[go: up one dir, main page]

CN115866599A - Delay optimization method and device for 5G edge cloud - Google Patents

Delay optimization method and device for 5G edge cloud Download PDF

Info

Publication number
CN115866599A
CN115866599A CN202111124157.1A CN202111124157A CN115866599A CN 115866599 A CN115866599 A CN 115866599A CN 202111124157 A CN202111124157 A CN 202111124157A CN 115866599 A CN115866599 A CN 115866599A
Authority
CN
China
Prior art keywords
switch
firewall
interface
downlink data
data packet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111124157.1A
Other languages
Chinese (zh)
Inventor
黄耀军
汤娟娟
朱玉峰
王光杰
黎云
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Group Guangdong Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Group Guangdong Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Group Guangdong Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202111124157.1A priority Critical patent/CN115866599A/en
Publication of CN115866599A publication Critical patent/CN115866599A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a time delay optimization method and a time delay optimization device for 5G edge cloud, wherein the method comprises the following steps: forwarding an uplink data packet to a second firewall through a first switch, wherein the first switch is arranged at a user side, and the second firewall is arranged at a server side; and filtering the downlink data packet forwarded by the second switch through a first firewall, and sending the filtered downlink data to the first switch, wherein the first firewall is arranged at a user side, and the second switch is arranged at a server side. The invention provides an asymmetrical networking scheme of uplink and downlink by optimizing networking on the uplink and downlink flow paths, reduces the equipment number of forwarding planes and further reduces the forwarding time delay.

Description

用于5G边缘云的时延优化方法及装置Delay optimization method and device for 5G edge cloud

技术领域technical field

本发明涉及核心网技术领域,具体涉及一种用于5G边缘云的时延优化方法及装置。The present invention relates to the field of core network technology, in particular to a delay optimization method and device for 5G edge cloud.

背景技术Background technique

目前,第五代移动通信技术(5th Generation Mobile CommunicationTechnology,简称5G)正成为社会和行业高度关注的热点,其超低时延是5G网络的重要特征,成为车联网、远程医疗等场景的必选功能。At present, the fifth generation mobile communication technology (5th Generation Mobile Communication Technology, referred to as 5G) is becoming a hot spot that the society and the industry pay close attention to. Its ultra-low latency is an important feature of the 5G network, and it has become a must for scenarios such as the Internet of Vehicles and telemedicine. Function.

根据3GPP(3rd Generation Partnership Project)规定,5G的超可靠低时延通信(Ultra Reliable Low Latency Communication,简称URLCC)场景,承载面端到端时延要求在10ms以内,这对5G网络的组网和部署提出很高要求。According to the regulations of 3GPP (3rd Generation Partnership Project), in the 5G Ultra Reliable Low Latency Communication (URLCC) scenario, the end-to-end delay of the bearer plane is required to be within 10ms, which has great impact on the networking and Deployment is demanding.

目前各运营商建设的5G下沉网络,一般采用传统网络设计方案,利用数通设备,组建小型数据中心,完成边缘云部署。然而,在现有边缘云场景中,数据转发时延还是较高,传统组网难以满足5G超低时延的业务需求。因此,现在亟需一种用于5G边缘云的时延优化方法及装置来解决上述问题。At present, the 5G sinking network built by various operators generally adopts the traditional network design scheme, uses data communication equipment, builds small data centers, and completes edge cloud deployment. However, in the existing edge cloud scenario, the data forwarding delay is still high, and the traditional networking cannot meet the business requirements of 5G ultra-low delay. Therefore, there is an urgent need for a delay optimization method and device for 5G edge cloud to solve the above problems.

发明内容Contents of the invention

本发明提供一种用于5G边缘云的时延优化方法及装置,用以解决边缘云场景中转发平面经过的设备过多,导致转发时延增加的技术问题。The present invention provides a delay optimization method and device for 5G edge cloud, which is used to solve the technical problem that too many devices pass through the forwarding plane in the edge cloud scene, resulting in increased forwarding delay.

第一方面,本发明提供一种用于5G边缘云的时延优化方法,包括:In the first aspect, the present invention provides a delay optimization method for 5G edge cloud, including:

通过第一交换机,将上行数据包转发到第二防火墙,其中,所述第一交换机设置在用户端,所述第二防火墙设置在服务器端;Forwarding the uplink data packet to the second firewall through the first switch, wherein the first switch is set at the user end, and the second firewall is set at the server end;

通过第一防火墙,对第二交换机转发的下行数据包进行过滤,并将过滤后的下行数据发送到所述第一交换机,其中,所述第一防火墙设置在用户端,所述第二交换机设置在服务器端。Through the first firewall, the downlink data packets forwarded by the second switch are filtered, and the filtered downlink data is sent to the first switch, wherein the first firewall is set at the user end, and the second switch is set on the server side.

在一个实施例中,所述第一交换机的上行数据输出端口包括第一入方向接口和第一出方向接口,所述第一交换机的下行数据输入端口包括第二入方向接口和第二出方向接口,所述第一防火墙的下行数据输入端口包括第三入方向接口和第三出方向接口,所述第一防火墙的下行数据输出端口包括第四入方向接口和第四出方向接口,其中,所述第一入方向接口和所述第四入方向接口为不接收数据包的接口,所述第二出方向接口和所述第三出方向接口为不发送数据包的接口。In one embodiment, the uplink data output port of the first switch includes a first inbound interface and a first outbound interface, and the downlink data input port of the first switch includes a second inbound interface and a second outbound interface interface, the downlink data input port of the first firewall includes a third inbound interface and a third outbound interface, and the downlink data output port of the first firewall includes a fourth inbound interface and a fourth outbound interface, wherein, The first inbound interface and the fourth inbound interface are interfaces that do not receive data packets, and the second outbound interface and the third outbound interface are interfaces that do not send data packets.

在一个实施例中,在所述通过第一防火墙,对第二交换机转发的下行数据包进行过滤之前,所述方法还包括:In one embodiment, before filtering the downlink data packets forwarded by the second switch through the first firewall, the method further includes:

通过第一防火墙,向服务器端发布第一路由信息,以供第二交换机根据所述第一路由信息,将下行数据包转发到所述第一防火墙。Publishing the first routing information to the server through the first firewall, so that the second switch forwards the downlink data packet to the first firewall according to the first routing information.

在一个实施例中,在所述通过第一交换机,将上行数据包转发到第二防火墙之前,所述方法还包括:In one embodiment, before forwarding the uplink data packet to the second firewall through the first switch, the method further includes:

将第一交换机转发的上行数据包设置为可信业务。The uplink data packet forwarded by the first switch is set as a trusted service.

第二方面,本发明提供一种用于5G边缘云的时延优化方法,包括:In a second aspect, the present invention provides a delay optimization method for 5G edge cloud, including:

通过第二交换机,将下行数据包转发到第一防火墙,其中,所述第二交换机设置在服务器端,所述第一防火墙设置在用户端;Forwarding the downlink data packet to the first firewall through the second switch, wherein the second switch is set at the server end, and the first firewall is set at the user end;

通过第二防火墙,对第一交换机转发的上行数据包进行过滤,并将过滤后的上行数据发送到所述第二交换机,其中,所述第二防火墙设置在服务器端,所述第一交换机设置在用户端。Through the second firewall, the uplink data packet forwarded by the first switch is filtered, and the filtered uplink data is sent to the second switch, wherein the second firewall is set on the server side, and the first switch is set on the user side.

在一个实施例中,所述第二交换机的上行数据输入端口包括第五入方向接口和第五出方向接口,所述第二交换机的下行数据输出端口包括第六入方向接口和第六出方向接口,所述第二防火墙的上行数据输入端口包括第七入方向接口和第七出方向接口,所述第二防火墙的上行数据输出端口包括第八入方向接口和第八出方向接口,其中,所述第六入方向接口和所述第八入方向接口为不接收数据包的接口,所述第五出方向接口和所述第七出方向接口为不发送数据包的接口。In one embodiment, the uplink data input port of the second switch includes a fifth inbound interface and a fifth outbound interface, and the downlink data output port of the second switch includes a sixth inbound interface and a sixth outbound interface interface, the uplink data input port of the second firewall includes a seventh inbound interface and a seventh outbound interface, and the uplink data output port of the second firewall includes an eighth inbound interface and an eighth outbound interface, wherein, The sixth inbound interface and the eighth inbound interface are interfaces that do not receive data packets, and the fifth outbound interface and the seventh outbound interface are interfaces that do not send data packets.

在一个实施例中,在所述通过第二防火墙,对第一交换机转发的上行数据包进行过滤之前,所述方法还包括:In one embodiment, before filtering the uplink data packets forwarded by the first switch through the second firewall, the method further includes:

通过第二防火墙,向客户器端发布第二路由信息,以供第一交换机根据所述第二路由信息,将上行数据包转发到所述第二防火墙。Publishing second routing information to the client through the second firewall, so that the first switch forwards the uplink data packet to the second firewall according to the second routing information.

在一个实施例中,在所述通过第二交换机,将下行数据包转发到第一防火墙之前,所述方法还包括:In one embodiment, before the downlink data packet is forwarded to the first firewall through the second switch, the method further includes:

将第二交换机转发的下行数据包设置为可信业务。Set the downlink data packet forwarded by the second switch as a trusted service.

第三方面,本发明提供一种用于5G边缘云的时延优化装置,包括:In a third aspect, the present invention provides a delay optimization device for 5G edge cloud, including:

上行数据转发模块,用于通过第一交换机,将上行数据包转发到第二防火墙,其中,所述第一交换机设置在用户端,所述第二防火墙设置在服务器端;The uplink data forwarding module is configured to forward the uplink data packet to the second firewall through the first switch, wherein the first switch is set at the user end, and the second firewall is set at the server end;

下行数据接收模块,用于通过第一防火墙,对第二交换机转发的下行数据包进行过滤,并将过滤后的下行数据发送到所述第一交换机,其中,所述第一防火墙设置在用户端,所述第二交换机设置在服务器端。The downlink data receiving module is configured to filter the downlink data packets forwarded by the second switch through the first firewall, and send the filtered downlink data to the first switch, wherein the first firewall is set at the user end , the second switch is set at the server end.

