Search

CN-121486887-B - 5G signaling surface flow screening method, system, equipment and storage medium based on multi-core processing unit

CN121486887BCN 121486887 BCN121486887 BCN 121486887BCN-121486887-B

Abstract

The invention relates to a 5G signaling surface flow screening method based on a multi-core processing unit, which comprises the steps of receiving network mirror image flow through a physical interface unit, screening transmission control protocol flow, identifying HTTP/2 protocol flow from the transmission control protocol flow according to a target port number or application layer protocol handshake feature by a switching chip unit, forwarding the HTTP/2 protocol flow to the multi-core processing unit, analyzing a binary frame structure of the HTTP/2 protocol, distinguishing a data frame from a control frame, restoring an HTTP request head, analyzing and decoding the HTTP request head, extracting a pseudo header field of a uniform resource identifier path in the HTTP request head, generating a flow filtering rule corresponding to service signaling flow bearing a specific network function, transmitting the generated flow filtering rule to the switching chip unit, and outputting the designated 5G signaling surface flow. The invention automatically adapts to the dynamic change of the 5G network element, and effectively solves the problems of flow loss or inaccurate caused by difficult maintenance and untimely updating of static work parameter data.

Inventors

  • JIE DEFENG
  • XIE HU
  • LI LIN
  • WU ZHIYUAN

Assignees

  • 上海欣诺通信技术股份有限公司

Dates

Publication Date
20260512
Application Date
20260112

Claims (10)

  1. 1. The 5G signaling surface flow screening method based on the multi-core processing unit is characterized by comprising the following steps of: Receiving network mirror image flow through a physical interface unit, and performing preliminary filtering and scheduling on the network mirror image flow based on basic header information of a link layer, a network layer and a transmission layer by a switching chip unit to screen out transmission control protocol flow; the exchange chip unit identifies HTTP/2 protocol traffic from the transmission control protocol traffic according to the target port number or the application layer protocol handshake feature and forwards the HTTP/2 protocol traffic to the multi-core processing unit; In the multi-core processing unit, the binary framing structure of the HTTP/2 protocol is analyzed, a data frame and a control frame are distinguished, header metadata coded by adopting a HPACK compression algorithm in HEADERS frames are decoded, and an HTTP request header is restored; Analyzing and decoding the HTTP request header, extracting a pseudo header field of a uniform resource identifier path in the HTTP request header, and matching the pseudo header field with a preset 5G service architecture interface feature library to identify service signaling traffic carrying a specific network function; generating a flow filtering rule corresponding to the service signaling flow carrying the specific network function, wherein the flow filtering rule comprises a network layer address, a transmission layer port and application layer identification information; And transmitting the generated flow filtering rule to the exchange chip unit, and performing real-time screening on the input network mirror image flow by the exchange chip unit according to the transmitted flow filtering rule, and outputting the designated 5G signaling surface flow.
  2. 2. The multi-core processing unit-based 5G signaling plane traffic screening method according to claim 1, wherein decoding header metadata encoded in HEADERS frames using a HPACK compression algorithm, recovering HTTP request headers, comprises: Decoding HEADERS frames of the HTTP/2 protocol, and decompressing header fields compressed by adopting a HPACK algorithm in real time by maintaining a dynamic index table to reconstruct an HTTP request header in a complete key value pair form.
  3. 3. The method for filtering 5G signaling plane traffic based on a multi-core processing unit according to claim 2, wherein said real-time decompressing header fields compressed by HPACK algorithm by maintaining a dynamic index table comprises: establishing and maintaining a dynamic decoding context for each individual HTTP/2 stream; analyzing the load of HEADERS frames, and distinguishing the index representation of a header field, the literal value representation or the dynamic table index representation; Querying HPACK a static table or a dynamic table maintained in the dynamic decoding context according to the dynamic table index representation to obtain a corresponding first header field; for the second header field of the word denomination representation, huffman decoding is performed to obtain the plaintext string.
  4. 4. The multi-core processing unit based 5G signaling plane traffic screening method according to claim 1, wherein the matching the pseudo header field with a preset 5G servitization architecture interface feature library to identify service signaling traffic carrying a specific network function further comprises an auxiliary authentication mechanism, the auxiliary authentication mechanism comprising: Verifying that a method pseudo header field in the HTTP request header is POST or GET; Verifying that a protocol scheme pseudo header field in the HTTP request header is HTTPs; the PRIORITY frame or HEADERS frame specific flag is analyzed to confirm that the PRIORITY of the screened data stream meets the control plane signaling characteristics.
  5. 5. The method for screening 5G signaling traffic based on multiple core processing units according to claim 1, wherein the preset 5G service architecture interface feature library includes a path pattern matching rule based on a service name of a network function of the 5G core network, and is used for identifying signaling traffic corresponding to the service interfaces N11 and N16.
  6. 6. The multi-core processing unit-based 5G signaling plane traffic screening method of claim 5, further comprising: In the multi-core processing unit, deeply analyzing the identified message forwarding control protocol message in the N11 or N16 interface signaling flow; extracting an internet protocol address, a tunnel endpoint identifier and a quality of service flow identifier of a user plane function network element; Based on the extracted information, an information mapping table of active user plane network elements and tunnels in the current network environment is constructed.
  7. 7. The method for screening 5G signaling plane traffic based on a multi-core processing unit according to claim 1, wherein the performing, by the switch chip unit, preliminary filtering and scheduling on the network mirror traffic based on basic header information of a link layer, a network layer, and a transport layer, screening out transmission control protocol traffic includes: dividing the traffic into different logical data streams according to the virtual local area network identifier or the physical port number; And filtering each path of the logic data flow by respectively applying an independent pre-configuration rule set, wherein the rule set comprises an allowing or rejecting strategy based on the Internet protocol address network segment and the port range of a transmission layer.
  8. 8. A 5G signaling plane traffic screening system based on a multi-core processing unit, comprising: a physical interface unit for receiving network mirror traffic; the exchange chip unit is connected with the physical interface unit and is used for carrying out preliminary filtration and scheduling on the received network mirror image flow based on basic header information of a link layer, a network layer and a transmission layer, screening out transmission control protocol flow and identifying HTTP/2 protocol flow based on a target port number or an application layer protocol handshake feature; The multi-core processing unit is connected with the exchange chip unit and is used for analyzing the binary framing structure of the HTTP/2 protocol, distinguishing a data frame from a control frame, decoding header metadata coded by adopting a HPACK compression algorithm in HEADERS frames and recovering an HTTP request header; Analyzing and decoding the HTTP request header, extracting a pseudo header field of a uniform resource identifier path in the HTTP request header, and matching the pseudo header field with a preset 5G service architecture interface feature library to identify service signaling traffic carrying a specific network function; generating a flow filtering rule corresponding to the service signaling flow carrying the specific network function, wherein the flow filtering rule comprises a network layer address, a transmission layer port and application layer identification information; And transmitting the generated flow filtering rule to the exchange chip unit, and performing real-time screening on the input network mirror image flow by the exchange chip unit according to the transmitted flow filtering rule, and outputting the designated 5G signaling surface flow.
  9. 9. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements a multi-core processing unit based 5G signalling surface traffic screening method according to any of claims 1-7 when the computer program is executed by the processor.
  10. 10. A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements a multi-core processing unit based 5G signaling plane flow screening method according to any of claims 1-7.

