[go: up one dir, main page]

WO2025180331A1 - Information processing method and apparatus, device, storage medium and computer program product - Google Patents

Information processing method and apparatus, device, storage medium and computer program product

Info

Publication number
WO2025180331A1
WO2025180331A1 PCT/CN2025/078846 CN2025078846W WO2025180331A1 WO 2025180331 A1 WO2025180331 A1 WO 2025180331A1 CN 2025078846 W CN2025078846 W CN 2025078846W WO 2025180331 A1 WO2025180331 A1 WO 2025180331A1
Authority
WO
WIPO (PCT)
Prior art keywords
arn
identifier
network
packet
application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/CN2025/078846
Other languages
French (fr)
Chinese (zh)
Inventor
杨锋
程伟强
段晓东
张晓秋
韩婷婷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
Research Institute of China Mobile Communication Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
Research Institute of China Mobile Communication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, Research Institute of China Mobile Communication Co Ltd filed Critical China Mobile Communications Group Co Ltd
Publication of WO2025180331A1 publication Critical patent/WO2025180331A1/en
Pending legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/0001Systems modifying transmission characteristics according to link quality, e.g. power backoff
    • H04L1/0006Systems modifying transmission characteristics according to link quality, e.g. power backoff by adapting the transmission format
    • H04L1/0007Systems modifying transmission characteristics according to link quality, e.g. power backoff by adapting the transmission format by modifying the frame length
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/34Source routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/50Routing or path finding of packets in data switching networks using label swapping, e.g. multi-protocol label switch [MPLS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W40/00Communication routing or communication path finding
    • H04W40/02Communication route or path selection, e.g. power-based or shortest path routing