第四方面,本发明提供一种用于5G边缘云的时延优化装置,包括:In a fourth aspect, the present invention provides a delay optimization device for 5G edge cloud, including:

下行数据转发模块,用于通过第二交换机,将下行数据包转发到第一防火墙,其中,所述第二交换机设置在服务器端,所述第一防火墙设置在用户端;The downlink data forwarding module is configured to forward the downlink data packet to the first firewall through the second switch, wherein the second switch is set at the server end, and the first firewall is set at the user end;

上行数据接收模块,用于通过第二防火墙,对第一交换机转发的上行数据包进行过滤,并将过滤后的上行数据发送到所述第二交换机,其中,所述第二防火墙设置在服务器端,所述第一交换机设置在用户端。The uplink data receiving module is configured to filter the uplink data packets forwarded by the first switch through the second firewall, and send the filtered uplink data to the second switch, wherein the second firewall is set on the server side , the first switch is set at the user end.

第五方面,本发明提供一种终端,包括存储器,收发机,处理器;In a fifth aspect, the present invention provides a terminal, including a memory, a transceiver, and a processor;

存储器,用于存储计算机程序;收发机,用于在所述处理器的控制下收发数据;处理器,用于读取所述存储器中的计算机程序并执行以下操作:The memory is used to store computer programs; the transceiver is used to send and receive data under the control of the processor; the processor is used to read the computer programs in the memory and perform the following operations:

通过第一交换机,将上行数据包转发到第二防火墙,其中,所述第一交换机设置在用户端,所述第二防火墙设置在服务器端;Forwarding the uplink data packet to the second firewall through the first switch, wherein the first switch is set at the user end, and the second firewall is set at the server end;

通过第一防火墙,对第二交换机转发的下行数据包进行过滤,并将过滤后的下行数据发送到所述第一交换机,其中,所述第一防火墙设置在用户端,所述第二交换机设置在服务器端。Through the first firewall, the downlink data packets forwarded by the second switch are filtered, and the filtered downlink data is sent to the first switch, wherein the first firewall is set at the user end, and the second switch is set on the server side.

第六方面,本发明提供一种网络设备,包括存储器,收发机,处理器;In a sixth aspect, the present invention provides a network device, including a memory, a transceiver, and a processor;

存储器,用于存储计算机程序;收发机,用于在所述处理器的控制下收发数据;处理器,用于读取所述存储器中的计算机程序并执行以下操作:The memory is used to store computer programs; the transceiver is used to send and receive data under the control of the processor; the processor is used to read the computer programs in the memory and perform the following operations:

通过第二交换机,将下行数据包转发到第一防火墙,其中,所述第二交换机设置在服务器端,所述第一防火墙设置在用户端;Forwarding the downlink data packet to the first firewall through the second switch, wherein the second switch is set at the server end, and the first firewall is set at the user end;

通过第二防火墙,对第一交换机转发的上行数据包进行过滤,并将过滤后的上行数据发送到所述第二交换机,其中,所述第二防火墙设置在服务器端,所述第一交换机设置在用户端。Through the second firewall, the uplink data packet forwarded by the first switch is filtered, and the filtered uplink data is sent to the second switch, wherein the second firewall is set on the server side, and the first switch is set on the user side.

第七方面,本发明提供一种电子设备,包括存储器和存储有计算机程序的存储器,所述处理器执行所述程序时实现第一方面或第二方面所述用于5G边缘云的时延优化方法的步骤。In a seventh aspect, the present invention provides an electronic device, including a memory and a memory storing a computer program, and when the processor executes the program, the delay optimization for 5G edge cloud described in the first aspect or the second aspect is implemented method steps.

第八方面,本发明提供一种处理器可读存储介质,所述处理器可读存储介质存储有计算机程序,所述计算机程序用于使所述处理器执行第一方面或第二方面所述用于5G边缘云的时延优化方法的步骤。In an eighth aspect, the present invention provides a processor-readable storage medium, the processor-readable storage medium stores a computer program, and the computer program is used to enable the processor to execute the program described in the first aspect or the second aspect. Steps of a latency optimization method for 5G edge cloud.

本发明提供的用于5G边缘云的时延优化方法及装置,通过对上行、下行流量路径进行优化组网,提出上行、下行非对称的组网方案,减少转发平面的设备数量,进而降低转发时延。The delay optimization method and device for 5G edge cloud provided by the present invention optimize the networking of uplink and downlink traffic paths, propose an asymmetric uplink and downlink networking scheme, reduce the number of devices on the forwarding plane, and further reduce forwarding delay.

附图说明Description of drawings

为了更清楚地说明本发明或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the present invention or the technical solutions in the prior art, the accompanying drawings that need to be used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the accompanying drawings in the following description are the present invention. For some embodiments of the invention, those skilled in the art can also obtain other drawings based on these drawings without creative effort.

图1为现有技术的上下行对称组网的示意图;FIG. 1 is a schematic diagram of an uplink and downlink symmetrical networking in the prior art;

图2为本发明提供的用于5G边缘云的时延优化方法的流程示意图之一;Fig. 2 is one of the flowcharts of the delay optimization method for 5G edge cloud provided by the present invention;

图3为本发明提供的用于5G边缘云的时延优化方法的流程示意图之二;Fig. 3 is the second schematic flow diagram of the delay optimization method for 5G edge cloud provided by the present invention;

图4为本发明提供的上下行非对称组网的原理示意图;FIG. 4 is a schematic diagram of the principles of the uplink and downlink asymmetric networking provided by the present invention;

图5为本发明提供的用于5G边缘云的时延优化装置的结构示意图之一;FIG. 5 is one of the structural schematic diagrams of the delay optimization device for 5G edge cloud provided by the present invention;

图6为本发明提供的用于5G边缘云的时延优化装置的结构示意图之二;FIG. 6 is the second structural schematic diagram of the delay optimization device for 5G edge cloud provided by the present invention;

图7为本发明提供的终端的结构示意图;FIG. 7 is a schematic structural diagram of a terminal provided by the present invention;

图8为本发明提供的网络设备的结构示意图;FIG. 8 is a schematic structural diagram of a network device provided by the present invention;

图9为本发明提供的电子设备的实体结构示意图。FIG. 9 is a schematic diagram of the physical structure of the electronic device provided by the present invention.

具体实施方式Detailed ways

为使本发明的目的、技术方案和优点更加清楚,下面将结合本发明中的附图,对本发明中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purpose, technical solutions and advantages of the present invention clearer, the technical solutions in the present invention will be clearly and completely described below in conjunction with the accompanying drawings in the present invention. Obviously, the described embodiments are part of the embodiments of the present invention , but not all examples. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

目前各运营商建设的5G下沉网络,一般采用传统网络设计方案,利用数通设备(例如,数据终端、中继设备和交换机等),组建小型数据中心,完成边缘云部署。图1为现有技术的上下行对称组网的示意图,可参考图1所示,在现有对称组网中,上行、下行数据包路径一致,都需要经过交换机和防火墙等设备。这些设备大多要进行二、三层转发(交换机、路由器)、四到七层包过滤(防火墙),如图1所示,用户端和服务器端之间的业务流具体为:上行方向(从用户端到服务器端),上行数据包经过用户端这边的交换机A后,经交换机A转发到用户端的防火墙A,然后防火墙A再将过滤后的上行数据包发送到服务器端的防火墙B,经过防火墙B的再次过滤处理才发送到服务器端的交换机B;下行方向(从服务器端到用户端),下行数据包经过交换机B转发到防火墙B,再由防火墙B将过滤处理后的下行数据包发送到防火墙A,最后经防火墙A的过滤处理,将下行数据包发送到交换机A。由上述业务流可看到,端到端业务经过了4次交换机、4次防火墙,按照交换机处理及转发时延0.5ms、防火墙过滤及转发时延1.0ms进行测算,现有边缘云数据中心整体带来的时延测算为:At present, the 5G sinking network built by various operators generally adopts the traditional network design scheme, and uses data communication equipment (such as data terminals, relay equipment, switches, etc.) to build small data centers and complete edge cloud deployment. FIG. 1 is a schematic diagram of an uplink and downlink symmetric network in the prior art. Refer to FIG. 1 . In the existing symmetric network, uplink and downlink data packets have the same path, and both need to pass through devices such as switches and firewalls. Most of these devices need to perform Layer 2 and Layer 3 forwarding (switches, routers), and Layer 4 to Layer 7 packet filtering (firewall). end-to-server), the uplink data packet passes through switch A on the client side, and forwards to firewall A on the client side through switch A, and then firewall A sends the filtered uplink data packet to firewall B on the server side, and passes through firewall B In the downlink direction (from the server side to the user side), the downlink data packet is forwarded to firewall B through switch B, and then firewall B sends the filtered downlink data packet to firewall A , and finally the downlink data packet is sent to switch A after being filtered by firewall A. From the above business flow, it can be seen that the end-to-end business has gone through 4 switches and 4 firewalls. The processing and forwarding delay of the switch is 0.5ms, and the filtering and forwarding delay of the firewall is 1.0ms. The existing edge cloud data center as a whole The resulting delay is calculated as:

系统时延(对称)=4*交换机时延+4*防火墙时延=4*0.5+4*1.0=6ms;System delay (symmetric) = 4*switch delay+4*firewall delay=4*0.5+4*1.0=6ms;

通过上式可知,仅一个小型数据中心带来的时延就有6ms,占整个端到端时延要求的一半以上,由于转发平面经过的设备过多,导致转发时延增加,现有组网难以满足5G超低时延的业务需求。From the above formula, it can be seen that the delay caused by only a small data center is 6ms, which accounts for more than half of the entire end-to-end delay requirement. Because too many devices pass through the forwarding plane, the forwarding delay increases. The existing network It is difficult to meet the business requirements of 5G ultra-low latency.

