Search

EP-3864805-B1 - METHODS AND APPARATUS FOR USE IN PROVIDING TRANSPORT AND DATA CENTER SEGMENTATION IN A MOBILE NETWORK

EP3864805B1EP 3864805 B1EP3864805 B1EP 3864805B1EP-3864805-B1

Inventors

  • STAMMERS, Timothy, Peter
  • LEUNG, Kent, Kinchu
  • GELLER, Michael, David

Dates

Publication Date
20260513
Application Date
20191003

Claims (15)

  1. A method comprising: at a router node (1506) configured to connect in a transport network used by a mobile network, receiving via a base station one or more messages from a user equipment, UE (102), associated with a security group; selecting (1006) a segment route, SR, path and an identity of a virtual network according to the security group of the UE (102), the SR path being one of a plurality of SR paths in a transport network between the base station and a user plane, UP, entity and defined at least in part by one or more segment IDs, SIDs; populating (1012) an SR header of the message with one or more SIDs of the SR path and including the identity of the virtual network associated with the security group; and forwarding the message having the populated SR header to the UP entity via the SR path according to the one or more SIDs.
  2. The method of claim 1, wherein the forwarding comprises: forwarding to a UP entity that is configured to receive the message, extract from the SR header of the message the identity of the virtual network, populate an L2 header of a corresponding message with the extracted identity of the virtual network, and forward the corresponding message to a data network.
  3. The method of claim 1 or 2, wherein at least one of: the identity of the virtual network comprises a virtual extensible LAN, VXLAN, network identifier, VNI, associated with a VXLAN of a data center; the router comprises an ingress router between one or more base stations and one or more UP entities.
  4. The method of any preceding claim, further comprising at least one of: receiving a message to indicate the selection of the SR path and the identity of the virtual network, wherein the selection is based on policy data including an identity of the security group of the UE (102); participating in a procedure for being provisioned with the SR path and the identity of the virtual network based on an identity of the security group.
  5. A method comprising: obtaining an identity of a security group associated with one or more user equipments, UEs, operative in a mobile network; selecting (1006), based on the identity of the security group, a segment route, SR, path for session communications in the mobile network for the one or more UEs, the SR path being one of a plurality of SR paths in a transport network used by the mobile network and defined at least in part by one or more segment IDs, SIDs; and causing the selected SR path to be provisioned for use in one or more routers of the transport network of the mobile network, such that IP messages communicated for the one or more UEs in the mobile network are forwarded via the selected SR path associated with the security group.
  6. The method of claim 5, wherein at least one of: causing the selected SR path to be provisioned comprises causing the selected SR path to be provisioned for use in one or more routers which are thereafter configured receive the IP messages and populate an SR header of the IP messages with the one or more SIDs of the selected SR path, for forwarding the IP messages via the selected SR path associated with the security group; the selected SR path is for exclusive use for the one or more UEs of the security group; the selected SR path is one of the plurality of SR paths between a base station and a user plane, UP, entity of the mobile network; the identity of the virtual network comprises a virtual extensible LAN, VXLAN, network identifier, VNI, associated with a VXLAN; the method is performed by a control plane, CP, entity for session management.
  7. The method of claim 5 or 6, further comprising: receiving a message which indicates a request for creating a session for the UE (102); and in response to receiving the message, requesting and receiving policy data associated with the session, the policy data indicating the identity of the security group associated with the one or more UEs.
  8. The method of any of claims 5 to 7, further comprising: obtaining an identity of a virtual network based on the identity of the security group, the identity of the virtual network being associated with one of a plurality of tunnels configurable in the transport network used by the mobile network; and causing the identity of the virtual network to be provisioned in one or more routers of the transport network used by the mobile network, such that the IP messages are forwarded via the selected SR path and via the tunnel to a data network.
  9. The method of any of claims 5 to 8, wherein the identity comprises a first identity, the security group comprises a first security group associated with one or more first UEs, the selected SR path comprises a first selected SR path, and the one or more SIDs comprise one or more first SIDs, the method further comprising: obtaining a second identity of a second security group associated with one or more second UEs operative in the mobile network; selecting, based on the second identity of the second security group, a second SR path for session communications in the mobile network for the one or more second UEs, the second SR path being one of the plurality of SR paths in the transport network used by the mobile network and defined at least in part by one or more second SIDs; and causing the selected second SR path to be provisioned in one or more routers of the transport network used by the mobile network, such that IP messages communicated for the one or more second UEs in the mobile network are forwarded via the selected second SR path associated with the second security group.
  10. A method comprising: obtaining an identity of a security group associated with one or more user equipments, UEs, operative in a mobile network; selecting, based on the identity of the security group, a segment route, SR, path for session communications in the mobile network for the one or more UEs, the SR path being one of a plurality of SR paths in a transport network used by the mobile network and defined at least in part by one or more segment IDs, SIDs; obtain an identity of a virtual network associated with the security group, the identity of the virtual network being associated with one of a plurality of tunnels configurable in the transport network used by the mobile network; and causing the identity of the virtual network to be provisioned in association with the selected SR path in one or more routers of the transport network used by the mobile network, such that IP messages communicated for the one or more UEs in the mobile network are forwarded via the selected SR path associated with the security group and subsequently via a tunnel associated with the virtual network.
  11. The method of claim 10, wherein causing the selected SR path and the identity of the virtual network to be provisioned comprises: causing the selected SR path and the identity of the virtual network to be provisioned in association with the selected SR path in one or more routers which are thereafter configured receive the IP messages and populate an SR header of the IP messages with the one or more SIDs of the selected SR path and the identity of the virtual network.
  12. The method of claim 10 or 11, wherein at least one of: the selected SR path is one of the plurality of SR paths between a base station and a user plane, UP, entity of the mobile network; the identity of the virtual network comprises a virtual extensible LAN, VXLAN, network identifier, VNI, associated with a VXLAN.
  13. The method of any of claims 10 to 12, which is performed by a control plane, CP, entity for session management, the method further comprising: receiving a message which indicates a request for creating a session for the UE (102); and in response to receiving the message, requesting and receiving policy data associated with the session, the policy data indicating the identity of the security group associated with the one or more UEs.
  14. A computer readable medium comprising computer readable instructions that are executable by one or more processors to cause the method of any preceding claim to be carried out.
  15. Apparatus arranged to perform the method of any of claims 1 to 13.

