Search

KR-102962145-B1 - Network function device and control method thereof

KR102962145B1KR 102962145 B1KR102962145 B1KR 102962145B1KR-102962145-B1

Abstract

The present invention proposes a network device and a method of operation of the network device, which realize a specific technical configuration that enables information related to NAT functions (e.g., NAT Resource information, information about network attacks) to be shared/managed in CPs (e.g., NRF, SMF, etc.) by introducing a NAT embedded UPF with an embedded NAT function, and further optimizes/enhances NF Management and security functions by utilizing this information.

Inventors

  • 최형두
  • 이동진

Assignees

  • 에스케이텔레콤 주식회사

Dates

Publication Date
20260507
Application Date
20231205

Claims (10)

  1. In a network device of a CP (Control Plane), Memory containing instructions; and A processor that, by executing the above command, reflects during Session Management NAT (Network Address Translation) Resource information of a UPF (User Plane Function) shared through transmission between a UP (User Plane) and a CP or transmission between NFs (Network Functions) within a CP; The above NAT Resource information includes at least one of NAT Status information and NAT session capacity information, and The above processor is, A network device characterized by performing a UPF selection operation based on NAT resource information of a previously shared UPF during UPF selection of the Session Management for service processing of a subscriber terminal.
  2. In Article 1, The above processor is, The NAT Resource information of the above-mentioned shared UPF is reflected in the Management Procedure, and A network device characterized in that the above Management Procedure includes Registration Management, Connection Management, and Session Management.
  3. In Article 1, The above processor is, A network device characterized by selecting the UPF with the smallest NAT resource load based on shared NAT resource information for each UPF when selecting a UPF for service processing of a subscriber terminal.
  4. In Article 1 The above processor is, If information regarding the aforementioned network attack by a specific UPF that has performed network attack detection and defense functions through NAT is shared through transmission between the UP and CP or between NFs within the CP, A network device characterized by transmitting the above-mentioned shared information to another UPF within the same network as the above-mentioned specific UPF, thereby inducing network security settings in the other UPF.
  5. In a network device of the UP (User Plane), Memory containing instructions; and A network device characterized by including a processor that, by executing the above command, transmits NAT Resource information regarding the NAT (Network Address Translation) function performed during incoming packet processing to a CP (Control Plane), thereby enabling the NF of the CP that receives the transmitted NAT Resource information to perform a UPF Selection operation based on the NAT Resource information of the previously shared UPF during UPF Selection in Session Management.
  6. In Article 5, The above processor is, A network device characterized by transmitting information about a network attack when performing detection and defense functions of a network attack through the above NAT function, and enabling a User Plane Function (UPF) that receives the information about the network attack to configure network security based on the shared information.
  7. In the method of operating a network device, A step of sharing NAT (Network Address Translation) resource information of a UPF (User Plane Function) through transmission between a UP (User Plane) and a CP (Control Plane) or transmission between NFs (Network Functions) within a CP; It includes a step of reflecting the NAT Resource information of the above UPF during Session Management, and The above NAT Resource information includes at least one of NAT Status information and NAT session capacity information, and The above-mentioned reflective step is, A method of operation of a network device characterized by performing a UPF selection operation based on NAT resource information of a previously shared UPF during UPF selection of the Session Management for service processing of a subscriber terminal.
  8. In Article 7, If information regarding the aforementioned network attack by a specific UPF that has performed network attack detection and defense functions through NAT is shared through transmission between the UP and CP or between NFs within the CP, A method of operation of a network device characterized by further including the step of transmitting the above-mentioned shared information to another UPF within the same network as the above-mentioned specific UPF to induce network security settings in the other UPF.
  9. In the method of operating a network device, A method of operation of a network device characterized by including a step of transmitting NAT Resource information regarding a Network Address Translation (NAT) function performed during incoming packet processing to a Control Plane (CP), thereby enabling the NF of the CP that receives the transmitted NAT Resource information to perform a UPF Selection operation based on the NAT Resource information of the UPF shared during UPF Selection in Session Management.
  10. In Article 9, When performing network attack detection and defense functions through the above NAT function, information regarding the said network attack is transmitted, A method of operation of a network device characterized by further including a step of enabling network security settings based on the shared information in a User Plane Function (UPF) that receives information regarding the above-mentioned network attack.