图2为本发明提供的用于5G边缘云的时延优化方法的流程示意图之一,如图2所示,本发明提供了一种用于5G边缘云的时延优化方法,包括:Figure 2 is one of the flow diagrams of the delay optimization method for 5G edge cloud provided by the present invention. As shown in Figure 2, the present invention provides a delay optimization method for 5G edge cloud, including:

步骤201,通过第一交换机,将上行数据包转发到第二防火墙,其中,所述第一交换机设置在用户端,所述第二防火墙设置在服务器端;Step 201, forwarding the uplink data packet to the second firewall through the first switch, wherein the first switch is set at the user end, and the second firewall is set at the server end;

步骤202,通过第一防火墙,对第二交换机转发的下行数据包进行过滤,并将过滤后的下行数据发送到所述第一交换机,其中,所述第一防火墙设置在用户端,所述第二交换机设置在服务器端。Step 202, filter the downlink data packets forwarded by the second switch through the first firewall, and send the filtered downlink data to the first switch, wherein the first firewall is set at the user end, and the second switch The second switch is set on the server side.

在本发明中,以用户端一侧作为执行主体进行说明。当用户端需要将数据包发送到服务器端时,用户端一侧的交换机(即第一交换机)会将上行数据包直接转发到服务器端的防火墙(即第二防火墙),此时,用户端一侧的防火墙(即第一防火墙)并不需要对用户端一侧的交换机转发的上行数据包进行过滤处理,第一交换机跳过第一防火墙,直接将上行数据包转发到服务器端。In the present invention, the client side is used as the execution subject for description. When the client needs to send data packets to the server, the switch on the client side (i.e. the first switch) will directly forward the uplink data packets to the firewall on the server side (i.e. the second firewall). The firewall (that is, the first firewall) does not need to filter the uplink data packet forwarded by the switch on the client side, and the first switch skips the first firewall and directly forwards the uplink data packet to the server side.

进一步地,当用户端接收由服务器端发送的下行数据包时,用户端一侧的防火墙是对由服务器端的交换机转发的下行数据包进行过滤,此时,服务器端的防火墙并不会对下行数据包进行过滤,而是直接跳过服务器端的防火墙,由用户端的防火墙进行过滤。通过上下行非对称组网,使得在转发上行数据包时,用户端的防火墙不再进行过滤转发,接收下行数据包时,服务器端的防火墙不再进行过滤转发,由此可以减少2个转发设备,降低了由转发设备带来的时延影响。Further, when the client receives the downlink data packet sent by the server, the firewall on the client side filters the downlink data packet forwarded by the switch on the server side. Instead of filtering, it directly skips the firewall on the server side and is filtered by the firewall on the user side. Through the asymmetric networking of uplink and downlink, when forwarding uplink data packets, the firewall on the client side no longer filters and forwards, and when receiving downlink data packets, the firewall on the server side no longer performs filtering and forwarding, thus reducing two forwarding devices and reducing The delay impact brought by the forwarding equipment is eliminated.

本发明提供的用于5G边缘云的时延优化方法,通过对上行、下行流量路径进行优化组网,提出上行、下行非对称的组网方案,减少转发平面的设备数量,进而降低转发时延。The delay optimization method for 5G edge cloud provided by the present invention proposes an asymmetric uplink and downlink networking scheme by optimizing the uplink and downlink traffic paths, reducing the number of devices on the forwarding plane, thereby reducing the forwarding delay .

在上述实施例的基础上,所述第一交换机的上行数据输出端口包括第一入方向接口和第一出方向接口,所述第一交换机的下行数据输入端口包括第二入方向接口和第二出方向接口,所述第一防火墙的下行数据输入端口包括第三入方向接口和第三出方向接口,所述第一防火墙的下行数据输出端口包括第四入方向接口和第四出方向接口,其中,所述第一入方向接口和所述第四入方向接口为不接收数据包的接口,所述第二出方向接口和所述第三出方向接口为不发送数据包的接口。On the basis of the above embodiments, the uplink data output port of the first switch includes a first inbound interface and a first outbound interface, and the downlink data input port of the first switch includes a second inbound interface and a second an outbound interface, the downlink data input port of the first firewall includes a third inbound interface and a third outbound interface, and the downlink data output port of the first firewall includes a fourth inbound interface and a fourth outbound interface, Wherein, the first inbound interface and the fourth inbound interface are interfaces that do not receive data packets, and the second outbound interface and the third outbound interface are interfaces that do not send data packets.

在本发明中,通过上述实施例构建得到非对称组网模式,可将部分设备的接口配置为沉默接口,具体为,第一交换机的上行数据输出端口只需要进行上行数据包的转发,因此,对于第一交换机的上行数据输出端口,该输出端口的出方向(out),即第一出方向接口负责上行业务流,但其入方向(in),即第一入方向接口不接收流量,也就是说,将第一入方向接口配置成沉默接口,使得该接口不接收下行数据包;或者,在另一实施例中,配置有沉默接口的端口,仅接收类似BFD(Bidirectional Forwarding Detection)的二层链路检测流量和路由更新消息,因此,可在该端口的入方向上,配置ACL(Access Control Lists)过滤策略,仅放通BFD和路由更新消息。相应地,对于第一交换机的下行数据输入端口,由于该端口主要是用于接收由服务器端发送的下行数据包,因此,将对于第一交换机的下行数据输入端口的出方向,即第二出方向接口设置为沉默接口。In the present invention, the asymmetric networking mode is obtained through the construction of the above embodiments, and the interfaces of some devices can be configured as silent interfaces. Specifically, the uplink data output port of the first switch only needs to forward uplink data packets. Therefore, For the uplink data output port of the first switch, the outbound direction (out) of the output port, that is, the first outbound direction interface is responsible for the uplink service flow, but its inbound direction (in), that is, the first inbound direction interface does not receive traffic, and also That is to say, the first inbound direction interface is configured as a silent interface, so that the interface does not receive downlink data packets; or, in another embodiment, the port configured with a silent interface only receives two packets similar to BFD (Bidirectional Forwarding Detection). Layer link detection traffic and routing update messages. Therefore, ACL (Access Control Lists) filtering policies can be configured on the inbound direction of the port to only pass BFD and routing update messages. Correspondingly, for the downlink data input port of the first switch, since the port is mainly used to receive the downlink data packet sent by the server, therefore, the outbound direction of the downlink data input port of the first switch, that is, the second outbound The direction interface is set as a silent interface.

进一步地,第一防火墙的下行数据输入端口主要是用于接收下行数据包,因此,将第一防火墙的下行数据输入端口的出方向,即第三出方向接口设置为不发送数据包的沉默接口;相应地,第一防火墙的下行数据输出端口主要是用于转发下行数据包,因此,将第一防火墙的下行数据输入端口的入方向,即第四入方向接口设置为不接收数据包的沉默接口。Further, the downlink data input port of the first firewall is mainly used to receive downlink data packets, therefore, the outbound direction of the downlink data input port of the first firewall, that is, the third outbound direction interface is set as a silent interface that does not send data packets ; Correspondingly, the downlink data output port of the first firewall is mainly used for forwarding downlink data packets, therefore, the inbound direction of the downlink data input port of the first firewall, that is, the fourth inbound direction interface is set to be silent for not receiving data packets interface.

在上述实施例的基础上,在所述通过第一防火墙,对第二交换机转发的下行数据包进行过滤之前,所述方法还包括:On the basis of the foregoing embodiments, before filtering the downlink data packets forwarded by the second switch through the first firewall, the method further includes:

通过第一防火墙,向服务器端发布第一路由信息,以供第二交换机根据所述第一路由信息,将下行数据包转发到所述第一防火墙。Publishing the first routing information to the server through the first firewall, so that the second switch forwards the downlink data packet to the first firewall according to the first routing information.

在本发明中,通过上式实施例构建了非对称组网模式,该组网模型与传统对称网络相比,由于用户端和服务器端之间存在2条逻辑链路,此时路由的配置原则也采用非对称路由发布方法:即配置上行流量由第一交换机发往到第二防火墙;配置下行流量由第一防火墙接收第二交换机B转发的数据。在具体路由配置及实现上,可以采用静态路由配置模式;优选地,在一实施例中,也可以采用边界网关协议(Border Gateway Protocol,简称BGP)或其它路由配置方式,此时需要防火墙对外发布路由,交换机不对外发布路由,引导对方发出的流量从本侧防火墙经过,即用户端一侧的第一防火墙,向服务器端发布路由,使得服务器端一侧的第二交换机将流量转发到第一防火墙。In the present invention, the asymmetric networking mode is constructed through the above-mentioned embodiment. Compared with the traditional symmetrical network, since there are 2 logical links between the client and the server, the routing configuration principle at this time An asymmetric route publication method is also adopted: that is, configure the uplink traffic to be sent from the first switch to the second firewall; configure the downlink traffic to be received by the first firewall to receive the data forwarded by the second switch B. On concrete route configuration and realization, can adopt static route configuration mode; Preferably, in one embodiment, also can adopt Border Gateway Protocol (Border Gateway Protocol, be called for short BGP) or other route configuration mode, need firewall to publish externally at this moment Routing, the switch does not publish routes to the outside world, but guides the traffic sent by the other party to pass through the firewall on the local side, that is, the first firewall on the client side publishes routes to the server side, so that the second switch on the server side forwards traffic to the first firewall. firewall.

在上述实施例的基础上,在所述通过第一交换机,将上行数据包转发到第二防火墙之前,所述方法还包括:On the basis of the above embodiments, before forwarding the uplink data packet to the second firewall through the first switch, the method further includes:

将第一交换机转发的上行数据包设置为可信业务。The uplink data packet forwarded by the first switch is set as a trusted service.

在本发明中,当用户端向服务器端发出的数据包时,用户端一侧的设备将待发出的数据包视为可信业务,使得该数据包不经过本侧防火墙(即第一防火墙)而直接快速转发出去。之后,该数据包经过服务器端一侧的防火墙(即第二防火墙)进行过滤,按照业务规则进行放通或拒绝,可以实现安全防控及各自的拓扑隐藏。In the present invention, when the client sends a data packet to the server, the device on the client side regards the data packet to be sent as a trusted service, so that the data packet does not pass through the firewall on this side (i.e. the first firewall) Instead, it is quickly forwarded directly. Afterwards, the data packet is filtered by the firewall on the server side (that is, the second firewall), and is allowed or rejected according to business rules, which can realize security prevention and control and respective topology hiding.