Definitions

  • the present disclosure relates to the field of wireless communication technologies, and in particular to an information processing method, apparatus, device, storage medium, and computer program product.
  • IP Internet Protocol
  • technologies ranging from Multi-Protocol Label Switching (MPLS) to the current Segment Routing over IPv6 (SRv6) are all centered around providing network path scheduling capabilities.
  • MPLS Multi-Protocol Label Switching
  • SRv6 Segment Routing over IPv6
  • the first is to classify traffic based on application characteristics and then direct different traffic to specific network paths.
  • the second is for applications to explicitly carry type information.
  • the network edge service access point device identifies the application information explicitly carried in the message and then maps the message to a network tunnel/slice.
  • the third is to directly open the network connection for applications to call.
  • all three methods have the problem of poor network security.
  • embodiments of the present disclosure are intended to provide an information processing method, apparatus, device, storage medium, and computer program product.
  • the present disclosure provides an information processing method, which is applied to a user edge device.
  • the method includes:
  • ARN Application Responsive Networking
  • marking the first IP packet based on the first ARN identifier includes:
  • the first information is used to indicate whether to convert the original content in the flow label field into the first ARN identifier.
  • marking the first IP packet based on the first ARN identifier includes:
  • the first ARN identifier is written into the source address field in the header of the first IP packet.
  • obtaining the first ARN identifier includes:
  • the first ARN identifier is allocated by the controller to the user edge device based on user information, application information and network service information.
  • sending the second IP message includes:
  • the present disclosure provides an information processing method, which is applied to a network edge device.
  • the method includes:
  • the second IP packet is obtained by the user edge device obtaining the first ARN identifier and marking the first IP packet based on the first ARN identifier; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application.
  • the method further includes:
  • the preset data table stores a preset correspondence between user information and ARN identifiers
  • the second IP packet is mapped to a corresponding path or slice based on the first ARN identifier.
  • the method further includes:
  • the first operation includes one of the following:
  • verifying the legitimacy of the first ARN identifier according to the preset data table includes:
  • the first ARN identifier is legal.
  • mapping the second IP packet to a corresponding path or slice based on the first ARN identifier includes:
  • the first ARN identifier is legal, determine the first path or first slice corresponding to the first ARN identifier according to the preset correspondence between the path or slice and the ARN identifier; map the second IP packet to the first path or the first slice;
  • the path or slice includes one of the following:
  • MPLS Multi-protocol label switching
  • IP Internet Layer 3 Protocol
  • VxLAN Virtual Extended Local Area Network
  • GRE General Routing Encapsulation
  • GENEVE Generic Network Virtualization Encapsulation
  • An embodiment of the present disclosure provides an information processing method, applied to a controller, the method comprising:
  • the first ARN identifier represents a calling relationship between an application and a network capability and/or a capability open to the application by the network;
  • the first ARN identifier is used by the user edge device to mark the first IP packet, generate a second IP packet, and send the second IP packet.
  • the method further includes:
  • the path or slice includes one of the following:
  • the method further includes:
  • the first ARN identifier is allocated to the user edge device based on user information, application information, and network service information.
  • the method further includes:
  • managing the lifecycle of the first ARN identifier includes:
  • An embodiment of the present disclosure provides an information processing device, including:
  • An acquisition module configured to acquire a first ARN identifier; the first ARN identifier represents a calling relationship between an application and a network capability and/or a capability open to the application by the network;
  • a processing module configured to mark the first IP packet based on the first ARN identifier to generate a second IP packet
  • the first sending module is configured to send the second IP message.
  • An embodiment of the present disclosure provides an information processing device, including:
  • a receiving module configured to receive a second IP message
  • the second IP packet is obtained by the user edge device obtaining the first ARN identifier and marking the first IP packet based on the first ARN identifier; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application.
  • An embodiment of the present disclosure provides an information processing device, including:
  • a second sending module is configured to send a first ARN identifier to the user edge device;
  • the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application;
  • the first ARN identifier is used by the user edge device to mark the first IP packet, generate a second IP packet, and send the second IP packet.
  • An embodiment of the present disclosure provides a user edge device, including a processor and a memory for storing a computer program that can be run on the processor.
  • the processor is configured to execute the steps of any one of the methods described above on the user edge device side when running the computer program.
  • An embodiment of the present disclosure provides a network edge device, including a processor and a memory for storing a computer program that can be run on the processor.
  • the processor when used to run the computer program, it executes the steps of any one of the methods described above on the network edge device side.
  • An embodiment of the present disclosure provides a controller, comprising a processor and a memory for storing a computer program that can be run on the processor.
  • the processor when used to run the computer program, it executes the steps of any one of the methods described above on the controller side.
  • At least one embodiment of the present disclosure provides a computer-readable storage medium having a computer program stored thereon.
  • the computer program When the computer program is executed by a processor, the computer program implements the steps of any one of the methods described on the user edge device side, or implements the steps of any one of the methods described on the network edge device side, or implements the steps of any one of the methods described on the controller side.
  • An embodiment of the present disclosure further provides a computer program product, including a computer program.
  • the computer program When executed by a processor, it implements any of the methods described above on the user edge device side, or any of the methods described above on the network edge device side, or any of the methods described above on the controller side.
  • the information processing method, apparatus, device, storage medium, and computer program product provided by the embodiments of the present disclosure include: a user edge device obtains a first ARN identifier; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability open to the application by the network; based on the first ARN identifier, a first IP packet is marked to generate a second IP packet; and the second IP packet is sent.
  • the first ARN identifier represents the calling relationship of the application to the network capability and/or the capability opened by the network to the application
  • the user or application does not directly call the network capability, but calls the network capability through the first ARN identifier, so that the network will not see the relevant information of the user or application.
  • the network does not directly open the capability to the user, but opens the capability through the first ARN identifier, so that the user will not see the service information of the network, thereby improving network security while providing application collaborative network capabilities.
  • FIG1 is a schematic diagram of an Application-Aware Networking (APN) header in the related art
  • FIG2 is a first schematic diagram of an implementation flow of the information processing method according to an embodiment of the present disclosure
  • FIG3 is a second schematic diagram of the implementation flow of the information processing method according to an embodiment of the present disclosure.
  • FIG4 is a third schematic diagram of the implementation flow of the information processing method according to an embodiment of the present disclosure.
  • FIG5 is a schematic diagram of a system architecture for applying the information processing method according to an embodiment of the present disclosure
  • FIG6 is a schematic diagram of a specific implementation flow of the information processing method according to an embodiment of the present disclosure.
  • FIG7 is a schematic diagram of a controller allocating a first ARN ID to a user edge device according to an embodiment of the present disclosure
  • FIG8 is a schematic diagram of the life cycle of an ARN ID according to an embodiment of the present disclosure.
  • FIG9 is a first schematic diagram of marking a first IP message according to an embodiment of the present disclosure.
  • FIG10 is a second schematic diagram of marking a first IP message according to an embodiment of the present disclosure.
  • FIG11 is a third schematic diagram of marking a first IP message according to an embodiment of the present disclosure.
  • FIG12 is a fourth schematic diagram of marking a first IP message according to an embodiment of the present disclosure.
  • FIG13 is a first schematic diagram of an information processing device according to an embodiment of the present disclosure.
  • FIG14 is a second schematic diagram of the information processing device according to an embodiment of the present disclosure.
  • FIG15 is a third schematic diagram of an information processing device according to an embodiment of the present disclosure.
  • FIG16 is a schematic diagram of the structure of a user edge device according to an embodiment of the present disclosure.
  • FIG17 is a schematic diagram of the composition structure of a network edge device according to an embodiment of the present disclosure.
  • FIG18 is a schematic diagram of the composition structure of the controller according to an embodiment of the present disclosure.
  • IP Internet Protocol
  • MPLS Multi-Protocol Label Switching
  • SRv6 Segment Routing over IPv6
  • point-to-point network paths with different characteristics can be constructed, such as low latency and large bandwidth. Further building on the above capabilities and combining them with a bandwidth resource reservation mechanism can realize network-wide slicing capabilities, enabling a physical network to be virtualized into multiple logical slices, with each slice occupying different resources, thereby achieving multi-point to multi-point differentiated network connections.
  • IP backbone network already has flexible differentiated service capabilities, there are many different approaches to the coordination of applications and network capabilities.
  • the first approach is to classify traffic based on application characteristics and then direct different traffic to specific network paths (MPLS or SRv6).
  • MPLS MPLS
  • SRv6 specific network paths
  • the first solution uses an access control list (ACL) based on layer 3 and layer 4 header information to classify application types.
  • ACL access control list
  • the traffic is classified by matching the source IP, destination IP, protocol type, source port, and destination port five-tuples of the traffic through the ACL, and then directed to a specific low-latency or high-bandwidth tunnel/slice.
  • the hardware chips of routers and switches support ACL, so high-performance forwarding can be achieved.
  • ACL requires manual maintenance of the five-tuple characteristics of the application and configuration on the network device in the form of ACL commands. After the ACL classifies the flow, it specifies the next one for the flow, thereby directing the flow to the specified SRv6/MPLS tunnel or slice.
  • the second solution uses deep packet inspection (DPI) based on seven-layer content information to classify application types.
  • DPI deep packet inspection
  • DPI needs to identify the packet encapsulation, reassemble a series of packets into application data, and then classify them according to the characteristics of these application data.
  • DPI usually describes application characteristics in the form of regular expressions. It cannot be processed by the routing chip and can only be processed by the CPU. Common application characteristics include URLs, HTML tags, text, etc. Similar to ACL, application characteristics need to be manually maintained and configured on network devices, and it also needs to be able to reassemble multiple packets into application data.
  • DPI classifies the flow, it specifies the next one for the flow, thereby introducing the flow into the specified SRv6/MPLS tunnel or slice.
  • the second school of thought is to use explicit type information.
  • the network edge service access point PE identifies the application information explicitly carried in the message and then maps this type of message to the network tunnel/slice.
  • APN Application-Aware Networking additionally defines application information description in the message.
  • APN utilizes the extension headers (Extension Headers) that come with IPv6 data messages, such as the programmable space of the Hop-by-Hop Options Header (HBH) and the Destination Options Header (DOH).
  • Extension Headers Extension Headers
  • HBV Hop-by-Hop Options Header
  • DOH Destination Options Header
  • APN requires the message to carry application information so that network devices can directly identify the application information. After classifying the flow based on the APN information, it specifies the next one for the flow, thereby introducing the flow into the specified SRv6/MPLS tunnel or slice.
  • APN needs to explicitly carry the APN ID in the message in an unencrypted manner.
  • APN ID marking On the one hand, it requires the application to be willing to mark the APN ID, and on the other hand, it requires a unified organization to centrally allocate APN IDs to applications. According to the location of the APN ID marking on the traffic, it is divided into two methods: end-side marking and network marking. Considering that the early application side does not have the relevant capabilities, network boundary service access point marking can be used first. As the ecosystem matures, more services can carry APN IDs independently to further improve the accuracy of service perception.
  • FIG. 1 is a schematic diagram of an APN header in related art.
  • the APN header includes APN identification information and APN parameter information.
  • the APN header can be used in different data planes.
  • the APN header format may include:
  • APN parameter information (APN-Para).
  • APN ID is used to identify service attributes, indicating that messages carrying the same identifier will be given the same treatment. It specifically includes the following information: APP Group ID, which is used to identify the application group to which the message belongs and has a variable length; USER Group ID, which is used to identify the user group to which the message belongs and has a variable length.
  • APN parameter information is a parameter related to network performance requirements.
  • the specific parameters are defined by APN-Para-Type, and the length of each APN parameter is 32 bits.
  • APN-Para is transmitted together with the APN ID information to describe the required network connection requirements. It specifically includes the following information: Bandwidth, which indicates the bandwidth requirement of the application, in Mbit/s; Delay, the first 8 bits are reserved and must be set to 0 when sending and must be ignored when receiving.
  • the last 24 bits indicate the delay requirement, in ms, encoded as an integer value; Jitter, the first 8 bits are reserved and must be set to 0 when sending and must be ignored when receiving, and the last 24 bits indicate the delay variation requirement, in ms, encoded as an integer value; Packet Loss Ratio, the first 8 bits are reserved and must be set to 0 when sending and must be ignored when receiving, and the last 24 bits indicate the packet loss rate per second, which is the maximum packet loss rate allowed by the system.
  • the APN header (including the APN identifier and required parameters) can be encapsulated in the IPv6 packet extension header. Specifically, the following methods can be used:
  • Hop-by-Hop Options Header The APN header can be carried as a new option of the Hop-by-Hop Options Header. By using the information carried by the Hop-by-Hop Options Header, each node on the path can read it.
  • DOH Destination Options Header
  • Segment Routing Header The APN header can also be placed in the Segment Routing Header, as a type of Segment Routing Header TLV, immediately following the Segment List.
  • the information carried in the Segment Routing Header can be read by a specific segment on the SRv6 path.
  • the application information carried by data packets in the APN network can indicate the application (class) to which the data packet belongs, the user (group) information using the application (class), the key flows in the application (for example, action instructions in cloud games, etc.), SLA requirements or network performance requirement parameters (for example, bandwidth, latency, jitter, packet loss rate, etc.).
  • the third school of thought is to directly open the network connection and let the application call it.
  • the network connection service is abstracted by binding segment identifiers (BSID, Binding SID).
  • BSID binding segment identifiers
  • the IP backbone network abstracts the paths between PEs into BSIDs with different service capabilities, such as low latency, large bandwidth, and low packet loss, and directly compiles different BSIDs into the path list at the terminal.
  • This method requires the BSID to be made public, and the BSID is shared by multiple services. Once it is made public, it is easy to cause security issues such as network attacks and BSID bandwidth being misused.
  • the BSID is a shared resource, once it is deactivated, it will affect the business, so it cannot eliminate the security risks by deactivating it.
  • ACL and DPI are only applicable in specific scenarios.
  • ACL User Datagram Protocol
  • DPI can address the problem of ACLs failing to accurately identify applications, but its deployment also has significant limitations.
  • DPI requires CPU processing, consuming significant processing power.
  • DPI cannot handle encrypted packets, while the vast majority of Internet traffic, such as HTTPS, is encrypted. Therefore, large-scale application is difficult.
  • APN APN
  • the first issue is APN ID privacy and security. If traffic can be identified through APN, there is a risk of traffic hijacking and analysis, which can make users less motivated to use APN.
  • APN ID management is extremely difficult. APN IDs require unified management across the entire network, and different applications need to be distinguished by different values.
  • the Internet lacks a centralized application APN ID registration and management mechanism, and with the large number of new applications appearing daily, implementation is difficult.
  • the third issue is APN ID leakage. Messages may be intercepted during forwarding, allowing non-accelerated users to obtain this APN ID. This APN ID can then be included in messages sent by non-accelerated users, illegally achieving acceleration.
  • the user edge device obtains a first ARN identifier; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability open to the application by the network; the first IP packet is marked based on the first ARN identifier to generate a second IP packet; and the second IP packet is sent.
  • FIG. 2 is a schematic diagram of an implementation flow of an information processing method according to an embodiment of the present disclosure, which is applied to a user edge device.
  • the user edge device may be a client router, an SD-WAN CPE, a cloud gateway, or an application.
  • the method includes steps 201 to 203:
  • Step 201 Obtain a first ARN identifier; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application.
  • the network capability may refer to network resources, which may specifically include paths or slices, and the path may be understood as a tunnel.
  • the service type of the path or slice includes but is not limited to one of the following:
  • the calling relationship between the application and the network capability may include but is not limited to one of the following:
  • the application's call to low-latency network capabilities can also be described as the application's call to low-latency path or slice services.
  • the application's call to high-bandwidth network capabilities can also be described as the application's call to high-bandwidth path or slice services.
  • the application's call for low-packet-loss network capabilities can also be described as the application's call for low-packet-loss path or slice services.
  • network resources which may specifically include paths or slices, and the paths may be understood as tunnels.
  • Step 202 Mark the first IP packet based on the first ARN identifier to generate a second IP packet.
  • the first IP packet may be an IPv6 packet.
  • marking the first IP packet based on the first ARN identifier includes:
  • the first information is used to indicate whether to convert the original content in the flow label field into the first ARN identifier.
  • the first information may also be described as an escape character.
  • the first information may be located in the highest bit of the traffic class field.
  • the flow label (Flow Label) field is reused, and the highest bit (escape character) of the traffic type field (tc, traffic class) is used to indicate whether to escape. If the bit is 1, the original content in the flow label field is escaped to the first ARN ID; otherwise, no escape is performed.
  • marking the first IP packet based on the first ARN identifier includes:
  • the first ARN identifier is written into the source address field in the header of the first IP packet.
  • the extended header may refer to a DOH, HBH, or SRH header.
  • the ARN ID field is introduced into the first IP packet to glue the application and the network together through the first ARN ID.
  • the first ARN ID not only expresses the calling relationship between the application and the network, but also expresses the application's requirements for the network path or slice, such as path constraints such as latency, packet loss, jitter, and bandwidth.
  • obtaining the first ARN identifier includes:
  • the first ARN identifier is allocated by the controller to the user edge device based on user information, application information and network service information.
  • the network service information may include quality of service (QoS), network interface, etc.
  • QoS quality of service
  • network interface etc.
  • the service system calls the controller interface based on the service type subscribed by the user. After receiving the user's network service subscription request, the controller assigns the first ARN identifier to the user edge device.
  • the controller may allocate the first ARN identifier to the user edge device based on user information, application information, and network service information.
  • the first ARN ID can be any integer that satisfies a one-to-one correspondence between ⁇ user, application, network service> and ARN ID. Specifically, it can be generated using a random function, or generated from small to large, or from large to small.
  • the controller assigns the first ARN ID to the user edge device, it can also manage the lifecycle of the first ARN identifier, specifically including:
  • revocation refers to the controller deleting the relevant ARN ID information at the user and network edge.
  • the report of loss also corresponds to the cancellation of the related ARN ID.
  • reissue means that an ARN ID needs to be regenerated.
  • aging means that the corresponding APN service has a time limit, and the corresponding ARN ID will be automatically revoked after the time expires.
  • the extension refers to extending the service time of the ARN ID.
  • Step 203 Send the second IP message.
  • the second IP packet may be sent to a network edge device.
  • the network edge device is a BRAS/BNG for home users, a router connected to the core network for wireless users, and a PE for accessing user dedicated lines for government and enterprise users.
  • the network edge device parses the second IP packet to obtain the first ARN identifier carried in the first IP packet; and verifies the legitimacy of the first ARN identifier.
  • the validity of the first ARN identifier is verified in the following two situations:
  • the second IP packet is mapped to the corresponding path or slice based on the first ARN identifier.
  • the first operation is performed.
  • the first operation includes one of the following:
  • the user edge device may carry the first user information in the second IP message, so that the network edge device can verify the first ARN identifier.
  • sending the second IP message includes:
  • a user edge device obtains a first ARN identifier; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application; a first IP packet is marked based on the first ARN identifier to generate a second IP packet; and the second IP packet is sent.
  • the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application
  • the user or application does not directly call the network capability, but calls the network capability through the first ARN identifier, so that the network will not see the relevant information of the user or application.
  • the network does not directly open the capability to the user, but opens the capability through the first ARN identifier, so that the user will not see the service information of the network, thereby improving security while providing application collaborative network capabilities.
  • the disclosed embodiments use ARN identification.
  • users/applications cannot directly call the network path, but must call network services through the intermediate layer ARN.
  • the network cannot see user application information, but only sees the intermediate layer ARN.
  • APN directly carries application and user information, which the network directly sees.
  • BSID directly opens network capabilities to users, and users directly see network service information.
  • ARN ID does not directly use the network connection identifier, such as BSID or SID, but uses an ARN ID independent of BSID.
  • the value range of ARN ID in the message is random for different users.
  • the controller can map a user network demand contract to different ARN ID values for different devices, and set it to be device-valid rather than globally valid. Different ARN ID values can be different for different devices. Therefore, it carries neither network privacy information nor user privacy information.
  • ARN IDs In terms of maintainability, network capabilities expressed through ARN IDs are independent of application changes, eliminating the frequent configuration changes associated with rapid application iterations and facilitating the planned opening of network capabilities. Furthermore, because ARN IDs correspond one-to-one with user-paid contracts, configuration information can be easily embedded into business processes, eliminating the need to convert contracts into ACL quintuples or APN IDs.
  • the ARN ID sits between applications and the network, and like a contract, has a lifecycle, with operations such as creation, destruction, expiration, renewal, and verification. If ARN ID information is discovered to be leaked, it can be quickly reported lost and a new ARN ID requested without impacting other users' services. Furthermore, messages entering the SR network can be correctly mapped to the corresponding SR Policy path based on the ARN ID, even without carrying a BSID/SID. Even when carrying a BSID/SID, the ARN ID can be used to verify the legitimacy of the BSID/SID call to the network. This resolves security issues.
  • ARN IDs can be divided into two categories: global ARN IDs, which have the same lifecycle across all sites, but can be different on different devices at different sites; and localized ARN IDs, which are tailored to the local needs of individual users and have independent lifecycles. Customers with localized ARN IDs must carry them in messages. Because ARN ID values are not required to be the same globally, coordination requirements are minimized.
  • the network edge device is a BRAS/BNG for home users, a router connected to the core network for wireless users, and a PE for accessing user dedicated lines for government and enterprise users.
  • the method includes step 301:
  • Step 301 Receive a second IP message
  • the second IP packet is obtained by the user edge device obtaining the first ARN identifier and marking the first IP packet based on the first ARN identifier; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability of the network to be open to the application.
  • the network capability may refer to network resources, which may specifically include paths or slices, and the path may be understood as a tunnel.
  • the service type of the path or slice includes but is not limited to one of the following:
  • the calling relationship between the application and the network capability may include but is not limited to one of the following:
  • the application's call to low-latency network capabilities can also be described as the application's call to low-latency path or slice services.
  • the application's call to high-bandwidth network capabilities can also be described as the application's call to high-bandwidth path or slice services.
  • the application's call for low-packet-loss network capabilities can also be described as the application's call for low-packet-loss path or slice services.
  • network resources which may specifically include paths or slices, and the paths may be understood as tunnels.
  • the method further comprises:
  • the preset data table stores a preset correspondence between user information and ARN identifiers
  • the second IP packet is mapped to a corresponding path or slice based on the first ARN identifier.
  • the user information may include a user identifier corresponding to the user, source address information, link information, etc.
  • the network edge device may receive a preset correspondence between user information and ARN identifiers sent by the controller.
  • the method further comprises:
  • the first operation includes one of the following:
  • resetting the value of the first ARN identifier may be resetting the first ARN ID to 0 as configured.
  • verifying the legitimacy of the first ARN identifier according to a preset data table includes:
  • the first ARN identifier is legal.
  • the correspondence between the first user information and the first ARN identifier is not found in the preset data table, it is determined that the first ARN identifier is illegal.
  • the first user information may be obtained through the source address field of the second IP packet.
  • the preset correspondence between user information and ARN identifiers may include: if the user information is Ua, the corresponding ARN identifier is a value of 1; if the user information is Ub, the corresponding ARN identifier is a value of 2; and if the user information is Uc, the corresponding ARN identifier is a value of 3.
  • the first user information is Ub and the first ARN identifier is a value of 2
  • mapping the second IP packet to a corresponding path or slice based on the first ARN identifier includes:
  • the first ARN identifier is legal, determine the first path or first slice corresponding to the first ARN identifier according to the preset correspondence between the path or slice and the ARN identifier; map the second IP packet to the first path or the first slice;
  • the path or slice includes one of the following:
  • MPLS Multiprotocol Label Switching
  • IP Internet Layer 3 Protocol
  • VxLAN Virtual Extended Local Area Network
  • GRE Generic Routing Encapsulation
  • GENEVE Generic Network Virtualization Encapsulation
  • the network edge device can obtain the preset correspondence between tunnels such as SRv6, Multi-Protocol Label Switching MPLS, Internet Layer 3 Protocol IPinIP, Virtual Extended Local Area Network VxLAN, Generic Routing Encapsulation Protocol GRE, and Generic Network Virtualization Encapsulation GENEVE and ARN identifiers from the controller.
  • tunnels such as SRv6, Multi-Protocol Label Switching MPLS, Internet Layer 3 Protocol IPinIP, Virtual Extended Local Area Network VxLAN, Generic Routing Encapsulation Protocol GRE, and Generic Network Virtualization Encapsulation GENEVE and ARN identifiers from the controller.
  • SRv6 tunnel 1 is tunnel color identifier a (high-bandwidth path or slice), and the corresponding ARN identifier is the value 1
  • SRv6 tunnel 2 is tunnel color identifier b (low-latency path or slice), and the corresponding ARN identifier is the value 2
  • SRv6 tunnel 3 is tunnel color identifier c (low-packet-loss path or slice), and the corresponding ARN identifier is the value 3.
  • the first ARN identifier is the value 2
  • it can be determined that the corresponding first path or first slice is SRv6 tunnel 2.
  • the second IP packet is mapped to the low-latency path or slice corresponding to the tunnel color identifier b.
  • a user edge device obtains a first ARN identifier; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application; a first IP packet is marked based on the first ARN identifier to generate a second IP packet; and the second IP packet is sent.
  • the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application
  • the user or application does not directly call the network capability, but calls the network capability through the first ARN identifier, so that the network will not see the relevant information of the user or application.
  • the network does not directly open the capability to the user, but opens the capability through the first ARN identifier, so that the user will not see the service information of the network, thereby improving network security while providing application collaborative network capabilities.
  • step 401 which is a schematic diagram of an implementation flow of an information processing method according to an embodiment of the present disclosure, and is applied to a controller. As shown in FIG4 , the method includes step 401:
  • Step 401 Send a first ARN identifier to a user edge device; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application;
  • the first ARN identifier is used by the user edge device to mark the first IP packet, generate a second IP packet, and send the second IP packet.
  • the method further comprises:
  • the path or slice includes one of the following:
  • the controller sends the preset correspondence between the user information and the ARN identifier to the network edge device.
  • the network edge device can verify the legitimacy of the first ARN identifier based on the preset correspondence between the user information and the ARN identifier.
  • the controller sends the preset correspondence between the path or slice and the ARN identifier to the network edge device.
  • the network edge device can map the second IP packet to the path or slice corresponding to the first ARN identifier according to the preset correspondence between the path or slice and the ARN identifier if the first ARN identifier is legal.
  • the method further comprises:
  • the first ARN identifier is allocated to the user edge device based on user information, application information, and network service information.
  • the first ARN ID can be any integer as long as there is a one-to-one correspondence between ⁇ user, application, network service> and ARN ID.
  • the first ARN identifier can be generated using a random function, or generated from small to large, or from large to small.
  • the method further comprises:
  • managing the lifecycle of the first ARN identifier includes:
  • revocation refers to the controller deleting the relevant ARN ID information at the user and network edge.
  • the report of loss also corresponds to the cancellation of the related ARN ID.
  • reissue means that an ARN ID needs to be regenerated.
  • aging means that the corresponding APN service has a time limit, and the corresponding ARN ID will be automatically revoked after the time expires.
  • the extension refers to extending the service time of the ARN ID.
  • a user edge device obtains a first ARN identifier; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application; a first IP packet is marked based on the first ARN identifier to generate a second IP packet; and the second IP packet is sent.
  • the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application
  • the user or application does not directly call the network capability, but calls the network capability through the first ARN identifier, so that the network will not see the relevant information of the user or application.
  • the network does not directly open the capability to the user, but opens the capability through the first ARN identifier, so that the user will not see the service information of the network, thereby improving security while providing application collaborative network capabilities.
  • FIG5 is a schematic diagram of a system architecture for an information processing method according to an embodiment of the present disclosure. As shown in FIG5 , the system includes:
  • the controller is configured to allocate a first ARN identifier to a user edge device; the first ARN identifier represents a calling relationship between an application and a network capability and/or a capability exposed by the network to the application.
  • the customer edge device (CPE1) is configured to mark the first IP packet based on the first ARN identifier to generate a second IP packet; and send the second IP packet to the network edge device.
  • a network edge device is used to parse the second IP packet to obtain the first ARN identifier and first user information (such as user ID); use the first user information to verify the legitimacy of the first ARN identifier, and if the first ARN identifier is legal, map the second IP packet to the corresponding path or slice based on the first ARN identifier.
  • PE network edge device
  • the user edge device can be a client router, SD-WAN CPE, cloud gateway or an application.
  • the network edge device is BRAS/BNG for home users, a router connected to the core network for wireless users, and a PE for accessing user dedicated lines for government and enterprise users.
  • FIG. 6 is a schematic diagram of a specific implementation flow of the information processing method according to an embodiment of the present disclosure. As shown in FIG6 , the method includes steps 601 to 606:
  • Step 601 The controller allocates a first ARN identifier to the user edge device; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application.
  • the network capability may refer to network resources, which may specifically include paths or slices, and the path may be understood as a tunnel.
  • the service type of the path or slice includes but is not limited to one of the following:
  • the calling relationship between the application and the network capability may include but is not limited to one of the following:
  • the application's call to low-latency network capabilities can also be described as the application's call to low-latency path or slice services.
  • the application's call to high-bandwidth network capabilities can also be described as the application's call to high-bandwidth path or slice services.
  • the application's call for low-packet-loss network capabilities can also be described as the application's call for low-packet-loss path or slice services.
  • network resources which may specifically include paths or slices, and the paths may be understood as tunnels.
  • the service system calls the controller interface based on the service type subscribed by the user. After receiving the user's network service subscription request, the controller assigns the first ARN identifier to the user edge device.
  • the controller may allocate the first ARN identifier to the user edge device based on user information, application information, and network service information.
  • the first ARN ID can be any integer as long as there is a one-to-one correspondence between ⁇ user, application, network service> and ARN ID.
  • the first ARN identifier can be generated using a random function, or generated from small to large, or from large to small.
  • FIG7 is a schematic diagram of a controller assigning a first ARN ID to a user edge device according to an embodiment of the present disclosure.
  • the application information is a video application
  • the network service information is a low-latency path or slice
  • an ARN ID is randomly selected from the unassigned ARN ID database and assigned to the corresponding user edge device as the first ARN ID.
  • the application information is a video application
  • the network service information is a low-latency and high-bandwidth path or slice
  • two ARN IDs are randomly selected from the unassigned ARN ID database and assigned to the corresponding user edge device as the first ARN ID.
  • the user edge device is used to call network capabilities.
  • the user edge device can be a client router, SD-WAN CPE, cloud gateway or an application.
  • FIG 8 is a schematic diagram of the life cycle of the ARN ID in the embodiment of the present disclosure.
  • the ARN ID has three states: unallocated, active period, and silent period. Among them, in the initial stage, the ARN ID is in the unallocated state; once allocated, it enters the active period. During the active period, the ARN ID service contract expires, the user terminates it early, or it is reported lost, which will cause the ARN ID to enter the silent period. The ARN ID in the silent period is in a suspended state. The purpose is to avoid conflicts or security risks. Therefore, it will not be allocated to the outside for a period of time. After a period of time (generally half a year or more than a year), it will be recycled into the unallocated ARN ID database.
  • a period of time generally half a year or more than a year
  • the controller assigns the first ARN ID to the user edge device, it can also manage the lifecycle of the first ARN identifier, specifically including:
  • revocation refers to the controller deleting the relevant ARN ID information at the user and network edge.
  • the report of loss also corresponds to the cancellation of the related ARN ID.
  • reissue means that an ARN ID needs to be regenerated.
  • aging means that the corresponding APN service has a time limit, and the corresponding ARN ID will be automatically revoked after the time expires.
  • the extension refers to extending the service time of the ARN ID.
  • Step 602 The user edge device marks the first IP packet based on the first ARN identifier to generate a second IP packet.
  • the first IP packet may refer to an IPv6 packet.
  • the length of the first ARN ID is at least 10 bits.
  • the ARN identifier (ID) information can be placed in the following ways:
  • the first carrying method is IPv6 header escape method.
  • Figure 9 is a schematic diagram of marking the first IP packet according to an embodiment of the present disclosure.
  • the first IP packet is an IPv6 packet and the ARN ID is 20 bits
  • the ARN ID and the first information are respectively written into the flow label field (Flow Label) and the traffic type field (traffic class) in the header of the IPv6 packet; wherein the first information is used to indicate whether the original content in the flow label field is escaped into the ARN ID.
  • the 20 bits of the flow label are reused, and the highest bit (escape character) of the traffic class field (tc) is used to indicate whether to escape. If this bit is 1, the original content in the flow label field is escaped to the ARN ID; otherwise, no escape is performed.
  • the second way is to carry it through the IPv6 extension header.
  • FIG 10 is a schematic diagram of marking the first IP message according to an embodiment of the present disclosure.
  • the ARN ID is 20 bits
  • the ARN ID is written into the extended header of the IPv6 message, namely DOH and HBH
  • type indicates that the 4 bytes (0 to 31 bits) are ARN ID, and flag is reserved and undefined.
  • the third method is to carry it through the IPv6 extension header.
  • Figure 11 is a schematic diagram of marking the first IP message according to an embodiment of the present disclosure.
  • the ARN ID is 20 bits, and the ARN ID is written into the extended header SRH header of the IPv6 message.
  • Type indicates that the 4 bytes (0 to 31 bits) are ARN ID, and flag is reserved and undefined.
  • the fourth method is to carry the IPv6 source address.
  • FIG 12 is a schematic diagram of marking the first IP message according to an embodiment of the present disclosure.
  • the first IP message is an IPv6 message and the ARN ID is 20 bits
  • the ARN ID is written into the source address field of the IPv6 message.
  • the first ARN ID is actively carried in the first IP message, and the specific location can be DOH, HBH, SRH, FlowLabel, and source address.
  • the 7th bit of the traffic type field (TC) needs to be set to 1 to indicate that the current Flow Label carries the ARN ID.
  • the type field needs to be additionally defined to indicate that the 32-bit carries the ARN ID.
  • Step 603 The user edge device sends the second IP packet to the network edge device.
  • the network edge device is BRAS/BNG for home users, a router connected to the core network for wireless users, and a PE for accessing user dedicated lines for government and enterprise users.
  • Step 604 The network edge device parses the second IP packet to obtain the first ARN identifier; and verifies the legitimacy of the first ARN identifier.
  • the validity of the first ARN identifier is verified according to a preset data table, wherein the preset data table stores a preset correspondence between user information and ARN identifiers, wherein the user information may include a user identifier corresponding to the user, source address information, or link information.
  • the ARN ID verification table i.e., the preset data table
  • Each item in the data table contains the correspondence between user information and ARN identifier, wherein the user information can be represented by the source IP address, etc.
  • the network edge device may obtain the preset data table from the controller.
  • the network edge device when the network edge device receives the second IP message containing the first ARN ID, it can obtain the first user information based on the source IP address in the second IP message, and obtain the first ARN ID based on the second IP message, and then search whether the preset data table contains the correspondence between the first user information and the first ARN identifier to verify the legitimacy of the first ARN identifier.
  • Table 1 is a schematic diagram of the correspondence between user information and ARN identifiers. As shown in Table 1, if the user information is Ua, the corresponding ARN identifier is the value 1; if the user information is Ub, the corresponding ARN identifier is the value 2; and if the user information is Uc, the corresponding ARN identifier is the value 3.
  • verifying the legitimacy of the first ARN identifier according to the preset data table includes:
  • the correspondence between the first user information and the first ARN identifier is not found in the preset data table, it is determined that the first ARN identifier is illegal.
  • the first user information may be obtained through the inbound interface link or the source IP address in the second IP packet.
  • Step 605 When the ARN identifier is verified to be legal, the second IP packet is mapped to a corresponding path or slice based on the first ARN identifier.
  • mapping the second IP packet to a corresponding path or slice based on the first ARN identifier includes:
  • the path or slice includes one of the following:
  • MPLS Multiprotocol Label Switching
  • IP Internet Layer 3 Protocol
  • VxLAN Virtual Extended Local Area Network
  • GRE Generic Routing Encapsulation
  • GENEVE Generic Network Virtualization Encapsulation
  • the network edge device can obtain the preset correspondence between the path or slice and the ARN identifier from the controller.
  • Table 2 shows the correspondence between SRv6 tunnels and ARN identifiers. As shown in Table 2, taking SRv6 as an example, it includes SRv6 tunnel 1, SRv6 tunnel 2, and SRv6 tunnel 3.
  • SRv6 tunnel 1 has tunnel color identifier a (high-bandwidth path or slice), and its corresponding ARN identifier is 1.
  • SRv6 tunnel 2 has tunnel color identifier b (low-latency path or slice), and its corresponding ARN identifier is 2.
  • SRv6 tunnel 3 has tunnel color identifier c (low-packet-loss path or slice), and its corresponding ARN identifier is 3.
  • the first ARN identifier is the value 2, according to Table 2, it can be determined that the corresponding first path or first slice is SRv6 tunnel 2, that is, tunnel color identifier b (low-latency path or slice). In this way, the second IP packet is mapped to SRv6 tunnel 2.
  • Step 606 When it is verified that the ARN identifier is illegal, perform the first operation.
  • the first operation includes one of the following:
  • the second IP packet can be processed as follows according to the configuration:
  • the first ARN ID is reset to 0 as configured; or,
  • the second IP packet will be forwarded according to the slice and tunnel that does not contain the ARN ID.
  • the network ARN ID is mainly used at network edge service access points (such as PE, BRAS/BNG).
  • the business system calls the controller interface according to the service type subscribed by the user. After receiving the user's network service subscription requirements, the controller will find the corresponding network edge device (PE/BRAS/BNG) according to the locations of both ends of the connection, and create or reuse the corresponding low-latency color tunnel identifier (color) of SRv6, Multi-Protocol Label Switching (MPLS), Internet Layer 3 Protocol (IPinIP) between the PE/BRAS/BNG according to the user's low-latency requirements.
  • PLS network edge device
  • IPinIP Internet Layer 3 Protocol
  • the controller will generate ARN ID for users, applications and network services (corresponding color), and look up the source address information or link information corresponding to the user to identify the user.
  • the user (source address or link information) and ARN ID are then sent to the network edge service access point PE/BRAS/BNG and associated with the network resource slice/tunnel, thus completing the configuration of PE/BRAS/BNG on the network side.
  • the controller On the user-side network, the controller locates the corresponding customer edge device (CPE/gateway) based on the user and then issues the ARN ID information. This allows users to tag the ARN ID based on the application type in subsequent applications.
  • CPE/gateway customer edge device
  • legitimacy verification is performed to enable the invocation of corresponding network capabilities.
  • Users can also tag applications with the ARN ID through methods such as ACLs and designated links, thus including the ARN ID in user-side messages.
  • network services can provide users with differentiated connections (low latency, large bandwidth tunnels/slices) through ARN ID instead of BSID/SID.
  • ARN ID provides the ability to assign different values to each user, which is different from the security issues caused by multiple users sharing one BSID.
  • the value of ARN ID is a number that does not explicitly carry application or user information. It can be a random number or a sequentially assigned value, so there is no problem of APN6 exposing user privacy.
  • APN6 and BSID multiple ARN IDs that can be mapped to the same network capability can be aggregated into one ARN ID.
  • the first ARN ID can be used together with user information for traffic billing.
  • user information can be identified by link, i.e., PPPoE connection, or in PE scenarios, by source IP address or dedicated line link.
  • the scope of the first ARN ID can be global or local.
  • Local validity means that different ARN IDs on the device are unique; global validity means that one or more ARN IDs of a specific user within a certain range of devices can be mapped to a tunnel/slice in the network.
  • ARN ID does not explicitly carry the user’s application information and each user’s ARN ID is different, this solves the user privacy problem and also solves the network security problem caused by different users sharing the BSID.
  • the ARN ID is actually equivalent to the routing policy Color (directly corresponding to the Color of the SR Policy).
  • the PE can obtain the user information based on the source IP, and after verifying the legitimacy of the ARN ID, it can map the ARN ID to a specific network tunnel/slice.
  • the embodiment of the present disclosure also provides an information processing device, which is installed in the user edge device.
  • Figure 13 is a schematic diagram of the composition structure of the information processing device of the embodiment of the present disclosure. As shown in Figure 13, the device includes:
  • the acquisition module 131 is configured to acquire a first ARN identifier; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application;
  • the processing module 132 is configured to mark the first IP packet based on the first ARN identifier to generate a second IP packet;
  • the first sending module 133 is configured to send the second IP message.
  • the processing module 132 is configured to:
  • the first information is used to indicate whether to convert the original content in the flow label field into the first ARN identifier.
  • the processing module 132 is configured to:
  • the first ARN identifier is written into the source address field in the header of the first IP packet.
  • the acquisition module 131 is configured to:
  • the first ARN identifier is allocated by the controller to the user edge device based on user information, application information and network service information.
  • the first sending module 133 is configured to:
  • the acquisition module 131 and the first sending module 133 can be implemented by a communication interface in an information processing device; and the processing module 132 can be implemented by a processor in the information processing device.
  • the information processing device provided in the above embodiments is illustrated only by the division of the above-mentioned program modules when performing information processing.
  • the above-mentioned processing can be assigned to different program modules as needed, that is, the internal structure of the device can be divided into different program modules to complete all or part of the above-described processing.
  • the information processing device provided in the above embodiments and the information processing method embodiment are based on the same concept. The specific implementation process is detailed in the method embodiment and is not repeated here.
  • the embodiment of the present disclosure also provides an information processing device, which is installed on the network edge device.
  • Figure 14 is a schematic diagram of the composition structure of the information processing device of the embodiment of the present disclosure. As shown in Figure 14, the device includes:
  • Receiving module 141 configured to receive a second IP message
  • the second IP packet is obtained by the user edge device obtaining the first ARN identifier and marking the first IP packet based on the first ARN identifier; the ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application.
  • the apparatus is configured to:
  • the preset data table stores a preset correspondence between user information and ARN identifiers
  • the second IP packet is mapped to a corresponding path or slice based on the first ARN identifier.
  • the apparatus is configured to:
  • the first operation includes one of the following:
  • the apparatus is configured to:
  • the first ARN identifier is legal.
  • the apparatus is configured to:
  • the first ARN identifier is legal, determine the first path or first slice corresponding to the first ARN identifier according to the preset correspondence between the path or slice and the ARN identifier; map the second IP packet to the first path or the first slice;
  • the path or slice includes one of the following:
  • the receiving module 141 can be implemented by a communication interface in an information processing device.
  • the information processing device provided in the above embodiments is illustrated only by the division of the above-mentioned program modules when performing information processing.
  • the above-mentioned processing can be assigned to different program modules as needed, that is, the internal structure of the device can be divided into different program modules to complete all or part of the above-described processing.
  • the information processing device provided in the above embodiments and the information processing method embodiment are based on the same concept. The specific implementation process is detailed in the method embodiment and is not repeated here.
  • the embodiment of the present disclosure further provides an information processing device, which is provided in the controller.
  • FIG15 is a schematic diagram of the composition structure of the information processing device of the embodiment of the present disclosure. As shown in FIG15 , the device includes:
  • the second sending module 151 is configured to send a first ARN identifier to the user edge device; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application;
  • the first ARN identifier is used by the user edge device to mark the first IP packet, generate a second IP packet, and send the second IP packet.
  • the second sending module 151 is configured to:
  • the path or slice includes one of the following:
  • the apparatus is configured to:
  • the first ARN identifier is allocated to the user edge device based on user information, application information, and network service information.
  • the method further includes: managing the life cycle of the first ARN identifier.
  • the apparatus is configured to:
  • the second sending module 151 can be implemented by a communication interface in an information processing device.
  • the information processing device provided in the above embodiments is illustrated only by the division of the above-mentioned program modules when performing information processing.
  • the above-mentioned processing can be assigned to different program modules as needed, that is, the internal structure of the device can be divided into different program modules to complete all or part of the above-described processing.
  • the information processing device provided in the above embodiments and the information processing method embodiment are based on the same concept. The specific implementation process is detailed in the method embodiment and is not repeated here.
  • the present disclosure also provides a user edge device, as shown in FIG16 , including:
  • the first communication interface 161 is capable of exchanging information with other user edge devices
  • the first processor 162 is connected to the first communication interface 161 and is configured to execute the method provided by one or more technical solutions on the user edge device side when running a computer program.
  • the computer program is stored in the first memory 163 .
  • bus system 164 is used to enable communication between these components.
  • bus system 164 also includes a power bus, a control bus, and a status signal bus. However, for clarity, all of these buses are labeled as bus system 164 in FIG. 16 .
  • the first memory 163 in the embodiment of the present disclosure is used to store various types of data to support the operation of the user edge device 160 .
  • Examples of such data include any computer program used to operate on the user edge device 160 .
  • the methods disclosed in the above embodiments of the present disclosure can be applied to the first processor 162 or implemented by the first processor 162.
  • the first processor 162 may be an integrated circuit chip with signal processing capabilities. During implementation, the steps of the above methods can be completed by hardware integrated logic circuits in the first processor 162 or by software instructions.
  • the above first processor 162 may be a general-purpose processor, a digital signal processor (DSP), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • DSP digital signal processor
  • the first processor 162 can implement or execute the various methods, steps, and logic block diagrams disclosed in the embodiments of the present disclosure.
  • a general-purpose processor may be a microprocessor or any conventional processor, etc.
  • the steps of the methods disclosed in conjunction with the embodiments of the present disclosure can be directly implemented as being executed by a hardware decoding processor, or can be executed by a combination of hardware and software modules in the decoding processor.
  • the software module can be located in a storage medium located in the first memory 163.
  • the first processor 162 reads the information in the first memory 163 and completes the steps of the above methods in conjunction with its hardware.
  • the second communication interface 171 is capable of exchanging information with other user edge devices
  • the second processor 172 is connected to the second communication interface 171 and is configured to execute the method provided by one or more technical solutions on the network edge device side when running a computer program.
  • the computer program is stored in the second memory 173 .
  • bus system 174 is used to enable communication between these components.
  • bus system 174 also includes a power bus, a control bus, and a status signal bus. However, for clarity, all of these buses are labeled as bus system 174 in FIG. 17 .
  • the second memory 173 in the embodiment of the present disclosure is used to store various types of data to support the operation of the network boundary device 170. Examples of such data include any computer program used to operate on the network boundary device 170.
  • the methods disclosed in the above embodiments of the present disclosure can be applied to the second processor 172 or implemented by the second processor 172.
  • the second processor 172 may be an integrated circuit chip with signal processing capabilities. During implementation, each step of the above method can be completed by the hardware integrated logic circuit in the second processor 172 or by instructions in the form of software.
  • the above second processor 172 may be a general-purpose processor, a digital signal processor (DSP), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • DSP digital signal processor
  • the second processor 172 can implement or execute the various methods, steps, and logic block diagrams disclosed in the embodiments of the present disclosure.
  • a general-purpose processor may be a microprocessor or any conventional processor.
  • the steps of the methods disclosed in conjunction with the embodiments of the present disclosure can be directly implemented as being executed by a hardware decoding processor, or can be executed by a combination of hardware and software modules in the decoding processor.
  • the software module can be located in a storage medium located in the second memory 173.
  • the second processor 172 reads the information in the second memory 173 and completes the steps of the above method in conjunction with its hardware.
  • the present disclosure also provides a controller, as shown in FIG18 , including:
  • the third communication interface 181 is capable of exchanging information with other devices
  • the third processor 182 is connected to the third communication interface 181 and is used to execute the method provided by one or more technical solutions of the controller side when running a computer program.
  • the computer program is stored in the third memory 183.
  • bus system 184 is used to enable communication between these components.
  • bus system 184 also includes a power bus, a control bus, and a status signal bus. However, for clarity, in FIG. 18 , all of these buses are labeled as bus system 184.
  • the third memory 183 in the embodiment of the present disclosure is used to store various types of data to support the operation of the controller 180. Examples of such data include any computer programs used to operate on the controller 180.
  • the methods disclosed in the above-mentioned embodiments of the present disclosure can be applied to the third processor 182 or implemented by the third processor 182.
  • the third processor 182 may be an integrated circuit chip with signal processing capabilities. During implementation, each step of the above-mentioned method can be completed by hardware integrated logic circuits or software instructions in the third processor 182.
  • the above-mentioned third processor 182 may be a general-purpose third processor, a digital signal processor (DSP), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • DSP digital signal processor
  • the third processor 182 can implement or execute the various methods, steps, and logic block diagrams disclosed in the embodiments of the present disclosure.
  • a general-purpose third processor can be a microprocessor or any conventional third processor.
  • the steps of the methods disclosed in conjunction with the embodiments of the present disclosure can be directly implemented and executed by the hardware decoding third processor, or by a combination of hardware and software modules in the decoding third processor.
  • the software module can be located in a storage medium located in the third memory 183.
  • the third processor 182 reads the information in the third memory 183 and, in conjunction with its hardware, completes the steps of the above-mentioned method.
  • the user edge device 160, the network edge device 170, and the controller 180 can be implemented by one or more application-specific integrated circuits (ASICs), DSPs, programmable logic devices (PLDs), complex programmable logic devices (CPLDs), field-programmable gate arrays (FPGAs), general-purpose processors, controllers, microcontrollers (MCUs), microprocessors, or other electronic components to perform the aforementioned method.
  • ASICs application-specific integrated circuits
  • DSPs digital signal processors
  • PLDs programmable logic devices
  • CPLDs complex programmable logic devices
  • FPGAs field-programmable gate arrays
  • general-purpose processors controllers
  • controllers microcontrollers (MCUs), microprocessors, or other electronic components to perform the aforementioned method.
  • the memory (first memory 163, second memory 173, third memory 183) of the embodiment of the present disclosure can be a volatile memory or a non-volatile memory, and can also include both volatile and non-volatile memories.
  • the non-volatile memory can be a read-only memory (ROM), a programmable read-only memory (PROM), an erasable programmable read-only memory (EPROM), an electrically erasable programmable read-only memory (EEPROM), a magnetic random access memory (FRAM), a flash memory, a magnetic surface memory, an optical disc, or a compact disc read-only memory (CD-ROM);
  • the magnetic surface memory can be a disk memory or a tape memory.
  • Volatile memory can be random access memory (RAM), which is used as external cache.
  • RAM random access memory
  • RAM random access memory
  • SSRAM synchronous static random access memory
  • DRAM dynamic random access memory
  • SDRAM synchronous dynamic random access memory
  • DDRSDRAM double data rate synchronous dynamic random access memory
  • ESDRAM enhanced synchronous dynamic random access memory
  • SLDRAM synchronized dynamic random access memory
  • DRRAM direct rambus random access memory
  • the present disclosure further provides a storage medium, namely, a computer storage medium, specifically, a computer-readable storage medium, such as a memory storing a computer program.
  • the computer program can be executed by the first processor 162 of the user edge device 160 to complete the steps of the user edge device-side method.
  • the computer-readable storage medium can be a memory such as FRAM, ROM, PROM, EPROM, EEPROM, Flash Memory, magnetic surface storage, optical disk, or CD-ROM.
  • an embodiment of the present disclosure also provides a computer program product, including a computer program, which can be executed by the first processor 162 of the user edge device 160 to complete the steps of any of the aforementioned methods, or executed by the second processor 172 of the network edge device 170 to complete the steps of any of the aforementioned methods, or executed by the third processor 182 of the controller 180 to complete the steps of any of the aforementioned methods.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Quality & Reliability (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Disclosed in the present disclosure are an information processing method and apparatus, a device, a storage medium and a computer program product. The method comprises: a customer edge device acquiring a first application response network (ARN) identifier, the first ARN identifier representing a calling relationship of an application to a network capability and/or a capability of a network to be exposed to the application; marking a first Internet protocol (IP) packet on the basis of the first ARN identifier to generate a second IP packet; and sending the second IP packet.

