optical storage, etc.) including computer usable program code.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the device is implemented in a flow or a flow chart
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
  • the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.

Abstract

Disclosed is a method for separating management data of network section sub-network instances. The method comprises the following steps: acquiring an NSSI identifier, wherein the NSSI identifier is used for distinguishing different network section sub-network instances; and separating management data of the network section sub-network instances according to the NSSI identifier.

Description

网络切片子网实例的管理数据隔离的方法和装置Method and device for managing data isolation of network slice subnet instance
相关申请的交叉引用Cross-reference to related applications
本申请基于申请号为201710756144.3、申请日为2017年08月29日的中国专利申请提出,并要求该中国专利申请的优先权,该中国专利申请的全部内容在此引入本申请作为参考。The present application is based on a Chinese patent application filed on Jan. 29, 2017, the entire disclosure of which is hereby incorporated by reference.
技术领域Technical field
本公开涉及移动通信技术领域但不限于移动通信技术领域,特别是涉及一种网络切片子网实例的管理数据隔离的方法和装置。The present disclosure relates to the field of mobile communication technologies, but is not limited to the field of mobile communication technologies, and in particular, to a method and apparatus for managing data isolation of a network slice subnet instance.
背景技术Background technique
移动通信目前已经发展到5G阶段。5G的网络架构和前几代相比,主要特点是基于服务化的架构。现有技术的一种5G网络架构如图1所示,其中各网元的功能如下:Mobile communications have now evolved to the 5G stage. Compared with previous generations, the 5G network architecture is based on a service-based architecture. A 5G network architecture of the prior art is shown in FIG. 1 , wherein the functions of each network element are as follows:
UE(User Equipment,终端),主要通过无线空口接入5G网络并获得服务,终端通过空口和基站交互信息,通过NAS(Non-Access Stratum,非接入层信令)和核心网的AMF(Access and Mobility Management function,接入和移动管理功能)交互信息。The UE (User Equipment, terminal) accesses the 5G network through the wireless air interface and obtains the service. The terminal exchanges information through the air interface and the base station, and passes through the NAS (Non-Access Stratum, non-access stratum signaling) and the core network AMF (Access). And Mobility Management function, access and mobility management functions).
RAN(Radio Access Network,无线接入网),负责终端接入网络的空口资源调度和以及空口的连接管理。The RAN (Radio Access Network) is responsible for the air interface resource scheduling of the terminal access network and the connection management of the air interface.
AMF:核心网控制面实体,主要负责用户移动性管理,包括注册和临时标识分配;维护空闲和连接状态以及状态迁移;在连接状态下的切换;用户空闲状态下触发寻呼等功能。AMF: The core network control plane entity is mainly responsible for user mobility management, including registration and temporary identity allocation; maintaining idle and connection status and state transition; switching in the connected state; triggering paging in the idle state of the user.
AUSF(Authentication Server Function,鉴权服务器功能):核心网控制 面实体,主要负责对用户的鉴权、授权,以保证用户是合法用户。AUSF (Authentication Server Function): The core network control plane entity is responsible for authenticating and authorizing users to ensure that users are legitimate users.
UDM(Unified Data Management,统一数据管理功能):核心网控制面实体,归属用户服务器,永久存储用户签约数据。UDM (Unified Data Management): The core network control plane entity, the home user server, and permanently stores user subscription data.
SMF(Session Management Function,会话管理功能):核心网控制面实体,主要负责维护PDU(Protocol Data Unit,协议数据单元)Session(会话),负责分配用户IP地址,具有QoS(Quality of Service,服务质量)控制和计费功能;用户空闲状态下收到下行数据包进行缓存并通知AMF寻呼用户等功能。SMF (Session Management Function): The core network control plane entity, which is responsible for maintaining the PDU (Protocol Data Unit) Session (session), responsible for assigning user IP addresses, and having QoS (Quality of Service). Control and charging function; receiving the downlink data packet for buffering and notifying the AMF paging user in the idle state of the user.
UPF(User plane function,用户面功能):核心网用户面功能实体,负责用户数据报文的转发,也对用户数据报文进行统计用于计费等功能。User plane function (UPF): The core user plane function entity is responsible for forwarding user data packets and also collecting statistics on user data packets for accounting.
PCF(Policy Control Functionality,策略控制功能):核心网控制面实体,负责策略、计费规则功能实体、接入和移动管理策略,该功能实体主要根据业务信息和用户签约信息以及运营商的配置信息产生控制用户数据传递的QoS规则、计费规则以及移动和接入控制规则。PCF (Policy Control Functionality): The core network control plane entity is responsible for the policy, charging rule function entity, access and mobility management policies. The function entity is mainly based on service information and user subscription information and carrier configuration information. Generate QoS rules, charging rules, and mobility and access control rules that control user data delivery.
NEF(Network Exposure Function,能力开放功能):核心网控制面实体,负责移动网络能力的对外开放。NEF (Network Exposure Function): The core network control plane entity, responsible for the opening of mobile network capabilities.
NRF(NF Repository Function,网络功能库功能):核心网控制面实体,负责网络功能的服务能力的动态注册以及网络功能发现。NRF (NF Repository Function): The core network control plane entity, responsible for dynamic registration of network function service capabilities and network function discovery.
NSSF(Network Slice Selection Function,网络切片选择功能):核心网控制面实体,负责目标NSI(Network Slice Instance,网络切片实例)的选择。NSSF (Network Slice Selection Function): The core network control plane entity is responsible for the selection of the target NSI (Network Slice Instance).
5G网络支持的场景多样,不同的场景对网络的功能、性能有不同的需求。网络切片可以让运营商在同一套硬件基础设施上按需切分出多个虚拟的逻辑的端到端网络,每个网络切片在逻辑上隔离,适配各种类型服务的不同特征需求,同时满足高带宽、低时延、超大连接以及多业务对网络的不 同需求。The scenarios supported by the 5G network are diverse. Different scenarios have different requirements on the functions and performance of the network. Network slicing allows operators to segment multiple virtual logical end-to-end networks on the same hardware infrastructure as needed. Each network slice is logically isolated to accommodate different feature requirements of various types of services. Meet the high bandwidth, low latency, large connectivity and multi-service network needs.
但是研究发现,目前5G网络中的数据的安全性还不够,且数据混杂,不便于数据的分类管理和分类应用。However, the research found that the security of data in 5G networks is not enough, and the data is mixed, which is not convenient for data classification management and classification application.