图3为本发明提供的用于5G边缘云的时延优化方法的流程示意图之二,如图3所示,本发明提供了一种用于5G边缘云的时延优化方法,包括:Figure 3 is the second schematic flow diagram of the delay optimization method for 5G edge cloud provided by the present invention. As shown in Figure 3, the present invention provides a delay optimization method for 5G edge cloud, including:

步骤301,通过第二交换机,将下行数据包转发到第一防火墙,其中,所述第二交换机设置在服务器端,所述第一防火墙设置在用户端;Step 301, forwarding the downlink data packet to the first firewall through the second switch, wherein the second switch is set at the server end, and the first firewall is set at the user end;

步骤302,通过第二防火墙,对第一交换机转发的上行数据包进行过滤,并将过滤后的上行数据发送到所述第二交换机,其中,所述第二防火墙设置在服务器端,所述第一交换机设置在用户端。Step 302, filter the uplink data packet forwarded by the first switch through the second firewall, and send the filtered uplink data to the second switch, wherein the second firewall is set on the server side, and the second A switch is set at the user end.

在本发明中,以服务器端一侧作为执行主体进行说明。当服务器端需要将数据包发送到用户端时,服务器端一侧的交换机(即第二交换机)会将下行数据包直接转发到用户端的防火墙(即第一防火墙),此时,服务器端一侧的防火墙(即第二防火墙)并不需要对服务器端一侧的交换机转发的下行数据包进行过滤处理,第二交换机跳过第二防火墙,直接将下行数据包转发到用户端。In the present invention, the server side is used as the execution subject for description. When the server needs to send data packets to the client, the switch on the server side (i.e. the second switch) will directly forward the downlink data packet to the firewall on the client side (i.e. the first firewall). The firewall (that is, the second firewall) does not need to filter the downlink data packets forwarded by the switch on the server side, and the second switch skips the second firewall and directly forwards the downlink data packets to the client.

进一步地,当服务器端接收由用户端发送的上行数据包时,服务器端一侧的防火墙是对由用户端的交换机转发的上行数据包进行过滤,此时,用户端的防火墙并不会对上行数据包进行过滤,而是直接跳过用户端的防火墙,由服务器端的防火墙进行过滤。通过上下行非对称组网,使得在转发下行数据包时,服务器端的防火墙不再进行过滤转发,接收上行数据包时,用户端的防火墙不再进行过滤转发,由此可以减少2个转发设备,降低了由转发设备带来的时延影响。Further, when the server receives the uplink data packet sent by the client, the firewall on the server side filters the uplink data packet forwarded by the switch on the client side. Instead of filtering, it directly skips the firewall on the client side and is filtered by the firewall on the server side. Through the uplink and downlink asymmetric networking, when forwarding downlink data packets, the server-side firewall no longer performs filtering and forwarding, and when receiving uplink data packets, the user-side firewall no longer performs filtering and forwarding, thereby reducing two forwarding devices and reducing The delay impact brought by the forwarding equipment is eliminated.

本发明提供的用于5G边缘云的时延优化方法,通过对上行、下行流量路径进行优化组网,提出上行、下行非对称的组网方案,减少转发平面的设备数量,进而降低转发时延。The delay optimization method for 5G edge cloud provided by the present invention proposes an asymmetric uplink and downlink networking scheme by optimizing the uplink and downlink traffic paths, reducing the number of devices on the forwarding plane, thereby reducing the forwarding delay .

在上述实施例的基础上,所述第二交换机的上行数据输入端口包括第五入方向接口和第五出方向接口,所述第二交换机的下行数据输出端口包括第六入方向接口和第六出方向接口,所述第二防火墙的上行数据输入端口包括第七入方向接口和第七出方向接口,所述第二防火墙的上行数据输出端口包括第八入方向接口和第八出方向接口,其中,所述第六入方向接口和所述第八入方向接口为不接收数据包的接口,所述第五出方向接口和所述第七出方向接口为不发送数据包的接口。On the basis of the above embodiment, the uplink data input port of the second switch includes the fifth inbound interface and the fifth outbound interface, and the downlink data output port of the second switch includes the sixth inbound interface and the sixth outbound interface. an outbound interface, the uplink data input port of the second firewall includes a seventh inbound interface and a seventh outbound interface, and the uplink data output port of the second firewall includes an eighth inbound interface and an eighth outbound interface, Wherein, the sixth inbound interface and the eighth inbound interface are interfaces that do not receive data packets, and the fifth outbound interface and the seventh outbound interface are interfaces that do not send data packets.

在本发明中,通过上述实施例构建得到非对称组网模式,可将部分设备的接口配置为沉默接口,具体为,第二交换机的下行数据输出端口只需要进行下行数据包的转发,因此,对于第二交换机的下行数据输出端口,该输出端口的出方向(out),即第六出方向接口负责下行业务流,但其入方向(in),即第六入方向接口不接收流量,也就是说,将第六入方向接口配置成沉默接口,使得该接口不接收上行数据包;或者,在另一实施例中,配置有沉默接口的端口,仅接收类似BFD的二层链路检测流量和路由更新消息,因此,可在该端口的入方向上,配置ACL过滤策略,仅放通BFD和路由更新消息。相应地,对于第二交换机的上行数据输入端口,由于该端口主要是用于接收由用户端发送的上行数据包,因此,将对于第二交换机的上行数据输入端口的出方向,即第五出方向接口设置为沉默接口。In the present invention, the asymmetric networking mode is obtained through the construction of the above embodiments, and the interfaces of some devices can be configured as silent interfaces. Specifically, the downlink data output port of the second switch only needs to forward the downlink data packets. Therefore, For the downlink data output port of the second switch, the outbound direction (out) of the output port, that is, the sixth outbound direction interface is responsible for downlink traffic, but its inbound direction (in), that is, the sixth inbound direction interface does not receive traffic, and also That is to say, the sixth inbound interface is configured as a silent interface, so that the interface does not receive uplink data packets; or, in another embodiment, the port configured with a silent interface only receives Layer 2 link detection traffic similar to BFD and routing update messages. Therefore, an ACL filtering policy can be configured on the inbound direction of this port to only pass BFD and routing update messages. Correspondingly, for the uplink data input port of the second switch, since this port is mainly used to receive the uplink data packet sent by the user end, the outbound direction of the uplink data input port of the second switch, that is, the fifth outbound The direction interface is set as a silent interface.

进一步地,第二防火墙的上行数据输入端口主要是用于接收上行数据包,因此,将第二防火墙的上行数据输入端口的出方向,即第七出方向接口设置为不发送数据包的沉默接口;相应地,第二防火墙的上行数据输出端口主要是用于转发上行数据包,因此,将第二防火墙的上行数据输入端口的入方向,即第八入方向接口设置为不接收数据包的沉默接口。Further, the uplink data input port of the second firewall is mainly used to receive uplink data packets, therefore, the outbound direction of the uplink data input port of the second firewall, that is, the seventh outbound interface is set as a silent interface that does not send data packets ; Correspondingly, the uplink data output port of the second firewall is mainly used for forwarding uplink data packets, therefore, the inbound direction of the uplink data input port of the second firewall, that is, the eighth inbound direction interface is set to a silent state that does not receive data packets interface.

在上述实施例的基础上,在所述通过第二防火墙,对第一交换机转发的上行数据包进行过滤之前,所述方法还包括:On the basis of the foregoing embodiments, before filtering the uplink data packets forwarded by the first switch through the second firewall, the method further includes:

通过第二防火墙,向客户器端发布第二路由信息,以供第一交换机根据所述第二路由信息,将上行数据包转发到所述第二防火墙。Publishing second routing information to the client through the second firewall, so that the first switch forwards the uplink data packet to the second firewall according to the second routing information.

在本发明中,需要服务器端的防火墙对外发布路由,交换机不对外发布路由,引导客户端发出的流量从本侧防火墙经过,即服务器端一侧的第二防火墙,向用户端发布路由,使得用户端一侧的第一交换机将流量转发到第二防火墙。In the present invention, the firewall on the server side is required to publish routes to the outside world, and the switch does not publish routes to the outside world, and guides the traffic sent by the client to pass through the firewall on this side, that is, the second firewall on the server side side publishes routes to the user end, so that the user end The first switch on one side forwards the traffic to the second firewall.

在上述实施例的基础上,在所述通过第二交换机,将下行数据包转发到第一防火墙之前,所述方法还包括:On the basis of the above embodiments, before the downlink data packet is forwarded to the first firewall through the second switch, the method further includes:

将第二交换机转发的下行数据包设置为可信业务。Set the downlink data packet forwarded by the second switch as a trusted service.

在本发明中,当服务器端向用户端发出的数据包时,服务器端一侧的设备将待发出的数据包视为可信业务,使得该数据包不经过本侧防火墙(即第二防火墙)而直接快速转发出去。之后,该数据包经过用户端一侧的防火墙(即第一防火墙)进行过滤,按照业务规则进行放通或拒绝,可以实现安全防控及各自的拓扑隐藏。In the present invention, when the data packet sent by the server end to the user end, the equipment on the server end side regards the data packet to be sent out as a trusted service, so that the data packet does not pass through the firewall of this side (i.e. the second firewall) Instead, it is quickly forwarded directly. Afterwards, the data packet is filtered by the firewall on the client side (that is, the first firewall), and is allowed or rejected according to business rules, which can realize security prevention and control and respective topology hiding.

在一实施例中,对本发明提供的用于5G边缘云的时延优化方法进行整体说明。图4为本发明提供的上下行非对称组网的原理示意图,可参考图4所示,从用户端的角度出发,对于上行业务:用户端发出的上行数据包,经过交换机A(即第一交换机)之后,直接发往服务器端的防火墙B(即第二防火墙),无需经过本侧防火墙A(即第一防火墙)的检测过滤,这主要是因为:用户端处于防火墙A的可信任区(trust),而服务器端处于不可信任区(untrust)。由于数据流是从内网发往公网(从trunst区到untrust区),因此在内网中是无需过滤和检测的。对于下行业务:服务器端发出的下行数据包,经过交换机B(即第二交换机)之后,直接发往用户端的防火墙A,在防火墙A进行过滤和检测,之后经过交换机A之后,进入下行通道。In one embodiment, the delay optimization method for 5G edge cloud provided by the present invention is described as a whole. Figure 4 is a schematic diagram of the principle of the uplink and downlink asymmetric networking provided by the present invention, as shown in Figure 4, from the perspective of the user end, for the uplink business: the uplink data packet sent by the user end passes through switch A (i.e. the first switch ), it is directly sent to the firewall B on the server side (that is, the second firewall), and does not need to be detected and filtered by the firewall A (that is, the first firewall) on the local side. This is mainly because: the client is in the trusted zone (trust) of firewall A , while the server is in an untrusted zone (untrust). Since the data flow is sent from the internal network to the public network (from the trunst zone to the untrust zone), there is no need for filtering and detection in the internal network. For downlink business: the downlink data packet sent by the server end is directly sent to the firewall A of the user end after passing through the switch B (that is, the second switch), and is filtered and detected in the firewall A, and then enters the downlink channel after passing through the switch A.