Description

信息处理方法、装置、设备、存储介质及计算机程序产品Information processing method, device, equipment, storage medium and computer program product

相关申请的交叉引用CROSS-REFERENCE TO RELATED APPLICATIONS

本公开基于申请号为2024102243726、申请日为2024年02月28日的中国专利申请提出,并要求该中国专利申请的优先权,该中国专利申请的全部内容在此以全文引入的方式引入本公开。The present disclosure is based on and claims the priority of Chinese patent application with application number 2024102243726 and application date of February 28, 2024. The entire contents of the Chinese patent application are hereby introduced into the present disclosure in their entirety.

技术领域Technical Field

本公开涉及无线通信技术领域,尤其涉及一种信息处理方法、装置、设备、存储介质及计算机程序产品。The present disclosure relates to the field of wireless communication technologies, and in particular to an information processing method, apparatus, device, storage medium, and computer program product.

背景技术Background Art

目前,为在互联网协议(IP,Internet Protocol)网络中提供质量保障能力,从多协议标签交换(MPLS,Multi Protocol Label Switching)到当前的IPv6段路由(SRv6,Segment Routing over IPv6)技术均是以如何提供网络路径调度能力为核心,通过规划网络链路资源,可以构建具备不同特性的点到点网络路径,例如低时延、大带宽。在应用和网络能力协同时,现有方案存在多种流派,第一种流派是基于应用特征进行流量分类,然后对将不同流量引流到特定网络路径上,第二种流派是应用显式携带类型信息,网络边界业务接入点设备识别报文中显式携带的应用信息,然后将该类报文映射到网络隧道/切片上,第三种流派是直接开放网络连接,让应用去调用,但是三种方式均存在网络安全性差的问题。Currently, to provide quality assurance capabilities in Internet Protocol (IP) networks, technologies ranging from Multi-Protocol Label Switching (MPLS) to the current Segment Routing over IPv6 (SRv6) are all centered around providing network path scheduling capabilities. By planning network link resources, point-to-point network paths with different characteristics, such as low latency and large bandwidth, can be constructed. When it comes to the collaboration between applications and network capabilities, there are several current solutions. The first is to classify traffic based on application characteristics and then direct different traffic to specific network paths. The second is for applications to explicitly carry type information. The network edge service access point device identifies the application information explicitly carried in the message and then maps the message to a network tunnel/slice. The third is to directly open the network connection for applications to call. However, all three methods have the problem of poor network security.

发明内容Summary of the Invention

有鉴于此,本公开实施例期望提供一种信息处理方法、装置、设备、存储介质及计算机程序产品。In view of this, embodiments of the present disclosure are intended to provide an information processing method, apparatus, device, storage medium, and computer program product.

本公开实施例的技术方案是这样实现的:The technical solution of the embodiment of the present disclosure is implemented as follows:

本公开实施例提供一种信息处理方法,应用于用户边界设备,所述方法包括:The present disclosure provides an information processing method, which is applied to a user edge device. The method includes:

获取第一应用响应网络(ARN,Application Responsive Networking)标识;所述第一ARN标识表征应用对网络能力的调用关系和/或网络对应用开放的能力;Obtaining a first Application Responsive Networking (ARN) identifier; the first ARN identifier represents the application's call relationship with the network capability and/or the network's capabilities exposed to the application;

基于所述第一ARN标识对第一IP报文进行标记,生成第二IP报文;Marking the first IP packet based on the first ARN identifier to generate a second IP packet;

发出所述第二IP报文。Send the second IP message.

此外,根据本公开的至少一个实施例,所述基于所述第一ARN标识对第一IP报文进行标记,包括:In addition, according to at least one embodiment of the present disclosure, marking the first IP packet based on the first ARN identifier includes:

将所述第一ARN标识和第一信息分别写入所述第一IP报文的头部中的流标签域和流量类型域;Writing the first ARN identifier and the first information into the flow label field and the traffic type field in the header of the first IP packet respectively;

其中,所述第一信息用于指示是否将流标签域中的原始内容转义为所述第一ARN标识。The first information is used to indicate whether to convert the original content in the flow label field into the first ARN identifier.

此外,根据本公开的至少一个实施例,所述基于所述第一ARN标识对第一IP报文进行标记,包括:In addition, according to at least one embodiment of the present disclosure, marking the first IP packet based on the first ARN identifier includes:

将所述第一ARN标识写入所述第一IP报文的扩展头中;Writing the first ARN identifier into the extension header of the first IP packet;

或者,or,

将所述第一ARN标识写入所述第一IP报文的头部中的源地址域。The first ARN identifier is written into the source address field in the header of the first IP packet.

此外,根据本公开的至少一个实施例,所述获取第一ARN标识,包括:In addition, according to at least one embodiment of the present disclosure, obtaining the first ARN identifier includes:

获取控制器发送的第一ARN标识;Get the first ARN identifier sent by the controller;

其中,所述第一ARN标识是所述控制器基于用户信息、应用信息和网络服务信息为所述用户边界设备分配的。The first ARN identifier is allocated by the controller to the user edge device based on user information, application information and network service information.

此外,根据本公开的至少一个实施例,所述发出所述第二IP报文,包括:In addition, according to at least one embodiment of the present disclosure, sending the second IP message includes:

将第一用户信息携带于所述第二IP报文中;Carrying the first user information in the second IP message;

发出所述第二IP报文。Send the second IP message.

本公开实施例提供一种信息处理方法,应用于网络边界设备,所述方法包括:The present disclosure provides an information processing method, which is applied to a network edge device. The method includes:

接收第二IP报文;Receive a second IP packet;

其中,in,

所述第二IP报文是用户边界设备获取第一ARN标识,基于所述第一ARN标识对第一IP报文进行标记得到的;所述第一ARN标识表征应用对网络能力的调用关系和/或网络对应用开放的能力。The second IP packet is obtained by the user edge device obtaining the first ARN identifier and marking the first IP packet based on the first ARN identifier; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application.

此外,根据本公开的至少一个实施例,所述方法还包括:In addition, according to at least one embodiment of the present disclosure, the method further includes:

解析所述第二IP报文,得到所述第一ARN标识;Parsing the second IP packet to obtain the first ARN identifier;

根据预设数据表,对所述第一ARN标识的合法性进行验证,得到验证结果;所述预设数据表中存储有用户信息和ARN标识的预设对应关系;Verify the legitimacy of the first ARN identifier according to a preset data table to obtain a verification result; the preset data table stores a preset correspondence between user information and ARN identifiers;

在验证结果表征所述第一ARN标识合法的情况下,基于所述第一ARN标识,将所述第二IP报文映射到对应的路径或切片。When the verification result indicates that the first ARN identifier is legal, the second IP packet is mapped to a corresponding path or slice based on the first ARN identifier.

此外,根据本公开的至少一个实施例,所述方法还包括:In addition, according to at least one embodiment of the present disclosure, the method further includes:

在验证结果表征所述第一ARN标识不合法的情况下,执行第一操作;If the verification result indicates that the first ARN identifier is illegal, perform a first operation;

其中,所述第一操作包括以下之一:The first operation includes one of the following:

忽略所述第二IP报文携带的所述第一ARN标识或丢弃所述第二IP报文;Ignore the first ARN identifier carried by the second IP packet or discard the second IP packet;

将所述第一ARN标识的值进行重置;Resetting the value of the first ARN identifier;

将所述第二IP报文映射到不携带ARN标识的报文对应的默认路径或切片。Map the second IP packet to the default path or slice corresponding to the packet that does not carry the ARN identifier.

此外,根据本公开的至少一个实施例,所述根据预设数据表,对所述第一ARN标识的合法性进行验证,包括:In addition, according to at least one embodiment of the present disclosure, verifying the legitimacy of the first ARN identifier according to the preset data table includes:

解析所述第二IP报文,得到第一用户信息;Parsing the second IP message to obtain the first user information;

从所述预设数据表中查找所述第一用户信息和所述第一ARN标识的对应关系;Searching the preset data table for a correspondence between the first user information and the first ARN identifier;

若从所述预设数据表中查找到所述第一用户信息和所述第一ARN标识的对应关系,则确定所述第一ARN标识合法。If a correspondence between the first user information and the first ARN identifier is found in the preset data table, it is determined that the first ARN identifier is legal.

此外,根据本公开的至少一个实施例,所述基于所述第一ARN标识,将所述第二IP报文映射到对应的路径或切片,包括:In addition, according to at least one embodiment of the present disclosure, mapping the second IP packet to a corresponding path or slice based on the first ARN identifier includes:

如果所述第一ARN标识合法,根据路径或切片和ARN标识的预设对应关系,确定与所述第一ARN标识对应的第一路径或第一切片;将所述第二IP报文映射到所述第一路径或所述第一切片;If the first ARN identifier is legal, determine the first path or first slice corresponding to the first ARN identifier according to the preset correspondence between the path or slice and the ARN identifier; map the second IP packet to the first path or the first slice;

其中,所述路径或切片,包括以下之一:The path or slice includes one of the following:

基于策略的IPv6分段路由(SRv6 Policy,Segment Routing over IPv6 base Policy);Policy-based IPv6 segment routing (SRv6 Policy, Segment Routing over IPv6 base Policy);

多协议标签交换(MPLS,Multi protocol label switching);Multi-protocol label switching (MPLS);

互联网第三层协议(IPinIP);Internet Layer 3 Protocol (IPinIP);

虚拟扩展局域网(VxLAN,Virtual Extended Local Area Network);Virtual Extended Local Area Network (VxLAN);

通用路由封装协议(GRE,General Routing Encapsulation);General Routing Encapsulation (GRE);

通用网络虚拟化封装(GENEVE,Generic Network Virtualization Encapsulation)。Generic Network Virtualization Encapsulation (GENEVE).

本公开实施例提供一种信息处理方法,应用于控制器,所述方法包括:An embodiment of the present disclosure provides an information processing method, applied to a controller, the method comprising:

向用户边界设备发送第一ARN标识;所述第一ARN标识表征应用对网络能力的调用关系和/或网络对应用开放的能力;Sending a first ARN identifier to a user edge device; the first ARN identifier represents a calling relationship between an application and a network capability and/or a capability open to the application by the network;

其中,所述第一ARN标识用于所述用户边界设备对第一IP报文进行标记,生成第二IP报文,并发出所述第二IP报文。The first ARN identifier is used by the user edge device to mark the first IP packet, generate a second IP packet, and send the second IP packet.

此外,根据本公开的至少一个实施例,所述方法还包括:In addition, according to at least one embodiment of the present disclosure, the method further includes:

将用户信息和ARN标识的预设对应关系发送至网络边界设备;并将路径或切片和ARN标识的预设对应关系发送至所述网络边界设备;Sending the preset correspondence between user information and ARN identifier to the network edge device; and sending the preset correspondence between path or slice and ARN identifier to the network edge device;

其中,所述路径或切片,包括以下之一:The path or slice includes one of the following:

SRv6;SRv6;

MPLS;MPLS;

IPinIP;IPinIP;

VxLAN;VxLAN;

GRE;GRE;

GENEVE。GENEVE.

此外,根据本公开的至少一个实施例,所述方法还包括:In addition, according to at least one embodiment of the present disclosure, the method further includes:

基于用户信息、应用信息和网络服务信息,为所述用户边界设备分配所述第一ARN标识。The first ARN identifier is allocated to the user edge device based on user information, application information, and network service information.

此外,根据本公开的至少一个实施例,所述方法还包括:In addition, according to at least one embodiment of the present disclosure, the method further includes:

对所述第一ARN标识的生命周期进行管理。Manage the life cycle of the first ARN identifier.

此外,根据本公开的至少一个实施例,所述对所述第一ARN标识的生命周期进行管理,包括:In addition, according to at least one embodiment of the present disclosure, managing the lifecycle of the first ARN identifier includes:

对所述第一ARN标识执行以下操作之一:Perform one of the following operations on the first ARN identifier:

撤销;revocation;

挂失;Report loss;

补发;reissue;

老化;aging;

延期。postpone.

本公开实施例提供一种信息处理装置,包括:An embodiment of the present disclosure provides an information processing device, including:

获取模块,配置为获取第一ARN标识;所述第一ARN标识表征应用对网络能力的调用关系和/或网络对应用开放的能力;An acquisition module configured to acquire a first ARN identifier; the first ARN identifier represents a calling relationship between an application and a network capability and/or a capability open to the application by the network;

处理模块,配置为基于所述第一ARN标识对第一IP报文进行标记,生成第二IP报文;a processing module configured to mark the first IP packet based on the first ARN identifier to generate a second IP packet;

第一发送模块,配置为发出所述第二IP报文。The first sending module is configured to send the second IP message.

本公开实施例提供一种信息处理装置,包括:An embodiment of the present disclosure provides an information processing device, including:

接收模块,配置为接收第二IP报文;A receiving module configured to receive a second IP message;

其中,in,

所述第二IP报文是用户边界设备获取第一ARN标识,基于所述第一ARN标识对第一IP报文进行标记得到的;所述第一ARN标识表征应用对网络能力的调用关系和/或网络对应用开放的能力。The second IP packet is obtained by the user edge device obtaining the first ARN identifier and marking the first IP packet based on the first ARN identifier; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application.

本公开实施例提供一种信息处理装置,包括:An embodiment of the present disclosure provides an information processing device, including:

第二发送模块,配置为向用户边界设备发送第一ARN标识;所述第一ARN标识表征应用对网络能力的调用关系和/或网络对应用开放的能力;A second sending module is configured to send a first ARN identifier to the user edge device; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application;

其中,所述第一ARN标识用于所述用户边界设备对第一IP报文进行标记,生成第二IP报文,并发出所述第二IP报文。The first ARN identifier is used by the user edge device to mark the first IP packet, generate a second IP packet, and send the second IP packet.

本公开实施例提供一种用户边界设备,包括处理器和用于存储能够在处理器上运行的计算机程序的存储器,An embodiment of the present disclosure provides a user edge device, including a processor and a memory for storing a computer program that can be run on the processor.

其中,所述处理器用于运行所述计算机程序时,执行上述用户边界设备侧任一项所述方法的步骤。The processor is configured to execute the steps of any one of the methods described above on the user edge device side when running the computer program.

本公开实施例提供一种网络边界设备,包括处理器和用于存储能够在处理器上运行的计算机程序的存储器,An embodiment of the present disclosure provides a network edge device, including a processor and a memory for storing a computer program that can be run on the processor.

其中,所述处理器用于运行所述计算机程序时,执行上述网络边界设备侧任一项所述方法的步骤。Wherein, when the processor is used to run the computer program, it executes the steps of any one of the methods described above on the network edge device side.

本公开实施例提供一种控制器,包括处理器和用于存储能够在处理器上运行的计算机程序的存储器,An embodiment of the present disclosure provides a controller, comprising a processor and a memory for storing a computer program that can be run on the processor.

其中,所述处理器用于运行所述计算机程序时,执行上述控制器侧任一项所述方法的步骤。Wherein, when the processor is used to run the computer program, it executes the steps of any one of the methods described above on the controller side.

本公开的至少一个实施例提供一种计算机可读存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时实现用户边界设备侧任一项所述方法的步骤,或者,实现网络边界设备侧任一项所述方法的步骤,或者,实现控制器侧任一项所述方法的步骤。At least one embodiment of the present disclosure provides a computer-readable storage medium having a computer program stored thereon. When the computer program is executed by a processor, the computer program implements the steps of any one of the methods described on the user edge device side, or implements the steps of any one of the methods described on the network edge device side, or implements the steps of any one of the methods described on the controller side.

本公开实施例还提供了一种计算机程序产品,包括计算机程序,所述计算机程序被处理器执行时实现上述用户边界设备侧任一项所述的方法,或者,实现上述网络边界设备侧任一项所述的方法,或者,实现上述控制器侧任一项所述的方法。An embodiment of the present disclosure further provides a computer program product, including a computer program. When the computer program is executed by a processor, it implements any of the methods described above on the user edge device side, or any of the methods described above on the network edge device side, or any of the methods described above on the controller side.

本公开实施例提供的信息处理方法、装置、设备、存储介质及计算机程序产品,所述方法包括:用户边界设备获取第一ARN标识;所述第一ARN标识表征应用对网络能力的调用关系和/或网络对应用开放的能力;基于所述第一ARN标识对第一IP报文进行标记,生成第二IP报文;发出所述第二IP报文。The information processing method, apparatus, device, storage medium, and computer program product provided by the embodiments of the present disclosure include: a user edge device obtains a first ARN identifier; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability open to the application by the network; based on the first ARN identifier, a first IP packet is marked to generate a second IP packet; and the second IP packet is sent.

采用本公开实施例提供的技术方案,由于所述第一ARN标识表征应用对网络能力的调用关系和/或网络对应用开放的能力,如此,用户或应用并不直接调用网络能力,而是通过所述第一ARN标识调用网络能力,这样网络就不会看到用户或应用的相关信息,同样地,网络并直接开放能力给用户,而是通过所述第一ARN标识开放能力,这样用户就不会看到网络的服务信息,从而在提供应用协同网络能力的同时提高网络安全性。By adopting the technical solution provided by the embodiment of the present disclosure, since the first ARN identifier represents the calling relationship of the application to the network capability and/or the capability opened by the network to the application, the user or application does not directly call the network capability, but calls the network capability through the first ARN identifier, so that the network will not see the relevant information of the user or application. Similarly, the network does not directly open the capability to the user, but opens the capability through the first ARN identifier, so that the user will not see the service information of the network, thereby improving network security while providing application collaborative network capabilities.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1是相关技术中应用感知网络(APN,Application-Aware Networking)头部的示意图;FIG1 is a schematic diagram of an Application-Aware Networking (APN) header in the related art;

图2是本公开实施例信息处理方法的实现流程示意图一;FIG2 is a first schematic diagram of an implementation flow of the information processing method according to an embodiment of the present disclosure;

图3是本公开实施例信息处理方法的实现流程示意图二;FIG3 is a second schematic diagram of the implementation flow of the information processing method according to an embodiment of the present disclosure;

图4是本公开实施例信息处理方法的实现流程示意图三;FIG4 is a third schematic diagram of the implementation flow of the information processing method according to an embodiment of the present disclosure;

图5是本公开实施例信息处理方法应用的系统架构示意图;FIG5 is a schematic diagram of a system architecture for applying the information processing method according to an embodiment of the present disclosure;

图6是本公开实施例信息处理方法的具体实现流程示意图;FIG6 is a schematic diagram of a specific implementation flow of the information processing method according to an embodiment of the present disclosure;

图7是本公开实施例控制器为用户边界设备分配第一ARN ID的示意图;FIG7 is a schematic diagram of a controller allocating a first ARN ID to a user edge device according to an embodiment of the present disclosure;

图8是本公开实施例ARN ID的生命周期示意图;FIG8 is a schematic diagram of the life cycle of an ARN ID according to an embodiment of the present disclosure;

图9是本公开实施例对第一IP报文进行标记的示意图一;FIG9 is a first schematic diagram of marking a first IP message according to an embodiment of the present disclosure;

图10是本公开实施例对第一IP报文进行标记的示意图二;FIG10 is a second schematic diagram of marking a first IP message according to an embodiment of the present disclosure;

图11是本公开实施例对第一IP报文进行标记的示意图三;FIG11 is a third schematic diagram of marking a first IP message according to an embodiment of the present disclosure;

图12是本公开实施例对第一IP报文进行标记的示意图四;FIG12 is a fourth schematic diagram of marking a first IP message according to an embodiment of the present disclosure;

图13是本公开实施例信息处理装置的示意图一;FIG13 is a first schematic diagram of an information processing device according to an embodiment of the present disclosure;

图14是本公开实施例信息处理装置的示意图二;FIG14 is a second schematic diagram of the information processing device according to an embodiment of the present disclosure;

图15是本公开实施例信息处理装置的示意图三;FIG15 is a third schematic diagram of an information processing device according to an embodiment of the present disclosure;

图16是本公开实施例用户边界设备的组成结构示意图;FIG16 is a schematic diagram of the structure of a user edge device according to an embodiment of the present disclosure;

图17是本公开实施例网络边界设备的组成结构示意图;FIG17 is a schematic diagram of the composition structure of a network edge device according to an embodiment of the present disclosure;

图18是本公开实施例控制器的组成结构示意图。FIG18 is a schematic diagram of the composition structure of the controller according to an embodiment of the present disclosure.

具体实施方式DETAILED DESCRIPTION

在对本公开实施例的技术方案进行介绍之前,先对相关技术进行介绍。Before introducing the technical solutions of the embodiments of the present disclosure, the relevant technologies are first introduced.

相关技术中,互联网提供尽力而为的服务,数字经济全面构筑在互联网协议(IP,Internet Protocol)网络之上。多样化的应用需求对网络能力提出更高要求,推动IP技术不断演进以满足更高的质量保障能力。和光传输网(OTN,Optical Transport Network)固定的资源分配不同,IP的本质是统计时分复用,IP网络质量依赖于路径的拥塞程度、底层光链路的误码率等。为在IP网络中提供质量保障能力,从2000年多协议标签交换(MPLS,Multi Protocol Label Switching)到当前的IPv6段路由(SRv6,Segment Routing over IPv6)技术均是以如何提供网络路径调度能力为核心,通过规划网络链路资源,可以构建具备不同特性的点到点网络路径,例如低时延、大带宽。进一步在上述能力的基础上结合带宽资源预留机制可以实现全网的切片能力,实现一张物理网络被虚拟为多个逻辑分片,每个分片占用不同资源,从而实现多点到多点的差异化网络连接。Among related technologies, the Internet provides best-effort services, and the digital economy is fully built on the Internet Protocol (IP) network. Diversified application needs place higher demands on network capabilities, driving the continuous evolution of IP technology to meet higher quality assurance capabilities. Unlike the fixed resource allocation of the Optical Transport Network (OTN), the essence of IP is statistical time division multiplexing, and the quality of the IP network depends on the congestion level of the path, the bit error rate of the underlying optical link, etc. In order to provide quality assurance capabilities in IP networks, from Multi-Protocol Label Switching (MPLS) in 2000 to the current Segment Routing over IPv6 (SRv6) technology, the core is how to provide network path scheduling capabilities. By planning network link resources, point-to-point network paths with different characteristics can be constructed, such as low latency and large bandwidth. Further building on the above capabilities and combining them with a bandwidth resource reservation mechanism can realize network-wide slicing capabilities, enabling a physical network to be virtualized into multiple logical slices, with each slice occupying different resources, thereby achieving multi-point to multi-point differentiated network connections.

虽然IP骨干网络内部已经具备了灵活的差异化服务能力,但是在应用和网络能力协同时,现有方案存在多种流派。Although the IP backbone network already has flexible differentiated service capabilities, there are many different approaches to the coordination of applications and network capabilities.