发明内容Summary of the invention
本公开实施例提供一种网络切片子网实例的管理数据隔离的方法,所述方法包括以下步骤:An embodiment of the present disclosure provides a method for managing data isolation of a network slice subnet instance, where the method includes the following steps:
获取NSSI标识,所述NSSI标识用于区分不同的网络切片子网实例;Obtaining an NSSI identifier, where the NSSI identifier is used to distinguish different network slice subnet instances;
根据所述NSSI标识对网络切片子网实例的管理数据进行隔离。The management data of the network slice subnet instance is isolated according to the NSSI identifier.
本公开实施例提供一种网络切片子网实例的管理数据隔离的方法,所述方法包括:An embodiment of the present disclosure provides a method for managing data isolation of a network slice subnet instance, where the method includes:
网络切片管理功能NSMF接收网络切片选择功能NSSF下发的网络切片子网实例支持的用户和/或业务特性信息;The network slice management function NSMF receives the user and/or service characteristic information supported by the network slice subnet instance delivered by the network slice selection function NSSF;
根据网络切片子网实例支持的用户和/或业务特性信息,确定网络切片示例所包含的网络切片子网实例的网络切片子网实例NSSI标识;Determining a network slice subnet instance NSSI identifier of the network slice subnet instance included in the network slice instance according to the user and/or service characteristic information supported by the network slice subnet instance;
其中,所述NSSI标识,用于网络切片子网实例的管理数据进行隔离。The NSSI identifier is used for isolating management data of the network slice subnet instance.
本公开实施例还提供一种网络切片子网实例的管理数据隔离的装置,所述装置包括:An embodiment of the present disclosure further provides an apparatus for managing data isolation of a network slice subnet instance, where the apparatus includes:
NSSI标识获取单元,配置为获取NSSI标识,所述NSSI标识用于区分不同的网络切片子网实例;An NSSI identifier obtaining unit configured to acquire an NSSI identifier, where the NSSI identifier is used to distinguish different network slice subnet instances;
隔离单元,配置为根据所述NSSI标识对网络切片子网实例的管理数据进行隔离。The isolation unit is configured to isolate management data of the network slice subnet instance according to the NSSI identifier.
本公开实施例提供一种网络切片子网实例的管理数据隔离的方法,所述方法包括:An embodiment of the present disclosure provides a method for managing data isolation of a network slice subnet instance, where the method includes:
获取单元,配置为网络切片管理功能NSMF接收网络切片选择功能NSSF下发的网络切片子网实例支持的用户和/或业务特性信息;The acquiring unit is configured to receive the user and/or service characteristic information supported by the network slice subnet instance delivered by the network slice selection function NSSF by the network slice management function NSMF;
确定单元,配置根据网络切片子网实例支持的用户和/或业务特性信息,确定网络切片示例所包含的网络切片子网实例的网络切片子网实例NSSI标识;a determining unit, configured to determine, according to user and/or service characteristic information supported by the network slice subnet instance, a network slice subnet instance NSSI identifier of the network slice subnet instance included in the network slice instance;
其中,所述NSSI标识,用于网络切片子网实例的管理数据进行隔离。The NSSI identifier is used for isolating management data of the network slice subnet instance.
本公开实施例还提供一种计算机存储介质,所述计算机存储介质存储有计算机可执行代码;所述计算机可执行代码被处理器执行后,能够实现前述任意项网络切片子网实例的管理数据隔离的方法。Embodiments of the present disclosure further provide a computer storage medium storing computer executable code; after the computer executable code is executed by a processor, capable of implementing management data isolation of any of the foregoing network slice subnet instances Methods.
附图说明DRAWINGS
图1是一种5G网络架构图;Figure 1 is a 5G network architecture diagram;
图2是一种5G网络切片的管理架构图;2 is a management architecture diagram of a 5G network slice;
图3是本公开实施例的一种网络切片子网实例的管理数据隔离的方法流程图;3 is a flowchart of a method for managing data isolation of a network slice subnet instance according to an embodiment of the present disclosure;
图4是本公开实施例的一种网络切片子网实例的管理数据隔离的装置结构图;4 is a structural diagram of an apparatus for managing data isolation of a network slice subnet instance according to an embodiment of the present disclosure;
图5是本公开实施例的NSMF下发网络切片子网实例支持的用户和/或业务特性信息给NSSF后注册过程的流程图;5 is a flowchart of a registration process after the NSMF delivers user and/or service characteristic information supported by the network slice subnet instance to the NSSF according to the embodiment of the present disclosure;
图6是本公开实施例的NSMF下发网络切片子网实例支持的用户和/或业务特性信息给NSSF后PDU Session建立过程的流程图;6 is a flowchart of a procedure for establishing a PDU Session after the NSMF delivers the user and/or service characteristic information supported by the network slice subnet instance to the NSSF according to the embodiment of the present disclosure;
图7是本公开实施例的NSMF生成网络切片子网实例下的性能统计数据的流程图;7 is a flowchart of performance statistics data of an NSMF generated network slice subnet instance according to an embodiment of the present disclosure;
图8是本公开实施例的本公开实施例的NSMF生成网络切片子网实例下的告警数据的流程图;FIG. 8 is a flowchart of alarm data generated by an NSMF generated network slice subnet instance according to an embodiment of the present disclosure;
图9为本公开实施提供的一种网络切片子网实例的管理数据隔离的方法流程图;FIG. 9 is a flowchart of a method for managing data isolation of a network slice subnet instance according to an implementation of the present disclosure;
图10本公开实施提供的一种网络切片子网实例的管理数据隔离的方法 流程图;FIG. 10 is a flowchart of a method for managing data isolation of a network slice subnet instance provided by the implementation of the present disclosure;
图11为本公开实施例的一种网络切片子网实例的管理数据隔离的装置结构图。FIG. 11 is a structural diagram of an apparatus for managing data isolation of a network slice subnet instance according to an embodiment of the present disclosure.
具体实施方式Detailed ways
基于网络切片子网实例管理数据隔离所导致的安全性的考虑,本公开提供了一种网络切片子网实例的管理数据隔离的方法和装置,以下结合附图以及实施例,对本公开进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本公开,并不限定本公开。The present disclosure provides a method and apparatus for managing data isolation of a network slice subnet instance based on the security of the network sliced subnet instance management data isolation. The following disclosure further details the present disclosure with reference to the accompanying drawings and embodiments. Description. It is understood that the specific embodiments described herein are merely illustrative of the disclosure and are not intended to be limiting.