Description

Network function device and control method thereof The present invention relates to a technology for a User Plane Function (UPF) of a User Plane (UP), in particular a NAT embedded UPF with an embedded Network Address Translation (NAT) function. In 5G, a network structure is defined to provide end-to-end support for terminals, base stations (access), cores, and servers. It separates the functions of control signaling and data transmission and reception, which were performed in combination by a single node (e.g., S-GW, P-GW, etc.) in existing LTE (4G), and defines a network structure that distinguishes the control signaling function area (Control Plane) and the data transmission and reception function area (User Plane). At this time, the control nodes of the CP (Control Plane) in 5G can be defined as the Access and Mobility Management Function (AMF) that controls the wireless access of terminals, the Policy Control Function (PCF) that manages/controls policies such as terminal information, subscription service information per terminal, and billing, the Session Management Function (SMF) that manages/controls sessions for using data services per terminal, the Network Exposure Function (NEF) that is responsible for the function of sharing information with the external network, the Unified Data Management / Authentication Function (UDM/AUSF) that manages/controls the user's subscriber DB and authentication, the Network Repository Function (NRF) that manages/controls information about each NF (Network Function) within the network, and the Changing Function (CHHF) that processes billing for subscribers. In 5G, the data node of the UP (User Plane) can be defined as a UPF (User Plane Function) that transmits and receives data between a terminal and a server on an external service network (e.g., the Internet) through a session with the terminal based on the control (interconnection) of the SMF. Also, in 5G, the control node of the CP and the data node of the UP will both be referred to as Network Functions (NF). In this 5G, various NFs such as AMF, SMF, and UPF provide NF services specialized for each function, and the CP's NRF is responsible for managing and controlling these multiple NF services and NFs. Meanwhile, Network Address Translation (NAT) is a function/equipment required for network construction, which translates IPs, ports, etc. during packet processing for reasons such as saving IP addresses and security, and in 5G, the NAT function is built separately from UPF. In current 5G technology, information related to NAT functions cannot be managed by UPF or CP (e.g., NRF, SMF, etc.), and as a result, if a problem occurs in the NAT function operating during packet processing by UPF, UPF is directly affected by it. In the near future, due to the demand for network slimming and the development of Cloud-Native-based virtualization technology, the deployment and commercialization of NAT-embedded UPFs will become possible. However, in current standards, even for NAT embedded UPFs with built-in NAT functions, there is no technology presented that allows UPFs or CPs (e.g., NRF, SMF, etc.) to manage information related to NAT functions, and consequently, there is no specific technology for NF Management and security function optimization/improvement following the introduction of NAT embedded UPFs. Accordingly, the present invention proposes a specific technical method to further optimize and improve NF Management and security functions by introducing a NAT embedded UPF with an embedded NAT function. Figure 1 is an example diagram illustrating the concept of applying a NAT embedded UPF with built-in NAT functionality. FIG. 2 is a block diagram showing the configuration of a network device according to one embodiment of the present invention. Figure 3 is an example diagram illustrating NAT Resource information managed in the present invention. FIG. 4 is an example diagram illustrating information (Attack Context ID) regarding a network attack managed in the present invention. FIGS. 5 to 8 are example diagrams showing various call flows according to the NAT embedded UPF optimization technology realized in the present invention. Hereinafter, various embodiments of the present invention will be described with reference to the attached drawings. The present invention relates to a technology for a User Plane Function (UPF) of a User Plane (UP), in particular a NAT embedded UPF with an embedded Network Address Translation (NAT) function. In 5G, a network structure is defined to provide end-to-end support for terminals, base stations (access), cores, and servers. It separates the functions of control signaling and data transmission and reception, which were performed in combination by a single node (e.g., S-GW, P-GW, etc.) in existing LTE (4G), and defines a network structure that distinguishes the control signaling function area (Control Plane) and the data transmission and reception function area (User Plane). At this time, t