根据以上分析,上行路由为:交换机A(接口2的出方向)至防火墙B(接口6的入方向、接口7的出方向),再到交换机B(接口8的入方向);下行路由为:交换机B(接口9的出方向)至防火墙A(接口5的入方向、接口4的出方向),再到交换机A(接口3的入方向)。此时该边缘云小型数据中心带来的转发跳数为4次交换机、2次防火墙。基于非对称组网模式下的边缘云数据中心带来的整体时延测算如下:According to the above analysis, the uplink route is: switch A (outbound direction of interface 2) to firewall B (inbound direction of interface 6, outbound direction of interface 7), and then to switch B (inbound direction of interface 8); the downlink route is: Switch B (outbound direction of interface 9) to firewall A (inbound direction of interface 5, outbound direction of interface 4), and then to switch A (inbound direction of interface 3). At this time, the number of forwarding hops brought by the edge cloud small data center is 4 switches and 2 firewalls. The overall delay calculation caused by the edge cloud data center based on the asymmetric networking mode is as follows:

系统时延(非对称)=4*交换机时延+2*防火墙时延=4*0.5+2*1.0=4ms;System delay (asymmetric) = 4*switch delay+2*firewall delay=4*0.5+2*1.0=4ms;

因此,相对于现有对称上下行方案,本发明提供的非对称组网方案,可以带来约2毫秒时延优化,整体时延缩短33%。Therefore, compared with the existing symmetrical uplink and downlink solutions, the asymmetric networking solution provided by the present invention can bring about 2 milliseconds of delay optimization, and the overall delay is shortened by 33%.

进一步地,在本发明提供的非对称组网模式下,部分设备的接口可配置为沉默接口,如图4所示,主要包括接口2至接口9,共8个接口,例如:对于接口2,该接口的出方向(out)负责上行业务流,但其入方向(in)不接受流量,优选地,该接口2仅接收类似BFD的二层链路检测流量和路由更新消息,此时在其入方向上,配置ACL过滤策略,仅放通BFD和路由更新消息。同理,接口2、接口4、接口7、接口9的入方向配置为沉默接口;接口3、接口5、接口6、接口8的出方向配置为沉默接口。Further, in the asymmetric networking mode provided by the present invention, the interfaces of some devices can be configured as silent interfaces, as shown in Figure 4, mainly including interfaces 2 to 9, a total of 8 interfaces, for example: for interface 2, The outgoing direction (out) of this interface is responsible for the upstream business flow, but its incoming direction (in) does not accept traffic. Preferably, this interface 2 only receives BFD-like layer 2 link detection traffic and routing update messages. In the inbound direction, configure an ACL filtering policy to pass only BFD and routing update messages. Similarly, the inbound directions of interface 2, interface 4, interface 7, and interface 9 are configured as silent interfaces; the outbound directions of interface 3, interface 5, interface 6, and interface 8 are configured as silent interfaces.

对于非对称组网模型的路由配置,与现有对称网络相比,可参考图4所示,由于用户端A区和服务器端B区存在2条逻辑链路,此时,路由的配置原则也采用非对称路由发布方法:即配置上行流量由交换机A发往防火墙B(接口2到接口6);配置下行流量由交换机B发往防火墙A(接口9到接口5)。在具体路由配置及实现上,可以采用静态路由配置模式,在交换机A、交换机B上配置路由的下一条即可;也可以采用BGP或其它路由配置方式,此时需要本侧防火墙对外发布路由,而本侧交换机不对外发布路由,引导对端发出的流量从本侧防火墙经过。For the routing configuration of the asymmetric networking model, compared with the existing symmetric network, as shown in Figure 4, since there are two logical links in the area A of the user end and the area B of the server end, at this time, the principle of routing configuration is also Use the asymmetric route publishing method: configure uplink traffic to be sent from switch A to firewall B (interface 2 to interface 6); configure downlink traffic to be sent from switch B to firewall A (interface 9 to interface 5). In terms of specific route configuration and implementation, static route configuration mode can be used, and the next route can be configured on switch A and switch B; BGP or other route configuration methods can also be used. The switch on the local side does not advertise routes, but guides the traffic from the peer end to pass through the firewall on the local side.

进一步地,从用户端发出的数据包,用户端的设备将这个数据包视为可信业务,不用经过本侧防火墙而直接快速转发出去;之后经过服务器端防火墙(防火墙B)进行过滤,按照业务规则进行放通或拒绝。从服务器端发出的数据包,服务器端的设备将其视为可信任务,不用经过本侧防火墙直接快速转发出去;此时经过用户端防火墙A进行过滤,按照业务规则进行放通或拒绝。通过以上安全策略的配置,及结合路由和端口设置,可以实现安全防控及各自的拓扑隐藏。Further, for the data packet sent from the user end, the device on the user end regards the data packet as a trusted service, and directly and quickly forwards it without passing through the firewall on the local side; afterward, it is filtered by the server-side firewall (firewall B), and according to the business rules Make a pass or deny. The data packet sent from the server side is regarded as a trusted task by the device on the server side, and it is not directly forwarded through the firewall on the local side; at this time, it is filtered by the firewall A on the user side, and is allowed or rejected according to the business rules. Through the configuration of the above security policies, combined with routing and port settings, security prevention and control and respective topology hiding can be realized.

本发明提供的上行、下行非对称的边缘云小型数据中心组网方式,优化了5G业务端到端时延。The uplink and downlink asymmetric edge cloud small data center networking mode provided by the present invention optimizes the end-to-end delay of 5G services.

下面对本发明提供的用于5G边缘云的时延优化装置进行描述,下文描述的用于5G边缘云的时延优化装置与上文描述的用于5G边缘云的时延优化方法可相互对应参照。The delay optimization device for 5G edge cloud provided by the present invention is described below, and the delay optimization device for 5G edge cloud described below and the delay optimization method for 5G edge cloud described above can be referred to each other .

图5为本发明提供的用于5G边缘云的时延优化装置的结构示意图之一,如图5所示,本发明提供了一种用于5G边缘云的时延优化装置,包括上行数据转发模块501和下行数据接收模块502,其中,上行数据转发模块501用于通过第一交换机,将上行数据包转发到第二防火墙,其中,所述第一交换机设置在用户端,所述第二防火墙设置在服务器端;下行数据接收模块502用于通过第一防火墙,对第二交换机转发的下行数据包进行过滤,并将过滤后的下行数据发送到所述第一交换机,其中,所述第一防火墙设置在用户端,所述第二交换机设置在服务器端。Figure 5 is one of the structural schematic diagrams of the delay optimization device for 5G edge cloud provided by the present invention. As shown in Figure 5, the present invention provides a delay optimization device for 5G edge cloud, including uplink data forwarding Module 501 and downlink data receiving module 502, wherein the uplink data forwarding module 501 is used to forward the uplink data packet to the second firewall through the first switch, wherein the first switch is set at the user end, and the second firewall Set on the server side; the downlink data receiving module 502 is used to filter the downlink data packets forwarded by the second switch through the first firewall, and send the filtered downlink data to the first switch, wherein the first The firewall is set at the user end, and the second switch is set at the server end.

本发明提供的用于5G边缘云的时延优化装置,通过对上行、下行流量路径进行优化组网,提出上行、下行非对称的组网方案,减少转发平面的设备数量,进而降低转发时延。The delay optimization device for 5G edge cloud provided by the present invention proposes an asymmetric uplink and downlink networking scheme by optimizing the uplink and downlink traffic paths, reducing the number of devices on the forwarding plane, thereby reducing the forwarding delay .

图6为本发明提供的用于5G边缘云的时延优化装置的结构示意图之二,如图6所示,本发明提供了一种用于5G边缘云的时延优化装置,包括下行数据转发模块601和上行数据接收模块602,其中,下行数据转发模块601用于通过第二交换机,将下行数据包转发到第一防火墙,其中,所述第二交换机设置在服务器端,所述第一防火墙设置在用户端;上行数据接收模块602用于通过第二防火墙,对第一交换机转发的上行数据包进行过滤,并将过滤后的上行数据发送到所述第二交换机,其中,所述第二防火墙设置在服务器端,所述第一交换机设置在用户端。Figure 6 is the second structural schematic diagram of the delay optimization device for 5G edge cloud provided by the present invention. As shown in Figure 6, the present invention provides a delay optimization device for 5G edge cloud, including downlink data forwarding Module 601 and uplink data receiving module 602, wherein the downlink data forwarding module 601 is used to forward the downlink data packet to the first firewall through the second switch, wherein the second switch is set at the server end, and the first firewall Set at the user end; the uplink data receiving module 602 is configured to filter the uplink data packets forwarded by the first switch through the second firewall, and send the filtered uplink data to the second switch, wherein the second The firewall is set at the server end, and the first switch is set at the user end.

本发明提供的用于5G边缘云的时延优化装置,通过对上行、下行流量路径进行优化组网,提出上行、下行非对称的组网方案,减少转发平面的设备数量,进而降低转发时延。The delay optimization device for 5G edge cloud provided by the present invention proposes an asymmetric uplink and downlink networking scheme by optimizing the uplink and downlink traffic paths, reducing the number of devices on the forwarding plane, thereby reducing the forwarding delay .