一种5G网络切片的管理架构可如图2所示,其中各管理网元的功能可如下:A management architecture of a 5G network slice can be as shown in FIG. 2, wherein the functions of each management network element can be as follows:
CSMF(Communication Service Management Function,通信服务管理功能):提供通信服务的订购、定制、激活、修改、去活、取消等生命周期操作维护功能。完成用户通信服务向网络切片以及SLA(Service-Level Agreement,服务等级协议)、容量、部署特征等信息转换。维护网络切片实例集。与NSMF交互,传递用户选择的网络切片和对应的SLA等参数。CSMF (Communication Service Management Function): Provides life cycle operation and maintenance functions such as ordering, customization, activation, modification, deactivation, and cancellation of communication services. The user communication service completes the conversion of information such as network slicing and SLA (Service Level Agreement), capacity, and deployment features. Maintain a network slice instance set. Interact with the NSMF to pass parameters such as the network slice selected by the user and the corresponding SLA.
NSMF(Network Slice Management Function,网络切片管理功能):完成子切片的拆分和选择。完成切片特征以及SLA向子切片的QoS、容量、部署要求等转换。NSMF (Network Slice Management Function): Complete splitting and selection of sub-slices. Complete the slicing feature and the conversion of the QoS, capacity, deployment requirements, etc. of the SLA to the sub-slice.
NSSMF(Network Slice Subnet Management Function,网络切片子网管理功能):对接NSMF,完成支持具备特定QoS、容量、部署要求的网络切片子网设计、部署和管理。NSSMF (Network Slice Subnet Management Function): Connects to NSMF to complete the design, deployment, and management of network slice subnets with specific QoS, capacity, and deployment requirements.
一个网络切片可以由多个NSS(Network Slice Subnet,网络切片子网)组成。比如,MVNO(Mobile Virtaul Network Operator,移动虚拟网络运营商)租用了一个网络切片,然后可能根据不同的业务,继续划分为网络切片子网,或者一个切片服务多个租户,不同租户对应不同的网络切片子网。A network slice can consist of multiple NSS (Network Slice Subnet). For example, MVNO (Mobile Virtaul Network Operator) leases a network slice, and then may continue to be divided into network slice subnets according to different services, or one slice service multiple tenants, and different tenants correspond to different networks. Slice the subnet.
在本实施例中,可以基于网络切片子网实例,对管理数据有隔离;通过数据隔离,实现不同网络切片子网实例产生数据的安全性隔离,如此,网络切片子网实例A的数据不会混入到网络切片子网实例B的数据中,如此减少因为混淆数据应用中导致的安全性现象,减少因为数据混淆导致的数据管理和数据应用中检索导致的不便的问题,提升了数据安全性及数据管理和应用的便捷性。通过数据隔离,若需要对某一个网络切片子网实例的数据进行统一操作时,不用在众多数据中进行检索分类再处理,如此,显然便捷了数据管理,若需要使用某一个网络切片子网实例的数据时,不用到所有网络切片子网实例中去查询,提升了查询速率。In this embodiment, the management data may be isolated based on the network slice subnet instance; and data isolation is performed to implement data isolation of different network slice subnet instances, so that the data of the network slice subnet instance A does not Mixing into the data of the network slice subnet instance B, thus reducing the security phenomenon caused by confusing data applications, reducing the inconvenience caused by data management and data application retrieval caused by data confusion, and improving data security and Convenience in data management and applications. Through data isolation, if you need to perform unified operations on the data of a certain network sliced subnet instance, you do not need to search and sort the data in many data. Therefore, it is obvious that data management is convenient. If you need to use a certain network sliced subnet instance The data is not queried in all network slice subnet instances, which improves the query rate.
如图9所示,本公开实施例提供一种网络切片子网实例的管理数据隔离的方法,所述方法包括:As shown in FIG. 9, the embodiment of the present disclosure provides a method for managing data isolation of a network slice subnet instance, where the method includes:
获取网络切片子网实例NSSI标识,所述NSSI标识用于区分不同的网络切片子网实例;Obtaining a network slice subnet instance NSSI identifier, where the NSSI identifier is used to distinguish different network slice subnet instances;
根据所述NSSI标识对网络切片子网实例的管理数据进行隔离。The management data of the network slice subnet instance is isolated according to the NSSI identifier.
该方法可应用于AMF中,但不局限于AMF中。This method can be applied to AMF, but is not limited to AMF.
在一些实施例中,所述获取NSSI标识,包括:In some embodiments, the obtaining the NSSI identifier comprises:
接入和移动管理功能AMF向网络切片选择功能NSSF查询所述NSSI标识信息。The access and mobility management function AMF queries the network slice selection function NSSF for the NSSI identification information.
在一些实施例中,所述根据NSSI标识对网络切片子网实例的管理数据进行隔离,包括:In some embodiments, the isolating the management data of the network slice subnet instance according to the NSSI identifier, including:
所述AMF接收到所述NSSF返回的NSSI标识信息后,根据所述NSSI标识信息对网络切片子网实例的管理数据进行隔离。After receiving the NSSI identifier information returned by the NSSF, the AMF isolates the management data of the network slice subnet instance according to the NSSI identifier information.
在一些实施例中,所述获取NSSI标识,还包括:In some embodiments, the acquiring the NSSI identifier further includes:
所述AMF在给第一网络功能NF发送消息时,如果有NSSI标识信息,则在所述消息中携带所述NSSI标识信息。When the AMF sends a message to the first network function NF, if there is NSSI identification information, the AMF carries the NSSI identification information in the message.
在一些实施例中,所述发送给所述第一NF的消息中携带的NSSI标识信息,用于供所述第一NF接收到所述AMF发送的消息后,根据所述消息中携带的NSSI标识信息对网络切片子网实例的管理数据进行隔离。In some embodiments, the NSSI identification information carried in the message sent to the first NF is used, after the first NF receives the message sent by the AMF, according to the NSSI carried in the message. The identification information isolates the management data of the network sliced subnet instance.
在一些实施例中,所述NSSI标识信息,还用于携带在第二NF在给第三NF发送消息中。In some embodiments, the NSSI identification information is further used to be carried in the second NF to send a message to the third NF.
在一些实施例中,所述NSSI标识信息,还用被携带在第二NF在给第三NF发送消息中时,用于所述第三NF接收到所述第二NF发送的消息后,根据所述消息中携带的NSSI标识信息对网络切片子网实例的管理数据进行隔离。In some embodiments, the NSSI identification information is further carried in the second NF when the third NF sends a message, and the third NF receives the message sent by the second NF, according to the message. The NSSI identification information carried in the message isolates the management data of the network slice subnet instance.
在一些实施例中,所述NSSI标识信息,为根据网络切片子网实例支持的用户和/或业务特性信息识别得到的。In some embodiments, the NSSI identification information is identified based on user and/or service characteristic information supported by the network slice subnet instance.