Description

TECHNICAL FIELD The present disclosure relates generally to mobile networks and segment routing (SR), and more particularly to methods and apparatus for use in providing transport and data center segmentation in mobile networks implementing segment routing for communications. BACKGROUND It would be desirable to provide transport and data center segmentation in mobile networks (e.g. 5G mobile networks) that implement segment routing (SR) or SR for IPv6 (SRv6). Matsushima et al DRAFT-IETF-DMM-SRV6-Mobile-UPLANE-02.TXT, internet-draft working group, internet engineering task force, internet society, is directed to segment routing IPv6 for mobile user plane. US 2018/270743 is directed to methods for configuring user plane functions associated with a network slice. The methods include: creating a mapping between a network slice instance and a respective TNL marker; selecting the network slice in response to a service request; identifying the respective TNL marker based on the mapping and the selected network slice; and communicating the identified TNL marker to a control plane function. BRIEF DESCRIPTION OF THE DRAWINGS So that the present disclosure can be understood by those of ordinary skill in the art, a more detailed description may be had by reference to aspects of some illustrative implementations, some of which are shown in the accompanying drawings. FIG. 1A is an illustrative representation of a basic network architecture of a Fifth Generation (5G) mobile network;FIG. 1B is an illustrative representation of a more detailed network architecture of the mobile network of FIG. 1A;FIG. 1C is an illustrative representation of the mobile network of FIGs. 1A-1B as a service-based architecture;FIGs. 2A-2D are illustrative block diagrams of communication networks operative to route communications with use of segment routing (SR) and, in particular, SR for IPv6 (SRv6);FIG. 3 is an illustrative representation of a network function (NF) repository function (NRF) of the mobile network, where the NRF has a first interface comprising an Nnrf interface of a service discovery function and a second interface of a SR path information obtaining function for interfacing with a SR path computation entity (SR-PCE);FIG. 4 is a flowchart for describing an example method for use with an NRF of FIG. 3 to facilitate the availability of SR path information in the mobile network;FIG. 5 is an example arrangement of network nodes and functions of the mobile network, further illustrating candidate SR paths of a transport network used by the mobile network (e.g. for communication between a gNB and a UPF);FIG. 6 is a table which provides example SR path information of candidate SR paths in the transport network used by the mobile network, and including stored associations with identities of security groups and virtual networks, according to at least some implementations of the present disclosure;FIG. 7A is a flowchart for describing a method of selecting NF instances or nodes in the mobile network (e.g. SMF and UPF selection) for establishing a session for a UE, which may include the obtaining and/or use of SR path information associated with SR paths;FIG. 7B is a flow diagram for describing a method of selecting NF instances or nodes in the mobile network (e.g. SMF and UPF selection) for establishing a session for a UE, which may include the obtaining and/or use of SR path information associated with SR paths;FIG. 8A is a flowchart for describing a method of obtaining an identity of a security group, which may be performed at one or network nodes or functions in a mobile network (e.g. an SMF), for use in at least in some implementations of the present disclosure;FIG. 8B is a diagram which shows example relationships between an identity of a security group and an SR path and/or virtual network;FIG. 9A is a flowchart for describing a method for use in providing transport network segmentation in a mobile network based on security group identity, which may be performed at one or network nodes or functions in the mobile network (e.g. an SMF), according to at least some implementations of the present disclosure;FIG. 9B is a flowchart for describing a method for use in providing transport and data center segmentation in a mobile network based on security group identity, which may be performed at one or network nodes or functions in the mobile network (e.g. an SMF), according to at least some implementations of the present disclosure;FIG. 10A is a flowchart for describing a method for use in providing transport network segmentation in a mobile network based on security group identity, which is similar to FIG. 9A but described in the context of a plurality of candidate SR paths between a gNB and a UPF for a session for a UE of the security group, according to at least some implementations of the present disclosure;FIG. 10B is a flowchart for describing a method for use in providing transport and data center segmentation in a mobile network based