CN-122027602-A - Service private network isolation system in operator network

Abstract

The invention relates to the technical field of mobile communication and discloses a service private network isolation system in an operator network, wherein an enhanced Home Subscriber Server (HSS) comprises PGW addresses, DNS server (Internet protocol) and VLAN IDs of all private networks, an enhanced Mobile Management Entity (MME) requests the PGW addresses, the DNS server (IP) and the VLAN IDs of corresponding private networks to the HSS according to PDU session requests of terminal equipment, sends the DNS server (IP) to the terminal equipment, sends the VLAN IDs and the PGW addresses to an enhanced service gateway (SGW+), and sends the VLAN IDs to corresponding enhanced packet data gateways (PGW+), and the PGW+ forwards data packets sent by the terminal equipment to the private networks after the VLAN IDs of the corresponding private networks are marked, and forwards the VLAN IDs carried on the data packets sent by the private networks to the terminal equipment after the VLAN IDs are removed.

Inventors

• LI HONGXIA
• CHEN XUANZHU
• ZHANG PING
• YAN DI
• ZHANG XIAOWEI
• WANG HUIPING

Assignees

• 宝鸡文理学院

Dates

Publication Date

20260512

Application Date

20260212

Claims (8)

1. 1. The special service network isolation system in the operator network is characterized by comprising an enhanced Home Subscriber Server (HSS), an enhanced Mobile Management Entity (MME), an enhanced Service Gateway (SGW) and an enhanced packet data gateway (PGW+); HSS+ comprises PGW addresses of all private networks, a DNS server IP and VLAN IDs, wherein the VLAN IDs are used for identifying the service types of the private networks; MME+ requests PGW address, DNS server IP and VLAN ID of corresponding private network to HSS+ according to PDU session request carrying service type sent by terminal equipment, and sends the requested DNS server IP to terminal equipment, so that the terminal equipment accesses the corresponding private network to create PDU session between the terminal equipment and the private network, and simultaneously sends VLAN ID and PGW address to SGW+; the SGW+ sends the VLAN ID to the corresponding PGW+ according to the PGW address; The PGW+ is used for receiving the uplink data packet sent by the terminal device, then, the VLAN ID corresponding to the private network is firstly marked on the uplink data packet, then, the uplink data packet is sent to the private network, and after the downlink data packet with the VLAN ID corresponding to the private network is received, the VLAN ID on the downlink data packet is firstly removed, and then, the downlink data packet is sent to the terminal device.
2. 2. The service private network isolation system in an operator network according to claim 1, wherein the hss+ further includes a bos billing address of all private networks; MME+ requests the BOSS charging address of the corresponding private network to HSS+ according to PDU session request of the terminal equipment, and sends the requested BOSS charging address to SGW+ so as to send the requested BOSS charging address to the corresponding PGW+ for private network service charging through SGW+.
3. 3. The service private network isolation system in an operator network according to claim 2, wherein the hss+ sends the PGW address, DNS server IP, VLAN ID and bos billing address to the mme+ through the S6a interface of mme+ send request.
4. 4. A service specific network isolation system in an operator network according to claim 3, wherein the mme+ sends VLAN ID, PGW address and BOSS charging address to sgw+ via Create Session Request message of S11 interface.
5. 5. The system according to claim 4, wherein the mme+ sends DNS server IP to the terminal device through a protocol configuration options field.
6. 6. The service specific network isolation system in an operator network according to claim 5, wherein the sgw+ sends VLAN ID and bos charging address to pgw+ via private extended IE based on GTPv2-C protocol in Create Session Request message of S5/S8 interface.
7. 7. The system according to claim 1, wherein the pgw+ receives the downstream packet from the SGI interface, and sends the downstream packet to the terminal device through the GTP-U tunnel after removing the VLAN ID carried on the downstream packet, and receives the downstream packet through the GTP-U tunnel, and sends the downstream packet to the private network through the SGI interface after marking the VLAN ID of the corresponding private network for the downstream packet.
8. 8. The private network isolation system of claim 7, wherein said system further comprises an enhanced switch connecting PGW+ with the private network, the port of the enhanced switch connecting PGW+ being configured in Trunk mode.

Description

Service private network isolation system in operator network Technical Field The invention relates to the technical field of mobile communication, in particular to a service private network isolation system in an operator network. Background In today's society, the value of a communications carrier network as a core infrastructure is not only to serve public users, but also its unparalleled scale effects and technology precipitation. By means of the core advantages of the operator network, an innovative converged private network solution can be provided for clients in specific vertical industries, and the digital transformation requirement of the clients can be met in a manner with high cost performance, wherein 1. The scale advantages and the investment value are that the coverage area of the operator network is wide, and huge construction and maintenance costs are put into the network core network, the base station system and the transmission network in the early stage, so that a mature, stable and high-availability communication infrastructure is formed. Compared with the enterprise self-built private network, the existing network capability which is verified in a large scale is directly utilized, and the initial investment and long-term operation and maintenance cost of the client can be obviously reduced. 2. The wide coverage and deep connection are realized by seamlessly covering cities, villages, traffic trunks and even remote areas by the network of an operator, so that the ubiquitous connection in the true sense is realized. This is critical for application scenarios with mobility, wide area coverage requirements. For example, services such as remote real-time monitoring (e.g., energy pipeline and environment monitoring) of AI mobile medical vehicles in remote areas and cross areas can ensure uninterrupted and low-delay transmission of key data and instructions only by virtue of wide coverage of operators. 3. Flexible architecture and security isolation modern operator networks already have advanced network virtualization and slicing capabilities. A logically completely independent "private network" or "private channel" may be built for customers over a unified physical network. Wherein, public users continue to access the Internet and public services through the standard access point, and experience is not affected. When the terminal equipment (such as medical equipment, industrial sensors and monitoring cameras) of the private network client accesses the network, the data flow of the terminal equipment can be intelligently guided to a dedicated core network element or directly connected to a local data center or cloud application server (such as an AI diagnosis platform and a remote command center) of the client through customized user subscription data or a dedicated access point name (Access Point Name, APN)/data network name (Data Network Name and DNN). The mode skillfully realizes the purposes of using the public network as a body and using the private network. The method not only ensures that customers enjoy the characteristics of reliability, safety and low time delay of the comparable physical private network in a light asset mode and are used for bearing core production business (AI medical image transmission and industrial remote control), but also fully utilizes the advantages of wide coverage and mobility of the public network of operators and solves the problem of limited root pain of the coverage of the traditional private network. Therefore, by combining the strong public infrastructure capability of the operator network with the flexible and safe virtual private network technology, a fused private network solution with wide coverage, excellent cost, quick online, safety and reliability and digitized and intelligent transformation of the energized industry can be provided for a plurality of key fields of medical treatment, energy, traffic, industrial manufacturing and the like. However, the conventional private network configuration requires a user to manually configure Domain name system (Domain NAME SYSTEM, DNS) and virtual local area network (Virtual Local Area Network, VLAN) parameters, is complex in operation and easy to make mistakes, increases configuration difficulty and error probability, and the conventional private network lacks a dynamic grouping mechanism, so that different service terminal devices may mix with the same sub-network, resulting in poor network isolation and guaranteeing security. Disclosure of Invention The invention aims to provide a service private network isolation system in an operator network, which can solve the technical problems. The embodiment of the invention provides a service private network isolation system in an operator network, which comprises an enhanced Home Subscriber Server (HSS), an enhanced Mobile Management Entity (MME), an enhanced Service Gateway (SGW) and an enhanced packet data gateway (PGW+); HSS+ comprises PGW addresses of all