CN-121984746-A - NAT mapping-based NB gateway non-inductive migration method and device

Abstract

The invention belongs to the field of network security, and provides an NB gateway non-inductive migration method and device based on NAT mapping. The method comprises the steps of enabling an updated charging attribute CC value on a PGW side, carrying out mapping processing on an NB service special APN to obtain a virtual APN and a VPN instance, creating a private network address pool VPN channel on a CE side, deploying a virtual firewall corresponding to the private network address pool VPN channel on the NAT side, carrying out destination address conversion on an NB gateway solidified address through the virtual firewall to obtain an NAT mapping relation, enabling an updated IPv4 address pool on the PGW side, distributing the IPv4 address pool to the virtual APN, carrying out private network deployment by adopting a public network address segment to obtain a global unique terminal address resource, configuring a return route on the CE side, guiding a reverse control message issued by a platform to the corresponding virtual firewall, and deploying a static reverse mapping rule in the virtual firewall based on the NAT mapping relation to obtain a bidirectional conversion channel. The invention can ensure the migration stability under the premise that the terminal does not need to be modified.

Inventors

• SHI XIAO
• WANG YULAN
• WU LINYI
• CHEN FENG
• DAI CHANGQING

Assignees

• 天翼物联科技有限公司

Dates

Publication Date

20260505

Application Date

20260130

Claims (10)