第一种流派是基于应用特征进行流量分类,然后对将不同流量引流到特定网络路径(MPLS或SRv6)上。通常根据应用识别分为2种方案:The first approach is to classify traffic based on application characteristics and then direct different traffic to specific network paths (MPLS or SRv6). There are usually two solutions based on application identification:

第一种方案,采用基于三、四层头部信息的访问控制列表(ACL,Access Control List)进行应用类型分类。在网络边界业务接入点,通过ACL匹配流量的源IP、目地IP、协议类型、源端口、目的端口五元组对流量进行分类后引流到特定低时延或大带宽隧道/切片。通常路由器和交换机的硬件芯片都支持ACL,因此可实现高性能的转发。但ACL需要人工维护应用的五元组特征并以ACL命令方式配置到网络设备上。ACL进行流分类后,通过为该流指定下一条,从而实现将流引入到指定的SRv6/MPLS隧道或者切片。The first solution uses an access control list (ACL) based on layer 3 and layer 4 header information to classify application types. At the network edge service access point, the traffic is classified by matching the source IP, destination IP, protocol type, source port, and destination port five-tuples of the traffic through the ACL, and then directed to a specific low-latency or high-bandwidth tunnel/slice. Usually, the hardware chips of routers and switches support ACL, so high-performance forwarding can be achieved. However, ACL requires manual maintenance of the five-tuple characteristics of the application and configuration on the network device in the form of ACL commands. After the ACL classifies the flow, it specifies the next one for the flow, thereby directing the flow to the specified SRv6/MPLS tunnel or slice.

第二种方案,采用基于七层内容信息的深度报文检测(DPI,Deep Packet Inspection)进行应用类型分类。为提取七层内容,DPI需要识别报文封装,将一系列报文重组后还原为应用数据,然后根据这些应用数据特征进行分类。DPI通常是以正则表达式方式描述应用特征,无法通过路由芯片进行处理,只能采用CPU处理,常见的应用特征有URL、HTML标签、文字等。和ACL类似,需要人工维护应用特征并配置到网络设备上,而且额外需要能够将多个报文重组为应用数据。DPI进行流分类后,通过为该流指定下一条,从而实现将流引入到指定的SRv6/MPLS隧道或者切片。The second solution uses deep packet inspection (DPI) based on seven-layer content information to classify application types. In order to extract the seven-layer content, DPI needs to identify the packet encapsulation, reassemble a series of packets into application data, and then classify them according to the characteristics of these application data. DPI usually describes application characteristics in the form of regular expressions. It cannot be processed by the routing chip and can only be processed by the CPU. Common application characteristics include URLs, HTML tags, text, etc. Similar to ACL, application characteristics need to be manually maintained and configured on network devices, and it also needs to be able to reassemble multiple packets into application data. After DPI classifies the flow, it specifies the next one for the flow, thereby introducing the flow into the specified SRv6/MPLS tunnel or slice.

第二种流派是应用显式携带类型信息,网络边界业务接入点PE识别报文中显式携带的应用信息,然后将该类报文映射到网络隧道/切片上。The second school of thought is to use explicit type information. The network edge service access point PE identifies the application information explicitly carried in the message and then maps this type of message to the network tunnel/slice.

在报文中额外定义应用信息描述的应用感知网络(APN,Application-Aware Networking)。APN利用IPv6数据报文自带的扩展头(Extension Headers),例如,逐跳选项头(HBH,Hop-by-Hop Options Header)、目的选项头(DOH,DOH)的可编程空间。和ACL、DPI不同的是,APN要求报文携带应用信息,使得网络设备可直接识别应用信息,然后根据APN信息进行流分类后,通过为该流指定下一条,从而实现将流引入到指定的SRv6/MPLS隧道或者切片。APN需要在报文中以非加密方式显式携带APN ID,一方面要求应用愿意标记APN ID,另一方面需要一个统一的机构集中为应用分配APN ID。按照对流量标记APN ID的位置不同,分为端侧标记和网络标记两种方式。考虑到早期应用侧还不具备相关的能力,可以先采用网络边界业务接入点标记,随着生态的成熟,让更多的业务可以自主携带APN ID进一步提升业务感知的准确性。Application-Aware Networking (APN) additionally defines application information description in the message. APN utilizes the extension headers (Extension Headers) that come with IPv6 data messages, such as the programmable space of the Hop-by-Hop Options Header (HBH) and the Destination Options Header (DOH). Unlike ACL and DPI, APN requires the message to carry application information so that network devices can directly identify the application information. After classifying the flow based on the APN information, it specifies the next one for the flow, thereby introducing the flow into the specified SRv6/MPLS tunnel or slice. APN needs to explicitly carry the APN ID in the message in an unencrypted manner. On the one hand, it requires the application to be willing to mark the APN ID, and on the other hand, it requires a unified organization to centrally allocate APN IDs to applications. According to the location of the APN ID marking on the traffic, it is divided into two methods: end-side marking and network marking. Considering that the early application side does not have the relevant capabilities, network boundary service access point marking can be used first. As the ecosystem matures, more services can carry APN IDs independently to further improve the accuracy of service perception.

参见图1,图1是相关技术中APN头部的示意图,如图1所示,APN头部包含APN标识信息和APN参数信息,APN头部可以在不同的数据平面中使用。Refer to FIG. 1 , which is a schematic diagram of an APN header in related art. As shown in FIG. 1 , the APN header includes APN identification information and APN parameter information. The APN header can be used in different data planes.

如图1所示,APN头部格式中可以包括:As shown in Figure 1, the APN header format may include:

APN ID;APN ID;

APN参数信息(APN-Para)。APN parameter information (APN-Para).

这里,APN ID用于标识业务属性,表明携带相同标识的报文都会被给予相同的处理,具体包含以下信息:APP Group ID,用于标识该报文所属的应用组,长度可变;USER Group ID,用于标识该报文所属的用户组,长度可变。Here, APN ID is used to identify service attributes, indicating that messages carrying the same identifier will be given the same treatment. It specifically includes the following information: APP Group ID, which is used to identify the application group to which the message belongs and has a variable length; USER Group ID, which is used to identify the user group to which the message belongs and has a variable length.

这里,APN参数信息(APN-Para)是与网络性能要求相关的参数,具体包含哪些参数由APN-Para-Type来定义,每个APN参数的长度为32bit。通过不同的参数信息组合,可以更详细的表述应用需求。APN-Para与APN ID信息一起传递,用来描述所需的网络连接要求,具体包含以下信息:Bandwidth,表示应用的带宽需求,单位为Mbit/s;Delay,前8bit保留,发送时必须设置为0,接收时必须忽略。后24bit,表示时延需求,单位为ms,编码为整数值;Jitter,前8bit保留,发送时必须设置为0,接收时必须忽略,后24bit,表示时延变化需求,单位为ms,编码为整数值;Packet Loss Ratio,前8bit保留,发送时必须设置为0,接收时必须忽略,后24bit,表示每秒的丢包率,该值是系统允许的最大丢包率。Here, APN parameter information (APN-Para) is a parameter related to network performance requirements. The specific parameters are defined by APN-Para-Type, and the length of each APN parameter is 32 bits. By combining different parameter information, application requirements can be expressed in more detail. APN-Para is transmitted together with the APN ID information to describe the required network connection requirements. It specifically includes the following information: Bandwidth, which indicates the bandwidth requirement of the application, in Mbit/s; Delay, the first 8 bits are reserved and must be set to 0 when sending and must be ignored when receiving. The last 24 bits indicate the delay requirement, in ms, encoded as an integer value; Jitter, the first 8 bits are reserved and must be set to 0 when sending and must be ignored when receiving, and the last 24 bits indicate the delay variation requirement, in ms, encoded as an integer value; Packet Loss Ratio, the first 8 bits are reserved and must be set to 0 when sending and must be ignored when receiving, and the last 24 bits indicate the packet loss rate per second, which is the maximum packet loss rate allowed by the system.

这里,APN头(包括APN标识和需求参数)可以被封装在IPv6报文扩展头中,具体可以包括以下几种方式:Here, the APN header (including the APN identifier and required parameters) can be encapsulated in the IPv6 packet extension header. Specifically, the following methods can be used:

逐跳选项头(HBH):APN头可以作为逐跳选项头的一个新选项来携带,通过使用逐跳选项头携带的信息可以被路径上的每个节点读取。Hop-by-Hop Options Header (HBH): The APN header can be carried as a new option of the Hop-by-Hop Options Header. By using the information carried by the Hop-by-Hop Options Header, each node on the path can read it.

目的选项头(DOH):APN头可以作为目的选项头的一个新选项来携带,通过目的选项头携带的信息可以被路径上的相应节点读取。Destination Options Header (DOH): The APN header can be carried as a new option in the destination options header. The information carried in the destination options header can be read by the corresponding nodes on the path.

段路由头(SRH,Segment Routing Header):APN头也可以放在段路由头中,作为段路由头TLV的一种类型,紧跟在分段列表之后。通过段路由头携带的信息可以被SRv6路径上的指定段读取。Segment Routing Header (SRH): The APN header can also be placed in the Segment Routing Header, as a type of Segment Routing Header TLV, immediately following the Segment List. The information carried in the Segment Routing Header can be read by a specific segment on the SRv6 path.

APN网络中数据报文所携带的应用信息可以指示数据报文所属的应用(类)、使用该应用(类)的用户(组)信息、该应用中的关键流(例如,云游戏中的动作指令等)、SLA需求或网络性能需求参数(例如,带宽、时延、抖动、丢包率等)。The application information carried by data packets in the APN network can indicate the application (class) to which the data packet belongs, the user (group) information using the application (class), the key flows in the application (for example, action instructions in cloud games, etc.), SLA requirements or network performance requirement parameters (for example, bandwidth, latency, jitter, packet loss rate, etc.).

第三种流派是直接开放网络连接,让应用去调用。主要在SRv6网络场景下,通过绑定段识别符(BSID,Binding SID)来抽象网络连接服务。这种方式主要应用在SD-WAN上,IP骨干网通过把PE之间的路径抽象为具备不同服务能力的BSID,例如低时延、大带宽、少丢包等类型,在终端直接把不同的BSID编入路径列表。这种方式需要对外公开BSID,且BSID被多业务公用,一旦被公开很容易引发网络攻击、BSID带宽被冒用等安全问题,而且由于BSID是共享资源,一旦停用会影响业务,所以无法通过停用来消除安全隐患。The third school of thought is to directly open the network connection and let the application call it. Mainly in the SRv6 network scenario, the network connection service is abstracted by binding segment identifiers (BSID, Binding SID). This method is mainly used in SD-WAN. The IP backbone network abstracts the paths between PEs into BSIDs with different service capabilities, such as low latency, large bandwidth, and low packet loss, and directly compiles different BSIDs into the path list at the terminal. This method requires the BSID to be made public, and the BSID is shared by multiple services. Once it is made public, it is easy to cause security issues such as network attacks and BSID bandwidth being misused. Moreover, since the BSID is a shared resource, once it is deactivated, it will affect the business, so it cannot eliminate the security risks by deactivating it.

现有两种流派存在不同问题导致均无法在现网广泛应用,The two existing schools of thought have different problems that prevent them from being widely used in the current network.

对于流派一,ACL、DPI仅特定场景有应用。For the first type, ACL and DPI are only applicable in specific scenarios.

ACL方式存在的主要问题是:越来越多的应用共享某一个用户报文协议(UDP,User Datagram Protocol)端口,已经不能直接根据UDP端口来识别区分应用。过于复杂的ACL也将影响设备对应用报文的转发性能,并产生大量“僵尸”表项。尤其是应用发生变化导致配置失效时,ACL的配置也需要进行相应更新,维护工作将极度复杂。The main problem with the ACL approach is that an increasing number of applications share a single User Datagram Protocol (UDP) port, making it impossible to directly identify and differentiate applications based on the UDP port. Overly complex ACLs can also affect device forwarding performance for application packets and generate a large number of "zombie" entries. Especially when application changes invalidate the configuration, the ACL configuration must be updated accordingly, making maintenance extremely complex.

DPI方式可以解决ACL无法精确识别应用的问题,但部署应用也存在重要的限制。首先DPI需要CPU处理,要消耗大量的处理能力;其次DPI不能处理加密报文而互联网绝大多数流量均为加密流量,例如HTTPS。因此难以大规模应用。DPI can address the problem of ACLs failing to accurately identify applications, but its deployment also has significant limitations. First, DPI requires CPU processing, consuming significant processing power. Second, DPI cannot handle encrypted packets, while the vast majority of Internet traffic, such as HTTPS, is encrypted. Therefore, large-scale application is difficult.

对于流派二,APN方式存在如下无法解决核心问题,导致用户使用意愿不足、网络安全风险高,因此多年以来一直难以推进部署:The second approach, APN, has the following core issues that it fails to address, leading to low user adoption and high network security risks. Consequently, deployment has been difficult for many years:

问题一,APN ID隐私安全问题。如果流量通过APN可被识别,则也存在流量被劫持和分析的风险,导致用户使用APN动力不足。The first issue is APN ID privacy and security. If traffic can be identified through APN, there is a risk of traffic hijacking and analysis, which can make users less motivated to use APN.

问题二,APN ID的管理极度困难。APN ID要求全网统一管理,不同应用需要通过不同的值进行区分。而互联网并无集中的应用APN ID注册管理机制,且每天都会产生大量新的应用,难以落地。The second problem is that APN ID management is extremely difficult. APN IDs require unified management across the entire network, and different applications need to be distinguished by different values. However, the Internet lacks a centralized application APN ID registration and management mechanism, and with the large number of new applications appearing daily, implementation is difficult.

问题三,APN ID泄露问题。报文在转发过程中可能会被侦听,非加速用户可以获得此APN ID,从而在非加速用户发出的报文中也携带该APN ID,非法获得加速效果。The third issue is APN ID leakage. Messages may be intercepted during forwarding, allowing non-accelerated users to obtain this APN ID. This APN ID can then be included in messages sent by non-accelerated users, illegally achieving acceleration.

问题四,网络攻击风险。APN报文特征明显且容易攻击,黑客可以针对使用APN ID的报文发起流量攻击,这对网络稳定运行将带来风险。Question 4: Network attack risk. APN messages have distinct characteristics and are easily attacked. Hackers can launch traffic attacks against messages using APN IDs, which poses a risk to the stable operation of the network.

对于流派三,以BSID开放网络连接将带来和APN类似的安全风险,即网络内部信息被泄露引发的攻击及滥用问题。因此这种方式仅限于在内网使用。Regarding the third approach, using BSID to open network connections carries similar security risks as APNs: leaks of internal network information can lead to attacks and abuse. Therefore, this approach is limited to intranet use.

总的来说,流派一和流派二均是采用以应用为中心的思路,网络需要被动适配应用变化,流派三采用网络能力开放的思路,均存在网络安全问题。In general, both schools of thought one and two adopt an application-centric approach, requiring the network to passively adapt to application changes. School three adopts an open network capability approach, and both schools have network security issues.

基于此,本公开实施例中,用户边界设备获取第一ARN标识;所述第一ARN标识表征应用对网络能力的调用关系和/或网络对应用开放的能力;基于所述第一ARN标识对第一IP报文进行标记,生成第二IP报文;发出所述第二IP报文。Based on this, in an embodiment of the present disclosure, the user edge device obtains a first ARN identifier; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability open to the application by the network; the first IP packet is marked based on the first ARN identifier to generate a second IP packet; and the second IP packet is sent.

参见图2,图2是本公开实施例信息处理方法的实现流程示意图,应用于用户边界设备,所述用户边界设备可以是一个客户端路由器、SD-WAN CPE、云网关或者是一个应用程序,如图2所示,所述方法包括步骤201至步骤203:Referring to FIG. 2 , FIG. 2 is a schematic diagram of an implementation flow of an information processing method according to an embodiment of the present disclosure, which is applied to a user edge device. The user edge device may be a client router, an SD-WAN CPE, a cloud gateway, or an application. As shown in FIG. 2 , the method includes steps 201 to 203:

步骤201:获取第一ARN标识;所述第一ARN标识表征应用对网络能力的调用关系和/或网络对应用开放的能力。Step 201: Obtain a first ARN identifier; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application.

这里,所述网络能力可以指网络资源,具体可以包括路径或切片,所述路径可以理解为隧道。Here, the network capability may refer to network resources, which may specifically include paths or slices, and the path may be understood as a tunnel.

这里,所述路径或切片的服务类型包括但不限于以下之一:Here, the service type of the path or slice includes but is not limited to one of the following:

低时延;Low latency;

大带宽;Large bandwidth;

低丢包。Low packet loss.

这里,所述应用对网络能力的调用关系可以包括但不限于以下之一:Here, the calling relationship between the application and the network capability may include but is not limited to one of the following:

应用对低时延的网络能力的调用;Applications call for low-latency network capabilities;

应用对大带宽的网络能力的调用;Applications call for high-bandwidth network capabilities;

应用对低丢包的网络能力的调用。Applications utilize low-packet-loss network capabilities.

这里,所述应用对低时延的网络能力的调用,也可以描述为应用对低时延的路径或切片服务的调用。Here, the application's call to low-latency network capabilities can also be described as the application's call to low-latency path or slice services.

这里,应用对大带宽的网络能力的调用,也可以描述为应用对大带宽的路径或切片服务的调用。Here, the application's call to high-bandwidth network capabilities can also be described as the application's call to high-bandwidth path or slice services.

这里,应用对低丢包的网络能力的调用,也可以描述为应用对低丢包的路径或切片服务的调用。Here, the application's call for low-packet-loss network capabilities can also be described as the application's call for low-packet-loss path or slice services.

这里,所述网络对应用开放的能力可以是指网络资源,具体可以包括路径或切片,所述路径可以理解为隧道。Here, the ability of the network to be open to applications may refer to network resources, which may specifically include paths or slices, and the paths may be understood as tunnels.

步骤202:基于所述第一ARN标识对第一IP报文进行标记,生成第二IP报文。Step 202: Mark the first IP packet based on the first ARN identifier to generate a second IP packet.

作为示例,所述第一IP报文可以是指IPv6报文。As an example, the first IP packet may be an IPv6 packet.

在一些实施例中,所述基于所述第一ARN标识对第一IP报文进行标记,包括:In some embodiments, marking the first IP packet based on the first ARN identifier includes:

将所述第一ARN标识和第一信息分别写入所述第一IP报文的头部中的流标签域和流量类型域;Writing the first ARN identifier and the first information into the flow label field and the traffic type field in the header of the first IP packet respectively;

其中,所述第一信息用于指示是否将流标签域中的原始内容转义为所述第一ARN标识。The first information is used to indicate whether to convert the original content in the flow label field into the first ARN identifier.

作为示例,所述第一信息也可以描述为转义字符。As an example, the first information may also be described as an escape character.

作为示例,所述第一信息可以位于所述流量类型域(traffic class)的最高位。As an example, the first information may be located in the highest bit of the traffic class field.

也就是说,复用流标签(Flow Label)域,并通过流量类型域(tc,traffic class)的最高位(转义字符)指明是否转义,如果该比特为1,则将流标签域中的原始内容转义为所述第一ARN ID;否则,不进行转义。That is to say, the flow label (Flow Label) field is reused, and the highest bit (escape character) of the traffic type field (tc, traffic class) is used to indicate whether to escape. If the bit is 1, the original content in the flow label field is escaped to the first ARN ID; otherwise, no escape is performed.

在一些实施例中,所述基于所述第一ARN标识对第一IP报文进行标记,包括:In some embodiments, marking the first IP packet based on the first ARN identifier includes:

将所述第一ARN标识写入所述第一IP报文的扩展头中;Writing the first ARN identifier into the extension header of the first IP packet;

或者,or,

将所述第一ARN标识写入所述第一IP报文的头部中的源地址域。The first ARN identifier is written into the source address field in the header of the first IP packet.

作为示例,所述扩展头可以是指DOH、HBH、SRH头。As an example, the extended header may refer to a DOH, HBH, or SRH header.

这里,在所述第一IP报文中引入ARN ID字段,将应用和网络通过所述第一ARN ID粘合,所述第一ARN ID不但表达了应用和网络之间的调用关系,同时也表达应用对网络路径或切片的需求,例如时延、丢包、抖动、带宽等路径约束。Here, the ARN ID field is introduced into the first IP packet to glue the application and the network together through the first ARN ID. The first ARN ID not only expresses the calling relationship between the application and the network, but also expresses the application's requirements for the network path or slice, such as path constraints such as latency, packet loss, jitter, and bandwidth.

在一些实施例中,所述获取第一ARN标识,包括:In some embodiments, obtaining the first ARN identifier includes:

获取控制器发送的第一ARN标识;Get the first ARN identifier sent by the controller;

其中,所述第一ARN标识是所述控制器基于用户信息、应用信息和网络服务信息为所述用户边界设备分配的。The first ARN identifier is allocated by the controller to the user edge device based on user information, application information and network service information.

这里,所述网络服务信息可以包括服务质量(QoS,Quality of Service)、网络接口等。Here, the network service information may include quality of service (QoS), network interface, etc.

举例来说,假设网络中规划了低时延的切片或路径(隧道)服务,在用户订阅一个低时延的连接服务时,网络如何完成该业务流程并进行转发。首先,业务系统根据用户订阅的业务类型调用控制器接口,控制器在收到用户的网络服务订阅需求后,为所述用户边界设备分配所述第一ARN标识。For example, assuming that low-latency slice or path (tunnel) services are planned in the network, when a user subscribes to a low-latency connection service, how does the network complete the service process and forward it? First, the service system calls the controller interface based on the service type subscribed by the user. After receiving the user's network service subscription request, the controller assigns the first ARN identifier to the user edge device.

具体地,控制器可以基于用户信息、应用信息和网络服务信息,为所述用户边界设备分配所述第一ARN标识。Specifically, the controller may allocate the first ARN identifier to the user edge device based on user information, application information, and network service information.

这里,第一ARN ID可以是一个任意整数,满足<用户、应用、网络服务>和ARN ID一比一对应就可以。具体地,可以利用随机函数生成、或按照从小到大、或从大到小生成均可。Here, the first ARN ID can be any integer that satisfies a one-to-one correspondence between <user, application, network service> and ARN ID. Specifically, it can be generated using a random function, or generated from small to large, or from large to small.

这里,控制器为用户边界设备分配第一ARN ID之后,还可以对所述第一ARN标识的生命周期进行管理,具体包括:Here, after the controller assigns the first ARN ID to the user edge device, it can also manage the lifecycle of the first ARN identifier, specifically including:

对所述第一ARN标识执行以下操作之一:Perform one of the following operations on the first ARN identifier:

撤销;revocation;

挂失;Report loss;

补发;reissue;

老化;aging;

延期。postpone.

这里,所述撤销是指控制器在用户及网络边缘上删除相关ARN ID信息。Here, revocation refers to the controller deleting the relevant ARN ID information at the user and network edge.

这里,所述挂失也是对应撤销相关的ARN ID。Here, the report of loss also corresponds to the cancellation of the related ARN ID.

这里,所述补发是指需要重新生成一个ARN ID。Here, reissue means that an ARN ID needs to be regenerated.

这里,所述老化是指对应APN服务有时间限制,到时间后自动撤销相应的ARN ID。Here, aging means that the corresponding APN service has a time limit, and the corresponding ARN ID will be automatically revoked after the time expires.

这里,所述延期是指延长ARN ID的服务时间。Here, the extension refers to extending the service time of the ARN ID.

步骤203:发出所述第二IP报文。Step 203: Send the second IP message.

作为示例,可以将所述第二IP报文发送至网络边界设备。As an example, the second IP packet may be sent to a network edge device.

作为示例,所述网络边界设备对家庭用户来说是BRAS/BNG,对无线用户来说是对接核心网的路由器,对于政企用户来说就是接入用户专线的PE。As an example, the network edge device is a BRAS/BNG for home users, a router connected to the core network for wireless users, and a PE for accessing user dedicated lines for government and enterprise users.

作为示例,所述网络边界设备接收到所述第二IP报文后,解析所述第二IP报文,得到所述第一IP报文中携带的所述第一ARN标识;对所述第一ARN标识的合法性进行验证。As an example, after receiving the second IP packet, the network edge device parses the second IP packet to obtain the first ARN identifier carried in the first IP packet; and verifies the legitimacy of the first ARN identifier.

具体地,对所述第一ARN标识的合法性进行验证,包括以下两种情况:Specifically, the validity of the first ARN identifier is verified in the following two situations:

第一种情况,如果验证所述第一ARN标识合法,则基于所述第一ARN标识,将所述第二IP报文映射到对应的路径或切片。In the first case, if the first ARN identifier is verified to be legal, the second IP packet is mapped to the corresponding path or slice based on the first ARN identifier.

第二种情况,如果验证所述第一ARN标识不合法的情况下,执行第一操作。In the second case, if it is verified that the first ARN identifier is illegal, the first operation is performed.

其中,所述第一操作包括以下之一:The first operation includes one of the following:

忽略所述第二IP报文携带的所述第一ARN标识或丢弃所述第二IP报文;Ignore the first ARN identifier carried by the second IP packet or discard the second IP packet;

将所述第一ARN标识的值进行重置;Resetting the value of the first ARN identifier;

将所述第二IP报文映射到不携带ARN标识的报文对应的默认路径或切片。Map the second IP packet to the default path or slice corresponding to the packet that does not carry the ARN identifier.