在一些实施例中,所述管理数据包括性能统计数据、告警数据和/或配置数据。In some embodiments, the management data includes performance statistics, alarm data, and/or configuration data.
如图10所示,本公开实施例提供一种网络切片子网实例的管理数据隔离的方法,所述方法包括:As shown in FIG. 10, an embodiment of the present disclosure provides a method for managing data isolation of a network slice subnet instance, where the method includes:
网络切片管理功能NSMF接收网络切片选择功能NSSF下发的网络切片子网实例支持的用户和/或业务特性信息;The network slice management function NSMF receives the user and/or service characteristic information supported by the network slice subnet instance delivered by the network slice selection function NSSF;
根据网络切片子网实例支持的用户和/或业务特性信息,确定网络切片示例所包含的网络切片子网实例的网络切片子网实例NSSI标识;Determining a network slice subnet instance NSSI identifier of the network slice subnet instance included in the network slice instance according to the user and/or service characteristic information supported by the network slice subnet instance;
其中,所述NSSI标识,用于网络切片子网实例的管理数据进行隔离。The NSSI identifier is used for isolating management data of the network slice subnet instance.
该方法可应用于NSMF中。This method can be applied to NSMF.
在一些实施例中,所述方法包括:将所述NSSI标识信息发送给接入和网络切片选择功能NSSF;或者,将所述NSSI标识信息发送给接入和网络切片子网管理数据管理功能NSSMF。In some embodiments, the method includes: transmitting the NSSI identification information to an access and network slice selection function NSSF; or transmitting the NSSI identification information to an access and network slice subnet management data management function NSSMF .
在一些实施例中,所述管理数据包括性能统计数据、告警数据和/或配 置数据。In some embodiments, the management data includes performance statistics, alarm data, and/or configuration data.
如图11所示,本公开实施例提供一种网络切片子网实例的管理数据隔离的装置,包括:As shown in FIG. 11 , an embodiment of the present disclosure provides an apparatus for managing data isolation of a network slice subnet instance, including:
获取单元,配置网络切片管理功能NSMF接收网络切片选择功能NSSF下发的网络切片子网实例支持的用户和/或业务特性信息;The acquiring unit, the network slice management function NSMF receives the user and/or service characteristic information supported by the network slice subnet instance delivered by the network slice selection function NSSF;
确定单元,配置根据网络切片子网实例支持的用户和/或业务特性信息,确定网络切片示例所包含的网络切片子网实例的网络切片子网实例NSSI标识;a determining unit, configured to determine, according to user and/or service characteristic information supported by the network slice subnet instance, a network slice subnet instance NSSI identifier of the network slice subnet instance included in the network slice instance;
其中,所述NSSI标识,用于网络切片子网实例的管理数据进行隔离。The NSSI identifier is used for isolating management data of the network slice subnet instance.
所述装置还包括:发送单元,配置为将所述NSSI标识信息发送给接入和网络切片选择功能NSSF;或者,将所述NSSI标识信息发送给接入和网络切片子网管理数据管理功能NSSMF。The device further includes: a sending unit configured to send the NSSI identification information to an access and network slice selection function NSSF; or send the NSSI identification information to an access and network slice subnet management data management function NSSMF .
在一些实施例中,所述管理数据包括性能统计数据、告警数据和/或配置数据。本公开实施例的一种网络切片子网实例的管理数据隔离的方法如图3所示,首先获取NSSI(Network Slice Subnet Instance,网络切片子网实例)标识,所述NSSI标识用于区分不同的网络切片子网实例;然后根据所述NSSI标识对网络切片子网实例的管理数据进行隔离,所述管理数据包括性能统计数据、告警数据和/或配置数据。本实施例具体包括以下步骤:In some embodiments, the management data includes performance statistics, alarm data, and/or configuration data. As shown in FIG. 3, a method for managing data isolation of a network slice subnet instance in the embodiment of the present disclosure is to first obtain an NSSI (Network Slice Subnet Instance) identifier, where the NSSI identifier is used to distinguish different The network slices the subnet instance; and then isolates the management data of the network slice subnet instance according to the NSSI identifier, where the management data includes performance statistics, alarm data, and/or configuration data. This embodiment specifically includes the following steps:
步骤101:NSMF给NSSF下发网络切片实例支持的用户和/或业务特性信息,同时下发网络切片子网实例支持的用户和/或业务特性信息。本实施例中,所述NSMF通过NSSMF和EM,给NSSF下发网络切片子网实例支持的用户和/或业务特性信息。Step 101: The NSMF sends the user and/or service characteristic information supported by the network slice instance to the NSSF, and simultaneously delivers the user and/or service characteristic information supported by the network slice subnet instance. In this embodiment, the NSMF sends the user and/or service characteristic information supported by the network slice subnet instance to the NSSF through the NSSMF and the EM.
步骤102:在AMF向所述NSSF查询时,所述NSSF向所述AMF返回NSSI标识信息。本实施例中,在用户注册或PDU Session建立过程中,AMF向NSSF查询时,NSSF不但查询用户的目标NSI标识,也查询用户的NSSI 标识,并返回NSSI标识信息给AMF。Step 102: When the AMF queries the NSSF, the NSSF returns NSSI identification information to the AMF. In this embodiment, during the user registration or PDU session establishment process, when the AMF queries the NSSF, the NSSF not only queries the target NSI identifier of the user, but also queries the NSSI identifier of the user, and returns the NSSI identifier information to the AMF.
步骤103:所述AMF接收到所述NSSF返回的NSSI标识信息后,根据所述NSSI标识信息对网络切片子网实例的管理数据进行隔离。本实施例中,AMF按NSSI标识完成管理数据的隔离,如根据NSSI标识完成性能统计、告警、配置等。Step 103: After receiving the NSSI identification information returned by the NSSF, the AMF isolates the management data of the network slice subnet instance according to the NSSI identification information. In this embodiment, the AMF completes the isolation of the management data according to the NSSI identifier, such as performing performance statistics, alarms, and configuration according to the NSSI identifier.
当AMF与其他NF(Network Function,网络功能)之间或其他NF与NF之间发送消息时,如果有NSSI标识信息,也在消息中携带,用于通知其他NF,便于其他NF根据该信息进行网络切片子网实例的管理数据隔离。具体包括以下步骤:When a message is sent between the AMF and other NFs (Network Functions) or between other NFs and NFs, if there is NSSI identification information, it is also carried in the message to notify other NFs, so that other NFs can perform network according to the information. Manage data isolation for sliced subnet instances. Specifically, the following steps are included:
步骤104:所述AMF在给第一NF发送消息时,如果有NSSI标识信息,则在所述消息中携带所述NSSI标识信息。Step 104: When the AMF sends a message to the first NF, if there is NSSI identification information, the AMF carries the NSSI identification information in the message.
步骤105:所述第一NF接收到所述AMF发送的消息后,根据所述消息中携带的NSSI标识信息对网络切片子网实例的管理数据进行隔离。Step 105: After receiving the message sent by the AMF, the first NF isolates the management data of the network slice subnet instance according to the NSSI identification information carried in the message.