1. 1. The NB gateway non-inductive migration method based on NAT mapping is characterized by comprising the following steps: S1, starting updated charging attribute CC value at PGW side, mapping NB service special APN through the CC value to obtain virtual APN and corresponding VPN instance; S2, creating a private network address pool VPN channel on a CE side according to a VPN example, deploying a virtual firewall corresponding to the private network address pool VPN channel on an NAT side, and performing destination address conversion on an NB gateway solidified address through the virtual firewall to obtain NAT mapping relations mapped to southbound interface addresses of different AEP platforms; s3, starting an updated IPv4 address pool at the PGW side and distributing the IPv4 address pool to the virtual APN, and carrying out private network deployment by adopting a public network address segment to obtain a global unique terminal address resource; and S4, configuring a return route at the CE side according to the IPv4 address pool, guiding the reverse control message issued by the platform to a corresponding virtual firewall, and deploying a static reverse mapping rule in the virtual firewall based on the NAT mapping relation to obtain a bidirectional conversion channel so as to finish the migration of the NB gateway.
2. 2. The NB gateway non-inductive migration method based on NAT mapping of claim 1, wherein step S1 further comprises: S11, creating a plurality of groups of CC values at the PGW side, and binding each group of CC values with VPN examples of the target AEP sub-platform to obtain a mapping rule set of the CC values and the virtual APNs; And S12, carrying out route guidance on the special APN of the NB service according to the mapping rule set, so that the terminal service data carrying the CC value flows to the corresponding virtual APN channel.
3. 3. The NB gateway non-inductive migration method based on NAT mapping according to claim 2, wherein after step S1, further comprising: S13, carrying out card-by-card signing contract processing on the migration number card according to the CC value at the HSS side to obtain number card configuration data binding the virtual APN, wherein the method specifically comprises the following steps: s131, acquiring a migration target label card list at the HSS side, and carrying out CC value signing operation on each number card in the migration target label card list through an automatic script to obtain a number-level signing result; And S132, checking the signing result, and completing the binding of the virtual APN under the state that the number card is kept on line to obtain the number card configuration data.
4. 4. The NB gateway non-inductive migration method based on NAT mapping of claim 1, wherein step S2 further comprises: S21, creating a plurality of independent private network address pool VPN channels on the CE side according to the VPN examples, respectively butting different private network address pool VPN channels to deployment positions of different AEP sub-platforms to obtain a network isolated VPN channel group; s22, deploying a virtual firewall corresponding to each private network address pool VPN channel in the VPN channel group at the NAT side, and acquiring a terminal-cured NB gateway public network address as a mapping source address; s23, respectively associating the mapping source address with the southbound interface addresses of a plurality of AEP sub-platforms, and performing destination address conversion on the access session flow through a one-to-one mapping rule to obtain an NAT mapping relation; and S24, configuring policy routing on the NAT side based on the mapping source address, when the terminal access address is the NB gateway public network address, performing destination address conversion on the session stream according to the NAT mapping relation and then sending the session stream into a private network address pool VPN channel, and when the terminal accesses other public network addresses, performing source address conversion on the session stream and then sending the session stream into a public network outlet.
5. 5. The NB gateway non-inductive migration method based on NAT mapping of claim 4, wherein the policy routing configured in step S24 further comprises: When the address of the session stream is matched with the public network address of the NB gateway, the address is converted according to the NAT mapping relation and then is transmitted to a corresponding AEP sub-platform southbound interface address through a CN2 backbone network and the private network address pool VPN channel; when the destination address of the session stream is the address of the DNS server, the session stream is transferred to the public network through the CN2 backbone network after the source address is converted.
6. 6. The NB gateway non-inductive migration method based on NAT mapping of claim 1, wherein step S3 further comprises: S31, acquiring the concurrency scale data of the NB terminal, and determining the capacity requirement of an IPv4 address pool according to the concurrency scale; s32, selecting a public network address segment, and carrying out private networking multiplexing on the public network address segment to obtain an IPv4 address pool for public network privacy; s33, dividing the IPv4 address pool in sections according to the VPN examples, and distributing a plurality of network segments for the AEP sub-platforms corresponding to each VPN example; and S34, carrying out uniqueness check on the IPv4 address pool in the CN2VPN, eliminating conflict with the current network address pool through address segment exclusive planning, and obtaining global unique terminal address resources bound with a VPN channel of the private network address pool.
7. 7. The NB gateway non-inductive migration method based on NAT mapping of claim 1, wherein step S4 further comprises: S41, configuring a special return route table on the CE side according to the IPv4 address pool, and enabling a target address segment in the return route table to point to a virtual firewall corresponding to the IPv4 address pool; S42, when the AEP sub-platform issues a reverse control instruction to the terminal through the southbound interface address, route matching is carried out in the backhaul routing table according to the terminal address in the IPv4 address pool, and the reverse control message is led to the virtual firewall; S43, deploying a static reverse mapping rule in the virtual firewall based on the NAT mapping relation, and mapping the southbound interface address into an NB gateway solidified address; S44, converting the source address of the reverse control message issued by the platform according to the static reverse mapping rule, so that the message is converted and then sent to the target terminal through the private network address pool VPN channel, and a bidirectional conversion channel of the platform address and the terminal address is obtained.
8. 8. An NB gateway non-inductive migration apparatus based on NAT mapping, comprising: the mapping module is used for starting updated charging attribute (CC) value at the PGW side, and mapping the special APN of the NB service through the CC value to obtain a virtual APN and a corresponding VPN instance; the conversion module is used for creating a private network address pool VPN channel according to a VPN instance at the CE side, deploying a virtual firewall corresponding to the private network address pool VPN channel at the NAT side, and carrying out destination address conversion on the NB gateway solidified address through the virtual firewall to obtain NAT mapping relations mapped to different AEP sub-platform southbound interface addresses; the deployment module is used for starting an updated IPv4 address pool at the PGW side and distributing the IPv4 address pool to the virtual APN, and carrying out private networking deployment by adopting a public network address segment to obtain a global unique terminal address resource; and the routing module is used for configuring a return route at the CE side according to the IPv4 address pool, guiding the reverse control message issued by the platform to the corresponding virtual firewall, and deploying a static reverse mapping rule in the virtual firewall based on the NAT mapping relation to obtain a bidirectional conversion channel so as to finish the migration of the NB gateway.
9. 9. An NB gateway non-inductive migration apparatus based on NAT mapping, comprising: a memory and at least one processor, the memory having instructions stored therein; at least one of the processors invokes the instructions in the memory to cause a NAT mapping based NB gateway non-inductive migration apparatus to perform a NAT mapping based NB gateway non-inductive migration method as claimed in any one of claims 1 to 7.
10. 10. A computer readable storage medium having instructions stored thereon, which when executed by a processor implement a NAT mapping based NB gateway non-inductive migration method according to any of claims 1 to 7.