实际应用时,为了网络边界设备对所述第一ARN标识的合法性进行验证,所述用户边界设备可以将第一用户信息携带于所述第二IP报文中,以便于网络边界设备对所述第一ARN标识进行验证。In actual application, in order for the network edge device to verify the legitimacy of the first ARN identifier, the user edge device may carry the first user information in the second IP message, so that the network edge device can verify the first ARN identifier.

基于此,在一些实施例中,所述发出所述第二IP报文,包括:Based on this, in some embodiments, sending the second IP message includes:

将第一用户信息携带于所述第二IP报文中;Carrying the first user information in the second IP message;

发出所述第二IP报文。Send the second IP message.

本公开实施例中,具备以下优点:The embodiments of the present disclosure have the following advantages:

(1)用户边界设备获取第一ARN标识;所述第一ARN标识表征应用对网络能力的调用关系和/或网络对应用开放的能力;基于所述第一ARN标识对第一IP报文进行标记,生成第二IP报文;发出所述第二IP报文。(1) A user edge device obtains a first ARN identifier; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application; a first IP packet is marked based on the first ARN identifier to generate a second IP packet; and the second IP packet is sent.

本公开实施例中,由于所述第一ARN标识表征应用对网络能力的调用关系和/或网络对应用开放的能力,如此,用户或应用并不直接调用网络能力,而是通过所述第一ARN标识调用网络能力,这样网络就不会看到用户或应用的相关信息,同样地,网络并直接开放能力给用户,而是通过所述第一ARN标识开放能力,这样用户就不会看到网络的服务信息,从而在提供应用协同网络能力的同时提高安全性。In the embodiment of the present disclosure, since the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application, the user or application does not directly call the network capability, but calls the network capability through the first ARN identifier, so that the network will not see the relevant information of the user or application. Similarly, the network does not directly open the capability to the user, but opens the capability through the first ARN identifier, so that the user will not see the service information of the network, thereby improving security while providing application collaborative network capabilities.

(2)与相关技术中通过APN、BSID、ACL等实现应用协同网络能力的方式相比,本公开实施例中,采用ARN标识,差异就是用户/应用并不能直接调用网络路径,得通过中间层ARN调用网络服务,而网络也不能看到用户应用信息,看到的只是中间层ARN。相比之下,APN直接携带应用和用户信息,网络直接就看到了这些信息,BSID直接把网络能力开放给用户,用户直接看到了网络服务信息。(2) Compared with the related art method of implementing application collaborative network capabilities through APN, BSID, ACL, etc., the disclosed embodiments use ARN identification. The difference is that users/applications cannot directly call the network path, but must call network services through the intermediate layer ARN. The network cannot see user application information, but only sees the intermediate layer ARN. In contrast, APN directly carries application and user information, which the network directly sees. BSID directly opens network capabilities to users, and users directly see network service information.

隐私性方面,ARN ID不直接使用网络连接标识,例如BSID或SID,而是使用独立于BSID的ARN ID,且报文中的ARN ID针对不同用户取值范围随机,可由控制器将一个用户网络需求合同映射为不同设备的不同ARN ID值,设置为设备有效而非全局有效,针对不同设备可以是不同ARN ID值,因此既不携带网络隐私信息也不携带用户隐私信息。In terms of privacy, ARN ID does not directly use the network connection identifier, such as BSID or SID, but uses an ARN ID independent of BSID. The value range of ARN ID in the message is random for different users. The controller can map a user network demand contract to different ARN ID values for different devices, and set it to be device-valid rather than globally valid. Different ARN ID values can be different for different devices. Therefore, it carries neither network privacy information nor user privacy information.

可维护性方面,通过ARN ID表达网络能力,不受应用变化而变化,因此不存在应用快速迭代带来的配置频繁变化的问题,便于通过规划的方式将网络能力对外开放。同时由于ARN ID和用户实际付费的合同一一对应,信息配置容易嵌入到业务流程中,不存在将合同转化为ACL五元组或者APN ID的问题。In terms of maintainability, network capabilities expressed through ARN IDs are independent of application changes, eliminating the frequent configuration changes associated with rapid application iterations and facilitating the planned opening of network capabilities. Furthermore, because ARN IDs correspond one-to-one with user-paid contracts, configuration information can be easily embedded into business processes, eliminating the need to convert contracts into ACL quintuples or APN IDs.

扩展性方面,如果仅对差异化的用户需求配置(ARN ID,用户)的2元组,并且该2元组可以通过查表来实现,因此本方案不存在扩展性问题。In terms of scalability, if only the 2-tuple (ARN ID, user) is configured for differentiated user needs, and this 2-tuple can be implemented through table lookup, then this solution does not have scalability issues.

安全性方面,ARN ID是处于应用和网络的中间,像合同一样存在生命周期,有创建、销毁、超期、更新、校验等操作能力。一旦ARN ID信息被发现泄露则可以在不影响其他用户业务的情况下快速挂失,并申请新的ARN ID信息。同时进入SR网络的报文可不携带BSID/SID也可以根据ARN ID正确映射到对应SR Policy路径,即便携带BSID/SID时,则可以根据ARN ID来校验对于网络的BSID/SID调用是否合法。这样解决了安全问题。In terms of security, the ARN ID sits between applications and the network, and like a contract, has a lifecycle, with operations such as creation, destruction, expiration, renewal, and verification. If ARN ID information is discovered to be leaked, it can be quickly reported lost and a new ARN ID requested without impacting other users' services. Furthermore, messages entering the SR network can be correctly mapped to the corresponding SR Policy path based on the ARN ID, even without carrying a BSID/SID. Even when carrying a BSID/SID, the ARN ID can be used to verify the legitimacy of the BSID/SID call to the network. This resolves security issues.

最后,网络ARN ID的作用域可分为两类:一类是全局ARN ID,在个其生命周期相同,但是不同站点同一ARN ID在不同设备上可以不同;另一类是本地化ARN ID,针对单个用户本地化需求,不同ARN ID生命周期互相独立。客户有局部ARN ID需在报文中携带。因为ARN ID值部要求全局采用相同的值,因此将协同需求降到最低。Finally, the scope of network ARN IDs can be divided into two categories: global ARN IDs, which have the same lifecycle across all sites, but can be different on different devices at different sites; and localized ARN IDs, which are tailored to the local needs of individual users and have independent lifecycles. Customers with localized ARN IDs must carry them in messages. Because ARN ID values are not required to be the same globally, coordination requirements are minimized.

(3)采用以网络为中心的思路,提出应用响应网络(Application Responsive Networking)技术,解决系列化安全问题,消除快速变化的应用对网络稳定配置的影响,通过应用主动调用网络能力,具备大规模部署的能力。能够解决相关技术中应用变化带来网络ACL、DPI、APN等配置频繁变化导致网络稳定性难以收敛的问题,以及解决相关技术中应用特征高度离散,难以被聚合因此做ACL、APN配置需要针对每业务一条一条配置,资源消耗量大且维护困难的问题,以及解决相关技术中APN、BSID必须携带隐私信息的问题,以及解决相关技术中APN、BSID等信息泄露后引发的APN ID、BSID被冒用、被攻击等安全问题。(3) With a network-centric approach, we propose Application Responsive Networking technology to solve a series of security problems, eliminate the impact of rapidly changing applications on stable network configuration, and enable large-scale deployment through active application calls to network capabilities. This technology can solve the problem in related technologies that frequent changes in network ACL, DPI, APN, and other configurations lead to difficulties in converging network stability, as well as the problem in related technologies that application features are highly discrete and difficult to aggregate, so ACL and APN configurations need to be configured one by one for each service, resulting in high resource consumption and difficult maintenance. It can also solve the problem in related technologies that APN and BSID must carry privacy information, as well as the security issues in related technologies such as APN ID and BSID being misused or attacked after the leakage of APN and BSID information.

参见图3,图3是本公开实施例信息处理方法的实现流程示意图,应用于网络边界设备,所述网络边界设备对家庭用户来说是BRAS/BNG,对无线用户来说是对接核心网的路由器,对于政企用户来说就是接入用户专线的PE,如图3所示,所述方法包括步骤301:3 , which is a schematic diagram of an implementation flow of an information processing method according to an embodiment of the present disclosure, and is applied to a network edge device. The network edge device is a BRAS/BNG for home users, a router connected to the core network for wireless users, and a PE for accessing user dedicated lines for government and enterprise users. As shown in FIG3 , the method includes step 301:

步骤301:接收第二IP报文;Step 301: Receive a second IP message;

其中,所述第二IP报文是用户边界设备获取第一ARN标识,基于所述第一ARN标识对第一IP报文进行标记得到的;所述第一ARN标识表征应用对网络能力的调用关系和/或网络对应用开放的能力。The second IP packet is obtained by the user edge device obtaining the first ARN identifier and marking the first IP packet based on the first ARN identifier; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability of the network to be open to the application.

这里,所述网络能力可以指网络资源,具体可以包括路径或切片,所述路径可以理解为隧道。Here, the network capability may refer to network resources, which may specifically include paths or slices, and the path may be understood as a tunnel.

这里,所述路径或切片的服务类型包括但不限于以下之一:Here, the service type of the path or slice includes but is not limited to one of the following:

低时延;Low latency;

大带宽;Large bandwidth;

低丢包。Low packet loss.

这里,所述应用对网络能力的调用关系可以包括但不限于以下之一:Here, the calling relationship between the application and the network capability may include but is not limited to one of the following:

应用对低时延的网络能力的调用;Applications call for low-latency network capabilities;

应用对大带宽的网络能力的调用;Applications call for high-bandwidth network capabilities;

应用对低丢包的网络能力的调用。Applications utilize low-packet-loss network capabilities.

这里,所述应用对低时延的网络能力的调用,也可以描述为应用对低时延的路径或切片服务的调用。Here, the application's call to low-latency network capabilities can also be described as the application's call to low-latency path or slice services.

这里,应用对大带宽的网络能力的调用,也可以描述为应用对大带宽的路径或切片服务的调用。Here, the application's call to high-bandwidth network capabilities can also be described as the application's call to high-bandwidth path or slice services.

这里,应用对低丢包的网络能力的调用,也可以描述为应用对低丢包的路径或切片服务的调用。Here, the application's call for low-packet-loss network capabilities can also be described as the application's call for low-packet-loss path or slice services.

这里,所述网络对应用开放的能力可以是指网络资源,具体可以包括路径或切片,所述路径可以理解为隧道。Here, the ability of the network to be open to applications may refer to network resources, which may specifically include paths or slices, and the paths may be understood as tunnels.

在一些实施例中,所述方法还包括:In some embodiments, the method further comprises:

解析所述第二IP报文,得到所述第一ARN标识;Parsing the second IP packet to obtain the first ARN identifier;

根据预设数据表,对所述第一ARN标识的合法性进行验证,得到验证结果;所述预设数据表中存储有用户信息和ARN标识的预设对应关系;Verify the legitimacy of the first ARN identifier according to a preset data table to obtain a verification result; the preset data table stores a preset correspondence between user information and ARN identifiers;

在验证结果表征所述第一ARN标识合法的情况下,基于所述第一ARN标识,将所述第二IP报文映射到对应的路径或切片。When the verification result indicates that the first ARN identifier is legal, the second IP packet is mapped to a corresponding path or slice based on the first ARN identifier.

作为示例,所述用户信息可以包括用户对应的用户标识或源地址信息或链路信息等。As an example, the user information may include a user identifier corresponding to the user, source address information, link information, etc.

作为示例,所述网络边界设备可以接收控制器发送的用户信息和ARN标识的预设对应关系。As an example, the network edge device may receive a preset correspondence between user information and ARN identifiers sent by the controller.

在一些实施例中,所述方法还包括:In some embodiments, the method further comprises:

在验证结果表征所述第一ARN标识不合法的情况下,执行第一操作;If the verification result indicates that the first ARN identifier is illegal, perform a first operation;

其中,所述第一操作包括以下之一:The first operation includes one of the following:

忽略所述第二IP报文携带的所述第一ARN标识或丢弃所述第二IP报文;Ignore the first ARN identifier carried by the second IP packet or discard the second IP packet;

将所述第一ARN标识的值进行重置;Resetting the value of the first ARN identifier;

将所述第二IP报文映射到不携带ARN标识的报文对应的默认路径或切片。Map the second IP packet to the default path or slice corresponding to the packet that does not carry the ARN identifier.

作为示例,所述将所述第一ARN标识的值进行重置,可以是将所述第一ARN ID按配置被重置为0。As an example, resetting the value of the first ARN identifier may be resetting the first ARN ID to 0 as configured.

这里,如果选择忽略所述第一ARN ID,通过默认隧道/切片进行转发。如果报文中不携带ARN ID的报文也应通过默认隧道/切片进行转发。这样在网络升级过程中,不需要用户侧设备和网络边界设备同步支持该特性。Here, if the first ARN ID is ignored and packets are forwarded through the default tunnel/slice, packets without an ARN ID should also be forwarded through the default tunnel/slice. This eliminates the need for both user-side devices and network edge devices to support this feature during network upgrades.

在一些实施例中,所述根据预设数据表,对所述第一ARN标识的合法性进行验证,包括:In some embodiments, verifying the legitimacy of the first ARN identifier according to a preset data table includes:

解析所述第二IP报文,得到第一用户信息;Parsing the second IP message to obtain the first user information;

从所述预设数据表中查找所述第一用户信息和所述第一ARN标识的对应关系;Searching the preset data table for a correspondence between the first user information and the first ARN identifier;

若从所述预设数据表中查找到所述第一用户信息和所述第一ARN标识的对应关系,则确定所述第一ARN标识合法。If a correspondence between the first user information and the first ARN identifier is found in the preset data table, it is determined that the first ARN identifier is legal.

作为示例,若从所述预设数据表中未查找到所述第一用户信息和所述第一ARN标识的对应关系,则确定所述第一ARN标识不合法。As an example, if the correspondence between the first user information and the first ARN identifier is not found in the preset data table, it is determined that the first ARN identifier is illegal.

作为示例,可以通过所述第二IP报文的源地址域获得所述第一用户信息。As an example, the first user information may be obtained through the source address field of the second IP packet.

举例来说,用户信息和ARN标识的预设对应关系可以包括:用户信息为Ua,对应的ARN标识为数值1,用户信息为Ub,对应的ARN标识为数值2,用户信息为Uc,对应的ARN标识为数值3。如此,假设所述第一用户信息为Ub,所述第一ARN标识为数值2,表明从所述预设数据表中查找到所述第一用户信息和所述第一ARN标识的对应关系,则确定所述第一ARN标识合法。For example, the preset correspondence between user information and ARN identifiers may include: if the user information is Ua, the corresponding ARN identifier is a value of 1; if the user information is Ub, the corresponding ARN identifier is a value of 2; and if the user information is Uc, the corresponding ARN identifier is a value of 3. Thus, assuming that the first user information is Ub and the first ARN identifier is a value of 2, it indicates that the correspondence between the first user information and the first ARN identifier is found in the preset data table, and the first ARN identifier is determined to be legal.

在一些实施例中,所述基于所述第一ARN标识,将所述第二IP报文映射到对应的路径或切片,包括:In some embodiments, mapping the second IP packet to a corresponding path or slice based on the first ARN identifier includes:

如果所述第一ARN标识合法,根据路径或切片和ARN标识的预设对应关系,确定与所述第一ARN标识对应的第一路径或第一切片;将所述第二IP报文映射到所述第一路径或所述第一切片;If the first ARN identifier is legal, determine the first path or first slice corresponding to the first ARN identifier according to the preset correspondence between the path or slice and the ARN identifier; map the second IP packet to the first path or the first slice;

其中,所述路径或切片,包括以下之一:The path or slice includes one of the following:

基于策略的IPv6分段路由(SRv6);Policy-based Segment Routing for IPv6 (SRv6);

多协议标签交换(MPLS);Multiprotocol Label Switching (MPLS);

互联网第三层协议(IPinIP);Internet Layer 3 Protocol (IPinIP);

虚拟扩展局域网(VxLAN);Virtual Extended Local Area Network (VxLAN);

通用路由封装协议(GRE);Generic Routing Encapsulation (GRE);

通用网络虚拟化封装(GENEVE)。Generic Network Virtualization Encapsulation (GENEVE).

作为示例,所述网络边界设备可以从控制器获取SRv6、多协议标签交换MPLS、互联网第三层协议IPinIP、虚拟扩展局域网VxLAN、通用路由封装协议GRE、通用网络虚拟化封装GENEVE等隧道和ARN标识的预设对应关系。As an example, the network edge device can obtain the preset correspondence between tunnels such as SRv6, Multi-Protocol Label Switching MPLS, Internet Layer 3 Protocol IPinIP, Virtual Extended Local Area Network VxLAN, Generic Routing Encapsulation Protocol GRE, and Generic Network Virtualization Encapsulation GENEVE and ARN identifiers from the controller.

举例来说,以SRv6为例,假设有SRv6隧道1、SRv6隧道2、SRv6隧道3,SRv6隧道1为隧道颜色标识a(大带宽的路径或切片),对应的ARN标识为数值1,SRv6隧道2为隧道颜色标识b(低时延的路径或切片),对应的ARN标识为数值2,SRv6隧道3为隧道颜色标识c(低丢包的路径或切片),对应的ARN标识为数值3。如此,假设所述第一ARN标识为数值2,则可以确定对应的第一路径或第一切片为SRv6隧道2,如此,将所述第二IP报文映射到与隧道颜色标识b对应的低时延的路径或切片。For example, taking SRv6 as an example, assuming there are SRv6 tunnel 1, SRv6 tunnel 2, and SRv6 tunnel 3, SRv6 tunnel 1 is tunnel color identifier a (high-bandwidth path or slice), and the corresponding ARN identifier is the value 1, SRv6 tunnel 2 is tunnel color identifier b (low-latency path or slice), and the corresponding ARN identifier is the value 2, SRv6 tunnel 3 is tunnel color identifier c (low-packet-loss path or slice), and the corresponding ARN identifier is the value 3. In this way, assuming that the first ARN identifier is the value 2, it can be determined that the corresponding first path or first slice is SRv6 tunnel 2. In this way, the second IP packet is mapped to the low-latency path or slice corresponding to the tunnel color identifier b.

本公开实施例中,具备以下优点:The embodiments of the present disclosure have the following advantages:

(1)用户边界设备获取第一ARN标识;所述第一ARN标识表征应用对网络能力的调用关系和/或网络对应用开放的能力;基于所述第一ARN标识对第一IP报文进行标记,生成第二IP报文;发出所述第二IP报文。(1) A user edge device obtains a first ARN identifier; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application; a first IP packet is marked based on the first ARN identifier to generate a second IP packet; and the second IP packet is sent.

本公开实施例中,由于所述第一ARN标识表征应用对网络能力的调用关系和/或网络对应用开放的能力,如此,用户或应用并不直接调用网络能力,而是通过所述第一ARN标识调用网络能力,这样网络就不会看到用户或应用的相关信息,同样地,网络并直接开放能力给用户,而是通过所述第一ARN标识开放能力,这样用户就不会看到网络的服务信息,从而在提供应用协同网络能力的同时提高网络安全性。In the embodiment of the present disclosure, since the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application, the user or application does not directly call the network capability, but calls the network capability through the first ARN identifier, so that the network will not see the relevant information of the user or application. Similarly, the network does not directly open the capability to the user, but opens the capability through the first ARN identifier, so that the user will not see the service information of the network, thereby improving network security while providing application collaborative network capabilities.

参见图4,图4是本公开实施例信息处理方法的实现流程示意图,应用于控制器,如图4所示,所述方法包括步骤401:4 , which is a schematic diagram of an implementation flow of an information processing method according to an embodiment of the present disclosure, and is applied to a controller. As shown in FIG4 , the method includes step 401:

步骤401:向用户边界设备发送第一ARN标识;所述第一ARN标识表征应用对网络能力的调用关系和/或网络对应用开放的能力;Step 401: Send a first ARN identifier to a user edge device; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application;

其中,所述第一ARN标识用于所述用户边界设备对第一IP报文进行标记,生成第二IP报文,并发出所述第二IP报文。The first ARN identifier is used by the user edge device to mark the first IP packet, generate a second IP packet, and send the second IP packet.

在一些实施例中,所述方法还包括:In some embodiments, the method further comprises:

将用户信息和ARN标识的预设对应关系发送至网络边界设备;并将路径或切片和ARN标识的预设对应关系发送至所述网络边界设备;Sending the preset correspondence between user information and ARN identifier to the network edge device; and sending the preset correspondence between path or slice and ARN identifier to the network edge device;

其中,所述路径或切片,包括以下之一:The path or slice includes one of the following:

SRv6;SRv6;

MPLS;MPLS;

IPinIP;IPinIP;

VxLAN;VxLAN;

GRE;GRE;

GENEVE。GENEVE.

作为示例,控制器将用户信息和ARN标识的预设对应关系发送至网络边界设备,如此,所述网络边界设备可以根据用户信息和ARN标识的预设对应关系,对所述第一ARN标识的合法性进行验证。As an example, the controller sends the preset correspondence between the user information and the ARN identifier to the network edge device. In this way, the network edge device can verify the legitimacy of the first ARN identifier based on the preset correspondence between the user information and the ARN identifier.

作为示例,控制器将路径或切片和ARN标识的预设对应关系发送至网络边界设备,如此,所述网络边界设备可以在所述第一ARN标识合法的情况下,根据路径或切片和ARN标识的预设对应关系,将所述第二IP报文映射到与所述第一ARN标识对应的路径或切片。As an example, the controller sends the preset correspondence between the path or slice and the ARN identifier to the network edge device. In this way, the network edge device can map the second IP packet to the path or slice corresponding to the first ARN identifier according to the preset correspondence between the path or slice and the ARN identifier if the first ARN identifier is legal.

在一些实施例中,所述方法还包括:In some embodiments, the method further comprises:

基于用户信息、应用信息和网络服务信息,为所述用户边界设备分配所述第一ARN标识。The first ARN identifier is allocated to the user edge device based on user information, application information, and network service information.

这里,第一ARN ID可以是一个任意整数,满足<用户、应用、网络服务>和ARN ID一一对应就可以。具体地,所述第一ARN标识可以利用随机函数生成、或按照从小到大、或从大到小生成均可。Here, the first ARN ID can be any integer as long as there is a one-to-one correspondence between <user, application, network service> and ARN ID. Specifically, the first ARN identifier can be generated using a random function, or generated from small to large, or from large to small.

在一些实施例中,所述方法还包括:In some embodiments, the method further comprises:

对所述第一ARN标识的生命周期进行管理。Manage the life cycle of the first ARN identifier.

在一些实施例中,所述对所述第一ARN标识的生命周期进行管理,包括:In some embodiments, managing the lifecycle of the first ARN identifier includes:

对所述第一ARN标识执行以下操作之一:Perform one of the following operations on the first ARN identifier:

撤销;revocation;

挂失;Report loss;

补发;reissue;

老化;aging;

延期。postpone.

这里,所述撤销是指控制器在用户及网络边缘上删除相关ARN ID信息。Here, revocation refers to the controller deleting the relevant ARN ID information at the user and network edge.

这里,所述挂失也是对应撤销相关的ARN ID。Here, the report of loss also corresponds to the cancellation of the related ARN ID.

这里,所述补发是指需要重新生成一个ARN ID。Here, reissue means that an ARN ID needs to be regenerated.

这里,所述老化是指对应APN服务有时间限制,到时间后自动撤销相应的ARN ID。Here, aging means that the corresponding APN service has a time limit, and the corresponding ARN ID will be automatically revoked after the time expires.

这里,所述延期是指延长ARN ID的服务时间。Here, the extension refers to extending the service time of the ARN ID.

本公开实施例中,具备以下优点:The embodiments of the present disclosure have the following advantages:

(1)用户边界设备获取第一ARN标识;所述第一ARN标识表征应用对网络能力的调用关系和/或网络对应用开放的能力;基于所述第一ARN标识对第一IP报文进行标记,生成第二IP报文;发出所述第二IP报文。(1) A user edge device obtains a first ARN identifier; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application; a first IP packet is marked based on the first ARN identifier to generate a second IP packet; and the second IP packet is sent.

本公开实施例中,由于所述第一ARN标识表征应用对网络能力的调用关系和/或网络对应用开放的能力,如此,用户或应用并不直接调用网络能力,而是通过所述第一ARN标识调用网络能力,这样网络就不会看到用户或应用的相关信息,同样地,网络并直接开放能力给用户,而是通过所述第一ARN标识开放能力,这样用户就不会看到网络的服务信息,从而在提供应用协同网络能力的同时提高安全性。In the embodiment of the present disclosure, since the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application, the user or application does not directly call the network capability, but calls the network capability through the first ARN identifier, so that the network will not see the relevant information of the user or application. Similarly, the network does not directly open the capability to the user, but opens the capability through the first ARN identifier, so that the user will not see the service information of the network, thereby improving security while providing application collaborative network capabilities.

参见图5,图5是本公开实施例信息处理方法应用的系统架构示意图,如图5所示,所述系统包括:5 , which is a schematic diagram of a system architecture for an information processing method according to an embodiment of the present disclosure. As shown in FIG5 , the system includes:

控制器,用于为用户边界设备分配第一ARN标识;所述第一ARN标识表征应用对网络能力的调用关系和/或网络对应用开放的能力。The controller is configured to allocate a first ARN identifier to a user edge device; the first ARN identifier represents a calling relationship between an application and a network capability and/or a capability exposed by the network to the application.