步骤106:第二NF在给第三NF发送消息时,如果有NSSI标识信息,则在所述消息中携带所述NSSI标识信息。Step 106: When the second NF sends a message to the third NF, if there is NSSI identification information, the NSF carries the NSSI identification information.
步骤107:所述第三NF接收到所述第二NF发送的消息后,根据所述消息中携带的NSSI标识信息对网络切片子网实例的管理数据进行隔离。Step 107: After receiving the message sent by the second NF, the third NF isolates the management data of the network slice subnet instance according to the NSSI identification information carried in the message.
另外,在仅需对部分管理数据进行隔离时,按对象向网络切片子网管理数据管理功能上报需隔离的管理数据,所述网络切片子网管理数据管理功能根据网络切片子网实例支持的用户和/或业务特性信息,合并对象,生成网络切片子网实例下需隔离的管理数据。其中,所述网络切片子网管理数据管理功能为NSMF或NSSMF。In addition, when only part of the management data needs to be isolated, the management data to be isolated is reported to the network slice subnet management data management function according to the object, and the network slice subnet management data management function is supported by the user supported by the network slice subnet instance. And/or service feature information, merge objects, and generate management data to be isolated under the network slice subnet instance. The network slice subnet management data management function is NSMF or NSSMF.
本公开实施例的一种网络切片子网实例的管理数据隔离的装置如图4所示,所述装置包括NSSI标识获取单元21和隔离单元22,所述NSSI标识获取单元21和所述隔离单元22连接。As shown in FIG. 4, a device for managing data isolation of a network slice subnet instance according to an embodiment of the present disclosure includes an NSSI identity acquisition unit 21 and an isolation unit 22, and the NSSI identifier acquisition unit 21 and the isolation unit. 22 connections.
所述NSSI标识获取单元21用于获取NSSI标识,所述NSSI标识用于区分不同的网络切片子网实例;所述隔离单元22用于根据所述NSSI标识对网络切片子网实例的管理数据进行隔离。其中,所述管理数据包括性能统计数据、告警数据和/或配置数据。The NSSI identifier obtaining unit 21 is configured to acquire an NSSI identifier, where the NSSI identifier is used to distinguish different network slice subnet instances, and the isolation unit 22 is configured to perform management data on the network slice subnet instance according to the NSSI identifier. isolation. The management data includes performance statistics, alarm data, and/or configuration data.
本公开实施例的NSMF下发网络切片子网实例支持的用户和/或业务特性信息给NSSF后注册过程的流程如图5所示,具体包括以下步骤:The flow of the NSSF post-networking subnet instance supported by the NSMF to the NSSF post-registration process is as shown in FIG. 5, and specifically includes the following steps:
步骤301:NSMF在NSI的新建/修改/删除等操作后,需要通知NSSF。Step 301: The NSMF needs to notify the NSSF after the operation of creating/modifying/deleting the NSI.
步骤302:NSMF给NSSF发送信息通知消息,携带网络切片实例支持的用户和/或业务特性信息,也携带网络切片子网实例支持的用户和/或业务特性信息。Step 302: The NSMF sends an information notification message to the NSSF, and carries the user and/or service characteristic information supported by the network slice instance, and also carries the user and/or service characteristic information supported by the network slice subnet instance.
步骤303:NSSF返回信息通知确认消息。Step 303: The NSSF returns a message notification confirmation message.
步骤304:AMF收到UE的注册请求消息。Step 304: The AMF receives the registration request message of the UE.
步骤305:AMF正常处理注册请求消息Step 305: AMF normally processes the registration request message
步骤306:AMF向NSSF发送查询请求消息。Step 306: The AMF sends a query request message to the NSSF.
步骤307:NSSF根据AMF携带的信息,以及本地策略等,查询用户目标NSI信息,也查询用户NSSI信息。Step 307: The NSSF queries the user target NSI information according to the information carried by the AMF, and the local policy, and also queries the user NSSI information.
步骤308:NSSF向AMF返回查询响应消息,携带NSSI标识等信息。Step 308: The NSSF returns an inquiry response message to the AMF, and carries information such as an NSSI identifier.
步骤309:AMF继续处理注册流程,如果需要给其他NF发送消息,则在消息中携带NSSI标识信息。Step 309: The AMF continues to process the registration process. If it needs to send a message to other NFs, the message carries the NSSI identification information.
步骤310:AMF根据NSSI标识信息,完成该NSI下NSSI管理数据的隔离。如根据NSSI标识完成性能统计、告警、配置等。Step 310: The AMF performs isolation of the NSSI management data under the NSI according to the NSSI identification information. Perform performance statistics, alarms, and configuration based on the NSSI ID.
步骤311:其他NF,如果有NSSI标识信息,则根据NSSI标识完成性能统计、告警、配置等。Step 311: Other NFs, if there is NSSI identification information, complete performance statistics, alarms, configurations, and the like according to the NSSI identifier.
本公开实施例的NSMF下发网络切片子网实例支持的用户和/或业务特性信息给NSSF后PDU Session建立过程的流程如图6所示,具体包括以下 步骤:The process of the process of establishing the PDU session of the NSSF after the NSMF sends the network and the service feature information supported by the NSMF to the NSSF in the embodiment of the present disclosure is as follows:
步骤401,NSMF在NSI的新建/修改/删除等操作后,需要通知NSSF。In step 401, the NSMF needs to notify the NSSF after the operation of creating/modifying/deleting the NSI.
步骤402:NSMF给NSSF发送信息通知消息,携带网络切片实例支持的用户和/或业务特性信息,也携带网络切片子网实例支持的用户和/或业务特性信息。Step 402: The NSMF sends an information notification message to the NSSF, and carries the user and/or service characteristic information supported by the network slice instance, and also carries the user and/or service characteristic information supported by the network slice subnet instance.
步骤403:NSSF返回信息通知确认消息。Step 403: The NSSF returns a notification notification message.
步骤404:AMF收到UE的PDU Session建立请求消息。Step 404: The AMF receives the PDU Session Establishment Request message of the UE.
步骤405:AMF正常处理PDU Session建立请求消息Step 405: The AMF normally processes the PDU Session Establishment Request message.
步骤406:AMF向NSSF发送查询请求消息。Step 406: The AMF sends a query request message to the NSSF.
步骤407:NSSF根据AMF携带的信息,以及本地策略等,查询用户目标NSI信息,也查询用户NSSI信息。Step 407: The NSSF queries the user target NSI information according to the information carried by the AMF, and the local policy, and also queries the user NSSI information.
步骤408:NSSF向AMF返回查询响应消息,携带NSSI标识等信息。Step 408: The NSSF returns an inquiry response message to the AMF, and carries information such as an NSSI identifier.
步骤409:AMF继续处理PDU Session建立请求流程,如果需要给其他NF发送消息,则在消息中携带NSSI标识信息。Step 409: The AMF continues to process the PDU Session establishment request process, and if it needs to send a message to other NFs, the message carries the NSSI identification information.