Description

5G signaling surface flow screening method, system, equipment and storage medium based on multi-core processing unit Technical Field The invention relates to the technical field of communication, in particular to a 5G signaling surface flow screening method, a device, equipment and a storage medium based on a multi-core processing unit. Background The convergence diverter is a key device for traffic collection, filtering and distribution in a communication network. In a 5G network, for network monitoring, security analysis and performance optimization, it is often necessary to obtain the signaling plane traffic of the core network by means of splitting light or port mirroring, and perform screening by a convergence splitter, so as to extract signaling data of a specific interface for use by a back-end system. The 5G core network (5 GC) employs Service Based Architecture (SBA) and Network Function Virtualization (NFV) techniques. Compared with a 4G network, the 5G network element is generally deployed in a software and virtualization mode, so that the network topology is more dynamic. One prominent feature is that multiple external serviced interfaces (e.g., N7, N10, N11 interfaces of an SMF) of the same Network Function (NF) may share the same IP address. This change makes the flow filtering method based on "network element parameter data" (i.e. preconfigured static parameters such as IP address and interface type of each network element) commonly adopted and effective in the 4G era, and exposes a series of serious defects and shortcomings in the 5G network: Firstly, the accuracy of filtering the signaling interface based on network element engineering parameter data is poor. Because the multiple interfaces share the IP address, if filtering is performed only based on the network element address (e.g., the IP address of the SMF) on one side of the interface, traffic of all relevant interfaces (e.g., N7, N10, N11, N16) of the network element is captured at the same time, and signaling of the target interface (e.g., N11 interface) cannot be separated accurately. If the network element addresses (such as the AMF address and the SMF address) on two sides of the interface are attempted to be matched accurately, massive filtering rules can be generated by combining the network element addresses two by two, so that the configuration complexity and the equipment processing burden are greatly increased. Particularly, in roaming scenes, network elements such as SMF and the like to which the access user belongs are located in foreign provinces and even outside the country, and the working parameters of the network elements cannot be acquired, so that an accurate filtering method based on addresses at two sides is completely disabled. Secondly, the filtering method based on static industrial parameter data has huge maintenance workload and is difficult to adapt to the dynamic change of the network. The 5G core network involves a plurality of network elements, and capacity expansion, capacity shrinkage or adjustment is frequently performed in network operation and maintenance. Once the network element IP address is changed or the network element is newly added, the industrial parameter data is difficult to update in time, so that the loss or the error of the signaling flow output by the convergence shunt occurs, and the effectiveness of the back-end analysis system is affected. The mode relying on manual maintenance of static configuration cannot meet the requirement of rapid elastic expansion of a 5G network. Therefore, the 5G signaling surface flow screening method relying on static industrial parameter data in the prior art has the inherent defects of inaccurate filtration, high maintenance cost, incapability of adapting to dynamic changes of a network, failure in a roaming scene and the like. A new method for dynamically identifying and precisely screening 5G signaling traffic, especially traffic of specific service interfaces (such as N11 and N16), is needed to solve many problems caused by static industrial parameter filtering. Disclosure of Invention The invention aims to provide a 5G signaling surface flow screening method based on a multi-core processing unit, which aims to solve the problem that the existing 5G signaling surface flow screening depends on static work parameter data. The first aspect of the present invention provides a 5G signaling plane traffic screening method based on a multi-core processing unit, including: Receiving network mirror image flow through a physical interface unit, and performing preliminary filtering and scheduling on the network mirror image flow based on basic header information of a link layer, a network layer and a transmission layer by a switching chip unit to screen out transmission control protocol flow; the exchange chip unit identifies HTTP/2 protocol traffic from the transmission control protocol traffic according to the target port number or the application layer prot