用户边界设备(CPE1),用于基于所述第一ARN标识对第一IP报文进行标记,生成第二IP报文;发出所述第二IP报文至网络边界设备。The customer edge device (CPE1) is configured to mark the first IP packet based on the first ARN identifier to generate a second IP packet; and send the second IP packet to the network edge device.

网络边界设备(PE),用于解析所述第二IP报文,得到所述第一ARN标识和第一用户信息(如用户ID);利用所述第一用户信息,对所述第一ARN标识的合法性进行验证,如果所述第一ARN标识合法,则基于所述第一ARN标识,将所述第二IP报文映射到对应的路径或切片。A network edge device (PE) is used to parse the second IP packet to obtain the first ARN identifier and first user information (such as user ID); use the first user information to verify the legitimacy of the first ARN identifier, and if the first ARN identifier is legal, map the second IP packet to the corresponding path or slice based on the first ARN identifier.

这里,所述用户边界设备可以是一个客户端路由器、SD-WAN CPE、云网关或者是一个应用程序。Here, the user edge device can be a client router, SD-WAN CPE, cloud gateway or an application.

这里,所述网络边界设备对家庭用户来说是BRAS/BNG,对无线用户来说是对接核心网的路由器,对于政企用户来说就是接入用户专线的PE。Here, the network edge device is BRAS/BNG for home users, a router connected to the core network for wireless users, and a PE for accessing user dedicated lines for government and enterprise users.

参见图6,图6是本公开实施例信息处理方法的具体实现流程示意图,如图6所示,所述方法包括步骤601至步骤606:6 , which is a schematic diagram of a specific implementation flow of the information processing method according to an embodiment of the present disclosure. As shown in FIG6 , the method includes steps 601 to 606:

步骤601:控制器为用户边界设备分配第一ARN标识;所述第一ARN标识表征应用对网络能力的调用关系和/或网络对应用开放的能力。Step 601: The controller allocates a first ARN identifier to the user edge device; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application.

这里,所述网络能力可以指网络资源,具体可以包括路径或切片,所述路径可以理解为隧道。Here, the network capability may refer to network resources, which may specifically include paths or slices, and the path may be understood as a tunnel.

这里,所述路径或切片的服务类型包括但不限于以下之一:Here, the service type of the path or slice includes but is not limited to one of the following:

低时延;Low latency;

大带宽;Large bandwidth;

低丢包。Low packet loss.

这里,所述应用对网络能力的调用关系可以包括但不限于以下之一:Here, the calling relationship between the application and the network capability may include but is not limited to one of the following:

应用对低时延的网络能力的调用;Applications call for low-latency network capabilities;

应用对大带宽的网络能力的调用;Applications call for high-bandwidth network capabilities;

应用对低丢包的网络能力的调用。Applications utilize low-packet-loss network capabilities.

这里,所述应用对低时延的网络能力的调用,也可以描述为应用对低时延的路径或切片服务的调用。Here, the application's call to low-latency network capabilities can also be described as the application's call to low-latency path or slice services.

这里,应用对大带宽的网络能力的调用,也可以描述为应用对大带宽的路径或切片服务的调用。Here, the application's call to high-bandwidth network capabilities can also be described as the application's call to high-bandwidth path or slice services.

这里,应用对低丢包的网络能力的调用,也可以描述为应用对低丢包的路径或切片服务的调用。Here, the application's call for low-packet-loss network capabilities can also be described as the application's call for low-packet-loss path or slice services.

这里,所述网络对应用开放的能力可以是指网络资源,具体可以包括路径或切片,所述路径可以理解为隧道。Here, the ability of the network to be open to applications may refer to network resources, which may specifically include paths or slices, and the paths may be understood as tunnels.

举例来说,假设网络中规划了低时延的切片或路径(隧道)服务,在用户订阅一个低时延的连接服务时,网络如何完成该业务流程并进行转发。首先,业务系统根据用户订阅的业务类型调用控制器接口,控制器在收到用户的网络服务订阅需求后,为所述用户边界设备分配所述第一ARN标识。For example, assuming that low-latency slice or path (tunnel) services are planned in the network, when a user subscribes to a low-latency connection service, how does the network complete the service process and forward it? First, the service system calls the controller interface based on the service type subscribed by the user. After receiving the user's network service subscription request, the controller assigns the first ARN identifier to the user edge device.

具体地,控制器可以基于用户信息、应用信息和网络服务信息,为所述用户边界设备分配所述第一ARN标识。Specifically, the controller may allocate the first ARN identifier to the user edge device based on user information, application information, and network service information.

这里,第一ARN ID可以是一个任意整数,满足<用户、应用、网络服务>和ARN ID一一对应就可以。具体地,所述第一ARN标识可以利用随机函数生成、或按照从小到大、或从大到小生成均可。Here, the first ARN ID can be any integer as long as there is a one-to-one correspondence between <user, application, network service> and ARN ID. Specifically, the first ARN identifier can be generated using a random function, or generated from small to large, or from large to small.

图7是本公开实施例控制器为用户边界设备分配第一ARN ID的示意图,如图7所示,假设用户信息为Ua、应用信息为视频应用、所述网络服务信息为低时延的路径或切片,则从未分配ARN ID数据库中进行随机选取一个ARN ID,作为第一ARN ID分配给对应的用户边界设备。同样地,假设用户信息为Ua、应用信息为视频应用、所述网络服务信息为低时延和大带宽的路径或切片,则从未分配ARN ID数据库中进行随机选取两个ARN ID,作为第一ARN ID分配给对应的用户边界设备。FIG7 is a schematic diagram of a controller assigning a first ARN ID to a user edge device according to an embodiment of the present disclosure. As shown in FIG7 , assuming that the user information is Ua, the application information is a video application, and the network service information is a low-latency path or slice, an ARN ID is randomly selected from the unassigned ARN ID database and assigned to the corresponding user edge device as the first ARN ID. Similarly, assuming that the user information is Ua, the application information is a video application, and the network service information is a low-latency and high-bandwidth path or slice, two ARN IDs are randomly selected from the unassigned ARN ID database and assigned to the corresponding user edge device as the first ARN ID.

这里,所述用户边界设备用于调用网络能力。Here, the user edge device is used to call network capabilities.

其中,所述用户边界设备可以是一个客户端路由器、SD-WAN CPE、云网关或者是一个应用程序。The user edge device can be a client router, SD-WAN CPE, cloud gateway or an application.

图8是本公开实施例ARN ID的生命周期示意图,如图8所示,ARN ID有三个状态:未分配、活跃期、静默期,其中,初始阶段ARN ID都在未分配状态下;一旦分配就进入活跃期,在活跃期,ARN ID服务合约超期、用户提前终结或挂失都将导致ARN ID进入静默期状态;静默期的ARN ID已处于停服状态,目的是为避免冲突或安全风险因此在一段时间内不对外分配,等待一段时间后(一般为半年或一年以上)重新回收到未分配ARN ID数据库中。Figure 8 is a schematic diagram of the life cycle of the ARN ID in the embodiment of the present disclosure. As shown in Figure 8, the ARN ID has three states: unallocated, active period, and silent period. Among them, in the initial stage, the ARN ID is in the unallocated state; once allocated, it enters the active period. During the active period, the ARN ID service contract expires, the user terminates it early, or it is reported lost, which will cause the ARN ID to enter the silent period. The ARN ID in the silent period is in a suspended state. The purpose is to avoid conflicts or security risks. Therefore, it will not be allocated to the outside for a period of time. After a period of time (generally half a year or more than a year), it will be recycled into the unallocated ARN ID database.

这里,控制器为用户边界设备分配第一ARN ID之后,还可以对所述第一ARN标识的生命周期进行管理,具体包括:Here, after the controller assigns the first ARN ID to the user edge device, it can also manage the lifecycle of the first ARN identifier, specifically including:

对所述第一ARN标识执行以下操作之一:Perform one of the following operations on the first ARN identifier:

撤销;revocation;

挂失;Report loss;

补发;reissue;

老化;aging;

延期。postpone.

这里,所述撤销是指控制器在用户及网络边缘上删除相关ARN ID信息。Here, revocation refers to the controller deleting the relevant ARN ID information at the user and network edge.

这里,所述挂失也是对应撤销相关的ARN ID。Here, the report of loss also corresponds to the cancellation of the related ARN ID.

这里,所述补发是指需要重新生成一个ARN ID。Here, reissue means that an ARN ID needs to be regenerated.

这里,所述老化是指对应APN服务有时间限制,到时间后自动撤销相应的ARN ID。Here, aging means that the corresponding APN service has a time limit, and the corresponding ARN ID will be automatically revoked after the time expires.

这里,所述延期是指延长ARN ID的服务时间。Here, the extension refers to extending the service time of the ARN ID.

步骤602:用户边界设备基于所述第一ARN标识对第一IP报文进行标记,生成第二IP报文。Step 602: The user edge device marks the first IP packet based on the first ARN identifier to generate a second IP packet.

这里,所述第一IP报文可以是指IPv6报文。Here, the first IP packet may refer to an IPv6 packet.

这里,所述第一ARN ID的长度最少为10bit以上。Here, the length of the first ARN ID is at least 10 bits.

下列方式以第一ARN ID为20bit描述几种在报文中携带的帧格式,在IPv6报文中,可以按照以下几种方式放置ARN标识(ID)信息:The following describes several frame formats carried in packets, using the first ARN ID as 20 bits. In IPv6 packets, the ARN identifier (ID) information can be placed in the following ways:

第一种携带方式是IPv6头转义方式。The first carrying method is IPv6 header escape method.

参见图9,图9是本公开实施例对第一IP报文进行标记的示意图,如图9所示,假设第一IP报文为IPv6报文,ARN ID为20bit,将ARN ID和第一信息(转义字符)分别写入IPv6报文的头部中的流标签域(Flow Label)和流量类型域(traffic class);其中,所述第一信息用于指示是否将流标签域中的原始内容转义为ARN ID。Refer to Figure 9, which is a schematic diagram of marking the first IP packet according to an embodiment of the present disclosure. As shown in Figure 9, assuming that the first IP packet is an IPv6 packet and the ARN ID is 20 bits, the ARN ID and the first information (escape character) are respectively written into the flow label field (Flow Label) and the traffic type field (traffic class) in the header of the IPv6 packet; wherein the first information is used to indicate whether the original content in the flow label field is escaped into the ARN ID.

也就是说,复用流标签(Flow Label)的20bit,并通过流量类型域(tc,traffic class)的最高位(转义字符)指明是否转义,如果该比特为1,则将流标签域中的原始内容转义为ARN ID;否则,不进行转义。That is to say, the 20 bits of the flow label are reused, and the highest bit (escape character) of the traffic class field (tc) is used to indicate whether to escape. If this bit is 1, the original content in the flow label field is escaped to the ARN ID; otherwise, no escape is performed.

第二种方式是通过IPv6扩展头携带。The second way is to carry it through the IPv6 extension header.

参见图10,图10是本公开实施例对第一IP报文进行标记的示意图,如图10所示,假设第一IP报文为IPv6报文,ARN ID为20bit,将所述ARN ID写入IPv6报文的扩展头即DOH、HBH中,type指示该4个字节(0到31比特)是ARN ID,flag为预留未定义。See Figure 10, which is a schematic diagram of marking the first IP message according to an embodiment of the present disclosure. As shown in Figure 10, assuming that the first IP message is an IPv6 message, the ARN ID is 20 bits, and the ARN ID is written into the extended header of the IPv6 message, namely DOH and HBH, type indicates that the 4 bytes (0 to 31 bits) are ARN ID, and flag is reserved and undefined.

第三种方式是通过IPv6扩展头携带。The third method is to carry it through the IPv6 extension header.

参见图11,图11是本公开实施例对第一IP报文进行标记的示意图,如图11所示,假设第一IP报文为IPv6报文,ARN ID为20bit,将所述ARN ID写入IPv6报文的扩展头SRH头,type指示该4个字节(0到31比特)是ARN ID,flag为预留未定义。See Figure 11, which is a schematic diagram of marking the first IP message according to an embodiment of the present disclosure. As shown in Figure 11, assuming that the first IP message is an IPv6 message, the ARN ID is 20 bits, and the ARN ID is written into the extended header SRH header of the IPv6 message. Type indicates that the 4 bytes (0 to 31 bits) are ARN ID, and flag is reserved and undefined.

第四种方式是通过IPv6源地址携带。The fourth method is to carry the IPv6 source address.

参见图12,图12是本公开实施例对第一IP报文进行标记的示意图,如图12所示,假设第一IP报文为IPv6报文,ARN ID为20bit,将所述ARN ID写入IPv6报文的源地址域中。See Figure 12, which is a schematic diagram of marking the first IP message according to an embodiment of the present disclosure. As shown in Figure 12, assuming that the first IP message is an IPv6 message and the ARN ID is 20 bits, the ARN ID is written into the source address field of the IPv6 message.

综上,在第一IP报文中主动携带第一ARN ID,具体位置可以是DOH、HBH、SRH、FlowLabel、源地址。具体的,如果复用Flow Label来携带ARN ID时,还需要设置流量类型域(TC)的第7位为1,用于指明当前Flow Label中携带的是ARN ID。当采用DOH、HBH、SRH来携带ARN ID时,需要额外定义type字段,表明该32bit携带的是ARN ID。通过源地址携带ARN ID时,需要通过配置来指明通过某链路或某IP收到的报文均通过源地址携带ARN ID。In summary, the first ARN ID is actively carried in the first IP message, and the specific location can be DOH, HBH, SRH, FlowLabel, and source address. Specifically, if the Flow Label is reused to carry the ARN ID, the 7th bit of the traffic type field (TC) needs to be set to 1 to indicate that the current Flow Label carries the ARN ID. When DOH, HBH, and SRH are used to carry the ARN ID, the type field needs to be additionally defined to indicate that the 32-bit carries the ARN ID. When the ARN ID is carried through the source address, it is necessary to specify through configuration that all messages received through a certain link or IP carry the ARN ID through the source address.

步骤603:用户边界设备将所述第二IP报文发送给网络边界设备。Step 603: The user edge device sends the second IP packet to the network edge device.

这里,所述网络边界设备对家庭用户来说是BRAS/BNG,对无线用户来说是对接核心网的路由器,对于政企用户来说就是接入用户专线的PE。Here, the network edge device is BRAS/BNG for home users, a router connected to the core network for wireless users, and a PE for accessing user dedicated lines for government and enterprise users.

步骤604:网络边界设备解析所述第二IP报文,得到所述第一ARN标识;对所述第一ARN标识的合法性进行验证。Step 604: The network edge device parses the second IP packet to obtain the first ARN identifier; and verifies the legitimacy of the first ARN identifier.

具体地,根据预设数据表,对所述第一ARN标识的合法性进行验证;所述预设数据表中存储有用户信息和ARN标识的预设对应关系。其中,所述用户信息可以包括用户对应的用户标识或源地址信息或链路信息。Specifically, the validity of the first ARN identifier is verified according to a preset data table, wherein the preset data table stores a preset correspondence between user information and ARN identifiers, wherein the user information may include a user identifier corresponding to the user, source address information, or link information.

也就是说,网络边界设备的接口上保存ARN ID校验表即所述预设数据表,数据表中每一项包含有用户信息和ARN标识的对应关系,其中,用户信息可以由源IP地址等表示。That is to say, the ARN ID verification table, i.e., the preset data table, is stored on the interface of the network boundary device. Each item in the data table contains the correspondence between user information and ARN identifier, wherein the user information can be represented by the source IP address, etc.

这里,网络边界设备可以从控制器获取所述预设数据表。Here, the network edge device may obtain the preset data table from the controller.

这里,网络边界设备在接收到包含第一ARN ID的第二IP报文时,可以根据所述第二IP报文中的源IP地址获得第一用户信息,并根据所述第二IP报文获得所述第一ARN ID,然后再查找所述预设数据表中是否包含所述第一用户信息和所述第一ARN标识的对应关系,以对所述第一ARN标识进行合法性校验。Here, when the network edge device receives the second IP message containing the first ARN ID, it can obtain the first user information based on the source IP address in the second IP message, and obtain the first ARN ID based on the second IP message, and then search whether the preset data table contains the correspondence between the first user information and the first ARN identifier to verify the legitimacy of the first ARN identifier.

表1是用户信息和ARN标识的对应关系的示意,如表1所示,用户信息为Ua,对应的ARN标识为数值1,用户信息为Ub,对应的ARN标识为数值2,用户信息为Uc,对应的ARN标识为数值3。Table 1 is a schematic diagram of the correspondence between user information and ARN identifiers. As shown in Table 1, if the user information is Ua, the corresponding ARN identifier is the value 1; if the user information is Ub, the corresponding ARN identifier is the value 2; and if the user information is Uc, the corresponding ARN identifier is the value 3.

表1
Table 1

这里,所述根据预设数据表,对所述第一ARN标识的合法性进行验证,包括:Here, verifying the legitimacy of the first ARN identifier according to the preset data table includes:

解析所述第二IP报文,得到第一用户信息;Parsing the second IP message to obtain the first user information;

从所述预设数据表中查找所述第一用户信息和所述第一ARN标识的对应关系;Searching the preset data table for a correspondence between the first user information and the first ARN identifier;

若从所述预设数据表中查找到所述第一用户信息和所述第一ARN标识的对应关系,则确定所述第一ARN标识合法;If a correspondence between the first user information and the first ARN identifier is found in the preset data table, it is determined that the first ARN identifier is legal;

若从所述预设数据表中未查找到所述第一用户信息和所述第一ARN标识的对应关系,则确定所述第一ARN标识不合法。If the correspondence between the first user information and the first ARN identifier is not found in the preset data table, it is determined that the first ARN identifier is illegal.

这里,可以通过入接口链路或者所述第二IP报文中的源IP地址获取所述第一用户信息。Here, the first user information may be obtained through the inbound interface link or the source IP address in the second IP packet.

步骤605:在验证所述ARN标识合法的情况下,基于所述第一ARN标识,将所述第二IP报文映射到对应的路径或切片。Step 605: When the ARN identifier is verified to be legal, the second IP packet is mapped to a corresponding path or slice based on the first ARN identifier.

具体地,所述基于所述第一ARN标识,将所述第二IP报文映射到对应的路径或切片,包括:Specifically, mapping the second IP packet to a corresponding path or slice based on the first ARN identifier includes:

根据路径或切片和ARN标识的预设对应关系,确定与所述第一ARN标识对应的第一路径或第一切片;将所述第二IP报文映射到所述第一路径或所述第一切片;Determine, according to a preset correspondence between a path or slice and an ARN identifier, a first path or a first slice corresponding to the first ARN identifier; and map the second IP packet to the first path or the first slice;

其中,所述路径或切片,包括以下之一:The path or slice includes one of the following:

基于策略的IPv6分段路由(SRv6);Policy-based Segment Routing for IPv6 (SRv6);

多协议标签交换(MPLS);Multiprotocol Label Switching (MPLS);

互联网第三层协议(IPinIP);Internet Layer 3 Protocol (IPinIP);

虚拟扩展局域网(VxLAN);Virtual Extended Local Area Network (VxLAN);

通用路由封装协议(GRE);Generic Routing Encapsulation (GRE);

通用网络虚拟化封装(GENEVE)。Generic Network Virtualization Encapsulation (GENEVE).

这里,网络边界设备可以从控制器获取路径或切片和ARN标识的预设对应关系。Here, the network edge device can obtain the preset correspondence between the path or slice and the ARN identifier from the controller.

表2是SRv6隧道和ARN标识的对应关系的示意,如表2所示,以SRv6为例,包括SRv6隧道1、SRv6隧道2、SRv6隧道3,SRv6隧道1为隧道颜色标识a(大带宽的路径或切片),对应的ARN标识为数值1,SRv6隧道2为隧道颜色标识b(低时延的路径或切片),对应的ARN标识为数值2,SRv6隧道3为隧道颜色标识c(低丢包的路径或切片),对应的ARN标识为数值3。Table 2 shows the correspondence between SRv6 tunnels and ARN identifiers. As shown in Table 2, taking SRv6 as an example, it includes SRv6 tunnel 1, SRv6 tunnel 2, and SRv6 tunnel 3. SRv6 tunnel 1 has tunnel color identifier a (high-bandwidth path or slice), and its corresponding ARN identifier is 1. SRv6 tunnel 2 has tunnel color identifier b (low-latency path or slice), and its corresponding ARN identifier is 2. SRv6 tunnel 3 has tunnel color identifier c (low-packet-loss path or slice), and its corresponding ARN identifier is 3.

表2
Table 2

这里,假设所述第一ARN标识为数值2,则根据表2可以确定对应的第一路径或第一切片为SRv6隧道2即隧道颜色标识b(低时延的路径或切片),如此,将所述第二IP报文映射到SRv6隧道2。Here, assuming that the first ARN identifier is the value 2, according to Table 2, it can be determined that the corresponding first path or first slice is SRv6 tunnel 2, that is, tunnel color identifier b (low-latency path or slice). In this way, the second IP packet is mapped to SRv6 tunnel 2.

步骤606:在验证所述ARN标识不合法的情况下,执行第一操作。Step 606: When it is verified that the ARN identifier is illegal, perform the first operation.

这里,所述第一操作包括以下之一:Here, the first operation includes one of the following:

忽略所述第二IP报文携带的所述第一ARN标识或丢弃所述第二IP报文;Ignore the first ARN identifier carried by the second IP packet or discard the second IP packet;

将所述第一ARN标识的值进行重置;Resetting the value of the first ARN identifier;

将所述第二IP报文映射到其他路径或切片。Map the second IP packet to other paths or slices.

也就是说,如果所述第二IP报文携带的第一ARN ID不为无效的0值且合法性校验失败时,所述第二IP报文可以根据配置进行如下处理:That is, if the first ARN ID carried by the second IP packet is not an invalid value of 0 and the validity check fails, the second IP packet can be processed as follows according to the configuration:

按配置忽略所述第二IP报文中的所述第一ARN ID或丢弃所述第二IP报文;或者,Ignore the first ARN ID in the second IP packet or discard the second IP packet as configured; or

将所述第一ARN ID按配置被重置为0;或者,The first ARN ID is reset to 0 as configured; or,

如果选择忽略所述第一ARN ID,则所述第二IP报文按不包含ARN ID的切片、隧道进行转发。If you choose to ignore the first ARN ID, the second IP packet will be forwarded according to the slice and tunnel that does not contain the ARN ID.

也就是说,如果选择忽略所述第一ARN ID,通过默认隧道/切片进行转发。如果报文中不携带ARN ID的报文也应通过默认隧道/切片进行转发。这样在网络升级过程中,不需要用户侧设备和网络边界设备同步支持该特性。In other words, if the first ARN ID is ignored and packets are forwarded through the default tunnel/slice, packets without an ARN ID should also be forwarded through the default tunnel/slice. This eliminates the need for both user-side devices and network edge devices to support this feature during network upgrades.

这里,协同应用需求和网络能力方面,网络ARN ID主要在网络边界业务接入点(例如PE、BRAS/BNG)上应用。Here, in terms of coordinated application requirements and network capabilities, the network ARN ID is mainly used at network edge service access points (such as PE, BRAS/BNG).

举例来说,假设网络中规划了低时延的切片或隧道服务,在用户订阅一个低时延的连接服务时,首先,业务系统根据用户订阅的业务类型调用控制器接口,控制器在收到用户的网络服务订阅需求后,会根据连接的两端位置找到对应的网络边界设备(PE/BRAS/BNG),并在这对PE/BRAS/BNG之间根据用户低时延需求新建或复用对应低时延的颜色隧道标识(color)的SRv6、多协议标签交换(MPLS)、互联网第三层协议(IPinIP)、虚拟扩展局域网(VxLAN)、通用路由封装协议(GRE)、通用网络虚拟化封装(GENEVE)等,得到相应的隧道/切片,同时控制器会针对用户、应用和网络服务(对应color)生成ARN ID,并查找用户对应的源地址信息或链路信息用于标识用户,然后将用户(源地址或链路信息)和ARN ID下发到网络边界业务接入点PE/BRAS/BNG上,并和网络资源切片/隧道相关联,这样完成了网络侧PE/BRAS/BNG的配置。For example, assuming that a low-latency slice or tunnel service is planned in the network, when a user subscribes to a low-latency connection service, first, the business system calls the controller interface according to the service type subscribed by the user. After receiving the user's network service subscription requirements, the controller will find the corresponding network edge device (PE/BRAS/BNG) according to the locations of both ends of the connection, and create or reuse the corresponding low-latency color tunnel identifier (color) of SRv6, Multi-Protocol Label Switching (MPLS), Internet Layer 3 Protocol (IPinIP) between the PE/BRAS/BNG according to the user's low-latency requirements. ), Virtual Extended LAN (VxLAN), Generic Routing Encapsulation Protocol (GRE), Generic Network Virtualization Encapsulation (GENEVE), etc., to obtain the corresponding tunnel/slice. At the same time, the controller will generate ARN ID for users, applications and network services (corresponding color), and look up the source address information or link information corresponding to the user to identify the user. The user (source address or link information) and ARN ID are then sent to the network edge service access point PE/BRAS/BNG and associated with the network resource slice/tunnel, thus completing the configuration of PE/BRAS/BNG on the network side.