步骤410:AMF根据NSSI标识信息,完成该NSI下NSSI管理数据的隔离。如根据NSSI标识完成性能统计、告警、配置等。Step 410: The AMF performs isolation of the NSSI management data under the NSI according to the NSSI identification information. Perform performance statistics, alarms, and configuration based on the NSSI ID.
步骤411:其他NF,如果有NSSI标识信息,则根据NSSI标识完成性能统计、告警、配置等。Step 411: Other NFs, if there is NSSI identification information, perform performance statistics, alarms, configurations, and the like according to the NSSI identifier.
本公开实施例的NSMF生成网络切片子网实例下的性能统计数据的流程如图7所示,具体包括以下步骤:The flow of the performance statistics data generated by the NSMF in the network slice subnet instance of the embodiment of the present disclosure is as shown in FIG. 7 , and specifically includes the following steps:
步骤501,NSMF在NSI的新建/修改/删除等操作后,发现性能统计对象发生了变更,则通知前台NF。In step 501, after the NSI is newly created/modified/deleted, the NSMF notifies the foreground NF that the performance statistics object has changed.
步骤502:NSMF给前台NF发送按对象的性能统计请求消息。Step 502: The NSMF sends a performance statistics request message according to the object to the foreground NF.
步骤503:前台NF返回按对象的性能统计响应消息。Step 503: The foreground NF returns a performance statistics response message according to the object.
步骤504:前台NF按对象上报性能统计数据。Step 504: The foreground NF reports performance statistics according to the object.
步骤505:NSMF根据网络切片子网实例支持的用户和/或业务特性信息,合并对象,生成网络切片子网实例下的性能统计数据。Step 505: The NSMF merges the objects according to the user and/or service characteristic information supported by the network slice subnet instance, and generates performance statistics data under the network slice subnet instance.
本公开实施例的NSMF生成网络切片子网实例下的告警数据的流程如图8所示,具体包括以下步骤:The flow of the alarm data generated by the NSMF in the network slicing subnet instance of the embodiment of the present disclosure is as shown in FIG. 8 , and specifically includes the following steps:
步骤601,NSMF在NSI的新建/修改/删除等操作后,发现告警对象发生了变更,则通知前台NF。In step 601, after the NSI is newly created/modified/deleted, the NSMF notifies the foreground NF that the alarm object has been changed.
步骤602:前台NF上报告警信息,所述告警信息中携带区分网络切片子网实例的信息。Step 602: The police information is reported on the foreground NF, and the alarm information carries information that distinguishes the network slice subnet instance.
步骤603:NSMF根据网络切片子网实例支持的用户和/或业务特性信息,生成网络切片子网实例下的告警数据。Step 603: The NSMF generates alarm data in the network slice subnet instance according to the user and/or service characteristic information supported by the network segment subnet instance.
本公开提出了一种网络切片子网实例的管理数据隔离的方法和装置,可以有效地对网络切片子网实例的管理数据进行隔离,提高了网络的透明性,是对标准协议的补充和完善。The present disclosure provides a method and device for managing data isolation of a network slice subnet instance, which can effectively isolate management data of a network sliced subnet instance, improve network transparency, and complement and improve standard protocols. .
本发明实施例提供一种计算机存储介质,所述计算机存储介质存储有计算机可执行代码;所述计算机可执行代码被处理器执行后,能够实现前述任意一个或多个网络切片子网实例的管理数据隔离的方法,例如,图3、图6至图10所示方法中任意一项。所述计算机存储介质可为非瞬间存储介质。The embodiment of the present invention provides a computer storage medium, where the computer storage medium stores computer executable code; after the computer executable code is executed by the processor, the management of any one or more network slice subnet instances can be implemented. The method of data isolation, for example, any of the methods shown in FIG. 3 and FIG. 6 to FIG. The computer storage medium can be a non-transitory storage medium.
一种功能实体,包括:A functional entity, including:
收发器,配置为信息收发;The transceiver is configured to send and receive information;
存储器,配置为存储信息;a memory configured to store information;
处理器,分别与所述收发器及存储器连接,配置为通过执行存储在所述存储器上的计算机可执行代码,实现前述任意一项提供的网络切片子网实例的管理数据隔离的方法。A processor, coupled to the transceiver and the memory, respectively, configured to implement a method of managing data isolation of a network slice subnet instance provided by any of the foregoing by executing computer executable code stored on the memory.
在一些实施例中,所述处理器还通过计算机可执行代码的执行,控制 所述收发器的信息收发及所述存储器的信息存储。In some embodiments, the processor further controls the transceiving of the transceiver and the storage of information of the memory by execution of computer executable code.
所述处理器可以通过各种总线接口,分别与所述收发器及所述处理器连接。The processor can be coupled to the transceiver and the processor via various bus interfaces.
本领域内的技术人员应明白,本公开的实施例可提供为方法、***、或计算机程序产品。因此,本公开可采用硬件实施例、软件实施例、或结合软件和硬件方面的实施例的形式。而且,本公开可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器和光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will appreciate that embodiments of the present disclosure can be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of a hardware embodiment, a software embodiment, or a combination of software and hardware aspects. Moreover, the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage and optical storage, etc.) including computer usable program code.
本公开是参照根据本公开实施例的方法、设备(***)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the present disclosure. It will be understood that each flow and/or block of the flowchart illustrations and/or FIG. These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine for the execution of instructions for execution by a processor of a computer or other programmable data processing device. Means for implementing the functions specified in one or more of the flow or in a block or blocks of the flow chart.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个The computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device. The device is implemented in a flow or a flow chart
流程和/或方框图一个方框或多个方框中指定的功能。The functions specified in a block or blocks of a flow and/or block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功 能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. The instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.
尽管为示例目的,已经公开了本公开的优选实施例,本领域的技术人员将意识到各种改进、增加和取代也是可能的,因此,本公开的范围应当不限于上述实施例。While the preferred embodiment of the present disclosure has been disclosed for purposes of illustration, those skilled in the art will recognize that various modifications, additions and substitutions are possible, and the scope of the present disclosure should not be limited to the embodiments described above.