本发明涉及的终端,可以是指向用户提供语音和/或数据连通性的设备,具有无线连接功能的手持式设备、或连接到无线调制解调器的其他处理设备等。在不同的系统中,终端设备的名称可能也不相同,例如在5G系统中,终端设备可以称为用户设备(UserEquipment,UE)。The terminal involved in the present invention may be a device that provides voice and/or data connectivity to users, a handheld device with a wireless connection function, or other processing devices connected to a wireless modem. In different systems, the names of the terminal equipment may be different. For example, in a 5G system, the terminal equipment may be called user equipment (User Equipment, UE).

本发明涉及的网络设备,可以是基站,该基站可以包括多个为终端提供服务的小区。根据具体应用场合不同,基站又可以称为接入点,或者可以是接入网中在空中接口上通过一个或多个扇区与无线终端设备通信的设备,或者其它名称。The network equipment involved in the present invention may be a base station, and the base station may include multiple cells providing services for terminals. Depending on the specific application, the base station can also be called an access point, or it can be a device in the access network that communicates with the wireless terminal device through one or more sectors on the air interface, or other names.

图7为本发明提供的终端的结构示意图,如图7所示,本发明还提供一种终端,可以包括:存储器710,收发机720以及处理器730;FIG. 7 is a schematic structural diagram of a terminal provided by the present invention. As shown in FIG. 7 , the present invention also provides a terminal, which may include: a memory 710, a transceiver 720, and a processor 730;

存储器710用于存储计算机程序;收发机720,用于在所述处理器730的控制下收发数据;处理器730,用于读取所述存储器710中的计算机程序并执行以下操作:The memory 710 is used to store computer programs; the transceiver 720 is used to send and receive data under the control of the processor 730; the processor 730 is used to read the computer programs in the memory 710 and perform the following operations:

通过第一交换机,将上行数据包转发到第二防火墙,其中,所述第一交换机设置在用户端,所述第二防火墙设置在服务器端;Forwarding the uplink data packet to the second firewall through the first switch, wherein the first switch is set at the user end, and the second firewall is set at the server end;

通过第一防火墙,对第二交换机转发的下行数据包进行过滤,并将过滤后的下行数据发送到所述第一交换机,其中,所述第一防火墙设置在用户端,所述第二交换机设置在服务器端。Through the first firewall, the downlink data packets forwarded by the second switch are filtered, and the filtered downlink data is sent to the first switch, wherein the first firewall is set at the user end, and the second switch is set on the server side.

其中,在图7中,总线架构可以包括任意数量的互联的总线和桥,具体由处理器730代表的一个或多个处理器和存储器710代表的存储器的各种电路链接在一起。总线架构还可以将诸如外围设备、稳压器和功率管理电路等之类的各种其他电路链接在一起,这些都是本领域所公知的,因此,本发明不再对其进行进一步描述。总线接口提供接口。收发机720可以是多个元件,即包括发送机和接收机,提供用于在传输介质上与各种其他装置通信的单元。针对不同的用户设备,用户接口740还可以是能够外接内接需要设备的接口。Wherein, in FIG. 7 , the bus architecture may include any number of interconnected buses and bridges, specifically one or more processors represented by the processor 730 and various circuits of the memory represented by the memory 710 are linked together. The bus architecture can also link together various other circuits such as peripherals, voltage regulators, and power management circuits, etc., which are well known in the art and thus will not be further described herein. The bus interface provides the interface. Transceiver 720 may be a plurality of elements, including a transmitter and a receiver, providing a means for communicating with various other devices over transmission media. For different user equipments, the user interface 740 may also be an interface capable of connecting externally and internally to required equipment.

处理器730负责管理总线架构和通常的处理,存储器710可以存储处理器730在执行操作时所使用的数据。The processor 730 is responsible for managing the bus architecture and general processing, and the memory 710 may store data used by the processor 730 when performing operations.

处理器730通过调用存储器710存储的计算机程序,用于按照获得的可执行指令执行本发明提供的任一所述方法。处理器与存储器也可以物理上分开布置。The processor 730 is configured to execute any one of the methods provided by the present invention according to the obtained executable instructions by calling the computer program stored in the memory 710 . The processor and memory may also be physically separated.

图8为本发明提供的网络设备的结构示意图,如图8所示,本发明还提供一种网络设备,可以包括:存储器810,收发机820以及处理器830;FIG. 8 is a schematic structural diagram of a network device provided by the present invention. As shown in FIG. 8 , the present invention also provides a network device, which may include: a memory 810, a transceiver 820, and a processor 830;

存储器810用于存储计算机程序;收发机820,用于在所述处理器830的控制下收发数据;处理器830,用于读取所述存储器810中的计算机程序并执行以下操作:The memory 810 is used to store computer programs; the transceiver 820 is used to send and receive data under the control of the processor 830; the processor 830 is used to read the computer programs in the memory 810 and perform the following operations:

通过第二交换机,将下行数据包转发到第一防火墙,其中,所述第二交换机设置在服务器端,所述第一防火墙设置在用户端;Forwarding the downlink data packet to the first firewall through the second switch, wherein the second switch is set at the server end, and the first firewall is set at the user end;

通过第二防火墙,对第一交换机转发的上行数据包进行过滤,并将过滤后的上行数据发送到所述第二交换机,其中,所述第二防火墙设置在服务器端,所述第一交换机设置在用户端。Through the second firewall, the uplink data packet forwarded by the first switch is filtered, and the filtered uplink data is sent to the second switch, wherein the second firewall is set on the server side, and the first switch is set on the user side.

其中,在图8中,总线架构可以包括任意数量的互联的总线和桥,具体由处理器830代表的一个或多个处理器和存储器810代表的存储器的各种电路链接在一起。总线架构还可以将诸如外围设备、稳压器和功率管理电路等之类的各种其他电路链接在一起,这些都是本领域所公知的,因此,本发明不再对其进行进一步描述。总线接口提供接口。收发机820可以是多个元件,即包括发送机和接收机,提供用于在传输介质上与各种其他装置通信的单元。处理器830负责管理总线架构和通常的处理,存储器810可以存储处理器830在执行操作时所使用的数据。Wherein, in FIG. 8 , the bus architecture may include any number of interconnected buses and bridges, specifically one or more processors represented by the processor 830 and various circuits of the memory represented by the memory 810 are linked together. The bus architecture can also link together various other circuits such as peripherals, voltage regulators, and power management circuits, etc., which are well known in the art and thus will not be further described herein. The bus interface provides the interface. Transceiver 820 may be a plurality of elements, including a transmitter and a receiver, providing a means for communicating with various other devices over transmission media. The processor 830 is responsible for managing the bus architecture and general processing, and the memory 810 may store data used by the processor 830 when performing operations.

在此需要说明的是,本发明提供的终端以及网络设备,能够实现上述方法实施例所实现的所有方法步骤,且能够达到相同的技术效果,在此不再对本实施例中与方法实施例相同的部分及有益效果进行具体赘述。What needs to be explained here is that the terminal and network equipment provided by the present invention can implement all the method steps implemented by the above method embodiments, and can achieve the same technical effect. The part and the beneficial effect are described in detail.

图9为本发明提供的电子设备的实体结构示意图,如图9所示,该电子设备可以包括:处理器(processor)910、通信接口(Communication Interface)920、存储器(memory)930和通信总线940,其中,处理器910,通信接口920,存储器930通过通信总线940完成相互间的通信。处理器910可以调用存储器930中的计算机程序,以执行用于5G边缘云的时延优化方法的步骤,例如包括:通过第一交换机,将上行数据包转发到第二防火墙,其中,所述第一交换机设置在用户端,所述第二防火墙设置在服务器端;通过第一防火墙,对第二交换机转发的下行数据包进行过滤,并将过滤后的下行数据发送到所述第一交换机,其中,所述第一防火墙设置在用户端,所述第二交换机设置在服务器端;FIG. 9 is a schematic diagram of the physical structure of the electronic device provided by the present invention. As shown in FIG. 9, the electronic device may include: a processor (processor) 910, a communication interface (Communication Interface) 920, a memory (memory) 930 and a communication bus 940 , wherein, the processor 910 , the communication interface 920 , and the memory 930 communicate with each other through the communication bus 940 . The processor 910 may call the computer program in the memory 930 to execute the steps of the delay optimization method for 5G edge cloud, for example, including: forwarding the uplink data packet to the second firewall through the first switch, wherein the first A switch is set at the user end, and the second firewall is set at the server end; through the first firewall, the downlink data packets forwarded by the second switch are filtered, and the filtered downlink data is sent to the first switch, wherein , the first firewall is set at the user end, and the second switch is set at the server end;

或者,通过第二交换机,将下行数据包转发到第一防火墙,其中,所述第二交换机设置在服务器端,所述第一防火墙设置在用户端;通过第二防火墙,对第一交换机转发的上行数据包进行过滤,并将过滤后的上行数据发送到所述第二交换机,其中,所述第二防火墙设置在服务器端,所述第一交换机设置在用户端。Or, forward the downlink data packet to the first firewall through the second switch, wherein the second switch is set at the server end, and the first firewall is set at the user end; through the second switch, forward the first switch The uplink data packets are filtered, and the filtered uplink data is sent to the second switch, wherein the second firewall is set at the server end, and the first switch is set at the user end.

此外,上述的存储器930中的逻辑指令可以通过软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。In addition, the above-mentioned logic instructions in the memory 930 may be implemented in the form of software function units and be stored in a computer-readable storage medium when sold or used as an independent product. Based on this understanding, the essence of the technical solution of the present invention or the part that contributes to the prior art or the part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium, including Several instructions are used to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the methods described in various embodiments of the present invention. The aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disk or optical disk and other media that can store program codes. .