在用户侧网络,控制器根据用户找到对应的用户边界设备(CPE/网关设备),然后下发ARN ID信息。这样用户在后续应用中可以根据应用类型来标记ARN ID,发送报文到网络边界设备(PE/BRAS/BNG)时,可以进行合法性校验,实现相应网络能力的调用。用户还可以通过ACL、指定链路等方式为应用标记ARN ID,在用户侧报文中打上ARN ID。On the user-side network, the controller locates the corresponding customer edge device (CPE/gateway) based on the user and then issues the ARN ID information. This allows users to tag the ARN ID based on the application type in subsequent applications. When sending messages to the network edge device (PE/BRAS/BNG), legitimacy verification is performed to enable the invocation of corresponding network capabilities. Users can also tag applications with the ARN ID through methods such as ACLs and designated links, thus including the ARN ID in user-side messages.

可以看出,在为用户提供差异化网络服务时,网络服务上可通过ARN ID而不是BSID/SID来为用户提供差异化的连接(低时延、大带宽隧道/切片)。在用户侧边界设备上,多个ARN ID可以映射到一个SR Policy。ARN ID提供为每用户分配不同值的能力,不同于多个用户共享一个BSID导致的安全性问题。和APN6不同,ARN ID的值是一个不显式携带应用、用户信息的数值,可以为随机数或顺序分配的值,因此不存在APN6暴露用户隐私的问题。在网络侧边界设备上,和APN6以及BSID不同,多个可映射为相同网络能力的ARN ID可以被聚合为一个ARN ID。It can be seen that when providing differentiated network services to users, network services can provide users with differentiated connections (low latency, large bandwidth tunnels/slices) through ARN ID instead of BSID/SID. On the user-side edge device, multiple ARN IDs can be mapped to one SR Policy. ARN ID provides the ability to assign different values to each user, which is different from the security issues caused by multiple users sharing one BSID. Unlike APN6, the value of ARN ID is a number that does not explicitly carry application or user information. It can be a random number or a sequentially assigned value, so there is no problem of APN6 exposing user privacy. On the network-side edge device, unlike APN6 and BSID, multiple ARN IDs that can be mapped to the same network capability can be aggregated into one ARN ID.

这里,所述第一ARN ID可以和用户信息一起进行流量计费。用户信息在BRAS/BNG场景下可以根据链路,即PPPoE连接来标识,在PE场景下可根据源IP地址、或专线链路来标识。Here, the first ARN ID can be used together with user information for traffic billing. In BRAS/BNG scenarios, user information can be identified by link, i.e., PPPoE connection, or in PE scenarios, by source IP address or dedicated line link.

这里,所述第一ARN ID的作用范围可以是全局也可以是本地有效,本地有效指在设备的不同ARN ID保持唯一即可;全局指在某一范围的设备内特定用户的一个或多个ARN ID可映射到网络中一个隧道/切片。Here, the scope of the first ARN ID can be global or local. Local validity means that different ARN IDs on the device are unique; global validity means that one or more ARN IDs of a specific user within a certain range of devices can be mapped to a tunnel/slice in the network.

本示例中,具备以下优点:In this example, the following advantages are achieved:

(1)由于ARN ID不显式携带用户的应用信息,且每个用户ARN ID不同,这样解决了用户隐私性问题,也解决了不同用户共享BSID带来的网络安全性问题。(1) Since the ARN ID does not explicitly carry the user’s application information and each user’s ARN ID is different, this solves the user privacy problem and also solves the network security problem caused by different users sharing the BSID.

(2)用户在报文中主动添加ARN ID,ARN ID实际上可以等价于选路策略Color(直接对应于SR Policy的Color),用户报文携带ARN ID信息进入网络边界业务接入点设备(后面简称为PE)后,PE可以根据源IP得到用户信息,并对ARN ID进行合法性校验后,然后将ARN ID映射到特定的网络隧道/切片。(2) The user actively adds the ARN ID in the message. The ARN ID is actually equivalent to the routing policy Color (directly corresponding to the Color of the SR Policy). After the user message carries the ARN ID information and enters the network edge service access point device (hereinafter referred to as PE), the PE can obtain the user information based on the source IP, and after verifying the legitimacy of the ARN ID, it can map the ARN ID to a specific network tunnel/slice.

为实现本公开实施例信息处理方法,本公开实施例还提供一种信息处理装置,设置在用户边界设备。图13是本公开实施例信息处理装置的组成结构示意图,如图13所示,所述装置包括:To implement the information processing method of the embodiment of the present disclosure, the embodiment of the present disclosure also provides an information processing device, which is installed in the user edge device. Figure 13 is a schematic diagram of the composition structure of the information processing device of the embodiment of the present disclosure. As shown in Figure 13, the device includes:

获取模块131,配置为获取第一ARN标识;所述第一ARN标识表征应用对网络能力的调用关系和/或网络对应用开放的能力;The acquisition module 131 is configured to acquire a first ARN identifier; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application;

处理模块132,配置为基于所述第一ARN标识对第一IP报文进行标记,生成第二IP报文;The processing module 132 is configured to mark the first IP packet based on the first ARN identifier to generate a second IP packet;

第一发送模块133,配置为发出所述第二IP报文。The first sending module 133 is configured to send the second IP message.

在一些实施例中,所述处理模块132,配置为:In some embodiments, the processing module 132 is configured to:

将所述第一ARN标识和第一信息分别写入所述第一IP报文的头部中的流标签域和流量类型域;Writing the first ARN identifier and the first information into the flow label field and the traffic type field in the header of the first IP packet respectively;

其中,所述第一信息用于指示是否将流标签域中的原始内容转义为所述第一ARN标识。The first information is used to indicate whether to convert the original content in the flow label field into the first ARN identifier.

在一些实施例中,所述处理模块132,配置为:In some embodiments, the processing module 132 is configured to:

将所述第一ARN标识写入所述第一IP报文的扩展头中;Writing the first ARN identifier into the extension header of the first IP packet;

或者,or,

将所述第一ARN标识写入所述第一IP报文的头部中的源地址域。The first ARN identifier is written into the source address field in the header of the first IP packet.

在一些实施例中,所述获取模块131,配置为:In some embodiments, the acquisition module 131 is configured to:

获取控制器发送的第一ARN标识;Get the first ARN identifier sent by the controller;

其中,所述第一ARN标识是所述控制器基于用户信息、应用信息和网络服务信息为所述用户边界设备分配的。The first ARN identifier is allocated by the controller to the user edge device based on user information, application information and network service information.

在一些实施例中,所述第一发送模块133,配置为:In some embodiments, the first sending module 133 is configured to:

将第一用户信息携带于所述第二IP报文中;Carrying the first user information in the second IP message;

发出所述第二IP报文。Send the second IP message.

实际应用时,所述获取模块131、第一发送模块133可以由信息处理装置中的通信接口实现;所述处理模块132可以由信息处理装置中的处理器实现。In actual application, the acquisition module 131 and the first sending module 133 can be implemented by a communication interface in an information processing device; and the processing module 132 can be implemented by a processor in the information processing device.

需要说明的是:上述实施例提供的信息处理装置在进行信息处理时,仅以上述各程序模块的划分进行举例说明,实际应用中,可以根据需要而将上述处理分配由不同的程序模块完成,即将装置的内部结构划分成不同的程序模块,以完成以上描述的全部或者部分处理。另外,上述实施例提供的信息处理装置与信息处理方法实施例属于同一构思,其具体实现过程详见方法实施例,这里不再赘述。It should be noted that the information processing device provided in the above embodiments is illustrated only by the division of the above-mentioned program modules when performing information processing. In actual applications, the above-mentioned processing can be assigned to different program modules as needed, that is, the internal structure of the device can be divided into different program modules to complete all or part of the above-described processing. In addition, the information processing device provided in the above embodiments and the information processing method embodiment are based on the same concept. The specific implementation process is detailed in the method embodiment and is not repeated here.

为实现本公开实施例信息处理方法,本公开实施例还提供一种信息处理装置,设置在网络边界设备。图14是本公开实施例信息处理装置的组成结构示意图,如图14所示,所述装置包括:To implement the information processing method of the embodiment of the present disclosure, the embodiment of the present disclosure also provides an information processing device, which is installed on the network edge device. Figure 14 is a schematic diagram of the composition structure of the information processing device of the embodiment of the present disclosure. As shown in Figure 14, the device includes:

接收模块141,配置为接收第二IP报文;Receiving module 141, configured to receive a second IP message;

其中,in,

所述第二IP报文是用户边界设备获取第一ARN标识,基于所述第一ARN标识对第一IP报文进行标记得到的;所述ARN标识表征应用对网络能力的调用关系和/或网络对应用开放的能力。The second IP packet is obtained by the user edge device obtaining the first ARN identifier and marking the first IP packet based on the first ARN identifier; the ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application.

在一些实施例中,所述装置配置为:In some embodiments, the apparatus is configured to:

解析所述第二IP报文,得到所述第一ARN标识;Parsing the second IP packet to obtain the first ARN identifier;

根据预设数据表,对所述第一ARN标识的合法性进行验证,得到验证结果;所述预设数据表中存储有用户信息和ARN标识的预设对应关系;Verify the legitimacy of the first ARN identifier according to a preset data table to obtain a verification result; the preset data table stores a preset correspondence between user information and ARN identifiers;

在验证结果表征所述第一ARN标识合法的情况下,基于所述第一ARN标识,将所述第二IP报文映射到对应的路径或切片。When the verification result indicates that the first ARN identifier is legal, the second IP packet is mapped to a corresponding path or slice based on the first ARN identifier.

在一些实施例中,所述装置配置为:In some embodiments, the apparatus is configured to:

在验证结果表征所述ARN标识不合法的情况下,执行第一操作;If the verification result indicates that the ARN identifier is illegal, perform the first operation;

其中,所述第一操作包括以下之一:The first operation includes one of the following:

忽略所述第二IP报文携带的所述第一ARN标识或丢弃所述第二IP报文;Ignore the first ARN identifier carried by the second IP packet or discard the second IP packet;

将所述第一ARN标识的值进行重置;Resetting the value of the first ARN identifier;

将所述第二IP报文映射到不携带ARN标识的报文对应的默认路径或切片。Map the second IP packet to the default path or slice corresponding to the packet that does not carry the ARN identifier.

在一些实施例中,所述装置配置为:In some embodiments, the apparatus is configured to:

解析所述第二IP报文,得到第一用户信息;Parsing the second IP message to obtain the first user information;

从所述预设数据表中查找所述第一用户信息和所述第一ARN标识的对应关系;Searching the preset data table for a correspondence between the first user information and the first ARN identifier;

若从所述预设数据表中查找到所述第一用户信息和所述第一ARN标识的对应关系,则确定所述第一ARN标识合法。If a correspondence between the first user information and the first ARN identifier is found in the preset data table, it is determined that the first ARN identifier is legal.

在一些实施例中,所述装置配置为:In some embodiments, the apparatus is configured to:

如果所述第一ARN标识合法,根据路径或切片和ARN标识的预设对应关系,确定与所述第一ARN标识对应的第一路径或第一切片;将所述第二IP报文映射到所述第一路径或所述第一切片;If the first ARN identifier is legal, determine the first path or first slice corresponding to the first ARN identifier according to the preset correspondence between the path or slice and the ARN identifier; map the second IP packet to the first path or the first slice;

其中,所述路径或切片,包括以下之一:The path or slice includes one of the following:

SRv6;SRv6;

MPLS;MPLS;

IPinIP;IPinIP;

VxLAN;VxLAN;

GRE;GRE;

GENEVE。GENEVE.

实际应用时,所述接收模块141可以由信息处理装置中的通信接口实现。In actual application, the receiving module 141 can be implemented by a communication interface in an information processing device.

需要说明的是:上述实施例提供的信息处理装置在进行信息处理时,仅以上述各程序模块的划分进行举例说明,实际应用中,可以根据需要而将上述处理分配由不同的程序模块完成,即将装置的内部结构划分成不同的程序模块,以完成以上描述的全部或者部分处理。另外,上述实施例提供的信息处理装置与信息处理方法实施例属于同一构思,其具体实现过程详见方法实施例,这里不再赘述。It should be noted that the information processing device provided in the above embodiments is illustrated only by the division of the above-mentioned program modules when performing information processing. In actual applications, the above-mentioned processing can be assigned to different program modules as needed, that is, the internal structure of the device can be divided into different program modules to complete all or part of the above-described processing. In addition, the information processing device provided in the above embodiments and the information processing method embodiment are based on the same concept. The specific implementation process is detailed in the method embodiment and is not repeated here.

为实现本公开实施例信息处理方法,本公开实施例还提供一种信息处理装置,设置在控制器。图15是本公开实施例信息处理装置的组成结构示意图,如图15所示,所述装置包括:To implement the information processing method of the embodiment of the present disclosure, the embodiment of the present disclosure further provides an information processing device, which is provided in the controller. FIG15 is a schematic diagram of the composition structure of the information processing device of the embodiment of the present disclosure. As shown in FIG15 , the device includes:

第二发送模块151,配置为向用户边界设备发送第一ARN标识;所述第一ARN标识表征应用对网络能力的调用关系和/或网络对应用开放的能力;The second sending module 151 is configured to send a first ARN identifier to the user edge device; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application;

其中,所述第一ARN标识用于所述用户边界设备对第一IP报文进行标记,生成第二IP报文,并发出所述第二IP报文。The first ARN identifier is used by the user edge device to mark the first IP packet, generate a second IP packet, and send the second IP packet.

在一些实施例中,所述第二发送模块151,配置为:In some embodiments, the second sending module 151 is configured to:

将用户信息和ARN标识的预设对应关系发送至网络边界设备;并将路径或切片和ARN标识的预设对应关系发送至所述网络边界设备;Sending the preset correspondence between user information and ARN identifier to the network edge device; and sending the preset correspondence between path or slice and ARN identifier to the network edge device;

其中,所述路径或切片,包括以下之一:The path or slice includes one of the following:

SRv6;SRv6;

MPLS;MPLS;

IPinIP;IPinIP;

VxLAN;VxLAN;

GRE;GRE;

GENEVE。GENEVE.

在一些实施例中,所述装置配置为:In some embodiments, the apparatus is configured to:

基于用户信息、应用信息和网络服务信息,为所述用户边界设备分配所述第一ARN标识。The first ARN identifier is allocated to the user edge device based on user information, application information, and network service information.

此外,根据本公开的至少一个实施例,所述方法还包括:对所述第一ARN标识的生命周期进行管理。In addition, according to at least one embodiment of the present disclosure, the method further includes: managing the life cycle of the first ARN identifier.

在一些实施例中,所述装置配置为:In some embodiments, the apparatus is configured to:

对所述第一ARN标识执行以下操作之一:Perform one of the following operations on the first ARN identifier:

撤销;revocation;

挂失;Report loss;

补发;reissue;

老化;aging;

延期。postpone.

实际应用时,所述第二发送模块151可以由信息处理装置中的通信接口实现。In actual application, the second sending module 151 can be implemented by a communication interface in an information processing device.

需要说明的是:上述实施例提供的信息处理装置在进行信息处理时,仅以上述各程序模块的划分进行举例说明,实际应用中,可以根据需要而将上述处理分配由不同的程序模块完成,即将装置的内部结构划分成不同的程序模块,以完成以上描述的全部或者部分处理。另外,上述实施例提供的信息处理装置与信息处理方法实施例属于同一构思,其具体实现过程详见方法实施例,这里不再赘述。It should be noted that the information processing device provided in the above embodiments is illustrated only by the division of the above-mentioned program modules when performing information processing. In actual applications, the above-mentioned processing can be assigned to different program modules as needed, that is, the internal structure of the device can be divided into different program modules to complete all or part of the above-described processing. In addition, the information processing device provided in the above embodiments and the information processing method embodiment are based on the same concept. The specific implementation process is detailed in the method embodiment and is not repeated here.

本公开实施例还提供了一种用户边界设备,如图16所示,包括:The present disclosure also provides a user edge device, as shown in FIG16 , including:

第一通信接口161,能够与其它用户边界设备进行信息交互;The first communication interface 161 is capable of exchanging information with other user edge devices;

第一处理器162,与所述第一通信接口161连接,用于运行计算机程序时,执行上述用户边界设备侧一个或多个技术方案提供的方法。而所述计算机程序存储在第一存储器163上。The first processor 162 is connected to the first communication interface 161 and is configured to execute the method provided by one or more technical solutions on the user edge device side when running a computer program. The computer program is stored in the first memory 163 .

需要说明的是:所述第一处理器162和第一通信接口161的具体处理过程详见方法实施例,这里不再赘述。It should be noted that the specific processing procedures of the first processor 162 and the first communication interface 161 are detailed in the method embodiment and will not be repeated here.

当然,实际应用时,用户边界设备160中的各个组件通过总线系统164耦合在一起。可理解,总线系统164用于实现这些组件之间的连接通信。总线系统164除包括数据总线之外,还包括电源总线、控制总线和状态信号总线。但是为了清楚说明起见,在图16中将各种总线都标为总线系统164。In practice, the various components within the customer edge device 160 are coupled together via a bus system 164. It will be appreciated that bus system 164 is used to enable communication between these components. In addition to a data bus, bus system 164 also includes a power bus, a control bus, and a status signal bus. However, for clarity, all of these buses are labeled as bus system 164 in FIG. 16 .

本公开实施例中的第一存储器163用于存储各种类型的数据以支持用户边界设备160的操作。这些数据的示例包括:用于在用户边界设备160上操作的任何计算机程序。The first memory 163 in the embodiment of the present disclosure is used to store various types of data to support the operation of the user edge device 160 . Examples of such data include any computer program used to operate on the user edge device 160 .

上述本公开实施例揭示的方法可以应用于所述第一处理器162中,或者由所述第一处理器162实现。所述第一处理器162可能是一种集成电路芯片,具有信号的处理能力。在实现过程中,上述方法的各步骤可以通过所述第一处理器162中的硬件的集成逻辑电路或者软件形式的指令完成。上述的所述第一处理器162可以是通用处理器、数字数据处理器(DSP,Digital Signal Processor),或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。所述第一处理器162可以实现或者执行本公开实施例中的公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者任何常规的处理器等。结合本公开实施例所公开的方法的步骤,可以直接体现为硬件译码处理器执行完成,或者用译码处理器中的硬件及软件模块组合执行完成。软件模块可以位于存储介质中,该存储介质位于第一存储器163,所述第一处理器162读取第一存储器163中的信息,结合其硬件完成前述方法的步骤。The methods disclosed in the above embodiments of the present disclosure can be applied to the first processor 162 or implemented by the first processor 162. The first processor 162 may be an integrated circuit chip with signal processing capabilities. During implementation, the steps of the above methods can be completed by hardware integrated logic circuits in the first processor 162 or by software instructions. The above first processor 162 may be a general-purpose processor, a digital signal processor (DSP), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. The first processor 162 can implement or execute the various methods, steps, and logic block diagrams disclosed in the embodiments of the present disclosure. A general-purpose processor may be a microprocessor or any conventional processor, etc. The steps of the methods disclosed in conjunction with the embodiments of the present disclosure can be directly implemented as being executed by a hardware decoding processor, or can be executed by a combination of hardware and software modules in the decoding processor. The software module can be located in a storage medium located in the first memory 163. The first processor 162 reads the information in the first memory 163 and completes the steps of the above methods in conjunction with its hardware.

本公开实施例还提供了一种网络边界设备,如图17所示,包括:The present disclosure also provides a network edge device, as shown in FIG17 , including:

第二通信接口171,能够与其它用户边界设备进行信息交互;The second communication interface 171 is capable of exchanging information with other user edge devices;

第二处理器172,与所述第二通信接口171连接,用于运行计算机程序时,执行上述网络边界设备侧一个或多个技术方案提供的方法。而所述计算机程序存储在第二存储器173上。The second processor 172 is connected to the second communication interface 171 and is configured to execute the method provided by one or more technical solutions on the network edge device side when running a computer program. The computer program is stored in the second memory 173 .

需要说明的是:所述第二处理器172和第二通信接口171的具体处理过程详见方法实施例,这里不再赘述。It should be noted that the specific processing procedures of the second processor 172 and the second communication interface 171 are detailed in the method embodiment and will not be repeated here.

当然,实际应用时,网络边界设备170中的各个组件通过总线系统174耦合在一起。可理解,总线系统174用于实现这些组件之间的连接通信。总线系统174除包括数据总线之外,还包括电源总线、控制总线和状态信号总线。但是为了清楚说明起见,在图17中将各种总线都标为总线系统174。In practice, the various components within network edge device 170 are coupled together via bus system 174. It will be appreciated that bus system 174 is used to enable communication between these components. In addition to a data bus, bus system 174 also includes a power bus, a control bus, and a status signal bus. However, for clarity, all of these buses are labeled as bus system 174 in FIG. 17 .

本公开实施例中的第二存储器173用于存储各种类型的数据以支持网络边界设备170的操作。这些数据的示例包括:用于在网络边界设备170上操作的任何计算机程序。The second memory 173 in the embodiment of the present disclosure is used to store various types of data to support the operation of the network boundary device 170. Examples of such data include any computer program used to operate on the network boundary device 170.

上述本公开实施例揭示的方法可以应用于所述第二处理器172中,或者由所述第二处理器172实现。所述第二处理器172可能是一种集成电路芯片,具有信号的处理能力。在实现过程中,上述方法的各步骤可以通过所述第二处理器172中的硬件的集成逻辑电路或者软件形式的指令完成。上述的所述第二处理器172可以是通用处理器、数字数据处理器(DSP,Digital Signal Processor),或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。所述第二处理器172可以实现或者执行本公开实施例中的公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者任何常规的处理器等。结合本公开实施例所公开的方法的步骤,可以直接体现为硬件译码处理器执行完成,或者用译码处理器中的硬件及软件模块组合执行完成。软件模块可以位于存储介质中,该存储介质位于第二存储器173,所述第二处理器172读取第二存储器173中的信息,结合其硬件完成前述方法的步骤。The methods disclosed in the above embodiments of the present disclosure can be applied to the second processor 172 or implemented by the second processor 172. The second processor 172 may be an integrated circuit chip with signal processing capabilities. During implementation, each step of the above method can be completed by the hardware integrated logic circuit in the second processor 172 or by instructions in the form of software. The above second processor 172 may be a general-purpose processor, a digital signal processor (DSP), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. The second processor 172 can implement or execute the various methods, steps, and logic block diagrams disclosed in the embodiments of the present disclosure. A general-purpose processor may be a microprocessor or any conventional processor. The steps of the methods disclosed in conjunction with the embodiments of the present disclosure can be directly implemented as being executed by a hardware decoding processor, or can be executed by a combination of hardware and software modules in the decoding processor. The software module can be located in a storage medium located in the second memory 173. The second processor 172 reads the information in the second memory 173 and completes the steps of the above method in conjunction with its hardware.

本公开实施例还提供了一种控制器,如图18所示,包括:The present disclosure also provides a controller, as shown in FIG18 , including:

第三通信接口181,能够与其它设备进行信息交互;The third communication interface 181 is capable of exchanging information with other devices;

第三处理器182,与所述第三通信接口181连接,用于运行计算机程序时,执行上述控制器侧一个或多个技术方案提供的方法。而所述计算机程序存储在第三存储器183上。The third processor 182 is connected to the third communication interface 181 and is used to execute the method provided by one or more technical solutions of the controller side when running a computer program. The computer program is stored in the third memory 183.

需要说明的是:所述第三处理器182和第三通信接口181的具体处理过程详见方法实施例,这里不再赘述。It should be noted that the specific processing process of the third processor 182 and the third communication interface 181 is detailed in the method embodiment and will not be repeated here.

当然,实际应用时,控制器180中的各个组件通过总线系统184耦合在一起。可理解,总线系统184用于实现这些组件之间的连接通信。总线系统184除包括数据总线之外,还包括电源总线、控制总线和状态信号总线。但是为了清楚说明起见,在图18中将各种总线都标为总线系统184。Of course, in actual applications, the various components in controller 180 are coupled together via bus system 184. It will be appreciated that bus system 184 is used to enable communication between these components. In addition to a data bus, bus system 184 also includes a power bus, a control bus, and a status signal bus. However, for clarity, in FIG. 18 , all of these buses are labeled as bus system 184.

本公开实施例中的第三存储器183用于存储各种类型的数据以支持控制器180的操作。这些数据的示例包括:用于在控制器180上操作的任何计算机程序。The third memory 183 in the embodiment of the present disclosure is used to store various types of data to support the operation of the controller 180. Examples of such data include any computer programs used to operate on the controller 180.

上述本公开实施例揭示的方法可以应用于所述第三处理器182中,或者由所述第三处理器182实现。所述第三处理器182可能是一种集成电路芯片,具有信号的处理能力。在实现过程中,上述方法的各步骤可以通过所述第三处理器182中的硬件的集成逻辑电路或者软件形式的指令完成。上述的所述第三处理器182可以是通用第三处理器、数字数据第三处理器(DSP,Digital Signal Processor),或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。所述第三处理器182可以实现或者执行本公开实施例中的公开的各方法、步骤及逻辑框图。通用第三处理器可以是微第三处理器或者任何常规的第三处理器等。结合本公开实施例所公开的方法的步骤,可以直接体现为硬件译码第三处理器执行完成,或者用译码第三处理器中的硬件及软件模块组合执行完成。软件模块可以位于存储介质中,该存储介质位于第三存储器183,所述第三处理器182读取第三存储器183中的信息,结合其硬件完成前述方法的步骤。The methods disclosed in the above-mentioned embodiments of the present disclosure can be applied to the third processor 182 or implemented by the third processor 182. The third processor 182 may be an integrated circuit chip with signal processing capabilities. During implementation, each step of the above-mentioned method can be completed by hardware integrated logic circuits or software instructions in the third processor 182. The above-mentioned third processor 182 may be a general-purpose third processor, a digital signal processor (DSP), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. The third processor 182 can implement or execute the various methods, steps, and logic block diagrams disclosed in the embodiments of the present disclosure. A general-purpose third processor can be a microprocessor or any conventional third processor. The steps of the methods disclosed in conjunction with the embodiments of the present disclosure can be directly implemented and executed by the hardware decoding third processor, or by a combination of hardware and software modules in the decoding third processor. The software module can be located in a storage medium located in the third memory 183. The third processor 182 reads the information in the third memory 183 and, in conjunction with its hardware, completes the steps of the above-mentioned method.

在示例性实施例中,用户边界设备160、网络边界设备170、控制器180可以被一个或多个应用专用集成电路(ASIC,Application Specific Integrated Circuit)、DSP、可编程逻辑器件(PLD,Programmable Logic Device)、复杂可编程逻辑器件(CPLD,Complex Programmable Logic Device)、现场可编程门阵列(FPGA,Field-Programmable Gate Array)、通用处理器、控制器、微控制器(MCU,Micro Controller Unit)、微处理器(Microprocessor)、或者其他电子元件实现,用于执行前述方法。In an exemplary embodiment, the user edge device 160, the network edge device 170, and the controller 180 can be implemented by one or more application-specific integrated circuits (ASICs), DSPs, programmable logic devices (PLDs), complex programmable logic devices (CPLDs), field-programmable gate arrays (FPGAs), general-purpose processors, controllers, microcontrollers (MCUs), microprocessors, or other electronic components to perform the aforementioned method.

可以理解,本公开实施例的存储器(第一存储器163、第二存储器173、第三存储器183)可以是易失性存储器或者非易失性存储器,也可包括易失性和非易失性存储器两者。其中,非易失性存储器可以是只读存储器(ROM,Read Only Memory)、可编程只读存储器(PROM,Programmable Read-Only Memory)、可擦除可编程只读存储器(EPROM,Erasable Programmable Read-Only Memory)、电可擦除可编程只读存储器(EEPROM,Electrically Erasable Programmable Read-Only Memory)、磁性随机存取存储器(FRAM,ferromagnetic random access memory)、快闪存储器(Flash Memory)、磁表面存储器、光盘、或只读光盘(CD-ROM,Compact Disc Read-Only Memory);磁表面存储器可以是磁盘存储器或磁带存储器。易失性存储器可以是随机存取存储器(RAM,Random Access Memory),其用作外部高速缓存。通过示例性但不是限制性说明,许多形式的RAM可用,例如静态随机存取存储器(SRAM,Static Random Access Memory)、同步静态随机存取存储器(SSRAM,Synchronous Static Random Access Memory)、动态随机存取存储器(DRAM,Dynamic Random Access Memory)、同步动态随机存取存储器(SDRAM,Synchronous Dynamic Random Access Memory)、双倍数据速率同步动态随机存取存储器(DDRSDRAM,Double Data Rate Synchronous Dynamic Random Access Memory)、增强型同步动态随机存取存储器(ESDRAM,Enhanced Synchronous Dynamic Random Access Memory)、同步连接动态随机存取存储器(SLDRAM,SyncLink Dynamic Random Access Memory)、直接内存总线随机存取存储器(DRRAM,Direct Rambus Random Access Memory)。本公开实施例描述的存储器旨在包括但不限于这些和任意其它适合类型的存储器。It can be understood that the memory (first memory 163, second memory 173, third memory 183) of the embodiment of the present disclosure can be a volatile memory or a non-volatile memory, and can also include both volatile and non-volatile memories. Among them, the non-volatile memory can be a read-only memory (ROM), a programmable read-only memory (PROM), an erasable programmable read-only memory (EPROM), an electrically erasable programmable read-only memory (EEPROM), a magnetic random access memory (FRAM), a flash memory, a magnetic surface memory, an optical disc, or a compact disc read-only memory (CD-ROM); the magnetic surface memory can be a disk memory or a tape memory. Volatile memory can be random access memory (RAM), which is used as external cache. By way of example and not limitation, many forms of RAM are available, such as static random access memory (SRAM), synchronous static random access memory (SSRAM), dynamic random access memory (DRAM), synchronous dynamic random access memory (SDRAM), double data rate synchronous dynamic random access memory (DDRSDRAM), enhanced synchronous dynamic random access memory (ESDRAM), synchronized dynamic random access memory (SLDRAM), and direct rambus random access memory (DRRAM). The memory described in the embodiments of the present disclosure is intended to include, but is not limited to, these and any other suitable types of memory.

在示例性实施例中,本公开实施例还提供了一种存储介质,即计算机存储介质,具体为计算机可读存储介质,例如包括存储计算机程序的存储器,上述计算机程序可由用户边界设备160的第一处理器162执行,以完成前述用户边界设备侧方法所述步骤。计算机可读存储介质可以是FRAM、ROM、PROM、EPROM、EEPROM、Flash Memory、磁表面存储器、光盘、或CD-ROM等存储器。In an exemplary embodiment, the present disclosure further provides a storage medium, namely, a computer storage medium, specifically, a computer-readable storage medium, such as a memory storing a computer program. The computer program can be executed by the first processor 162 of the user edge device 160 to complete the steps of the user edge device-side method. The computer-readable storage medium can be a memory such as FRAM, ROM, PROM, EPROM, EEPROM, Flash Memory, magnetic surface storage, optical disk, or CD-ROM.

示例性地,本公开实施例还提供了一种计算机程序产品,包括计算机程序,所述计算机程序可由用户边界设备160的第一处理器162执行,以完成前述任一方法所述步骤,或者由网络边界设备170的第二处理器172执行,以完成前述任一方法所述步骤,或者由控制器180的第三处理器182执行,以完成前述任一方法所述步骤。Illustratively, an embodiment of the present disclosure also provides a computer program product, including a computer program, which can be executed by the first processor 162 of the user edge device 160 to complete the steps of any of the aforementioned methods, or executed by the second processor 172 of the network edge device 170 to complete the steps of any of the aforementioned methods, or executed by the third processor 182 of the controller 180 to complete the steps of any of the aforementioned methods.

需要说明的是:“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。It should be noted that: "first", "second", etc. are used to distinguish similar objects, and are not necessarily used to describe a specific order or sequence.

另外,本公开实施例所记载的技术方案之间,在不冲突的情况下,可以任意组合。In addition, the technical solutions described in the embodiments of the present disclosure can be arbitrarily combined without conflict.

以上所述,仅为本公开的较佳实施例而已,并非用于限定本公开的保护范围。The above description is merely a preferred embodiment of the present disclosure and is not intended to limit the scope of protection of the present disclosure.

Claims (28)

一种信息处理方法,应用于用户边界设备,所述方法包括:An information processing method, applied to a user edge device, comprising: 获取第一应用响应网络ARN标识;所述第一ARN标识表征应用对网络能力的调用关系和/或网络对应用开放的能力;Obtaining a first application response network ARN identifier; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability exposed by the network to the application; 基于所述第一ARN标识对第一互联网协议IP报文进行标记,生成第二IP报文;Marking the first Internet Protocol (IP) packet based on the first ARN identifier to generate a second IP packet; 发出所述第二IP报文。Send the second IP message. 根据权利要求1所述的方法,其中,所述基于所述第一ARN标识对第一IP报文进行标记,包括:The method according to claim 1, wherein marking the first IP packet based on the first ARN identifier includes: 将所述第一ARN标识和第一信息分别写入所述第一IP报文的头部中的流标签域和流量类型域;Writing the first ARN identifier and the first information into the flow label field and the traffic type field in the header of the first IP packet respectively; 其中,所述第一信息用于指示是否将流标签域中的原始内容转义为所述第一ARN标识。The first information is used to indicate whether to convert the original content in the flow label field into the first ARN identifier. 根据权利要求1所述的方法,其中,所述基于所述第一ARN标识对第一IP报文进行标记,包括:The method according to claim 1, wherein marking the first IP packet based on the first ARN identifier includes: 将所述第一ARN标识写入所述第一IP报文的扩展头中;Writing the first ARN identifier into the extension header of the first IP packet; 或者,or, 将所述第一ARN标识写入所述第一IP报文的头部中的源地址域。The first ARN identifier is written into the source address field in the header of the first IP packet. 根据权利要求1所述的方法,其中,所述获取第一ARN标识,包括:The method according to claim 1, wherein obtaining the first ARN identifier includes: 获取控制器发送的第一ARN标识;Get the first ARN identifier sent by the controller; 其中,所述第一ARN标识是所述控制器基于用户信息、应用信息和网络服务信息为所述用户边界设备分配的。The first ARN identifier is allocated by the controller to the user edge device based on user information, application information and network service information. 根据权利要求1至4任一项所述的方法,其中,所述发出所述第二IP报文,包括:The method according to any one of claims 1 to 4, wherein sending the second IP message comprises: 将第一用户信息携带于所述第二IP报文中;Carrying the first user information in the second IP message; 发出所述第二IP报文。Send the second IP message. 根据权利要求1所述的方法,其中,所述获取第一ARN标识,包括:The method according to claim 1, wherein obtaining the first ARN identifier includes: 获取动态主机配置协议DHCP服务器发送的第一ARN标识。Get the first ARN identifier sent by the Dynamic Host Configuration Protocol DHCP server. 根据权利要求1至4任一项所述的方法,其中,所述发出所述第二IP报文,包括:The method according to any one of claims 1 to 4, wherein sending the second IP message comprises: 对所述第二IP报文添加外层IPv6报头,并将第一用户信息携带于所述外层IPv6报头中;Adding an outer IPv6 header to the second IP packet, and carrying the first user information in the outer IPv6 header; 发出添加外层IPv6报头的第二IP报文。The second IP packet with the outer IPv6 header added is sent. 根据权利要求1所述的方法,其中,所述基于所述第一ARN标识对第一IP报文进行标记,包括:The method according to claim 1, wherein marking the first IP packet based on the first ARN identifier includes: 对所述第一报文添加外层IPv6报头;Adding an outer IPv6 header to the first message; 将所述第一ARN标识携带于所述外层IPv6报头的目的选项头DOH中。The first ARN identifier is carried in the destination options header DOH of the outer IPv6 header. 根据权利要求1所述的方法,其中,所述方法还应用于应用程序。The method according to claim 1, wherein the method is further applied to an application. 根据权利要求9所述的方法,其中,所述方法还包括:The method according to claim 9, wherein the method further comprises: 将所述第一ARN标识携带于第三报文的逐跳选项头HBH中,生成第四报文;Carrying the first ARN identifier in the hop-by-hop options header HBH of the third message to generate a fourth message; 发出所述第四报文。The fourth message is sent. 一种信息处理方法,应用于网络边界设备,所述方法包括:An information processing method, applied to a network edge device, comprising: 接收第二IP报文;Receive a second IP packet; 其中,in, 所述第二IP报文是用户边界设备获取第一ARN标识,基于所述第一ARN标识对第一IP报文进行标记得到的;所述第一ARN标识表征应用对网络能力的调用关系和/或网络对应用开放的能力。The second IP packet is obtained by the user edge device obtaining the first ARN identifier and marking the first IP packet based on the first ARN identifier; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application. 根据权利要求11所述的方法,其中,所述方法还包括:The method according to claim 11, wherein the method further comprises: 解析所述第二IP报文,得到所述第一ARN标识;Parsing the second IP packet to obtain the first ARN identifier; 根据预设数据表,对所述第一ARN标识的合法性进行验证,得到验证结果;所述预设数据表中存储有用户信息和ARN标识的预设对应关系;Verify the legitimacy of the first ARN identifier according to a preset data table to obtain a verification result; the preset data table stores a preset correspondence between user information and ARN identifiers; 在验证结果表征所述第一ARN标识合法的情况下,基于所述第一ARN标识,将所述第二IP报文映射到对应的路径或切片。When the verification result indicates that the first ARN identifier is legal, the second IP packet is mapped to a corresponding path or slice based on the first ARN identifier. 根据权利要求12所述的方法,其中,所述方法还包括:The method according to claim 12, wherein the method further comprises: 在验证结果表征所述第一ARN标识不合法的情况下,执行第一操作;If the verification result indicates that the first ARN identifier is illegal, perform a first operation; 其中,所述第一操作包括以下之一:The first operation includes one of the following: 忽略所述第二IP报文携带的所述第一ARN标识或丢弃所述第二IP报文;Ignore the first ARN identifier carried by the second IP packet or discard the second IP packet; 将所述第一ARN标识的值进行重置;Resetting the value of the first ARN identifier; 将所述第二IP报文映射到不携带ARN标识的报文对应的默认路径或切片。Map the second IP packet to the default path or slice corresponding to the packet that does not carry the ARN identifier. 根据权利要求12所述的方法,其中,所述根据预设数据表,对所述第一ARN标识的合法性进行验证,包括:The method according to claim 12, wherein the verifying the legitimacy of the first ARN identifier according to a preset data table includes: 解析所述第二IP报文,得到第一用户信息;Parsing the second IP message to obtain the first user information; 从所述预设数据表中查找所述第一用户信息和所述第一ARN标识的对应关系;Searching the preset data table for a correspondence between the first user information and the first ARN identifier; 若从所述预设数据表中查找到所述第一用户信息和所述第一ARN标识的对应关系,则确定所述第一ARN标识合法。If a correspondence between the first user information and the first ARN identifier is found in the preset data table, it is determined that the first ARN identifier is legal. 根据权利要求12所述的方法,其中,所述基于所述第一ARN标识,将所述第二IP报文映射到对应的路径或切片,包括:The method according to claim 12, wherein mapping the second IP packet to a corresponding path or slice based on the first ARN identifier includes: 如果所述第一ARN标识合法,根据路径或切片和ARN标识的预设对应关系,确定与所述第一ARN标识对应的第一路径或第一切片;将所述第二IP报文映射到所述第一路径或所述第一切片;If the first ARN identifier is legal, determine the first path or first slice corresponding to the first ARN identifier according to the preset correspondence between the path or slice and the ARN identifier; map the second IP packet to the first path or the first slice; 其中,所述路径或切片,包括以下之一:The path or slice includes one of the following: 基于策略的IPv6分段路由SRv6;Policy-based IPv6 Segment Routing (SRv6); 多协议标签交换MPLS;Multi-protocol Label Switching (MPLS); 互联网第三层协议IPinIP;Internet Layer 3 protocol IPinIP; 虚拟扩展局域网VxLAN;Virtual extended local area network VxLAN; 通用路由封装协议GRE;Generic Routing Encapsulation (GRE); 通用网络虚拟化封装GENEVE。Geneve, a general network virtualization package. 一种信息处理方法,应用于控制器,所述方法包括:An information processing method, applied to a controller, comprising: 向用户边界设备发送第一ARN标识;所述第一ARN标识表征应用对网络能力的调用关系和/或网络对应用开放的能力;Sending a first ARN identifier to a user edge device; the first ARN identifier represents a calling relationship between an application and a network capability and/or a capability open to the application by the network; 其中,所述第一ARN标识用于所述用户边界设备对第一IP报文进行标记,生成第二IP报文,并发出所述第二IP报文。The first ARN identifier is used by the user edge device to mark the first IP packet, generate a second IP packet, and send the second IP packet. 根据权利要求16所述的方法,其中,所述方法还包括:The method according to claim 16, wherein the method further comprises: 将用户信息和ARN标识的预设对应关系发送至网络边界设备;并将路径或切片和ARN标识的预设对应关系发送至所述网络边界设备;Sending the preset correspondence between user information and ARN identifier to the network edge device; and sending the preset correspondence between path or slice and ARN identifier to the network edge device; 其中,所述路径或切片,包括以下之一:The path or slice includes one of the following: SRv6;SRv6; MPLS;MPLS; IPinIP;IPinIP; VxLAN;VxLAN; GRE;GRE; GENEVE。GENEVE. 根据权利要求16所述的方法,其中,所述方法还包括:The method according to claim 16, wherein the method further comprises: 基于用户信息、应用信息和网络服务信息,为所述用户边界设备分配所述第一ARN标识。The first ARN identifier is allocated to the user edge device based on user information, application information, and network service information. 根据权利要求16所述的方法,其中,所述方法还包括:The method according to claim 16, wherein the method further comprises: 对所述第一ARN标识的生命周期进行管理。Manage the life cycle of the first ARN identifier. 根据权利要求19所述的方法,其中,所述对所述第一ARN标识的生命周期进行管理,包括:The method according to claim 19, wherein managing the lifecycle of the first ARN identifier includes: 对所述第一ARN标识执行以下操作之一:Perform one of the following operations on the first ARN identifier: 撤销;revocation; 挂失;Report loss; 补发;reissue; 老化;aging; 延期。postpone. 一种信息处理装置,包括:An information processing device, comprising: 获取模块,配置为获取第一ARN标识;所述第一ARN标识表征应用对网络能力的调用关系和/或网络对应用开放的能力;An acquisition module configured to acquire a first ARN identifier; the first ARN identifier represents a calling relationship between an application and a network capability and/or a capability open to the application by the network; 处理模块,配置为基于所述第一ARN标识对第一IP报文进行标记,生成第二IP报文;a processing module configured to mark the first IP packet based on the first ARN identifier to generate a second IP packet; 第一发送模块,配置为发出所述第二IP报文。The first sending module is configured to send the second IP message. 一种信息处理装置,包括:An information processing device, comprising: 接收模块,配置为接收第二IP报文;A receiving module configured to receive a second IP message; 其中,in, 所述第二IP报文是用户边界设备获取第一ARN标识,基于所述第一ARN标识对第一IP报文进行标记得到的;所述第一ARN标识表征应用对网络能力的调用关系和/或网络对应用开放的能力。The second IP packet is obtained by the user edge device obtaining the first ARN identifier and marking the first IP packet based on the first ARN identifier; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application. 一种信息处理装置,包括:An information processing device, comprising: 第二发送模块,配置为向用户边界设备发送第一ARN标识;所述第一ARN标识表征应用对网络能力的调用关系和/或网络对应用开放的能力;A second sending module is configured to send a first ARN identifier to the user edge device; the first ARN identifier represents the calling relationship between the application and the network capability and/or the capability opened by the network to the application; 其中,所述第一ARN标识用于所述用户边界设备对第一IP报文进行标记,生成第二IP报文,并发出所述第二IP报文。The first ARN identifier is used by the user edge device to mark the first IP packet, generate a second IP packet, and send the second IP packet. 一种用户边界设备,包括处理器和用于存储能够在处理器上运行的计算机程序的存储器,A user edge device comprises a processor and a memory for storing a computer program capable of running on the processor, 其中,所述处理器用于运行所述计算机程序时,执行权利要求1至10任一项所述方法的步骤。Wherein, when the processor is used to run the computer program, it executes the steps of the method according to any one of claims 1 to 10. 一种网络边界设备,包括处理器和用于存储能够在处理器上运行的计算机程序的存储器,A network edge device comprising a processor and a memory for storing a computer program capable of running on the processor, 其中,所述处理器用于运行所述计算机程序时,执行权利要求11至15任一项所述方法的步骤。Wherein, when the processor is used to run the computer program, it executes the steps of the method according to any one of claims 11 to 15. 一种控制器,包括处理器和用于存储能够在处理器上运行的计算机程序的存储器,A controller comprising a processor and a memory for storing a computer program capable of running on the processor, 其中,所述处理器用于运行所述计算机程序时,执行权利要求16至20任一项所述方法的步骤。Wherein, when the processor is used to run the computer program, it executes the steps of the method according to any one of claims 16 to 20. 一种计算机可读存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时实现权利要求1至10任一项所述方法的步骤,或者,实现权利要求11至15任一项所述方法的步骤,或者,实现权利要求16至20任一项所述方法的步骤。A computer-readable storage medium having a computer program stored thereon, wherein when the computer program is executed by a processor, the computer program implements the steps of the method described in any one of claims 1 to 10, or the steps of the method described in any one of claims 11 to 15, or the steps of the method described in any one of claims 16 to 20. 一种计算机程序产品,包括计算机程序,所述计算机程序被处理器执行时实现根据权利要求1至10任一项所述的方法,或者,实现权利要求11至15任一项所述的方法,或者,实现权利要求16至20任一项所述的方法。A computer program product, comprising a computer program, wherein when the computer program is executed by a processor, the computer program implements the method according to any one of claims 1 to 10, or the method according to any one of claims 11 to 15, or the method according to any one of claims 16 to 20.
PCT/CN2025/078846 2024-02-28 2025-02-24 Information processing method and apparatus, device, storage medium and computer program product Pending WO2025180331A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202410224372.6 2024-02-28
CN202410224372.6A CN118802068A (en) 2024-02-28 2024-02-28 Information processing method, device, equipment, storage medium and computer program product

Publications (1)

Publication Number Publication Date
WO2025180331A1 true WO2025180331A1 (en) 2025-09-04

Family

ID=93034056

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2025/078846 Pending WO2025180331A1 (en) 2024-02-28 2025-02-24 Information processing method and apparatus, device, storage medium and computer program product

Country Status (2)

Country Link
CN (1) CN118802068A (en)
WO (1) WO2025180331A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118802068A (en) * 2024-02-28 2024-10-18 中国移动通信有限公司研究院 Information processing method, device, equipment, storage medium and computer program product

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210037410A1 (en) * 2019-07-31 2021-02-04 Futurewei Technologies, Inc. Transporting A Multi-Transport Network Context-Identifier (MTNC-ID) Across Multiple Domains
WO2022110535A1 (en) * 2020-11-27 2022-06-02 华为技术有限公司 Packet sending method, device, and system
CN115334589A (en) * 2021-05-11 2022-11-11 中国移动通信有限公司研究院 Message transmission method, device, related equipment and storage medium
CN116846862A (en) * 2022-03-24 2023-10-03 中国移动通信有限公司研究院 SRv6 message processing method and device, communication equipment and storage medium
CN118802068A (en) * 2024-02-28 2024-10-18 中国移动通信有限公司研究院 Information processing method, device, equipment, storage medium and computer program product

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116112416A (en) * 2021-11-11 2023-05-12 中兴通讯股份有限公司 Message forwarding method, electronic equipment and storage medium
CN117135196A (en) * 2022-05-19 2023-11-28 华为技术有限公司 Data transmission method and related equipment
CN117527681A (en) * 2023-10-13 2024-02-06 上海卫星互联网研究院有限公司 Data transmission method, device, network equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210037410A1 (en) * 2019-07-31 2021-02-04 Futurewei Technologies, Inc. Transporting A Multi-Transport Network Context-Identifier (MTNC-ID) Across Multiple Domains
WO2022110535A1 (en) * 2020-11-27 2022-06-02 华为技术有限公司 Packet sending method, device, and system
CN115334589A (en) * 2021-05-11 2022-11-11 中国移动通信有限公司研究院 Message transmission method, device, related equipment and storage medium
CN116846862A (en) * 2022-03-24 2023-10-03 中国移动通信有限公司研究院 SRv6 message processing method and device, communication equipment and storage medium
CN118802068A (en) * 2024-02-28 2024-10-18 中国移动通信有限公司研究院 Information processing method, device, equipment, storage medium and computer program product

Also Published As

Publication number Publication date
CN118802068A (en) 2024-10-18

Similar Documents

Publication Publication Date Title
US12101254B2 (en) Packet processing method and network device
US10230627B2 (en) Service path allocation method, router and service execution entity
US9887881B2 (en) DNS-assisted application identification
US6990592B2 (en) Controlling concurrent usage of network resources by multiple users at an entry point to a communications network based on identities of the users
CN107733799B (en) Message transmission method and device
US6892309B2 (en) Controlling usage of network resources by a user at the user&#39;s entry point to a communications network based on an identity of the user
EP2727297B1 (en) Variable-based forwarding path construction for packet processing within a network device
US20160350151A1 (en) System and method for routing network frames between virtual machines
CN105591971B (en) A kind of implementation method and device of QoS
CN112437009B (en) SRv6 method, router, routing system and storage medium for end-to-end flow policy
US7855972B2 (en) Creating, modifying and storing service abstractions and role abstractions representing one or more packet rules
CN102857322A (en) Hybrid port range encoding
WO2025180331A1 (en) Information processing method and apparatus, device, storage medium and computer program product
CA2774281C (en) User access method, system, access server, and access device
WO2022237291A1 (en) Message transmission method and apparatus, related device, and storage medium
CN103428106B (en) The method of the Message processing after virtual machine VM migration and equipment thereof
WO2023116355A1 (en) Communication method and apparatus, and related devices and storage medium
CN111865805B (en) Multicast GRE message processing method and system
CN115348202A (en) Data transmission method, device, device and storage medium based on network slicing
CN115460155B (en) SDWAN application flow control method, device, equipment and storage medium
CN101854334B (en) Admission control system, device and method
CN120358078B (en) Data circulation method and system based on slicing network and trusted data space
CN103731352A (en) Message processing method and device
WO2024002101A1 (en) Packet transmission method and apparatus, related device, and storage medium
CN119854882A (en) Communication method and related equipment