Claims (15)

  1. 一种网络切片子网实例的管理数据隔离的方法,所述方法包括:A method for managing data isolation of a network slice subnet instance, the method comprising:
    获取网络切片子网实例NSSI标识,所述NSSI标识用于区分不同的网络切片子网实例;Obtaining a network slice subnet instance NSSI identifier, where the NSSI identifier is used to distinguish different network slice subnet instances;
    根据所述NSSI标识对网络切片子网实例的管理数据进行隔离。The management data of the network slice subnet instance is isolated according to the NSSI identifier.
  2. 如权利要求1所述的网络切片子网实例的管理数据隔离的方法,其中,所述获取NSSI标识,包括:The method for managing data isolation of a network sliced subnet instance according to claim 1, wherein the acquiring the NSSI identifier comprises:
    接入和移动管理功能AMF向网络切片选择功能NSSF查询所述NSSI标识信息。The access and mobility management function AMF queries the network slice selection function NSSF for the NSSI identification information.
  3. 如权利要求2所述的网络切片子网实例的管理数据隔离的方法,其中,所述根据NSSI标识对网络切片子网实例的管理数据进行隔离,包括:The method for managing data isolation of a network sliced subnet instance according to claim 2, wherein the isolating management data of the network sliced subnet instance according to the NSSI identifier includes:
    所述AMF接收到所述NSSF返回的NSSI标识信息后,根据所述NSSI标识信息对网络切片子网实例的管理数据进行隔离。After receiving the NSSI identifier information returned by the NSSF, the AMF isolates the management data of the network slice subnet instance according to the NSSI identifier information.
  4. 如权利要求2所述的网络切片子网实例的管理数据隔离的方法,其中,所述获取NSSI标识,还包括:The method for managing data isolation of a network sliced subnet instance according to claim 2, wherein the obtaining the NSSI identifier further comprises:
    所述AMF在给第一网络功能NF发送消息时,如果有NSSI标识信息,则在所述消息中携带所述NSSI标识信息。When the AMF sends a message to the first network function NF, if there is NSSI identification information, the AMF carries the NSSI identification information in the message.
  5. 如权利要求4所述的网络切片子网实例的管理数据隔离的方法,所述发送给所述第一NF的消息中携带的NSSI标识信息,用于供所述第一NF接收到所述AMF发送的消息后,根据所述消息中携带的NSSI标识信息对网络切片子网实例的管理数据进行隔离。The method for managing data isolation of a network slice subnet instance according to claim 4, wherein the NSSI identification information carried in the message sent to the first NF is used by the first NF to receive the AMF. After the sent message, the management data of the network slice subnet instance is isolated according to the NSSI identification information carried in the message.
  6. 如权利要求4所述的网络切片子网实例的管理数据隔离的方法,所述NSSI标识信息,还用于携带在第二NF在给第三NF发送消息中。The method for managing data isolation of a network slice subnet instance according to claim 4, wherein the NSSI identification information is further used to be carried in the second NF to send a message to the third NF.
  7. 如权利要求6所述的网络切片子网实例的管理数据隔离的方法,其中,所述NSSI标识信息,还用被携带在第二NF在给第三NF发送消息中时,用于所述第三NF接收到所述第二NF发送的消息后,根据所述消息中携带的NSSI标识信息对网络切片子网实例的管理数据进行隔离。The method for managing data isolation of a network sliced subnet instance according to claim 6, wherein the NSSI identification information is further used when the second NF is sent to the third NF to send the message. After receiving the message sent by the second NF, the NF isolates the management data of the network slice subnet instance according to the NSSI identification information carried in the message.
  8. 如权利要求1所述的所述的网络切片子网实例的管理数据隔离的方法,其中,The method for managing data isolation of the network slice subnet instance according to claim 1, wherein
    所述NSSI标识信息,为根据网络切片子网实例支持的用户和/或业务特性信息识别得到的。The NSSI identification information is identified according to user and/or service characteristic information supported by the network slice subnet instance.
  9. 如权利要求1至8任一项所述的网络切片子网实例的管理数据隔离的方法,其中,所述管理数据包括性能统计数据、告警数据和/或配置数据。The method of managing data isolation of a network slice subnet instance according to any one of claims 1 to 8, wherein the management data comprises performance statistics data, alarm data, and/or configuration data.
  10. 一种网络切片子网实例的管理数据隔离的方法,所述方法包括:A method for managing data isolation of a network slice subnet instance, the method comprising:
    网络切片管理功能NSMF接收网络切片选择功能NSSF下发的网络切片子网实例支持的用户和/或业务特性信息;The network slice management function NSMF receives the user and/or service characteristic information supported by the network slice subnet instance delivered by the network slice selection function NSSF;
    根据网络切片子网实例支持的用户和/或业务特性信息,确定网络切片示例所包含的网络切片子网实例的网络切片子网实例NSSI标识;Determining a network slice subnet instance NSSI identifier of the network slice subnet instance included in the network slice instance according to the user and/or service characteristic information supported by the network slice subnet instance;
    其中,所述NSSI标识,用于网络切片子网实例的管理数据进行隔离。The NSSI identifier is used for isolating management data of the network slice subnet instance.
  11. 根据权利要求10所述的网络切片子网实例的管理数据隔离的方法,所述方法包括:The method for managing data isolation of a network slice subnet instance according to claim 10, the method comprising:
    将所述NSSI标识信息发送给接入和网络切片选择功能NSSF;Sending the NSSI identification information to the access and network slice selection function NSSF;
    或者,or,
    将所述NSSI标识信息发送给接入和网络切片子网管理数据管理功能NSSMF。The NSSI identification information is sent to the access and network slice subnet management data management function NSSMF.
  12. 一种网络切片子网实例的管理数据隔离的装置,其中,所述装置包括:A device for managing data isolation of a network sliced subnet instance, wherein the device comprises:
    NSSI标识获取单元,配置为获取NSSI标识,所述NSSI标识用于区分 不同的网络切片子网实例;An NSSI identifier obtaining unit configured to acquire an NSSI identifier, where the NSSI identifier is used to distinguish different network slice subnet instances;
    隔离单元,配置为根据所述NSSI标识对网络切片子网实例的管理数据进行隔离。The isolation unit is configured to isolate management data of the network slice subnet instance according to the NSSI identifier.
  13. 如权利要求12所述的网络切片子网实例的管理数据隔离的装置,其中,所述管理数据包括性能统计数据、告警数据和/或配置数据。The apparatus for managing data isolation of a network slice subnet instance of claim 12, wherein the management data comprises performance statistics, alarm data, and/or configuration data.
  14. 一种网络切片子网实例的管理数据隔离的装置,包括:A device for managing data isolation of a network slice subnet instance, comprising:
    获取单元,配置网络切片管理功能NSMF接收网络切片选择功能NSSF下发的网络切片子网实例支持的用户和/或业务特性信息;The acquiring unit, the network slice management function NSMF receives the user and/or service characteristic information supported by the network slice subnet instance delivered by the network slice selection function NSSF;
    确定单元,配置根据网络切片子网实例支持的用户和/或业务特性信息,确定网络切片示例所包含的网络切片子网实例的网络切片子网实例NSSI标识;a determining unit, configured to determine, according to user and/or service characteristic information supported by the network slice subnet instance, a network slice subnet instance NSSI identifier of the network slice subnet instance included in the network slice instance;
    其中,所述NSSI标识,用于网络切片子网实例的管理数据进行隔离。The NSSI identifier is used for isolating management data of the network slice subnet instance.
  15. 一种计算机存储介质,所述计算机存储介质存储有计算机可执行代码;所述计算机可执行代码被处理器执行后,能够实现权利要求1至9或10至11任一项提供的方法。A computer storage medium storing computer executable code; the computer executable code being executable by a processor to implement the method of any one of claims 1 to 9 or 10 to 11.
PCT/CN2018/102987 2017-08-29 2018-08-29 Method and apparatus for separating management data of network section sub-network instances WO2019042321A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710756144.3 2017-08-29
CN201710756144.3A CN109429244B (en) 2017-08-29 2017-08-29 Method and device for isolating management data of network slice subnet instances

Publications (1)

Publication Number Publication Date
WO2019042321A1 true WO2019042321A1 (en) 2019-03-07

Family

ID=65503501

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/102987 WO2019042321A1 (en) 2017-08-29 2018-08-29 Method and apparatus for separating management data of network section sub-network instances

Country Status (2)

Country Link
CN (1) CN109429244B (en)
WO (1) WO2019042321A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112350841B (en) * 2019-08-08 2022-05-17 华为技术有限公司 Management data acquisition method and device
CN112584336B (en) * 2019-09-29 2022-10-11 华为技术有限公司 Charging method and device for network slices
CN112584337B (en) * 2019-09-29 2022-10-11 华为技术有限公司 Charging method and device for network slice
CN114006818B (en) * 2020-07-13 2023-10-31 中国电信股份有限公司 Configuration method and system for end-to-end network slice docking
US20230362057A1 (en) * 2020-07-15 2023-11-09 Nokia Solutions And Networks Oy Method and apparatus for isolation support in network slicing
WO2022241787A1 (en) * 2021-05-21 2022-11-24 Nokia Shanghai Bell Co., Ltd. Apparatus, method and computer program

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106341832A (en) * 2015-07-07 2017-01-18 ***通信集团公司 Network slice management and selection method and system, base station and route switching equipment
CN106936783A (en) * 2015-12-30 2017-07-07 ***通信集团公司 A kind of data interactive method, equipment and system
CN108282352A (en) * 2017-01-05 2018-07-13 华为技术有限公司 Manage the methods, devices and systems of network slice example

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8787201B2 (en) * 2010-01-15 2014-07-22 Iomnis Llc System and methods for designing network surveillance systems
CN106572517B (en) * 2015-10-09 2018-12-18 ***通信集团公司 The processing method of network slice, the selection method and device for accessing network
CN106937362B (en) * 2015-12-31 2020-04-14 华为技术有限公司 Network slice management device and network slice management method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106341832A (en) * 2015-07-07 2017-01-18 ***通信集团公司 Network slice management and selection method and system, base station and route switching equipment
CN106936783A (en) * 2015-12-30 2017-07-07 ***通信集团公司 A kind of data interactive method, equipment and system
CN108282352A (en) * 2017-01-05 2018-07-13 华为技术有限公司 Manage the methods, devices and systems of network slice example

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
ERICSSON: "pCR 28.801 proposal for handling editor' s notes in 7.4 7.9 7.13 and 7.14", 3GPP TSG SA WG5 DRAFT; S5-174392, 25 August 2017 (2017-08-25), XP051336330 *
ERICSSON: "pCR 28.801 proposal for handling editor' s notes in 7.4 7.9 7.13 and 7.14", 3GPP TSG SA WG5 S5-174276, 25 August 2017 (2017-08-25) *

Also Published As

Publication number Publication date
CN109429244A (en) 2019-03-05
CN109429244B (en) 2022-06-28

Similar Documents

Publication Publication Date Title
JP7274582B2 (en) Method and apparatus for supporting local area networks (LANs)
CN109842906B (en) Communication method, device and system
WO2019042321A1 (en) Method and apparatus for separating management data of network section sub-network instances
CN109429295B (en) Method for selecting AMF, system and storage medium
US20200128614A1 (en) Session processing method and device
WO2018145654A1 (en) Multi-access management implementation method and device, and computer storage medium
EP3836577B1 (en) Session management method and device for user groups
WO2019062994A1 (en) Network slice management method, device and system
CN112449315B (en) Network slice management method and related device
CN108886678B (en) Message interaction method, device and system
US20220166664A1 (en) Method and Apparatus for Obtaining Management Data
US11855864B2 (en) Method and apparatus for collecting network traffic in wireless communication system
WO2023011217A1 (en) Communication method and apparatus
WO2020015649A1 (en) Network slice mutual exclusion relation processing method, device and system, and medium
WO2022052875A1 (en) Terminal cross-region communication method, network element device, and storage medium
US20150127831A1 (en) Method and device for enabling or disabling server in wireless communication system
US20160249206A1 (en) Data transmission method and device
CN114567880B (en) Communication method, system and computer readable storage medium
RU2668114C2 (en) Method of managing shared network users, corresponding device and system
JP7374139B2 (en) Access control of user equipment in connected mode
US20220224552A1 (en) Network slice charging method and apparatus
US20220217005A1 (en) Network Slice Charging Method and Apparatus
CN114126085B (en) Industrial field bus communication method and device, electronic equipment and storage medium
CN113938349B (en) Wireless industrial bus communication method and system
US20230396983A1 (en) Facilitating services for devices in private mobile networks based on device authentications in an operator network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18850905

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 06.10.2020)

122 Ep: pct application non-entry in european phase

Ref document number: 18850905

Country of ref document: EP

Kind code of ref document: A1