Description

NAT mapping-based NB gateway non-inductive migration method and device Technical Field The invention belongs to the technical field of network security, and particularly relates to an NB gateway non-inductive migration method and device based on NAT mapping. Background Along with the rapid development of the internet of things technology, NB-IoT (narrowband internet of things) is used as a key technology of low-power consumption wide area internet of things, and has been widely applied to the fields of intelligent meter reading, smart cities, environment monitoring and the like. The NB-IoT network relies on a 4G LTE core network architecture, and realizes access management and data transmission of terminal equipment through core network elements such as PGW, HSS and the like. In actual operation, due to requirements of technical upgrading, cooperative relation adjustment or capacity expansion of a service platform, a large number of NB terminals are often required to be migrated from an original gateway platform to a newly built platform. However, NB terminal devices are typically deployed in a remote scenario, and the terminal internally solidifies the target server address of the service report, which makes platform migration face the technical challenge that the terminal cannot be configured remotely on a large scale. The existing network device migration scheme generally adopts a terminal side configuration updating mode, namely, a server address solidified in the terminal is modified through remote instructions or firmware upgrading, so that the terminal can access a new service platform. The technical problems of the scheme are that for deployed massive NB terminals, uniform batch configuration updating is difficult to achieve due to wide terminal distribution, various equipment types and different firmware versions, part of the terminals are in a deep sleep state or a region with poor network coverage, remote configuration instructions cannot be received timely, the migration period is long, the success rate is low, and in addition, failure risks exist in terminal side configuration change, communication interruption or service data loss of the terminals can be caused, and user experience is affected. Disclosure of Invention In view of the above drawbacks of the prior art, an object of the present invention is to provide a NB gateway non-inductive migration method and apparatus based on NAT mapping. The invention provides an NB gateway non-inductive migration method based on NAT mapping, comprising the following steps: S1, starting updated charging attribute CC value at PGW side, mapping NB service special APN through the CC value to obtain virtual APN and corresponding VPN instance; S2, creating a private network address pool VPN channel on a CE side according to a VPN example, deploying a virtual firewall corresponding to the private network address pool VPN channel on an NAT side, and performing destination address conversion on an NB gateway solidified address through the virtual firewall to obtain NAT mapping relations mapped to southbound interface addresses of different AEP platforms; s3, starting an updated IPv4 address pool at the PGW side and distributing the IPv4 address pool to the virtual APN, and carrying out private network deployment by adopting a public network address segment to obtain a global unique terminal address resource; and S4, configuring a return route at the CE side according to the IPv4 address pool, guiding the reverse control message issued by the platform to a corresponding virtual firewall, and deploying a static reverse mapping rule in the virtual firewall based on the NAT mapping relation to obtain a bidirectional conversion channel so as to finish the migration of the NB gateway. According to the NB gateway non-inductive migration method based on NAT mapping provided in the present invention, step S1 further includes: S11, creating a plurality of groups of CC values at the PGW side, and binding each group of CC values with VPN examples of the target AEP sub-platform to obtain a mapping rule set of the CC values and the virtual APNs; And S12, carrying out route guidance on the special APN of the NB service according to the mapping rule set, so that the terminal service data carrying the CC value flows to the corresponding virtual APN channel. According to the NB gateway non-inductive migration method based on NAT mapping provided by the present invention, step S1 further includes: S13, carrying out card-by-card signing contract processing on the migration number card according to the CC value at the HSS side to obtain number card configuration data binding the virtual APN, wherein the method specifically comprises the following steps: s131, acquiring a migration target label card list at the HSS side, and carrying out CC value signing operation on each number card in the migration target label card list through an automatic script to obtain a number-level signing r