另一方面,本发明还提供一种计算机程序产品,所述计算机程序产品包括存储在非暂态计算机可读存储介质上的计算机程序,所述计算机程序包括程序指令,当所述程序指令被计算机执行时,计算机能够执行上述各方法所提供的用于5G边缘云的时延优化方法的步骤,例如包括:通过第一交换机,将上行数据包转发到第二防火墙,其中,所述第一交换机设置在用户端,所述第二防火墙设置在服务器端;通过第一防火墙,对第二交换机转发的下行数据包进行过滤,并将过滤后的下行数据发送到所述第一交换机,其中,所述第一防火墙设置在用户端,所述第二交换机设置在服务器端;On the other hand, the present invention also provides a computer program product, the computer program product includes a computer program stored on a non-transitory computer-readable storage medium, the computer program includes program instructions, and when the program instructions are executed by a computer When executing, the computer can execute the steps of the delay optimization method for 5G edge cloud provided by the above methods, for example, including: forwarding the uplink data packet to the second firewall through the first switch, wherein the first switch It is set at the user end, and the second firewall is set at the server end; through the first firewall, the downlink data packets forwarded by the second switch are filtered, and the filtered downlink data is sent to the first switch, wherein the The first firewall is set at the user end, and the second switch is set at the server end;

或者,通过第二交换机,将下行数据包转发到第一防火墙,其中,所述第二交换机设置在服务器端,所述第一防火墙设置在用户端;通过第二防火墙,对第一交换机转发的上行数据包进行过滤,并将过滤后的上行数据发送到所述第二交换机,其中,所述第二防火墙设置在服务器端,所述第一交换机设置在用户端。Or, forward the downlink data packet to the first firewall through the second switch, wherein the second switch is set at the server end, and the first firewall is set at the user end; through the second switch, forward the first switch The uplink data packets are filtered, and the filtered uplink data is sent to the second switch, wherein the second firewall is set at the server end, and the first switch is set at the user end.

另一方面,本发明还提供一种处理器可读存储介质,所述处理器可读存储介质存储有计算机程序,所述计算机程序用于使所述处理器执行上述各实施例提供的方法的步骤,例如包括:通过第一交换机,将上行数据包转发到第二防火墙,其中,所述第一交换机设置在用户端,所述第二防火墙设置在服务器端;通过第一防火墙,对第二交换机转发的下行数据包进行过滤,并将过滤后的下行数据发送到所述第一交换机,其中,所述第一防火墙设置在用户端,所述第二交换机设置在服务器端;On the other hand, the present invention also provides a processor-readable storage medium, the processor-readable storage medium stores a computer program, and the computer program is used to make the processor execute the methods provided by the above-mentioned embodiments. The steps include, for example: forwarding the uplink data packet to the second firewall through the first switch, wherein the first switch is set at the user end, and the second firewall is set at the server end; filtering the downlink data packets forwarded by the switch, and sending the filtered downlink data to the first switch, wherein the first firewall is set at the user end, and the second switch is set at the server end;

或者,通过第二交换机,将下行数据包转发到第一防火墙,其中,所述第二交换机设置在服务器端,所述第一防火墙设置在用户端;通过第二防火墙,对第一交换机转发的上行数据包进行过滤,并将过滤后的上行数据发送到所述第二交换机,其中,所述第二防火墙设置在服务器端,所述第一交换机设置在用户端。Or, forward the downlink data packet to the first firewall through the second switch, wherein the second switch is set at the server end, and the first firewall is set at the user end; through the second switch, forward the first switch The uplink data packets are filtered, and the filtered uplink data is sent to the second switch, wherein the second firewall is set at the server end, and the first switch is set at the user end.

所述处理器可读存储介质可以是处理器能够存取的任何可用介质或数据存储设备,包括但不限于磁性存储器(例如软盘、硬盘、磁带、磁光盘(MO)等)、光学存储器(例如CD、DVD、BD、HVD等)、以及半导体存储器(例如ROM、EPROM、EEPROM、非易失性存储器(NANDFLASH)、固态硬盘(SSD))等。The processor-readable storage medium can be any available medium or data storage device that can be accessed by a processor, including but not limited to magnetic storage (e.g., floppy disk, hard disk, magnetic tape, magneto-optical disk (MO), etc.), optical storage (e.g., CD, DVD, BD, HVD, etc.), and semiconductor memory (such as ROM, EPROM, EEPROM, non-volatile memory (NANDFLASH), solid-state disk (SSD)), etc.

以上所描述的装置实施例仅仅是示意性的,其中所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。本领域普通技术人员在不付出创造性的劳动的情况下,即可以理解并实施。The device embodiments described above are only illustrative, and the units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in One place, or it can be distributed to multiple network elements. Part or all of the modules can be selected according to actual needs to achieve the purpose of the solution of this embodiment. It can be understood and implemented by those skilled in the art without any creative effort.

通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到各实施方式可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件。基于这样的理解,上述技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品可以存储在计算机可读存储介质中,如ROM/RAM、磁碟、光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行各个实施例或者实施例的某些部分所述的方法。Through the above description of the implementations, those skilled in the art can clearly understand that each implementation can be implemented by means of software plus a necessary general hardware platform, and of course also by hardware. Based on this understanding, the essence of the above technical solution or the part that contributes to the prior art can be embodied in the form of software products, and the computer software products can be stored in computer-readable storage media, such as ROM/RAM, magnetic discs, optical discs, etc., including several instructions to make a computer device (which may be a personal computer, server, or network device, etc.) execute the methods described in various embodiments or some parts of the embodiments.

最后应说明的是:以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present invention, rather than to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: it can still be Modifications are made to the technical solutions described in the foregoing embodiments, or equivalent replacements are made to some of the technical features; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the spirit and scope of the technical solutions of the various embodiments of the present invention.

Claims (14)

1.一种用于5G边缘云的时延优化方法,其特征在于,包括:1. A delay optimization method for 5G edge cloud, characterized in that, comprising: 通过第一交换机,将上行数据包转发到第二防火墙,其中,所述第一交换机设置在用户端,所述第二防火墙设置在服务器端;Forwarding the uplink data packet to the second firewall through the first switch, wherein the first switch is set at the user end, and the second firewall is set at the server end; 通过第一防火墙,对第二交换机转发的下行数据包进行过滤,并将过滤后的下行数据发送到所述第一交换机,其中,所述第一防火墙设置在用户端,所述第二交换机设置在服务器端。Through the first firewall, the downlink data packets forwarded by the second switch are filtered, and the filtered downlink data is sent to the first switch, wherein the first firewall is set at the user end, and the second switch is set on the server side. 2.根据权利要求1所述的用于5G边缘云的时延优化方法,其特征在于,所述第一交换机的上行数据输出端口包括第一入方向接口和第一出方向接口,所述第一交换机的下行数据输入端口包括第二入方向接口和第二出方向接口,所述第一防火墙的下行数据输入端口包括第三入方向接口和第三出方向接口,所述第一防火墙的下行数据输出端口包括第四入方向接口和第四出方向接口,其中,所述第一入方向接口和所述第四入方向接口为不接收数据包的接口,所述第二出方向接口和所述第三出方向接口为不发送数据包的接口。2. The delay optimization method for 5G edge cloud according to claim 1, wherein the uplink data output port of the first switch includes a first inbound interface and a first outbound interface, and the first outbound interface The downlink data input port of a switch includes a second inbound interface and a second outbound interface, the downlink data input port of the first firewall includes a third inbound interface and a third outbound interface, and the downlink data port of the first firewall includes a third inbound interface and a third outbound interface. The data output port includes a fourth inbound interface and a fourth outbound interface, wherein the first inbound interface and the fourth inbound interface are interfaces that do not receive data packets, and the second outbound interface and the fourth inbound interface are interfaces that do not receive data packets. The third outgoing interface is an interface that does not send data packets. 3.根据权利要求1所述的用于5G边缘云的时延优化方法,其特征在于,在所述通过第一防火墙,对第二交换机转发的下行数据包进行过滤之前,所述方法还包括:3. The delay optimization method for 5G edge cloud according to claim 1, characterized in that, before the downlink data packet forwarded by the second switch is filtered through the first firewall, the method further comprises : 通过第一防火墙,向服务器端发布第一路由信息,以供第二交换机根据所述第一路由信息,将下行数据包转发到所述第一防火墙。Publishing the first routing information to the server through the first firewall, so that the second switch forwards the downlink data packet to the first firewall according to the first routing information. 4.根据权利要求1所述的用于5G边缘云的时延优化方法,其特征在于,在所述通过第一交换机,将上行数据包转发到第二防火墙之前,所述方法还包括:4. The delay optimization method for 5G edge cloud according to claim 1, characterized in that, before the uplink data packet is forwarded to the second firewall by the first switch, the method further comprises: 将第一交换机转发的上行数据包设置为可信业务。The uplink data packet forwarded by the first switch is set as a trusted service. 5.一种用于5G边缘云的时延优化方法,其特征在于,包括:5. A delay optimization method for 5G edge cloud, characterized in that, comprising: 通过第二交换机,将下行数据包转发到第一防火墙,其中,所述第二交换机设置在服务器端,所述第一防火墙设置在用户端;Forwarding the downlink data packet to the first firewall through the second switch, wherein the second switch is set at the server end, and the first firewall is set at the user end; 通过第二防火墙,对第一交换机转发的上行数据包进行过滤,并将过滤后的上行数据发送到所述第二交换机,其中,所述第二防火墙设置在服务器端,所述第一交换机设置在用户端。Through the second firewall, the uplink data packet forwarded by the first switch is filtered, and the filtered uplink data is sent to the second switch, wherein the second firewall is set on the server side, and the first switch is set on the user side. 6.根据权利要求5所述的用于5G边缘云的时延优化方法,其特征在于,所述第二交换机的上行数据输入端口包括第五入方向接口和第五出方向接口,所述第二交换机的下行数据输出端口包括第六入方向接口和第六出方向接口,所述第二防火墙的上行数据输入端口包括第七入方向接口和第七出方向接口,所述第二防火墙的上行数据输出端口包括第八入方向接口和第八出方向接口,其中,所述第六入方向接口和所述第八入方向接口为不接收数据包的接口,所述第五出方向接口和所述第七出方向接口为不发送数据包的接口。6. The delay optimization method for 5G edge cloud according to claim 5, wherein the uplink data input port of the second switch includes a fifth inbound interface and a fifth outbound interface, and the first The downlink data output port of the second switch includes the sixth inbound interface and the sixth outbound interface, the uplink data input port of the second firewall includes the seventh inbound interface and the seventh outbound interface, and the uplink of the second firewall The data output port includes an eighth inbound interface and an eighth outbound interface, wherein the sixth inbound interface and the eighth inbound interface are interfaces that do not receive data packets, and the fifth outbound interface and the eighth inbound interface are interfaces that do not receive data packets. The seventh outbound interface is an interface that does not send data packets. 7.根据权利要求5所述的用于5G边缘云的时延优化方法,其特征在于,在所述通过第二防火墙,对第一交换机转发的上行数据包进行过滤之前,所述方法还包括:7. The delay optimization method for 5G edge cloud according to claim 5, characterized in that, before the uplink data packet forwarded by the first switch is filtered through the second firewall, the method further comprises : 通过第二防火墙,向客户器端发布第二路由信息,以供第一交换机根据所述第二路由信息,将上行数据包转发到所述第二防火墙。Publishing second routing information to the client through the second firewall, so that the first switch forwards the uplink data packet to the second firewall according to the second routing information. 8.根据权利要求5所述的用于5G边缘云的时延优化方法,其特征在于,在所述通过第二交换机,将下行数据包转发到第一防火墙之前,所述方法还包括:8. The delay optimization method for 5G edge cloud according to claim 5, wherein, before the downlink data packet is forwarded to the first firewall by the second switch, the method further comprises: 将第二交换机转发的下行数据包设置为可信业务。Set the downlink data packet forwarded by the second switch as a trusted service. 9.一种用于5G边缘云的时延优化装置,其特征在于,包括:9. A delay optimization device for 5G edge cloud, characterized in that it comprises: 上行数据转发模块,用于通过第一交换机,将上行数据包转发到第二防火墙,其中,所述第一交换机设置在用户端,所述第二防火墙设置在服务器端;The uplink data forwarding module is configured to forward the uplink data packet to the second firewall through the first switch, wherein the first switch is set at the user end, and the second firewall is set at the server end; 下行数据接收模块,用于通过第一防火墙,对第二交换机转发的下行数据包进行过滤,并将过滤后的下行数据发送到所述第一交换机,其中,所述第一防火墙设置在用户端,所述第二交换机设置在服务器端。The downlink data receiving module is configured to filter the downlink data packets forwarded by the second switch through the first firewall, and send the filtered downlink data to the first switch, wherein the first firewall is set at the user end , the second switch is set at the server end. 10.一种用于5G边缘云的时延优化装置,其特征在于,包括:10. A delay optimization device for 5G edge cloud, characterized in that it comprises: 下行数据转发模块,用于通过第二交换机,将下行数据包转发到第一防火墙,其中,所述第二交换机设置在服务器端,所述第一防火墙设置在用户端;The downlink data forwarding module is configured to forward the downlink data packet to the first firewall through the second switch, wherein the second switch is set at the server end, and the first firewall is set at the user end; 上行数据接收模块,用于通过第二防火墙,对第一交换机转发的上行数据包进行过滤,并将过滤后的上行数据发送到所述第二交换机,其中,所述第二防火墙设置在服务器端,所述第一交换机设置在用户端。The uplink data receiving module is configured to filter the uplink data packets forwarded by the first switch through the second firewall, and send the filtered uplink data to the second switch, wherein the second firewall is set on the server side , the first switch is set at the user end. 11.一种终端,其特征在于,包括存储器,收发机,处理器;11. A terminal, characterized in that it includes a memory, a transceiver, and a processor; 存储器,用于存储计算机程序;收发机,用于在所述处理器的控制下收发数据;处理器,用于读取所述存储器中的计算机程序并执行以下操作:The memory is used to store computer programs; the transceiver is used to send and receive data under the control of the processor; the processor is used to read the computer programs in the memory and perform the following operations: 通过第一交换机,将上行数据包转发到第二防火墙,其中,所述第一交换机设置在用户端,所述第二防火墙设置在服务器端;Forwarding the uplink data packet to the second firewall through the first switch, wherein the first switch is set at the user end, and the second firewall is set at the server end; 通过第一防火墙,对第二交换机转发的下行数据包进行过滤,并将过滤后的下行数据发送到所述第一交换机,其中,所述第一防火墙设置在用户端,所述第二交换机设置在服务器端。Through the first firewall, the downlink data packets forwarded by the second switch are filtered, and the filtered downlink data is sent to the first switch, wherein the first firewall is set at the user end, and the second switch is set on the server side. 12.一种网络设备,其特征在于,包括存储器,收发机,处理器;12. A network device, comprising a memory, a transceiver, and a processor; 存储器,用于存储计算机程序;收发机,用于在所述处理器的控制下收发数据;处理器,用于读取所述存储器中的计算机程序并执行以下操作:The memory is used to store computer programs; the transceiver is used to send and receive data under the control of the processor; the processor is used to read the computer programs in the memory and perform the following operations: 通过第二交换机,将下行数据包转发到第一防火墙,其中,所述第二交换机设置在服务器端,所述第一防火墙设置在用户端;Forwarding the downlink data packet to the first firewall through the second switch, wherein the second switch is set at the server end, and the first firewall is set at the user end; 通过第二防火墙,对第一交换机转发的上行数据包进行过滤,并将过滤后的上行数据发送到所述第二交换机,其中,所述第二防火墙设置在服务器端,所述第一交换机设置在用户端。Through the second firewall, the uplink data packet forwarded by the first switch is filtered, and the filtered uplink data is sent to the second switch, wherein the second firewall is set on the server side, and the first switch is set on the user side. 13.一种电子设备,包括处理器和存储有计算机程序的存储器,其特征在于,所述处理器执行所述计算机程序时实现权利要求1至4任一项所述的用于5G边缘云的时延优化方法的步骤,或实现权利要求5至8任一项所述的用于5G边缘云的时延优化方法的步骤。13. An electronic device, comprising a processor and a memory storing a computer program, characterized in that, when the processor executes the computer program, the 5G edge cloud system according to any one of claims 1 to 4 is implemented The steps of the delay optimization method, or the steps of realizing the delay optimization method for 5G edge cloud described in any one of claims 5 to 8. 14.一种非暂态计算机可读存储介质,其上存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现如权利要求1至8任一项所述用于5G边缘云的时延优化方法的步骤。14. A non-transitory computer-readable storage medium on which a computer program is stored, characterized in that, when the computer program is executed by a processor, it implements the 5G edge cloud as described in any one of claims 1 to 8. The steps of the delay optimization method.
CN202111124157.1A 2021-09-24 2021-09-24 Delay optimization method and device for 5G edge cloud Pending CN115866599A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111124157.1A CN115866599A (en) 2021-09-24 2021-09-24 Delay optimization method and device for 5G edge cloud

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111124157.1A CN115866599A (en) 2021-09-24 2021-09-24 Delay optimization method and device for 5G edge cloud

Publications (1)

Publication Number Publication Date
CN115866599A true CN115866599A (en) 2023-03-28

Family

ID=85652627

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111124157.1A Pending CN115866599A (en) 2021-09-24 2021-09-24 Delay optimization method and device for 5G edge cloud

Country Status (1)

Country Link
CN (1) CN115866599A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6502191B1 (en) * 1997-02-14 2002-12-31 Tumbleweed Communications Corp. Method and system for binary data firewall delivery
CN102413190A (en) * 2011-12-19 2012-04-11 广东电子工业研究院有限公司 Network architecture based on cloud computing and virtual network management method thereof
CN103036757A (en) * 2011-09-30 2013-04-10 上海煤气第二管线工程有限公司 Network architecture and configuration method thereof
CN209731296U (en) * 2019-04-25 2019-12-03 苏州协鑫新能源运营科技有限公司 A kind of new energy power station network architecture
CN113411200A (en) * 2021-05-08 2021-09-17 中国科学院计算技术研究所 Method and system for encapsulating, decapsulating and transmitting virtual traffic based on simulation network

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6502191B1 (en) * 1997-02-14 2002-12-31 Tumbleweed Communications Corp. Method and system for binary data firewall delivery
CN103036757A (en) * 2011-09-30 2013-04-10 上海煤气第二管线工程有限公司 Network architecture and configuration method thereof
CN102413190A (en) * 2011-12-19 2012-04-11 广东电子工业研究院有限公司 Network architecture based on cloud computing and virtual network management method thereof
CN209731296U (en) * 2019-04-25 2019-12-03 苏州协鑫新能源运营科技有限公司 A kind of new energy power station network architecture
CN113411200A (en) * 2021-05-08 2021-09-17 中国科学院计算技术研究所 Method and system for encapsulating, decapsulating and transmitting virtual traffic based on simulation network

Similar Documents

Publication Publication Date Title
US10798638B2 (en) Apparatus and method for controller and slice-based security gateway for 5G
EP2052563B1 (en) Ggsn proxy for one tunnel solution
CN107547393A (en) Method and network device for calculating forwarding path
KR102050910B1 (en) Method and system to enable re-routing for home networks upon connectivity failure
EP2858306B1 (en) Data transmission method, device and gateway
CN100502329C (en) Ethernet exchanger and its service processing method
KR20200079564A (en) Remote and dynamic injection of routes into the IP network
EP3258724B1 (en) Preserving mobile network session data during radio access technology handover
US7852864B2 (en) System and method for detecting and directing traffic in a network environment
CN100399767C (en) Method for accessing IP public network by virtual switch system
CN114697999A (en) Redundant path creating method, device and system
US12432144B2 (en) Global visibility for virtual private network (VPN) conditions for routing optimizations
EP4135288B1 (en) Multiple state control interfaces between a control plane and a user plane in a disaggregated broadband network gateway architecture
CN102239670B (en) A load sharing method and device
CN104426777B (en) Route renewing method and routing device
CN113285877B (en) A control method and related device for message forwarding
JPWO2014069502A1 (en) COMMUNICATION SYSTEM, ROUTE INFORMATION EXCHANGE DEVICE, COMMUNICATION NODE, ROUTE INFORMATION TRANSFER METHOD, AND PROGRAM
EP2209263B1 (en) Method, system and installation for forwarding data transmission frames
CN104521201B (en) Processing method of forwarding node, forwarding node and control node
KR101679224B1 (en) Network system based on sdn capable traffice distribution
CN115866599A (en) Delay optimization method and device for 5G edge cloud
EP4412162A1 (en) Control plane initiated switchover for subscriber group
CN104767720A (en) OpenFlow message tracking and filtering method in software defined network
KR101767472B1 (en) Method for changing data path by sdn-based controller
CN112187551B (en) Benchmark testing method and device for edge device capability based on software-defined wide area network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination