WO2016127436A1 - 数据上载的方法、装置及系统 - Google Patents

数据上载的方法、装置及系统 Download PDF

Info

Publication number
WO2016127436A1
WO2016127436A1 PCT/CN2015/073119 CN2015073119W WO2016127436A1 WO 2016127436 A1 WO2016127436 A1 WO 2016127436A1 CN 2015073119 W CN2015073119 W CN 2015073119W WO 2016127436 A1 WO2016127436 A1 WO 2016127436A1
Authority
WO
WIPO (PCT)
Prior art keywords
vnf package
vnf
user
package
identifier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2015/073119
Other languages
English (en)
French (fr)
Inventor
刘建宁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to BR112017017491A priority Critical patent/BR112017017491A2/pt
Priority to CN201580002153.2A priority patent/CN106105154B/zh
Priority to EP15881598.5A priority patent/EP3249882A4/en
Priority to PCT/CN2015/073119 priority patent/WO2016127436A1/zh
Publication of WO2016127436A1 publication Critical patent/WO2016127436A1/zh
Priority to US15/676,122 priority patent/US20170373939A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0895Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/951Indexing; Web crawling techniques
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/04Network management architectures or arrangements
    • H04L41/046Network management architectures or arrangements comprising network management agents or mobile agents therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0806Configuration setting for initial configuration or provisioning, e.g. plug-and-play
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0889Techniques to speed-up the configuration process
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/40Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using virtualisation of network functions or resources, e.g. SDN or NFV entities

Definitions

  • the present invention relates to the field of network function virtualization, and in particular, to a data uploading method, device and system.
  • NFV Network Function Virtualization
  • IT Information Technology
  • NFV Network Function Virtualization
  • NSD Network Service Descriptor
  • VNF Package virtual network function package
  • the user uploads a Network Service Descriptor (NSD) to the network function virtualization orchestrator (NFV Orchestrator) on the network side, which is also called network service description information.
  • NSD Network Service Descriptor
  • NFV Orchestrator the Network Function Virtualization Orchestrator
  • NS network service
  • the Network Function Virtualization Orchestrator is responsible for orchestrating and managing resources according to the network service (NS) requested by the user, and monitoring the VNF resources and their running status in real time. If the upload is successful, the Network Function Virtualization Choreographer has saved all the VNF Packages required by NSD. Then the NSD upload success confirmation message is returned, and then the user is provided with its network service.
  • the VND Package can return the NSD upload failure message if it can virtualize all the VNF Packages required by the orchestrator to save the network service description information. 2. If the user receives the NSD upload failure message, according to the existing standards, the user needs to upload each VNF Package required by the NSD one by one. During the upload process of each VNF Package, the network function virtualization orchestrator performs user authentication on the upload VNF Package, and if verified, adds the VNF Package to the VNF directory. When all the VNFs described by the NSD are all stored in the VNF directory, the NSD is added to the NSD directory, and an NSD upload success message is sent to the user.
  • the inventor found that at least the following problems exist in the prior art: when the NSD upload fails, the user needs to upload the VNF packages required by the NSD one by one to the network function virtualization orchestrator. User authentication is required each time the VNF Package is uploaded. Thus, for the N VNF packages of the same NSD, multiple repeated authentications are required, and at most N-1 duplicate authentications are generated, resulting in waste of resources.
  • the invention provides a method, a device and a system for uploading data, which are used to solve the problem that a user repeatedly performs identity verification when an NSD upload fails, resulting in waste of resources.
  • the present invention provides a data uploading method, the method is applied to a device that the user is currently logged in, and the user provides a user of the network service NS, the method includes:
  • the query result carries a target VNF Package identifier list, where the target VNF Package identifier list is used to record an identifier of the at least one target VNF Package that is not uploaded;
  • the target VNF Package identifier list is not empty, acquiring the at least one target VNF Package according to the target VNF Package identifier list;
  • the method before the receiving the query result sent by the network function virtualization orchestrator, the method further includes:
  • a second possible implementation of the first aspect is also provided, in the first aspect
  • the second possible implementation manner after the acquiring the at least one target VNF Package according to the target VNF Package identifier list, the method further includes:
  • the present invention provides a method for data uploading, the method application For the network function virtualization orchestrator, the method includes:
  • Target VNF Package identifier list Sending, to the user, a target VNF Package identifier list, where the target VNF Package identifier list is used to record the at least one target VNF Package identifier;
  • Network service package carries network service description information NSD of the network service, at least one target VNF Package corresponding to the at least one target VNF Package identifier, and an authentication file;
  • the method before the searching for the all VNF Package identifiers, the at least one target VNF Package identifier in the VNF directory is not recorded, the method also includes:
  • the second query request carries all VNF Package identifiers required by the network service and at least one VNF Package version number, and each VNF Package version number corresponds to a VNF Package identifier;
  • the at least one target VNF Package identifier that is not recorded in the VNF directory includes:
  • VNF Package identifier and the VNF Package version number are not found in the entire VNF Package identifier, and at least one target VNF Package identifier is not recorded in the VNF directory.
  • the method before the searching for the all VNF Package identifiers, the at least one target VNF Package identifier in the VNF directory is not recorded, the method also includes:
  • At least one target VNF Package identifier which also includes:
  • the method before the searching for the entire VNF Package identifier, the at least one target VNF Package identifier in the VNF directory is not recorded, the method also includes:
  • the fourth query request carries all VNF Package identifiers required by the network service, at least one VNF Package version number, and a user identifier of the user;
  • the VNF Package identifier and the VNF Package version number are not found in the VNF Package identifier, and at least one target VNF Package identifier is not recorded in the VNF directory.
  • the network service package further carries an authentication policy file, where the verification policy file is used by the network function virtualization orchestrator to determine how to The integrity and authenticity of the VNF Package are verified.
  • the method further includes:
  • verification policy file If the verification policy file is not carried in the network service package, verify the integrity and authenticity of all VNF Packages and the NSD, the integrity indicating whether the program carried in the VNF Package is complete, Authenticity indicates whether the function of the program carried in the VNF Package is consistent with that described in the virtual network function package description information VNFD;
  • the NSD is added to the NSD directory when all of the VNF packages described by the NSD are all added to the VNF directory.
  • the present invention further provides a device for uploading data, the device is located in a device that the user is currently logged in, and the user is a user who requests the network service NS, the device includes:
  • a sending unit configured to send a first query request to the network function virtualization orchestrator NFV Orchestrator, where the query request carries all virtual network function package VNF Package identifiers required by the network service;
  • a receiving unit configured to receive a query result sent by the network function virtualization orchestrator, where the query result carries a target VNF Package identifier list, where the target VNF Package identifier list is used to record at least one target VNF Package that is not uploaded Identification
  • An acquiring unit configured to acquire the at least one target VNF Package according to the target VNF Package identifier list when the target VNF Package identifier list received by the receiving unit is not empty;
  • the sending unit is further configured to encapsulate the network service description information NSD of the network service, the at least one target VNF Package acquired by the acquiring unit, and an authentication file, and send the network function to the virtualized orchestration
  • the authentication file is used to verify the validity of the user's identity.
  • the sending unit is further configured to:
  • the sending unit is further configured to: encapsulate the NSD of the network service, the at least one target VNF Package, an authentication file, and an authentication policy file, and send the network policy to the network A functional virtualization orchestrator for the network function virtualization orchestrator to determine how to verify the integrity and authenticity of the VNF Package.
  • the present invention further provides an apparatus for uploading data, the apparatus being located in a network function virtualization orchestrator, the apparatus comprising:
  • a receiving unit configured to receive a first query request sent by the user, where the query request carries all VNF Package identifiers required by the network service requested by the user;
  • a searching unit configured to search for at least one target VNF Package identifier that is not recorded in the VNF directory in the entire VNF Package identifier received by the receiving unit;
  • a sending unit configured to send a target VNF Package identifier list to the user, where the target VNF Package identifier list is used to record the at least one target VNF Package identifier found by the searching unit;
  • the receiving unit is further configured to receive a network service package sent by the user, where the network service package carries network service description information NSD of the network service, and at least one target corresponding to the at least one target VNF Package identifier VNF Package and authentication file;
  • a verification unit configured to perform identity verification on the user according to the identity verification file received by the receiving unit
  • an uploading unit configured to complete the uploading process of each target VNF Package in sequence when the verification unit is successfully verified.
  • the receiving unit is further configured to:
  • the second query request carries all VNF Package identifiers required by the network service and at least one VNF Package version number, and each VNF Package version number corresponds to a VNF Package identifier;
  • the searching unit is further configured to:
  • VNF Package identifier and the VNF Package version number are not found in the entire VNF Package identifier, and at least one target VNF Package identifier is not recorded in the VNF directory.
  • the receiving unit is further configured to receive a third query request sent by a user, where the third query request carries the network service All required VNF Package IDs and user IDs of the users;
  • the verification unit is further configured to: determine, according to the user identifier received by the receiving unit, whether the user has a query authority;
  • the searching unit is further configured to: when the verification unit verifies the query authority, search for at least one target VNF Package identifier in the VNF Package identifier that is not recorded in the VNF directory.
  • the sending unit is further configured to receive a fourth query request sent by a user, where the fourth query request carries the network service All required VNF Package IDs, at least one VNF Package version number, and the user ID of the user;
  • the verification unit is further configured to: determine, according to the user identifier, whether the user has query permission;
  • the searching unit is further configured to: when the verification unit verifies the query permission, search for the VNF Package identifier, the VNF Package identifier, and the VNF.
  • the package version number is not recorded in at least one target VNF Package ID in the VNF directory.
  • the network service package further carries an authentication policy file, where the verification policy file is used by the network function virtualization orchestrator to determine how to The integrity and authenticity of the VNF Package are verified, and the verification unit is further configured to:
  • verification policy file If the verification policy file is not carried in the network service package, verify the integrity and authenticity of all VNF Packages and the NSD, the integrity indicating whether the program carried in the VNF Package is complete, Authenticity indicates whether the function of the program carried in the VNF Package is consistent with that described in the virtual network function package description information VNFD;
  • the uploading unit is specifically configured to:
  • the NSD is added to the NSD directory when all of the VNF packages described by the NSD are all added to the VNF directory.
  • the present invention provides a system for data uploading, the system comprising the apparatus of the third aspect and the apparatus of the fourth aspect.
  • the present invention further provides a device for uploading data, the device is located in a device that the user is currently logged in, and the user is a user who requests the network service NS, the device includes:
  • a transmitter configured to send a first query request to the network function virtualization orchestrator NFV Orchestrator, the query request carrying all virtual networks required by the network service Feature Pack VNF Package ID;
  • a receiver configured to receive a query result sent by the network function virtualization orchestrator, where the query result carries a target VNF Package identifier list, where the target VNF Package identifier list is used to record at least one target VNF Package that is not uploaded.
  • a processor configured to: when the target VNF Package identifier list received by the receiver is not empty, acquire the at least one target VNF Package according to the target VNF Package identifier list;
  • the transmitter is further configured to encapsulate and send the network service description information NSD of the network service, the at least one target VNF Package acquired by the processor, and an authentication file to the network function virtualization orchestration
  • the authentication file is used to verify the validity of the user's identity.
  • the transmitter is further configured to:
  • the transmitter is further configured to: use the NSD of the network service, the at least one target VNF Package, an authentication file, and
  • the verification policy file is encapsulated and sent to the network function virtualization orchestrator, the verification policy file being used by the network function virtualization orchestrator to determine how to verify the integrity and authenticity of the VNF Package.
  • the present invention further provides an apparatus for uploading data, the apparatus being located in a network function virtualization orchestrator, the apparatus comprising:
  • a receiver configured to receive a first query request sent by the user, where the query request carries all VNF Package identifiers required by the network service requested by the user;
  • a processor configured to search for at least one target VNF Package identifier that is not recorded in the VNF directory of the all VNF Package identifiers received by the receiver;
  • a transmitter configured to send a target VNF Package identifier list to the user, where the target VNF Package identifier list is used to record the at least one target VNF Package identifier found by the processor;
  • the receiver is further configured to receive a network service package sent by the user, where the network service package carries network service description information NSD of the network service, and at least one target corresponding to the at least one target VNF Package identifier VNF Package and authentication file;
  • the processor is further configured to perform identity verification on the user according to the identity verification file received by the receiver;
  • the receiver is further configured to:
  • the second query request carries all VNF Package identifiers required by the network service and at least one VNF Package version number, and each VNF Package version number corresponds to a VNF Package identifier;
  • the processor is further configured to:
  • VNF Package identifier and the VNF Package version number are not found in the entire VNF Package identifier, and at least one target VNF Package identifier is not recorded in the VNF directory.
  • the receiver is further configured to receive a third query request sent by a user, where the third query request is Carrying all VNF Package identifiers required by the network service and user identifiers of the users;
  • the processor is further configured to determine, according to the user identifier received by the receiver, whether the user has query permission;
  • At least one target VNF Package identifier that is not recorded in the VNF directory in the entire VNF Package identifier is searched.
  • the transmitter is further configured to receive a fourth query request sent by a user, where the fourth query request carries the network service All required VNF Package IDs, at least one VNF Package version number, and the user ID of the user;
  • the processor is further configured to: determine, according to the user identifier, whether the user has query permission;
  • the VNF Package identifier and the VNF Package version number are not found in the VNF Package identifier, and at least one target VNF Package identifier is not recorded in the VNF directory.
  • the network service package further carries an authentication policy file, where the verification policy file is used by the network function virtualization orchestrator to determine how to The integrity and authenticity of the VNF Package is verified, and the processor is further configured to:
  • verification policy file If the verification policy file is not carried in the network service package, verify the integrity and authenticity of all VNF Packages and the NSD, the integrity indicating whether the program carried in the VNF Package is complete, Authenticity indicates whether the function of the program carried in the VNF Package is consistent with that described in the virtual network function package description information VNFD;
  • the NSD is added to the NSD directory when all of the VNF packages described by the NSD are all added to the VNF directory.
  • the present invention provides a system for data uploading, the system comprising the apparatus of the sixth aspect and the apparatus of the seventh aspect.
  • the method, device and system for uploading data provided by the present invention first determine the missing VNF Package by querying, and therefore do not send duplicate VNF Packages to the network function virtualization orchestrator, thereby saving resources.
  • the missing at least one VNF Package is encapsulated with the NSD and the authentication file and sent to the Network Function Virtualization Orchestrator.
  • the network function virtualization orchestrator can determine the legality of the senders of the N VNF packages by one identity verification, thereby avoiding duplicate identity verification and improving resource utilization.
  • FIG. 1 is a flowchart of a method for uploading a first data in an embodiment of the present invention
  • FIG. 2 is a flowchart of a method for uploading a second data in an embodiment of the present invention
  • FIG. 3 is a flowchart of a method for uploading a third data in an embodiment of the present invention.
  • FIG. 4 is a flowchart of a method for uploading a fourth data in an embodiment of the present invention.
  • FIG. 5 is a flowchart of a fifth data uploading method according to an embodiment of the present invention.
  • FIG. 6 is a flowchart of a sixth data uploading method according to an embodiment of the present invention.
  • FIG. 7 is a flowchart of a seventh data uploading method in an embodiment of the present invention.
  • FIG. 8 is a flowchart of a method for uploading an eighth data in an embodiment of the present invention.
  • FIG. 9 is a flowchart of a method for uploading a ninth data in an embodiment of the present invention.
  • FIG. 10 is a flowchart of a method for uploading a tenth data according to an embodiment of the present invention
  • FIG. 11 is a flowchart of a method for eleventh data upload in an embodiment of the present invention.
  • FIG. 12 is a schematic structural diagram of an apparatus for uploading a first data in an embodiment of the present invention.
  • FIG. 13 is a schematic structural diagram of an apparatus for uploading a second data according to an embodiment of the present invention.
  • FIG. 14 is a schematic structural diagram of an apparatus for uploading a third data in an embodiment of the present invention.
  • 15 is a schematic diagram of a system for uploading a first data in an embodiment of the present invention.
  • 16 is a schematic structural diagram of an apparatus for uploading a fourth data in an embodiment of the present invention.
  • FIG. 17 is a schematic structural diagram of an apparatus for uploading a fifth data in an embodiment of the present invention.
  • FIG. 18 is a schematic diagram of a second data uploading system in an embodiment of the present invention.
  • An embodiment of the present invention provides a data uploading method, where the method is applied to a device currently logged in by a user, and the user provides a user who provides a network service NS.
  • the user is a client or node that communicates with the network function virtualization orchestrator NFV Orchestrator, and can usually be an operation support system/base station subsystem (OSS/BSS), a vendor Vendor, a network service design vendor, etc., as shown in FIG. , the method includes:
  • Step 101 Send a first query request to the network function virtualization orchestrator NFV Orchestrator, where the query request carries all virtual network function package VNF Package identifiers required by the network service.
  • the query request is divided into the first according to the difference of the content carried by the query request.
  • a query request, a second query request, a third query request, and a fourth query request each query request carries all virtual network function package VNF Package identifiers required by the network service.
  • One implementation of the query request is: VNF Package List Query Request VNF Packagelist query request. Only the first query request is introduced here, and the second query request, the third query request, and the fourth query request are described in detail later.
  • the device currently logged in by the user has the function of sending the NSD to the network function virtualization orchestrator and acquiring all the VNF Packages and VNF Package identifiers required by the NSD.
  • the VNF Package ID can be obtained through a local preset database, obtained through the network, or imported manually.
  • Step 102 Receive a query result sent by the network function virtualization orchestrator, where the query result carries a target VNF Package identifier list, where the target VNF Package identifier list is used to record an identifier of at least one target VNF Package that is not uploaded.
  • the query result is a list query response list query Ack (Acknowledgement).
  • the query result carries a target VNF Package identifier list, and the target VNF Package identifier list is used to record the identifier of at least one VNF Package that is not uploaded to the network function virtualization orchestrator, that is, the identifier of the VNF Package that needs to be supplemented by the user.
  • Step 103 If the target VNF Package identifier list is not empty, obtain the at least one target VNF Package according to the target VNF Package identifier list.
  • the target VNF Package identifier list is not empty, it indicates that the network function virtualization orchestrator also needs the target VNF Package recorded in the target VNF Package identifier list to provide the user with the requested network service.
  • the device currently logged in by the user acquires each target VNF Package in the at least one target VNF Package one by one by reading locally or by means of network acquisition and manual import.
  • the priority is sequentially local read, acquired through the network, and manually imported. If the VNF Package cannot be obtained through local read and network acquisition, the device currently logged in by the user outputs prompt information for manual import.
  • Step 104 Encapsulate and send the network service description information NSD of the network service, the at least one target VNF Package, and an authentication file to the network function virtualization orchestrator, where the identity verification file is used for verification The legality of the user's identity.
  • the present invention refers to the encapsulated package as a network service package.
  • the authentication file is an authentication file commonly used in the prior art. For details, refer to the definition of the authentication file and the usage method in the prior art. Generally, the authentication file carries one of a user identifier, a certificate, and a key for authenticity verification of the identity.
  • the network service description information NSD is all elements required in the prior art for describing the NS, including information such as VNF Descriptor (VNFD) of each VNF Package. For details, refer to the definition of NSD in the prior art.
  • the data uploading method provided by the embodiment of the present invention obtains at least one target VNF Package for providing a network service in the network function virtualization orchestrator by using a query request before sending the NSD to the network function virtualization orchestrator (missing VNF Package) And then, the at least one target VNF Package and the NSD and the authentication file are encapsulated and sent to the network function virtualization orchestrator, so that one or more target VNF packages are sent in one transmission process, so that the network function is virtualized.
  • the orchestrator authenticates the network service package sent this time, and can upload at least one target VNF package encapsulated in the network service package, avoiding duplicate authentication and improving resource utilization.
  • the first query request carries only all the VNF Package identifiers required by the network service. However, in some scenarios, the same VNF Package has multiple versions (such as V1.0, V2.0, etc.). At this time, if the network function virtualization orchestrator stores V1.0 and the user requests V2.0, it is impossible to distinguish different versions of the VNF package based only on the VNF Package identifier. Based on this, as a further description of the method shown in FIG. 1, the embodiment of the present invention further provides a data uploading method. As shown in FIG. 2, in step 102, receiving a query sent by the network function virtualization orchestrator. Before the result, the method further includes:
  • Step 101a Send a second query request to the network function virtualization orchestrator, where the second query request carries all VNF Package identifiers required by the network service and at least one VNF Package version number, and each VNF Package version number corresponds to a VNF Package ID.
  • the second query request is used to replace the first query request.
  • VNF Package identifier itself has information for distinguishing different versions, it can be used as an alternative to the embodiment of the present invention. For example, add a version field at the end of the VNF Package ID, and then include the version number in the VNF Package ID.
  • the data uploading method provided by the embodiment of the present invention can send a query request carrying the VNF Package version number to the network function virtualization orchestrator through the second query request, thereby distinguishing different versions of the VNF package, and adding the VNF Package.
  • Query dimensions Improved lookup accuracy in scenarios with different versions of the VNF Package.
  • the network function virtualization orchestrator responds as long as the user identity is legal, as long as the device currently logged in by the user sends the first query request to the network function virtualization orchestrator.
  • the embodiment of the present invention further provides a data uploading method. As a further description of the method shown in FIG. 1, as shown in FIG. 3, in step 102, receiving a query sent by the network function virtualization orchestrator. Before the result, the method further includes:
  • Step 101b Send a third query request to the network function virtualization orchestrator, where the third query request carries all VNF Package identifiers required by the network service and a user identifier of the user.
  • the third query request is an alternative to the first query request, and the third query request carries the user identifier in addition to all the VNF Package identifiers required for the network service.
  • User IDs are used to identify users, and each user has a unique user ID.
  • the network function virtualization orchestrator can authenticate the user based on the user ID. Respond to the query request if it passes validation. Otherwise, if the verification fails, the feedback is verified. A failure message, the notification cancels the response to the query request.
  • the data uploading method provided by the embodiment of the present invention carries the user identifier that uniquely identifies the user in the third query request, so that the network function virtualization orchestrator verifies the user according to the user identifier, thereby improving the security of the target VNF Package identifier query. Sex.
  • the query request may carry the VNF Package version number and the user identifier at the same time.
  • the embodiment of the present invention further provides a data uploading method. As shown in FIG. 4, in step 102, receiving the network function virtual Before the query result sent by the orchestration device, the method further includes:
  • Step 101c Send a fourth query request to the network function virtualization orchestrator, where the fourth query request carries all VNF Package identifiers required by the network service, the at least one VNF Package version number, and the user of the user. logo.
  • the fourth query request includes the VNF Package version number carried in the second query request and the user identifier carried in the third query request, thereby achieving the dual effects of improving the search accuracy and improving the query security.
  • the embodiment of the present invention further provides a solution for further enhancing data transmission security.
  • step 103 if the target VNF Package identifier list is not empty, according to the target VNF Package identifier. After the list obtains the at least one target VNF Package, as shown in FIG. 5, the method further includes:
  • Step 104' encapsulating and transmitting the NSD of the network service, the at least one target VNF Package, an authentication file, and an authentication policy file to the network function virtualization orchestrator, where the verification policy file is used for The network function virtualization orchestrator determines how to verify the integrity and authenticity of the VNF Package.
  • the verification policy file is used to document how the integrity and authenticity of the target VNF Package is detected.
  • the integrity indicates whether the program carried in the VNF Package is complete, and the authenticity indicates whether the function of the program carried in the VNF Package is consistent with that described in the virtual network function package description information VNFD.
  • the data uploading method provided by the embodiment of the present invention can add a verification policy file to the network service package, and then verify the completeness and authenticity of the VNF Package on the basis of verifying the identity of the user, thereby improving the network service. stability.
  • An embodiment of the present invention further provides a data uploading method, where the method is applied to a network.
  • the network function virtualization orchestrator as shown in FIG. 6, the method includes:
  • Step 201 Receive a first query request sent by a user, where the query request carries all VNF Package identifiers required by the network service requested by the user.
  • Step 202 Search for at least one target VNF Package identifier that is not recorded in the VNF directory in the entire VNF Package identifier.
  • the network function virtualization orchestrator stores the VNF directory.
  • the network function virtualization orchestrator stores the VNF Packag identifier in the VNF directory, or stores the function corresponding to the VNF Packag identifier. Go to the VNF directory.
  • the VNF Packag logo is used to uniquely identify the VNF Packag and each VNF Packag corresponds to a feature.
  • the VNF Package ID is stored in the VNF directory, it is uploaded on behalf of the VNF Package.
  • VNF Package IDs from the first query request, and sequentially read a VNF Package ID.
  • the read VNF Package identifier is the target VNF Package identifier, and the read VNF Package identifier is added to the target VNF Package identifier list. If found, the next VNF Package identifier in the entire VNF Package identifier is read, and it is determined whether the next VNF Package identifier exists in the VNF directory. Finally, a list of target VNF Package identifiers consisting of at least one target VNF Package identifier found is formed.
  • Step 203 Send a target VNF Package identifier list to the user, where the target VNF Package identifier list is used to record the at least one target VNF Package identifier.
  • the VNF Package identification list is sent to the user via a reply message ACK.
  • Step 204 Receive a network service package sent by the user, where the network service package carries network service description information NSD of the network service, at least one target VNF Package corresponding to the at least one target VNF Package identifier, and identity verification. file.
  • Step 205 Perform identity verification on the user according to the identity verification file.
  • This step can refer to the specific definition of the authentication file in the prior art and the authentication method according to the authentication file.
  • Step 206 If the verification is successful, the uploading process of each target VNF Package is completed in sequence.
  • step 206 can be implemented in the following manner:
  • Step 301 Add each target VNF Package to the VNF directory in turn and send the image carried in the VNF to a Virtualized Infrastructure Manager (VIM).
  • VIP Virtualized Infrastructure Manager
  • the Virtual Infrastructure Manager is responsible for managing, allocating, and maintaining an image of the NFV.
  • Step 302 Add the NSD to the NSD directory when all the VNF packages described by the NSD are all added to the VNF directory.
  • NSD describes all the VNF packages required for network services. When all the VNF Packages required by the network service are listed in the VNF directory, it indicates that the user can provide the requested network service. In addition, check the necessary conditions for providing network services, for example, check whether the external interface of the VNF required by the network is in the VNF description information. If both conditions are met, the NSD is added to the NSD directory.
  • the data uploading method provided by the embodiment of the present invention can provide the user with a target VNF Package identifier list according to the query request sent by the user, so that the user only needs to provide the missing VNF Package.
  • the network service package sent by the user is decapsulated, and the identity verification file carried in the network service package is verified to determine the legality of the user. Then, at least one target VNF Package carried in the network service package is uploaded. Realize the uploading of at least one VNF Package by one verification, saving resources.
  • the embodiment of the present invention further provides a data uploading method.
  • step 202 searching for all the VNF Package identifiers, at least one of the VNF directories is not recorded.
  • the method further includes:
  • Step 401 Receive a second query request sent by the user, where the second query request carries all VNF Package identifiers required by the network service and at least one VNF Package version number, and each VNF Package version number corresponds to a VNF Package identifier. ;
  • Step 202 Searching for all the VNF Package identifiers, not recorded in the VNF At least one target VNF Package identifier in the directory, specifically including:
  • Step 402 Search for at least one target VNF Package identifier in the VNF directory that is not recorded in the VNF Package identifier and the VNF Package identifier.
  • VNF Package ID is configured with a version number
  • the VNF Package ID is required and the version number is also recorded in the VNF directory.
  • the VNF directory adds a version number attribute to each VNF Package ID.
  • VNF Package identifier is configured with the corresponding version number in the query request, it is determined whether the VNF Package identifier is recorded in the VNF directory. If the VNF Package identifier is recorded in the VNF directory, the VNF Package identifier corresponding to the VNF Package is further determined. Whether it is consistent with the version number recorded in the directory. If the VNF Package identifier is recorded in the VNF directory or the VNF Package version number does not match the version number recorded in the directory, the VNF Package identifier is determined as the target VNF Package identifier, and the next VNF Package identifier in the query request is read.
  • VNF Package ID in the query request is not configured with the corresponding version number, that is, only the VNF Package identifier, only the VNF Package identifier is recorded in the VNF directory. If the VNF Package ID is not recorded in the VNF Directory, the VNF Package ID is determined as the target VNF Package ID and the next VNF Package ID in the query request is read. If the VNF Package ID is recorded in the VNF directory, the next VNF Package ID in the query request is read.
  • the network function virtualization orchestrator may also determine the version number of the VNF Package according to the VNF Package identifier.
  • the network function virtualization orchestrator can distinguish different versions of the VNF Package according to the accepted query request carrying the VNF Package version number, and increase the query dimension of the VNF Package. Improved lookup accuracy in scenarios with different versions of the VNF Package.
  • the embodiment of the present invention further provides a data uploading method.
  • step 202 in the searching for the entire VNF Package identifier, it is not recorded in the VNF directory.
  • At least one target VNF Package identifier The method further includes:
  • Step 501 Send a third query request to the network function virtualization orchestrator, where the second query request carries all VNF Package identifiers required by the network service and a user identifier of the user.
  • Step 502 Determine, according to the user identifier, whether the user has query permission.
  • Step 202 Search for at least one target VNF Package identifier that is not recorded in the VNF directory in the all VNF Package identifiers, and further includes:
  • Step 503 If there is the query permission, search for at least one target VNF Package identifier in the VNF Package identifier that is not recorded in the VNF directory.
  • the data uploading method provided by the embodiment of the present invention carries the user identifier that uniquely identifies the user in the third query request, so that the network function virtualization orchestrator verifies the user according to the user identifier, thereby improving the security of the target VNF Package identifier query. Sex.
  • the embodiment of the present invention further provides a data uploading method.
  • step 202 searching for all the VNF Package identifiers, at least one of the VNF directories is not recorded.
  • the method further includes:
  • Step 601 Send a fourth query request to the network function virtualization orchestrator, where the fourth query request carries all VNF Package identifiers required by the network service, at least one VNF Package version number, and a user identifier of the user.
  • Step 602 Determine, according to the user identifier, whether the user has query permission.
  • Step 202 Search for at least one target VNF Package identifier that is not recorded in the VNF directory in the all VNF Package identifiers, and further includes:
  • Step 603 If there is the query authority, search for at least one target VNF Package identifier of the VNF Package identifier, the VNF Package identifier and the VNF Package version number not recorded in the VNF directory.
  • the embodiment of the present invention further provides a data uploading method, which can improve the search accuracy and improve the query security.
  • the embodiment of the present invention further provides a data uploading method.
  • the network service package further carries an authentication policy file, where the verification policy file is used by the network function virtualization orchestrator. Determine how to apply to the VNF Package The integrity and authenticity are verified.
  • the method further includes:
  • Step 700 Determine whether the verification policy file is carried in the network service package.
  • Step 701 If the verification policy file is not carried in the network service package, verify the integrity and authenticity of all the VNF packages and the NSD.
  • the integrity indicates whether the program carried in the VNF Package is complete, and the authenticity indicates whether the function of the program carried in the VNF Package is consistent with the description in the virtual network function package description information VNFD.
  • Step 702 If the network service package carries the verification policy file, parse the verification policy file to determine a verification policy.
  • the verification policy includes:
  • verification policies can be recorded in the verification policy file to verify for different scenarios.
  • the specific content of the verification strategy can be determined by a person skilled in the art according to actual needs.
  • the embodiment of the present invention further provides a device for uploading data, the device is located in a device that the user is currently logged in, and the user is a user who requests the network service NS. As shown in FIG. 12, the device includes:
  • the sending unit 1201 is configured to send a first query request to the network function virtualization orchestrator NFV Orchestrator, where the query request carries all virtual network function package VNF Package identifiers required by the network service;
  • the receiving unit 1202 is configured to receive a query result sent by the network function virtualization orchestrator, where the query result carries a target VNF Package identifier list, where the target VNF Package identifier list is used to record at least one target VNF Package that is not uploaded. Identification
  • the obtaining unit 1203 is configured to: when the target VNF Package identifier list received by the receiving unit 1202 is not empty, acquire the at least one target VNF Package according to the target VNF Package identifier list;
  • the sending unit 1201 is further configured to encapsulate the network service description information NSD of the network service, the at least one target VNF Package acquired by the obtaining unit 1203, and an authentication file, and send the network function virtual The organizer is used for verifying the legality of the user's identity.
  • the sending unit 1201 is further configured to:
  • the sending unit 1201 is further configured to: encapsulate the NSD of the network service, the at least one target VNF Package, an authentication file, and an authentication policy file, and send the file to the network function virtualization orchestrator,
  • the verification policy file is used by the network function virtualization orchestrator to determine how to verify the integrity and authenticity of the VNF Package.
  • the embodiment of the present invention further provides a device for uploading data, where the device is located in a network function virtualization orchestrator, as shown in FIG.
  • the receiving unit 1301 is configured to receive a first query request sent by the user, where the query request carries all VNF Package identifiers required by the network service requested by the user;
  • the searching unit 1302 is configured to search for at least one target VNF Package identifier that is not recorded in the VNF directory in the all VNF Package identifiers received by the receiving unit 1301;
  • a sending unit 1303, configured to send a target VNF Package identifier column to the user a table, the target VNF Package identifier list is used to record the at least one target VNF Package identifier found by the searching unit 1302;
  • the receiving unit 1301 is further configured to receive a network service package sent by the user, where the network service package carries at least one of network service description information NSD of the network service and the at least one target VNF Package identifier. Target VNF Package and authentication file;
  • the verification unit 1304 is configured to perform identity verification on the user according to the identity verification file received by the receiving unit 1301.
  • the uploading unit 1305 is configured to complete the uploading process of each target VNF Package in sequence when the verification unit 1304 is successfully verified.
  • the receiving unit 1301 is further configured to:
  • the second query request carries all VNF Package identifiers required by the network service and at least one VNF Package version number, and each VNF Package version number corresponds to a VNF Package identifier;
  • the searching unit 1302 is further configured to:
  • VNF Package identifier and the VNF Package version number are not found in the entire VNF Package identifier, and at least one target VNF Package identifier is not recorded in the VNF directory.
  • the receiving unit 1301 is further configured to: receive a third query request sent by the user, where the third query request carries all VNF Package identifiers required by the network service, and the user User ID;
  • the verification unit 1304 is further configured to determine, according to the user identifier received by the receiving unit 1301, whether the user has a query authority;
  • the searching unit 1302 is further configured to: when the verification unit 1304 verifies the query authority, search for at least one target VNF Package identifier in the VNF Package identifier that is not recorded in the VNF directory.
  • the sending unit 1303 is further configured to: receive a fourth query request sent by the user, where the fourth query request carries all VNF Package identifiers required by the network service, at least one VNF Package version number, and the User's user ID;
  • the verification unit 1304 is further configured to determine, according to the user identifier, whether the user is Have query permission;
  • the searching unit 1302 is further configured to: when the verification unit 1304 verifies the query permission, search for at least one target of the VNF Package identifier, the VNF Package identifier, and the VNF Package version number not recorded in the VNF directory. VNF Package ID.
  • the network service package further carries an authentication policy file, where the verification policy file is used by the network function virtualization orchestrator to determine how to verify the integrity and authenticity of the VNF Package, the verification unit 1304 is also used to:
  • verification policy file If the verification policy file is not carried in the network service package, verify the integrity and authenticity of all VNF Packages and the NSD, the integrity indicating whether the program carried in the VNF Package is complete, Authenticity indicates whether the function of the program carried in the VNF Package is consistent with that described in the virtual network function package description information VNFD;
  • the verification policy file is carried in the network service package, the verification policy file is parsed to determine a verification policy, where the verification policy includes:
  • the uploading unit 1305 is specifically configured to:
  • the NSD is added to the NSD directory when all of the VNF packages described by the NSD are all added to the VNF directory.
  • the embodiment of the present invention further provides a system for uploading data.
  • the system is composed of a device 1501 (such as the device shown in FIG. 12) and a network function virtualization orchestrator 1502 (FIG. 13 or The device shown in Figure 14 consists of.
  • the network function virtualization orchestrator 1502 is connected to the virtual infrastructure manager VIM1503.
  • the embodiment of the present invention further provides a device for uploading data, the device is located in a device that the user is currently logged in, and the user is a user who requests the network service NS.
  • the device includes:
  • a transmitter 1601 configured to send a first query request to the network function virtualization orchestrator NFV Orchestrator, where the query request carries all virtual network function package VNF Package identifiers required by the network service;
  • the receiver 1602 is configured to receive a query result sent by the network function virtualization orchestrator, where the query result carries a target VNF Package identifier list, where the target VNF Package identifier list is used to record at least one target VNF Package that is not uploaded. Identification
  • the processor 1603 is configured to: when the target VNF Package identifier list received by the receiver 1602 is not empty, acquire the at least one target VNF Package according to the target VNF Package identifier list;
  • the transmitter 1601 is further configured to encapsulate the network service description information NSD of the network service, the at least one target VNF Package acquired by the processor 1603, and an authentication file, and send the virtual function to the network function virtual
  • the organizer is used for verifying the legality of the user's identity.
  • the transmitter 1601 is further configured to:
  • the transmitter 1601 is further configured to encapsulate and send the NSD of the network service, the at least one target VNF Package, an authentication file, and a verification policy file to the network function virtualization orchestrator,
  • the verification policy file is used in the The network function virtualization orchestrator determines how to verify the integrity and authenticity of the VNF Package.
  • An embodiment of the present invention provides a device for uploading data, where the device is located in a network function virtualization orchestrator, as shown in FIG.
  • the receiver 1701 is configured to receive a first query request sent by the user, where the query request carries all VNF Package identifiers required by the network service requested by the user;
  • the processor 1702 is configured to search for at least one target VNF Package identifier that is not recorded in the VNF directory of the all VNF Package identifiers received by the receiver 1701;
  • a transmitter 1703 configured to send, to the user, a target VNF Package identifier list, where the target VNF Package identifier list is used to record the at least one target VNF Package identifier found by the processor 1702;
  • the receiver 1701 is further configured to receive a network service package sent by the user, where the network service package carries at least one of network service description information NSD of the network service and the at least one target VNF Package identifier. Target VNF Package and authentication file;
  • the processor 1702 is further configured to perform identity verification on the user according to the identity verification file received by the receiver 1701.
  • receiver 1701 is further configured to:
  • the second query request carries all VNF Package identifiers required by the network service and at least one VNF Package version number, and each VNF Package version number corresponds to a VNF Package identifier;
  • the processor 1702 is further configured to:
  • VNF Package identifier and the VNF Package version number are not found in the entire VNF Package identifier, and at least one target VNF Package identifier is not recorded in the VNF directory.
  • the receiver 1701 is further configured to receive a third query request sent by the user, where the third query request carries all VNF Package identifiers required by the network service and a user identifier of the user;
  • the processor 1702 is further configured to determine, according to the user identifier received by the receiver 1701, whether the user has a query right;
  • At least one target VNF Package identifier that is not recorded in the VNF directory in the entire VNF Package identifier is searched.
  • the transmitter 1703 is further configured to: receive a fourth query request sent by the user, where the fourth query request carries all VNF Package identifiers required by the network service, at least one VNF Package version number, and the User's user ID;
  • the processor 1702 is further configured to: determine, according to the user identifier, whether the user has query permission;
  • the VNF Package identifier and the VNF Package version number are not found in the VNF Package identifier, and at least one target VNF Package identifier is not recorded in the VNF directory.
  • the network service package further carries an authentication policy file, where the verification policy file is used by the network function virtualization orchestrator to determine how to verify the integrity and authenticity of the VNF Package, the processor 1702 is also used to:
  • verification policy file If the verification policy file is not carried in the network service package, verify the integrity and authenticity of all VNF Packages and the NSD, the integrity indicating whether the program carried in the VNF Package is complete, Authenticity indicates whether the function of the program carried in the VNF Package is consistent with that described in the virtual network function package description information VNFD;
  • the verification policy file is carried in the network service package, the verification policy file is parsed to determine a verification policy, where the verification policy includes:
  • processor 1702 is further configured to:
  • the NSD is added to the NSD directory when all of the VNF packages described by the NSD are all added to the VNF directory.
  • the embodiment of the present invention further provides a system for uploading data.
  • the system is composed of a device 1801 (such as the device shown in FIG. 16) and a network function virtualization orchestrator 1802 (FIG. 17) that the user is currently logged into. The device shown).
  • the network function virtualization orchestrator 1802 is connected to the virtual infrastructure manager VIM1803.
  • the present invention can be implemented by means of software plus necessary general hardware, and of course, by hardware, but in many cases, the former is a better implementation. .
  • the technical solution of the present invention which is essential or contributes to the prior art, can be embodied in the form of a software product stored in a readable storage medium, such as a floppy disk of a computer.
  • a hard disk or optical disk, etc. includes instructions for causing a computer device (which may be a personal computer, server, or network device, etc.) to perform the methods described in various embodiments of the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

本发明公开了一种数据上载的方法、装置及系统,涉及网络功能虚拟化领域,用于解决NSD上载失败时,导致资源浪费的问题。所述方法包括:向NFVOrchestrator发送第一查询请求,查询请求携带有网络服务所需的全部VNFPackage标识;接收网络功能虚拟化编排器发送的查询结果,查询结果携带有目标VNFPackage标识列表,目标VNFPackage标识列表用于记载未上载的至少一个目标VNFPackage的标i只;如果目标VNFPackage标识列表不为空,则根据目标VNFPackage标识列表获取至少一个目标VNFPackage;将网路服务的网络服务描述信息NSD、至少一个目标VNFPackage和身份验证文件进行封装并发送至网络功能虚拟化编排器,身份验证文件用于对验证用户身份的合法性。本发明主要应用于网络服务相关信息上载的过程中。

Description

数据上载的方法、装置及系统 技术领域
本发明涉及网络功能虚拟化领域,具体涉及一种数据上载的方法、装置及系统。
背景技术
NFV(Network Function Virtualization,网络功能虚拟化)由全球13个主要电信运营商发起,是众多设备商、IT(Information Technology,信息技术)厂商等参与的组织,旨在定义运营商网络功能虚拟化的需求和相关的技术报告,希望借鉴IT的虚拟化技术,利用通用的高性能大容量服务器、交换机和存储来实现部分网络功能的软件化。例如,各种类型的网络设备,如服务器、路由器、存储设备CDN(Content Delivery Network,内容分发网络)、交换机等,都可以通过NFV技术实现软硬件分离,它们可以部署在数据中心、网络节点或者用户家中等。在为用户提供网络服务(Network Service,NS)之前,需要进行数据上载,包括网络服务描述器(Network Service Descriptor,NSD)的上载以及网络服务所需的虚拟网络功能包(Virtualized Network Function,VNF Package)的上载。现有的数据上载过程如下所示:
1、用户向网络侧的网络功能虚拟化编排器(NFV Orchestrator)上载网络服务描述器(Network Service Descriptor,NSD),也被称为网络服务描述信息。其中,网络功能虚拟化编排器(NFV Orchestrator)负责根据用户请求的网络服务(NS)编排和管理资源,实时监测VNF资源及其运行状态。如果上载成功,即网络功能虚拟化编排器已保存了NSD所需的全部VNF Package。则返回NSD上载成功确认消息,而后为用户提供其网络服务。如果上载失败,即网络功 能虚拟化编排器未保存网络服务描述信息所需的全部VNF Package,则返回NSD上载失败消息。2、用户如果收到NSD上载失败消息,按照现有标准的规定,用户需逐一上载NSD所需的每个VNF Package。在每一个VNF Package的上载过程中,网络功能虚拟化编排器对本次上载VNF Package进行用户身份验证,如果通过验证则将该VNF Package添加到VNF目录中。当NSD描述的全部VNF全部存储到所述VNF目录中时,将该NSD添加到NSD目录中,并向用户发送NSD上载成功消息。
在实现上述数据上载的过程中,发明人发现现有技术中至少存在如下问题:当NSD上载失败时,用户需要将NSD所需的VNF Package逐一上载到网络功能虚拟化编排器。每次上载VNF Package时,均需要进行用户身份验证。如此对于同一个NSD的N个VNF Package需要进行多次重复的身份验证,最多将产生N-1次重复的身份验证,造成资源浪费。
发明内容
本发明提供一种数据上载的方法、装置及系统,用于解决NSD上载失败时,对一个用户进行多次重复的身份验证,导致资源浪费的问题。
为达到上述目的,本发明采用如下技术方案:
第一方面,本发明提供了一种数据上载的方法,所述方法应用于用户当前登录的设备,所述用户为请求提供网络服务NS的用户,所述方法包括:
向网络功能虚拟化编排器NFV Orchestrator发送第一查询请求,所述查询请求携带有所述网络服务所需的全部虚拟网络功能包VNF Package标识;
接收所述网络功能虚拟化编排器发送的查询结果,所述查询结果携带有目标VNF Package标识列表,所述目标VNF Package标识列表用于记载未上载的至少一个目标VNF Package的标识;
如果所述目标VNF Package标识列表不为空,则根据所述目标VNF Package标识列表获取所述至少一个目标VNF Package;
将所述网路服务的网络服务描述信息NSD、所述至少一个目标VNF Package和身份验证文件进行封装并发送至所述网络功能虚拟化编排器,所述身份验证文件用于对验证用户身份的合法性。
结合第一方面,在所述第一方面的第一种可能的实现方式中,在所述接收所述网络功能虚拟化编排器发送的查询结果之前,所述方法还包括:
向网络功能虚拟化编排器发送第二查询请求,所述第二查询请求携带有所述网络服务所需的全部VNF Package标识和至少一个VNF Package版本号,每个VNF Package版本号对应一个VNF Package标识;
或者,
向网络功能虚拟化编排器发送第三查询请求,所述第三查询请求携带有所述网络服务所需的全部VNF Package标识和所述用户的用户标识;
或者,
向网络功能虚拟化编排器发送第四查询请求,所述第四查询请求携带有所述网络服务所需的全部VNF Package标识、所述至少一个VNF Package版本号和所述用户的用户标识。
结合第一方面,在所述第一方面或所述第一方面的第一种可能的实现方式中,还提供了所述第一方面的第二种可能的实现方式,在所述第一方面的第二种可能的实现方式中,在所述根据所述目标VNF Package标识列表获取所述至少一个目标VNF Package之后,所述方法还包括:
将所述网路服务的NSD、所述至少一个目标VNF Package、身份验证文件和验证策略文件进行封装并发送至所述网络功能虚拟化编排器,所述验证策略文件用于所述网络功能虚拟化编排器确定如何对所述VNF Package的完整性和真实性进行验证。
第二方面,本发明提供还了一种数据上载的方法,所述方法应用 于网络功能虚拟化编排器,所述方法包括:
接收用户发送的第一查询请求,所述查询请求携带有所述用户请求的网络服务所需的全部VNF Package标识;
查找所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识;
向所述用户发送目标VNF Package标识列表,所述目标VNF Package标识列表用于记载所述至少一个目标VNF Package标识;
接收所述用户发送的网络服务包,所述网络服务包携带有所述网路服务的网络服务描述信息NSD、所述至少一个目标VNF Package标识对应的至少一个目标VNF Package和身份验证文件;
根据所述身份验证文件对所述用户进行身份验证;
如果验证成功,则依次完成每个目标VNF Package的上载流程。
结合第二方面,在所述第二方面的第一种可能的实现方式中,在所述查找所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识之前,所述方法还包括:
接收用户发送的第二查询请求,所述第二查询请求携带有所述网络服务所需的全部VNF Package标识和至少一个VNF Package版本号,每个VNF Package版本号对应一个VNF Package标识;
所述查找所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识,具体包括:
查找所述全部VNF Package标识中,VNF Package标识和VNF Package版本号未记录在VNF目录中的至少一个目标VNF Package标识。
结合第二方面,在所述第二方面的第二种可能的实现方式中,在所述查找所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识之前,所述方法还包括:
接收用户发送的第三查询请求,所述第三查询请求携带有所述网络服务所需的全部VNF Package标识和所述用户的用户标识;
根据所述用户标识判断所述用户是否具有查询权限;
所述查找所述全部VNF Package标识中,未记录在VNF目录中 的至少一个目标VNF Package标识,还包括:
如果有所述查询权限,则查找所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识。
结合第二方面,在所述第二方面的第三种可能的实现方式中,在所述查找所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识之前,所述方法还包括:
接收用户发送的第四查询请求,所述第四查询请求携带有所述网络服务所需的全部VNF Package标识、至少一个VNF Package版本号和所述用户的用户标识;
根据所述用户标识判断所述用户是否具有查询权限;
所述查找所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识,还包括:
如果有所述查询权限,则查找所述全部VNF Package标识中,VNF Package标识和VNF Package版本号未记录在VNF目录中的至少一个目标VNF Package标识。
结合第二方面,在所述第二方面或所述第二方面的第一种可能、第二种可能或第三种可能的实现方式中,还提供了所述第二方面的第四种可能的实现方式,在所述第二方面的第四种可能的实现方式中,所述网络服务包还携带有验证策略文件,所述验证策略文件用于所述网络功能虚拟化编排器确定如何对所述VNF Package的完整性和真实性进行验证,在所述依次完成每个目标VNF Package的上载流程之前,所述方法还包括:
如果所述网络服务包中未携带有所述验证策略文件,则对全部VNF Package和所述NSD的完整性和真实性进行验证,所述完整性表示VNF Package中携带的程序是否完整,所述真实性表示所述VNF Package中携带的程序的功能是否与虚拟网络功能包描述信息VNFD中描述的一致;
如果所述网络服务包中携带有所述验证策略文件,则对所述验证策略文件进行解析,确定验证策略。
结合第二方面,在所述第二方面或所述第二方面的第一种可能、 第二种可能、第三种可能或第四种可能的实现方式中,还提供了所述第二方面的第五种可能的实现方式,在所述第二方面的第五种可能的实现方式中,所述依次完成每个目标VNF Package的上载流程,具体包括:
依次将每个目标VNF Package添加到所述VNF目录中并将所述VNF中携带的镜像发送到VIM;
当所述NSD描述的全部VNF Package全部添加到所述VNF目录中时,将所述NSD添加到NSD目录。
第三方面,本发明还提供了一种数据上载的装置,所述装置位于用户当前登录的设备中,所述用户为请求提供网络服务NS的用户,所述装置包括:
发送单元,用于向网络功能虚拟化编排器NFV Orchestrator发送第一查询请求,所述查询请求携带有所述网络服务所需的全部虚拟网络功能包VNF Package标识;
接收单元,用于接收所述网络功能虚拟化编排器发送的查询结果,所述查询结果携带有目标VNF Package标识列表,所述目标VNF Package标识列表用于记载未上载的至少一个目标VNF Package的标识;
获取单元,用于当所述接收单元接收的所述目标VNF Package标识列表不为空时,根据所述目标VNF Package标识列表获取所述至少一个目标VNF Package;
所述发送单元还用于,将所述网路服务的网络服务描述信息NSD、所述获取单元获取的所述至少一个目标VNF Package和身份验证文件进行封装并发送至所述网络功能虚拟化编排器,所述身份验证文件用于对验证用户身份的合法性。
结合第三方面,在所述第三方面的第一种可能的实现方式中,所述发送单元还用于:
向网络功能虚拟化编排器发送第二查询请求,所述第二查询请求携带有所述网络服务所需的全部VNF Package标识和至少一个VNF Package版本号,每个VNF Package版本号对应一个VNF Package 标识;
或者,
向网络功能虚拟化编排器发送第三查询请求,所述第三查询请求携带有所述网络服务所需的全部VNF Package标识和所述用户的用户标识;
或者,
向网络功能虚拟化编排器发送第四查询请求,所述第四查询请求携带有所述网络服务所需的全部VNF Package标识、所述至少一个VNF Package版本号和所述用户的用户标识。
结合第三方面,在所述第三方面或所述第三方面的第一种可能的实现方式中,还提供了所述第三方面的第二种可能的实现方式,在所述第三方面的第二种可能的实现方式中,所述发送单元还用于,将所述网路服务的NSD、所述至少一个目标VNF Package、身份验证文件和验证策略文件进行封装并发送至所述网络功能虚拟化编排器,所述验证策略文件用于所述网络功能虚拟化编排器确定如何对所述VNF Package的完整性和真实性进行验证。
第四方面,本发明还提供了一种数据上载的装置,所述装置位于网络功能虚拟化编排器中,所述装置包括:
接收单元,用于接收用户发送的第一查询请求,所述查询请求携带有所述用户请求的网络服务所需的全部VNF Package标识;
查找单元,用于查找所述接收单元接收到的所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识;
发送单元,用于向所述用户发送目标VNF Package标识列表,所述目标VNF Package标识列表用于记载所述查找单元查找到的所述至少一个目标VNF Package标识;
所述接收单元还用于,接收所述用户发送的网络服务包,所述网络服务包携带有所述网路服务的网络服务描述信息NSD、所述至少一个目标VNF Package标识对应的至少一个目标VNF Package和身份验证文件;
验证单元,用于根据所述接收单元接收到的所述身份验证文件对所述用户进行身份验证;
上载单元,用于当所述验证单元验证成功时,依次完成每个目标VNF Package的上载流程。
结合第四方面,在所述第四方面的第一种可能的实现方式中,所述接收单元还用于,
接收用户发送的第二查询请求,所述第二查询请求携带有所述网络服务所需的全部VNF Package标识和至少一个VNF Package版本号,每个VNF Package版本号对应一个VNF Package标识;
所述查找单元还用于:
查找所述全部VNF Package标识中,VNF Package标识和VNF Package版本号未记录在VNF目录中的至少一个目标VNF Package标识。
结合第四方面,在所述第四方面的第二种可能的实现方式中,所述接收单元还用于,接收用户发送的第三查询请求,所述第三查询请求携带有所述网络服务所需的全部VNF Package标识和所述用户的用户标识;
所述验证单元还用于,根据所述接收单元接收到的所述用户标识判断所述用户是否具有查询权限;
所述查找单元还用于,当所述验证单元验证有所述查询权限时,查找所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识。
结合第四方面,在所述第四方面的第三种可能的实现方式中,所述发送单元还用于,接收用户发送的第四查询请求,所述第四查询请求携带有所述网络服务所需的全部VNF Package标识、至少一个VNF Package版本号和所述用户的用户标识;
所述验证单元还用于,根据所述用户标识判断所述用户是否具有查询权限;
所述查找单元还用于,当所述验证单元验证有所述查询权限时,查找所述全部VNF Package标识中,VNF Package标识和VNF  Package版本号未记录在VNF目录中的至少一个目标VNF Package标识。
结合第四方面,在所述第四方面或所述第四方面的第一种可能、第二种可能或第三种可能的实现方式中,还提供了所述第四方面的第四种可能的实现方式,在所述第四方面的第四种可能的实现方式中,所述网络服务包还携带有验证策略文件,所述验证策略文件用于所述网络功能虚拟化编排器确定如何对所述VNF Package的完整性和真实性进行验证,所述验证单元还用于:
如果所述网络服务包中未携带有所述验证策略文件,则对全部VNF Package和所述NSD的完整性和真实性进行验证,所述完整性表示VNF Package中携带的程序是否完整,所述真实性表示所述VNF Package中携带的程序的功能是否与虚拟网络功能包描述信息VNFD中描述的一致;
如果所述网络服务包中携带有所述验证策略文件,则对所述验证策略文件进行解析,确定验证策略。
结合第四方面,在所述第四方面或所述第四方面的第一种可能、第二种可能、第三种可能或第四种可能的实现方式中,还提供了所述第四方面的第五种可能的实现方式,在所述第四方面的第五种可能的实现方式中,所述上载单元具体用于:
依次将每个目标VNF Package添加到所述VNF目录中并将所述VNF中携带的镜像发送到VIM;
当所述NSD描述的全部VNF Package全部添加到所述VNF目录中时,将所述NSD添加到NSD目录。
第五方面,本发明还提供了一种数据上载的系统,所述系统包括第三方面所述的装置和第四方面所述的装置。
第六方面,本发明还提供了一种数据上载的装置,所述装置位于用户当前登录的设备中,所述用户为请求提供网络服务NS的用户,所述装置包括:
发射器,用于向网络功能虚拟化编排器NFV Orchestrator发送第一查询请求,所述查询请求携带有所述网络服务所需的全部虚拟网络 功能包VNF Package标识;
接收器,用于接收所述网络功能虚拟化编排器发送的查询结果,所述查询结果携带有目标VNF Package标识列表,所述目标VNF Package标识列表用于记载未上载的至少一个目标VNF Package的标识;
处理器,用于当所述接收器接收的所述目标VNF Package标识列表不为空时,根据所述目标VNF Package标识列表获取所述至少一个目标VNF Package;
所述发射器还用于,将所述网路服务的网络服务描述信息NSD、所述处理器获取的所述至少一个目标VNF Package和身份验证文件进行封装并发送至所述网络功能虚拟化编排器,所述身份验证文件用于对验证用户身份的合法性。
结合第六方面,在所述第六方面的第一种可能的实现方式中,所述发射器还用于:
向网络功能虚拟化编排器发送第二查询请求,所述第二查询请求携带有所述网络服务所需的全部VNF Package标识和至少一个VNF Package版本号,每个VNF Package版本号对应一个VNF Package标识;
或者,
向网络功能虚拟化编排器发送第三查询请求,所述第三查询请求携带有所述网络服务所需的全部VNF Package标识和所述用户的用户标识;
或者,
向网络功能虚拟化编排器发送第四查询请求,所述第四查询请求携带有所述网络服务所需的全部VNF Package标识、所述至少一个VNF Package版本号和所述用户的用户标识。
结合第六方面,在所述第六方面或所述第六方面的第一种可能的实现方式中,还提供了所述第六方面的第二种可能的实现方式,在所述第六方面的第二种可能的实现方式中,所述发射器还用于,将所述网路服务的NSD、所述至少一个目标VNF Package、身份验证文件和 验证策略文件进行封装并发送至所述网络功能虚拟化编排器,所述验证策略文件用于所述网络功能虚拟化编排器确定如何对所述VNF Package的完整性和真实性进行验证。
第七方面,本发明还提供了一种数据上载的装置,所述装置位于网络功能虚拟化编排器中,所述装置包括:
接收器,用于接收用户发送的第一查询请求,所述查询请求携带有所述用户请求的网络服务所需的全部VNF Package标识;
处理器,用于查找所述接收器接收到的所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识;
发射器,用于向所述用户发送目标VNF Package标识列表,所述目标VNF Package标识列表用于记载所述处理器查找到的所述至少一个目标VNF Package标识;
所述接收器还用于,接收所述用户发送的网络服务包,所述网络服务包携带有所述网路服务的网络服务描述信息NSD、所述至少一个目标VNF Package标识对应的至少一个目标VNF Package和身份验证文件;
所述处理器还用于,根据所述接收器接收到的所述身份验证文件对所述用户进行身份验证;
当验证成功时,依次完成每个目标VNF Package的上载流程。
结合第七方面,在所述第七方面的第一种可能的实现方式中,所述接收器还用于,
接收用户发送的第二查询请求,所述第二查询请求携带有所述网络服务所需的全部VNF Package标识和至少一个VNF Package版本号,每个VNF Package版本号对应一个VNF Package标识;
所述处理器还用于:
查找所述全部VNF Package标识中,VNF Package标识和VNF Package版本号未记录在VNF目录中的至少一个目标VNF Package标识。
结合第七方面,在所述第七方面的第二种可能的实现方式中,所述接收器还用于,接收用户发送的第三查询请求,所述第三查询请求 携带有所述网络服务所需的全部VNF Package标识和所述用户的用户标识;
所述处理器还用于,根据所述接收器接收到的所述用户标识判断所述用户是否具有查询权限;
当验证有所述查询权限时,查找所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识。
结合第七方面,在所述第七方面的第三种可能的实现方式中,所述发射器还用于,接收用户发送的第四查询请求,所述第四查询请求携带有所述网络服务所需的全部VNF Package标识、至少一个VNF Package版本号和所述用户的用户标识;
所述处理器还用于,根据所述用户标识判断所述用户是否具有查询权限;
当验证有所述查询权限时,查找所述全部VNF Package标识中,VNF Package标识和VNF Package版本号未记录在VNF目录中的至少一个目标VNF Package标识。
结合第七方面,在所述第七方面或所述第七方面的第一种可能、第二种可能或第三种可能的实现方式中,还提供了所述第七方面的第四种可能的实现方式,在所述第七方面的第四种可能的实现方式中,所述网络服务包还携带有验证策略文件,所述验证策略文件用于所述网络功能虚拟化编排器确定如何对所述VNF Package的完整性和真实性进行验证,所述处理器还用于:
如果所述网络服务包中未携带有所述验证策略文件,则对全部VNF Package和所述NSD的完整性和真实性进行验证,所述完整性表示VNF Package中携带的程序是否完整,所述真实性表示所述VNF Package中携带的程序的功能是否与虚拟网络功能包描述信息VNFD中描述的一致;
如果所述网络服务包中携带有所述验证策略文件,则对所述验证策略文件进行解析,确定验证策略。
结合第七方面,在所述第七方面或所述第七方面的第一种可能、第二种可能、第三种可能或第四种可能的实现方式中,还提供了所述 第七方面的第五种可能的实现方式,在所述第七方面的第五种可能的实现方式中,所述处理器还用于:
依次将每个目标VNF Package添加到所述VNF目录中并将所述VNF中携带的镜像发送到VIM;
当所述NSD描述的全部VNF Package全部添加到所述VNF目录中时,将所述NSD添加到NSD目录。
第八方面,本发明还提供了一种数据上载的系统,所述系统包括第六方面所述的装置和第七方面所述的装置。
本发明提供的数据上载的方法、装置及系统,首先通过查询确定缺少的VNF Package,因此不会向网络功能虚拟化编排器发送重复的VNF Package,节约资源。其次,将缺少的至少一个VNF Package与NSD以及身份验证文件进行封装并发送至网络功能虚拟化编排器。与现有技术中,每次只能上传一个VNF Package,当需要上传N个VNF Package时,需要进行N次数据传输,网络功能虚拟化编排器需要进行N次身份验证。本发明中,网络功能虚拟化编排器通过一次身份验证即可确定N个VNF Package的发送者的合法性,进而避免了重复的身份验证,提高资源利用率。
附图说明
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。
图1为本发明实施例中第一个数据上载的方法的流程图;
图2为本发明实施例中第二个数据上载的方法的流程图;
图3为本发明实施例中第三个数据上载的方法的流程图;
图4为本发明实施例中第四个数据上载的方法的流程图;
图5为本发明实施例中第五个数据上载的方法的流程图;
图6为本发明实施例中第六个数据上载的方法的流程图;
图7为本发明实施例中第七个数据上载的方法的流程图;
图8为本发明实施例中第八个数据上载的方法的流程图;
图9为本发明实施例中第九个数据上载的方法的流程图;
图10为本发明实施例中第十个数据上载的方法的流程图;
图11为本发明实施例中第十一个数据上载的方法的流程图;
图12为本发明实施例中第一个数据上载的装置的结构示意图;
图13为本发明实施例中第二个数据上载的装置的结构示意图;
图14为本发明实施例中第三个数据上载的装置的结构示意图;
图15为本发明实施例中第一个数据上载的系统的示意图;
图16为本发明实施例中第四个数据上载的装置的结构示意图;
图17为本发明实施例中第五个数据上载的装置的结构示意图;
图18为本发明实施例中第二个数据上载的系统的示意图。
具体实施方式
下面将结合本实施例中的附图,对本实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。
本发明实施例提供了一种数据上载的方法,所述方法应用于用户当前登录的设备,所述用户为请求提供网络服务NS的用户。所述用户为与网络功能虚拟化编排器NFV Orchestrator通信的客户或者节点,通常可以为运营支撑系统/基站子系统(OSS/BSS),供应商Vendor,网络服务设计厂商等,如图1所示,所述方法包括:
步骤101、向网络功能虚拟化编排器NFV Orchestrator发送第一查询请求,所述查询请求携带有所述网络服务所需的全部虚拟网络功能包VNF Package标识。
本发明实施例中根据查询请求携带内容的不同将查询请求分为第 一查询请求、第二查询请求、第三查询请求和第四查询请求,各查询请求均携带有所述网络服务所需的全部虚拟网络功能包VNF Package标识。查询请求的一种实现方式为:VNF Package列表查询请求VNF Packagelist query request。此处只介绍第一查询请求,第二查询请求、第三查询请求和第四查询请求在后文中进行详细说明。
用户当前登录的设备具有向网络功能虚拟化编排器发送NSD以及获取NSD所需要的全部VNF Package以及VNF Package标识的功能。VNF Package标识可通过本地的预设数据库获取,也可通过网络获取,还可以由人工导入。
步骤102、接收所述网络功能虚拟化编排器发送的查询结果,所述查询结果携带有目标VNF Package标识列表,所述目标VNF Package标识列表用于记载未上载的至少一个目标VNF Package的标识。
查询结果的一种实现方式为列表查询响应list query Ack(Acknowledgement)。查询结果携带有目标VNF Package标识列表,目标VNF Package标识列表用于记载未上载到网络功能虚拟化编排器的至少一个VNF Package的标识,即需要用户补充的VNF Package的标识。
步骤103、如果所述目标VNF Package标识列表不为空,则根据所述目标VNF Package标识列表获取所述至少一个目标VNF Package。
如果所述目标VNF Package标识列表不为空,说明网络功能虚拟化编排器还需要目标VNF Package标识列表中记载的目标VNF Package,才能够为用户提供其请求的网路服务。用户当前登录的设备通过在本地读取或通过网络获取以及人工导入的方式,逐一获取所述至少一个目标VNF Package中的各个目标VNF Package。
对于获取所述至少一个目标VNF Package的三种方式,其优先依次为本地读取、通过网络获取、人工导入。如果通过本地读取和网络获取的方式均无法得到标VNF Package,则用户当前登录的设备输出提示信息,以便人工进行导入。
步骤104、将所述网路服务的网络服务描述信息NSD、所述至少一个目标VNF Package和身份验证文件进行封装并发送至所述网络功能虚拟化编排器,所述身份验证文件用于对验证用户身份的合法性。
本发明将封装后的包称为网络服务包。身份验证文件是现有技术中通常采用的一种身份验证文件,具体可参见现有技术中关于身份验证文件的定义以及使用方法。通常,身份验证文件中携带有用户标识、证书、密钥中的一种,用于进行身份的合法性验证。网络服务描述信息NSD是现有技术中用于描述NS所需的全部元素,包括每个VNF Package的VNF描述信息(VNF Descriptor,VNFD)等信息。具体可参见现有技术中NSD的定义。
本发明实施例提供的数据上载的方法,在向网络功能虚拟化编排器发送NSD之前,通过查询请求得到网络功能虚拟化编排器中用于提供网络服务的至少一个目标VNF Package(缺少的VNF Package),再将至少一个目标VNF Package和NSD以及身份验证文件进行封装并发送至所述网络功能虚拟化编排器,进而实现在一次传送过程中发送一个或多个目标VNF Package,以便网络功能虚拟化编排器针对本次发送的网络服务包进行身份验证,即可对网络服务包中封装的至少一个目标VNF Package进行上载,避免重复的身份验证,提高资源利用率。
第一查询请求中仅携带了所述网络服务所需的全部VNF Package标识,然而,在某些场景下同一个VNF Package有多个版本(如V1.0、V2.0等)。此时,如果网络功能虚拟化编排器中保存的是V1.0,而用户请求的是V2.0,则仅仅根据VNF Package标识无法对不同版本的VNF Package进行区分。基于此,作为对图1所示方法的进一步说明,本发明实施例还提供了一种数据上载的方法,如图2所示,在步骤102、接收所述网络功能虚拟化编排器发送的查询结果之前,所述方法还包括:
步骤101a、向网络功能虚拟化编排器发送第二查询请求,所述第二查询请求携带有所述网络服务所需的全部VNF Package标识和至少一个VNF Package版本号,每个VNF Package版本号对应一个VNF  Package标识。
第二查询请求用于替代第一查询请求。为每个VNF Package标识配置一个VNF Package版本号;或者,为一部分需要进行版本区分的VNF Package标识配置VNF Package版本号。例如:网络服务所需的全部VNF Package标识有10个,第二查询请求中携带有其中5个VNF Package标识对应的5个VNF Package版本号。
需要说明的是,如果VNF Package标识本身已具有用于区分不同版本的信息,则可作为本发明实施例的一个替代方案。例如:在VNF Package标识的结尾添加版本字段,进而将版本号纳入到VNF Package标识中。
本发明实施例提供的数据上载的方法,能够通过第二查询请求向网络功能虚拟化编排器发送携带有VNF Package版本号的查询请求,进而能够对不同版本的VNF Package进行区分,增加了VNF Package的查询维度。在具有不同版本的VNF Package的场景下,提高了查找精确度。
上述实施例中,无论用户身份是否合法,只要用户当前登录的设备向网络功能虚拟化编排器发送第一查询请求,网络功能虚拟化编排器便会进行响应。然而,在为未确定用户身份的合法性的前提下,直接为对用户的第一查询请求进行响应,存在一定的安全隐患。基于此,本发明实施例还提供了一种数据上载的方法,作为对图1所示方法的进一步说明,如图3所示,在步骤102、接收所述网络功能虚拟化编排器发送的查询结果之前,所述方法还包括:
步骤101b、向网络功能虚拟化编排器发送第三查询请求,所述第三查询请求携带有所述网络服务所需的全部VNF Package标识和所述用户的用户标识。
第三查询请求时第一查询请求的一种替代方案,第三查询请求中处理含有必要的所述网络服务所需的全部VNF Package标识之外,还携带有用户标识。用户标识用于标识用户,每个用户具有唯一的用户标识。网络功能虚拟化编排器能够根据用户标识对用户进行验证。如果通过验证则对查询请求进行响应。否则,未通过验证,则反馈验证 失败消息,通知取消响应所述查询请求。
本发明实施例提供的数据上载的方法,在第三查询请求中携带唯一标识用户的用户标识,以便网络功能虚拟化编排器根据用户标识对用户进行验证,进而提高了目标VNF Package标识查询的安全性。
进一步的,查询请求中可以同时携带VNF Package版本号和用户标识,基于此,本发明实施例还提供了一种数据上载的方法,如图4所示,在步骤102、接收所述网络功能虚拟化编排器发送的查询结果之前,所述方法还包括:
步骤101c、向网络功能虚拟化编排器发送第四查询请求,所述第四查询请求携带有所述网络服务所需的全部VNF Package标识、所述至少一个VNF Package版本号和所述用户的用户标识。
第四查询请求中包含了第二查询请求携带的VNF Package版本号以及第三查询请求中携带的用户标识,进而实现了提高查找精确度和提高查询安全性的双重效果。
作为对安全性的进一步考虑,本发明实施例还提供了一种进一步加强数据传输安全性的方案,在步骤103、如果所述目标VNF Package标识列表不为空,则根据所述目标VNF Package标识列表获取所述至少一个目标VNF Package之后,如图5所示,所述方法还包括:
步骤104’、将所述网路服务的NSD、所述至少一个目标VNF Package、身份验证文件和验证策略文件进行封装并发送至所述网络功能虚拟化编排器,所述验证策略文件用于所述网络功能虚拟化编排器确定如何对所述VNF Package的完整性和真实性进行验证。
验证策略文件用于记载如何对目标VNF Package的完整性和真实性进行检测。所述完整性表示VNF Package中携带的程序是否完整,所述真实性表示所述VNF Package中携带的程序的功能是否与虚拟网络功能包描述信息VNFD中描述的一致。
本发明实施例提供的数据上载的方法,能够在网络服务包中添加验证策略文件,进而在验证用户的身份的基础上,对VNF Package进行完成性和真实性的验证,进而提高网路服务的稳定性。
本发明实施例还提供了一种数据上载的方法,所述方法应用于网 络功能虚拟化编排器,如图6所示,所述方法包括:
步骤201、接收用户发送的第一查询请求,所述查询请求携带有所述用户请求的网络服务所需的全部VNF Package标识。
步骤202、查找所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识。
网络功能虚拟化编排器存储有VNF目录,当VNF Package存储到网络功能虚拟化编排器中时,网络功能虚拟化编排器将VNF Packag标识存储到VNF目录中,或者将VNF Packag标识对应的功能存储到VNF目录中。VNF Packag标识用于唯一标识VNF Packag,且每个VNF Packag对应一个功能。当VNF Package标识存储到VNF目录中时,代表VNF Package上载完毕。
从第一查询请求中获取全部VNF Package标识,依次读取一个VNF Package标识。在VNF目录中查找读取的VNF Package标识。如果未查找到,则读取的VNF Package标识为目标VNF Package标识标识,将读取的VNF Package标识添加到目标VNF Package标识列表中。如果查找到,则读取所述全部VNF Package标识中的下一个VNF Package标识,判断所述下一个VNF Package标识是否存在VNF目录。最终,形成由查找出的至少一个目标VNF Package标识组成的目标VNF Package标识列表。
步骤203、向所述用户发送目标VNF Package标识列表,所述目标VNF Package标识列表用于记载所述至少一个目标VNF Package标识。
作为一种实现方式,VNF Package标识列表通过应答消息ACK发送至用户。
步骤204、接收所述用户发送的网络服务包,所述网络服务包携带有所述网路服务的网络服务描述信息NSD、所述至少一个目标VNF Package标识对应的至少一个目标VNF Package和身份验证文件。
步骤205、根据所述身份验证文件对所述用户进行身份验证。
本步骤可参见现有技术中关于身份验证文件的具体定义以及根据身份验证文件进行身份验证方法。
步骤206、如果验证成功,则依次完成每个目标VNF Package的上载流程。
具体的,如图7所示,步骤206可通过下述方式进行实施:
步骤301、依次将每个目标VNF Package添加到所述VNF目录中并将所述VNF中携带的镜像发送到虚拟基础设施管理器(Virtualized Infrastructure Manager,VIM)。
虚拟基础设施管理器负责管理、分配NFV的资源以及保存NFV的镜像。
步骤302、当所述NSD描述的全部VNF Package全部添加到所述VNF目录中时,将所述NSD添加到NSD目录。
NSD描述了网络服务所需的全部VNF Package。当VNF目录中记载了网络服务所需的全部VNF Package时,说明可以为用户提供其请求的网络服务。此外,对于提供网络服务的必要条件进行检查,例如:检查网络所需的VNF的对外接口是否在VNF描述信息中。如果均满足条件,则将所述NSD添加到NSD目录。
本发明实施例提供的数据上载的方法,能够根据用户发送的查询请求为用户提供目标VNF Package标识列表,使得用户仅需要提供缺少的VNF Package。对用户发送的网络服务包进行解封装,对网络服务包中携带的身份验证文件进行验证,确定用户的合法性。然后,将网络服务包中携带的至少一个目标VNF Package进行上载。实现通过一次验证对至少一个VNF Package进行上载,节约资源。
作为对图6的进一步说明,本发明实施例还提供了一种数据上载的方法,如图8所示,在步骤202、查找所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识之前,所述方法还包括:
步骤401、接收用户发送的第二查询请求,所述第二查询请求携带有所述网络服务所需的全部VNF Package标识和至少一个VNF Package版本号,每个VNF Package版本号对应一个VNF Package标识;
所述步骤202、查找所述全部VNF Package标识中,未记录在VNF 目录中的至少一个目标VNF Package标识,具体包括:
步骤402、查找所述全部VNF Package标识中,VNF Package标识和VNF Package版本号未记录在VNF目录中的至少一个目标VNF Package标识。
如果某个VNF Package标识配置了版本号,则需要该VNF Package标识以及该版本号同时记录在VNF目录中。相应的,VNF目录为每个VNF Package标识添加版本号属性。
如果查询请求中VNF Package标识配置了对应的版本号,则判断该VNF Package标识是否记录在VNF目录中,如果VNF Package标识记录在VNF目录中,则进一步判断,VNF Package标识对应的VNF Package版本号与目录中记录的版本号是否一致。如果VNF Package标识为记录在VNF目录或者VNF Package版本号与目录中记录的版本号不一致,则将该VNF Package标识确定为目标VNF Package标识,并读取查询请求中的下一个VNF Package标识。
如果查询请求中VNF Package标识未配置对应的版本号,即只有VNF Package标识,则只判断该VNF Package标识是否记录在VNF目录中。如果VNF Package标识未记录在VNF目录中,则将该VNF Package标识确定为目标VNF Package标识,并读取查询请求中的下一个VNF Package标识。如果VNF Package标识记录在VNF目录中则读取查询请求中的下一个VNF Package标识。
需要说明的是,如果VNF Package标识本身包含了版本号,例如在标识的结尾出天价版本号。则网络功能虚拟化编排器还可根据VNF Package标识确定VNF Package的版本号。
本发明实施例提供的数据上载的方法,网络功能虚拟化编排器能够根据接受的哦的携带有VNF Package版本号的查询请求,对不同版本的VNF Package进行区分,增加了VNF Package的查询维度。在具有不同版本的VNF Package的场景下,提高了查找精确度。
作为对图6的进一步说明,本发明实施例还提供了一种数据上载的方法,如图9所示,在步骤202、在所述查找所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识之 前,所述方法还包括:
步骤501、向网络功能虚拟化编排器发送第三查询请求,所述第二查询请求携带有所述网络服务所需的全部VNF Package标识和所述用户的用户标识。
步骤502、根据所述用户标识判断所述用户是否具有查询权限。
所述步骤202、查找所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识,还包括:
步骤503、如果有所述查询权限,则查找所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识。
本发明实施例提供的数据上载的方法,在第三查询请求中携带唯一标识用户的用户标识,以便网络功能虚拟化编排器根据用户标识对用户进行验证,进而提高了目标VNF Package标识查询的安全性。
作为对图6的进一步说明,本发明实施例还提供了一种数据上载的方法,如图10所示,在步骤202、查找所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识之前,所述方法还包括:
步骤601、向网络功能虚拟化编排器发送第四查询请求,所述第四查询请求携带有所述网络服务所需的全部VNF Package标识、至少一个VNF Package版本号和所述用户的用户标识。
步骤602、根据所述用户标识判断所述用户是否具有查询权限。
所述步骤202、查找所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识,还包括:
步骤603、如果有所述查询权限,则查找所述全部VNF Package标识中,VNF Package标识和VNF Package版本号未记录在VNF目录中的至少一个目标VNF Package标识。
作为对图8和图9所示方法的结合的方案,本发明实施例还提供了一种数据上载的方法,能够提高查找精确度和提高查询安全性。
本发明实施例还提供了一种数据上载的方法,作为对上述实施例的进一步说明,所述网络服务包还携带有验证策略文件,所述验证策略文件用于所述网络功能虚拟化编排器确定如何对所述VNF Package 的完整性和真实性进行验证,如图11所示,在步骤206、依次完成每个目标VNF Package的上载流程之前,所述方法还包括:
步骤700、判断网络服务包中是否携带有所述验证策略文件。
步骤701、如果所述网络服务包中未携带有所述验证策略文件,则对全部VNF Package和所述NSD的完整性和真实性进行验证。
其中,所述完整性表示VNF Package中携带的程序是否完整,所述真实性表示所述VNF Package中携带的程序的功能是否与虚拟网络功能包描述信息VNFD中描述的一致。
步骤702、如果所述网络服务包中携带有所述验证策略文件,则对所述验证策略文件进行解析,确定验证策略。
作为本发明实施例的一种实现方式,所述验证策略包括:
1、逐一判断每个VNF Package和所述NSD是否由所述用户生成。
2、如果当前的VNF Package或NSD不是由所述用户生成,则检查所述当前的VNF Package或NSD的完整性和真实性进行验证。
需要说明的是,验证策略文件中可以记载不同的验证策略以便针对不同的场景进行验证。验证策略的具体内容可由本领域技术人员根据实际需要确定。
本发明实施例还提供了一种数据上载的装置,所述装置位于用户当前登录的设备中,所述用户为请求提供网络服务NS的用户,如图12所示,所述装置包括:
发送单元1201,用于向网络功能虚拟化编排器NFV Orchestrator发送第一查询请求,所述查询请求携带有所述网络服务所需的全部虚拟网络功能包VNF Package标识;
接收单元1202,用于接收所述网络功能虚拟化编排器发送的查询结果,所述查询结果携带有目标VNF Package标识列表,所述目标VNF Package标识列表用于记载未上载的至少一个目标VNF Package的标识;
获取单元1203,用于当所述接收单元1202接收的所述目标VNF Package标识列表不为空时,根据所述目标VNF Package标识列表获取所述至少一个目标VNF Package;
所述发送单元1201还用于,将所述网路服务的网络服务描述信息NSD、所述获取单元1203获取的所述至少一个目标VNF Package和身份验证文件进行封装并发送至所述网络功能虚拟化编排器,所述身份验证文件用于对验证用户身份的合法性。
进一步的,所述发送单元1201还用于:
向网络功能虚拟化编排器发送第二查询请求,所述第二查询请求携带有所述网络服务所需的全部VNF Package标识和至少一个VNF Package版本号,每个VNF Package版本号对应一个VNF Package标识;
或者,
向网络功能虚拟化编排器发送第三查询请求,所述第三查询请求携带有所述网络服务所需的全部VNF Package标识和所述用户的用户标识;
或者,
向网络功能虚拟化编排器发送第四查询请求,所述第四查询请求携带有所述网络服务所需的全部VNF Package标识、所述至少一个VNF Package版本号和所述用户的用户标识。
进一步的,所述发送单元1201还用于,将所述网路服务的NSD、所述至少一个目标VNF Package、身份验证文件和验证策略文件进行封装并发送至所述网络功能虚拟化编排器,所述验证策略文件用于所述网络功能虚拟化编排器确定如何对所述VNF Package的完整性和真实性进行验证。
本发明实施例还提供了一种数据上载的装置,所述装置位于网络功能虚拟化编排器中,如图13所示,所述装置包括:
接收单元1301,用于接收用户发送的第一查询请求,所述查询请求携带有所述用户请求的网络服务所需的全部VNF Package标识;
查找单元1302,用于查找所述接收单元1301接收到的所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识;
发送单元1303,用于向所述用户发送目标VNF Package标识列 表,所述目标VNF Package标识列表用于记载所述查找单元1302查找到的所述至少一个目标VNF Package标识;
所述接收单元1301还用于,接收所述用户发送的网络服务包,所述网络服务包携带有所述网路服务的网络服务描述信息NSD、所述至少一个目标VNF Package标识对应的至少一个目标VNF Package和身份验证文件;
验证单元1304,用于根据所述接收单元1301接收到的所述身份验证文件对所述用户进行身份验证;
上载单元1305,用于当所述验证单元1304验证成功时,依次完成每个目标VNF Package的上载流程。
进一步的,所述接收单元1301还用于,
接收用户发送的第二查询请求,所述第二查询请求携带有所述网络服务所需的全部VNF Package标识和至少一个VNF Package版本号,每个VNF Package版本号对应一个VNF Package标识;
所述查找单元1302还用于:
查找所述全部VNF Package标识中,VNF Package标识和VNF Package版本号未记录在VNF目录中的至少一个目标VNF Package标识。
进一步的,如图14所示,所述接收单元1301还用于,接收用户发送的第三查询请求,所述第三查询请求携带有所述网络服务所需的全部VNF Package标识和所述用户的用户标识;
所述验证单元1304还用于,根据所述接收单元1301接收到的所述用户标识判断所述用户是否具有查询权限;
所述查找单元1302还用于,当所述验证单元1304验证有所述查询权限时,查找所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识。
进一步的,所述发送单元1303还用于,接收用户发送的第四查询请求,所述第四查询请求携带有所述网络服务所需的全部VNF Package标识、至少一个VNF Package版本号和所述用户的用户标识;
所述验证单元1304还用于,根据所述用户标识判断所述用户是否 具有查询权限;
所述查找单元1302还用于,当所述验证单元1304验证有所述查询权限时,查找所述全部VNF Package标识中,VNF Package标识和VNF Package版本号未记录在VNF目录中的至少一个目标VNF Package标识。
进一步的,所述网络服务包还携带有验证策略文件,所述验证策略文件用于所述网络功能虚拟化编排器确定如何对所述VNF Package的完整性和真实性进行验证,所述验证单元1304还用于:
如果所述网络服务包中未携带有所述验证策略文件,则对全部VNF Package和所述NSD的完整性和真实性进行验证,所述完整性表示VNF Package中携带的程序是否完整,所述真实性表示所述VNF Package中携带的程序的功能是否与虚拟网络功能包描述信息VNFD中描述的一致;
如果所述网络服务包中携带有所述验证策略文件,则对所述验证策略文件进行解析,确定验证策略,所述验证策略包括:
逐一判断每个VNF Package和所述NSD是否由所述用户生成;
如果当前的VNF Package或NSD不是由所述用户生成,则检查所述当前的VNF Package或NSD的完整性和真实性进行验证。
进一步的,所述上载单元1305具体用于:
依次将每个目标VNF Package添加到所述VNF目录中并将所述VNF中携带的镜像发送到VIM;
当所述NSD描述的全部VNF Package全部添加到所述VNF目录中时,将所述NSD添加到NSD目录。
本发明实施例还提供了一种数据上载的系统,如图15所示,所述系统由用户当前登录的设备1501(如12所示的装置)和网络功能虚拟化编排器1502(图13或图14所示的装置)组成。其中,网络功能虚拟化编排器1502与虚拟基础设施管理器VIM1503相连。
本发明实施例还提供了一种数据上载的装置,所述装置位于用户当前登录的设备中,所述用户为请求提供网络服务NS的用户,如图16所示,所述装置包括:
发射器1601,用于向网络功能虚拟化编排器NFV Orchestrator发送第一查询请求,所述查询请求携带有所述网络服务所需的全部虚拟网络功能包VNF Package标识;
接收器1602,用于接收所述网络功能虚拟化编排器发送的查询结果,所述查询结果携带有目标VNF Package标识列表,所述目标VNF Package标识列表用于记载未上载的至少一个目标VNF Package的标识;
处理器1603,用于当所述接收器1602接收的所述目标VNF Package标识列表不为空时,根据所述目标VNF Package标识列表获取所述至少一个目标VNF Package;
所述发射器1601还用于,将所述网路服务的网络服务描述信息NSD、所述处理器1603获取的所述至少一个目标VNF Package和身份验证文件进行封装并发送至所述网络功能虚拟化编排器,所述身份验证文件用于对验证用户身份的合法性。
进一步的,所述发射器1601还用于:
向网络功能虚拟化编排器发送第二查询请求,所述第二查询请求携带有所述网络服务所需的全部VNF Package标识和至少一个VNF Package版本号,每个VNF Package版本号对应一个VNF Package标识;
或者,
向网络功能虚拟化编排器发送第三查询请求,所述第三查询请求携带有所述网络服务所需的全部VNF Package标识和所述用户的用户标识;
或者,
向网络功能虚拟化编排器发送第四查询请求,所述第四查询请求携带有所述网络服务所需的全部VNF Package标识、所述至少一个VNF Package版本号和所述用户的用户标识。
进一步的,所述发射器1601还用于,将所述网路服务的NSD、所述至少一个目标VNF Package、身份验证文件和验证策略文件进行封装并发送至所述网络功能虚拟化编排器,所述验证策略文件用于所 述网络功能虚拟化编排器确定如何对所述VNF Package的完整性和真实性进行验证。
本发明实施例提供了一种数据上载的装置,所述装置位于网络功能虚拟化编排器中,如图17所示,所述装置包括:
接收器1701,用于接收用户发送的第一查询请求,所述查询请求携带有所述用户请求的网络服务所需的全部VNF Package标识;
处理器1702,用于查找所述接收器1701接收到的所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识;
发射器1703,用于向所述用户发送目标VNF Package标识列表,所述目标VNF Package标识列表用于记载所述处理器1702查找到的所述至少一个目标VNF Package标识;
所述接收器1701还用于,接收所述用户发送的网络服务包,所述网络服务包携带有所述网路服务的网络服务描述信息NSD、所述至少一个目标VNF Package标识对应的至少一个目标VNF Package和身份验证文件;
所述处理器1702还用于,根据所述接收器1701接收到的所述身份验证文件对所述用户进行身份验证;
当验证成功时,依次完成每个目标VNF Package的上载流程。
进一步的,所述接收器1701还用于,
接收用户发送的第二查询请求,所述第二查询请求携带有所述网络服务所需的全部VNF Package标识和至少一个VNF Package版本号,每个VNF Package版本号对应一个VNF Package标识;
所述处理器1702还用于:
查找所述全部VNF Package标识中,VNF Package标识和VNF Package版本号未记录在VNF目录中的至少一个目标VNF Package标识。
进一步的,所述接收器1701还用于,接收用户发送的第三查询请求,所述第三查询请求携带有所述网络服务所需的全部VNF Package标识和所述用户的用户标识;
所述处理器1702还用于,根据所述接收器1701接收到的所述用户标识判断所述用户是否具有查询权限;
当验证有所述查询权限时,查找所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识。
进一步的,所述发射器1703还用于,接收用户发送的第四查询请求,所述第四查询请求携带有所述网络服务所需的全部VNF Package标识、至少一个VNF Package版本号和所述用户的用户标识;
所述处理器1702还用于,根据所述用户标识判断所述用户是否具有查询权限;
当验证有所述查询权限时,查找所述全部VNF Package标识中,VNF Package标识和VNF Package版本号未记录在VNF目录中的至少一个目标VNF Package标识。
进一步的,所述网络服务包还携带有验证策略文件,所述验证策略文件用于所述网络功能虚拟化编排器确定如何对所述VNF Package的完整性和真实性进行验证,所述处理器1702还用于:
如果所述网络服务包中未携带有所述验证策略文件,则对全部VNF Package和所述NSD的完整性和真实性进行验证,所述完整性表示VNF Package中携带的程序是否完整,所述真实性表示所述VNF Package中携带的程序的功能是否与虚拟网络功能包描述信息VNFD中描述的一致;
如果所述网络服务包中携带有所述验证策略文件,则对所述验证策略文件进行解析,确定验证策略,所述验证策略包括:
逐一判断每个VNF Package和所述NSD是否由所述用户生成;
如果当前的VNF Package或NSD不是由所述用户生成,则检查所述当前的VNF Package或NSD的完整性和真实性进行验证。
进一步的,所述处理器1702还用于:
依次将每个目标VNF Package添加到所述VNF目录中并将所述VNF中携带的镜像发送到VIM;
当所述NSD描述的全部VNF Package全部添加到所述VNF目录中时,将所述NSD添加到NSD目录。
本发明实施例还提供了一种数据上载的系统,如图18所示,所述系统由用户当前登录的设备1801(如16所示的装置)和网络功能虚拟化编排器1802(图17所示的装置)组成。其中,网络功能虚拟化编排器1802与虚拟基础设施管理器VIM1803相连。
通过以上的实施方式的描述,所属领域的技术人员可以清楚地了解到本发明可借助软件加必需的通用硬件的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在可读取的存储介质中,如计算机的软盘,硬盘或光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述的方法。
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本发明的保护范围之内。

Claims (29)

  1. 一种数据上载的方法,其特征在于,所述方法应用于用户当前登录的设备,所述用户为请求提供网络服务NS的用户,所述方法包括:
    向网络功能虚拟化编排器NFV Orchestrator发送第一查询请求,所述查询请求携带有所述网络服务所需的全部虚拟网络功能包VNF Package标识;
    接收所述网络功能虚拟化编排器发送的查询结果,所述查询结果携带有目标VNF Package标识列表,所述目标VNF Package标识列表用于记载未上载的至少一个目标VNF Package的标识;
    如果所述目标VNF Package标识列表不为空,则根据所述目标VNF Package标识列表获取所述至少一个目标VNF Package;
    将所述网路服务的网络服务描述信息NSD、所述至少一个目标VNF Package和身份验证文件进行封装并发送至所述网络功能虚拟化编排器,所述身份验证文件用于对验证用户身份的合法性。
  2. 根据权利要求1所述的方法,其特征在于,在所述接收所述网络功能虚拟化编排器发送的查询结果之前,所述方法还包括:
    向网络功能虚拟化编排器发送第二查询请求,所述第二查询请求携带有所述网络服务所需的全部VNF Package标识和至少一个VNF Package版本号,每个VNF Package版本号对应一个VNF Package标识;
    或者,
    向网络功能虚拟化编排器发送第三查询请求,所述第三查询请求携带有所述网络服务所需的全部VNF Package标识和所述用户的用户标识;
    或者,
    向网络功能虚拟化编排器发送第四查询请求,所述第四查询请求携带有所述网络服务所需的全部VNF Package标识、所述至少一个VNF Package版本号和所述用户的用户标识。
  3. 根据权利要求1或2所述的方法,其特征在于,在所述根据所述目标VNF Package标识列表获取所述至少一个目标VNF Package之后,所述方法还包括:
    将所述网路服务的NSD、所述至少一个目标VNF Package、身份验证文件和验证策略文件进行封装并发送至所述网络功能虚拟化编排器,所述验证策略文件用于所述网络功能虚拟化编排器确定如何对所述VNF Package的完整性和真实性进行验证。
  4. 一种数据上载的方法,其特征在于,所述方法应用于网络功能虚拟化编排器,所述方法包括:
    接收用户发送的第一查询请求,所述查询请求携带有所述用户请求的网络服务所需的全部VNF Package标识;
    查找所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识;
    向所述用户发送目标VNF Package标识列表,所述目标VNF Package标识列表用于记载所述至少一个目标VNF Package标识;
    接收所述用户发送的网络服务包,所述网络服务包携带有所述网路服务的网络服务描述信息NSD、所述至少一个目标VNF Package标识对应的至少一个目标VNF Package和身份验证文件;
    根据所述身份验证文件对所述用户进行身份验证;
    如果验证成功,则依次完成每个目标VNF Package的上载流程。
  5. 根据权利要求4所述的方法,其特征在于,在所述查找所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF  Package标识之前,所述方法还包括:
    接收用户发送的第二查询请求,所述第二查询请求携带有所述网络服务所需的全部VNF Package标识和至少一个VNF Package版本号,每个VNF Package版本号对应一个VNF Package标识;
    所述查找所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识,具体包括:
    查找所述全部VNF Package标识中,VNF Package标识和VNF Package版本号未记录在VNF目录中的至少一个目标VNF Package标识。
  6. 根据权利要求4所述的方法,其特征在于,在所述查找所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识之前,所述方法还包括:
    接收用户发送的第三查询请求,所述第三查询请求携带有所述网络服务所需的全部VNF Package标识和所述用户的用户标识;
    根据所述用户标识判断所述用户是否具有查询权限;
    所述查找所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识,还包括:
    如果有所述查询权限,则查找所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识。
  7. 根据权利要求4所述的方法,其特征在于,在所述查找所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识之前,所述方法还包括:
    接收用户发送的第四查询请求,所述第四查询请求携带有所述网络服务所需的全部VNF Package标识、至少一个VNF Package版本号和所述用户的用户标识;
    根据所述用户标识判断所述用户是否具有查询权限;
    所述查找所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识,还包括:
    如果有所述查询权限,则查找所述全部VNF Package标识中,VNF Package标识和VNF Package版本号未记录在VNF目录中的至少一个目标VNF Package标识。
  8. 根据权利要求4至7中任一项所述的方法,其特征在于,所述网络服务包还携带有验证策略文件,所述验证策略文件用于所述网络功能虚拟化编排器确定如何对所述VNF Package的完整性和真实性进行验证,在所述依次完成每个目标VNF Package的上载流程之前,所述方法还包括:
    如果所述网络服务包中未携带有所述验证策略文件,则对全部VNF Package和所述NSD的完整性和真实性进行验证,所述完整性表示VNF Package中携带的程序是否完整,所述真实性表示所述VNF Package中携带的程序的功能是否与虚拟网络功能包描述信息VNFD中描述的一致;
    如果所述网络服务包中携带有所述验证策略文件,则对所述验证策略文件进行解析,确定验证策略。
  9. 根据权利要求4至8中任一项所述的方法,其特征在于,所述依次完成每个目标VNF Package的上载流程,具体包括:
    依次将每个目标VNF Package添加到所述VNF目录中并将所述VNF中携带的镜像发送到VIM;
    当所述NSD描述的全部VNF Package全部添加到所述VNF目录中时,将所述NSD添加到NSD目录。
  10. 一种数据上载的装置,其特征在于,所述装置位于用户当前登录的设备中,所述用户为请求提供网络服务NS的用户,所述装置包括:
    发送单元,用于向网络功能虚拟化编排器NFV Orchestrator发送第一查询请求,所述查询请求携带有所述网络服务所需的全部虚拟网络功能包VNF Package标识;
    接收单元,用于接收所述网络功能虚拟化编排器发送的查询结果,所述查询结果携带有目标VNF Package标识列表,所述目标VNF Package标识列表用于记载未上载的至少一个目标VNF Package的标识;
    获取单元,用于当所述接收单元接收的所述目标VNF Package标识列表不为空时,根据所述目标VNF Package标识列表获取所述至少一个目标VNF Package;
    所述发送单元还用于,将所述网路服务的网络服务描述信息NSD、所述获取单元获取的所述至少一个目标VNF Package和身份验证文件进行封装并发送至所述网络功能虚拟化编排器,所述身份验证文件用于对验证用户身份的合法性。
  11. 根据权利要求10所述的装置,其特征在于,所述发送单元还用于:
    向网络功能虚拟化编排器发送第二查询请求,所述第二查询请求携带有所述网络服务所需的全部VNF Package标识和至少一个VNF Package版本号,每个VNF Package版本号对应一个VNF Package标识;
    或者,
    向网络功能虚拟化编排器发送第三查询请求,所述第三查询请求携带有所述网络服务所需的全部VNF Package标识和所述用户的用户标识;
    或者,
    向网络功能虚拟化编排器发送第四查询请求,所述第四查询请求携 带有所述网络服务所需的全部VNF Package标识、所述至少一个VNF Package版本号和所述用户的用户标识。
  12. 根据权利要求10或11所述的装置,其特征在于,所述发送单元还用于,将所述网路服务的NSD、所述至少一个目标VNF Package、身份验证文件和验证策略文件进行封装并发送至所述网络功能虚拟化编排器,所述验证策略文件用于所述网络功能虚拟化编排器确定如何对所述VNF Package的完整性和真实性进行验证。
  13. 一种数据上载的装置,其特征在于,所述装置位于网络功能虚拟化编排器中,所述装置包括:
    接收单元,用于接收用户发送的第一查询请求,所述查询请求携带有所述用户请求的网络服务所需的全部VNF Package标识;
    查找单元,用于查找所述接收单元接收到的所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识;
    发送单元,用于向所述用户发送目标VNF Package标识列表,所述目标VNF Package标识列表用于记载所述查找单元查找到的所述至少一个目标VNF Package标识;
    所述接收单元还用于,接收所述用户发送的网络服务包,所述网络服务包携带有所述网路服务的网络服务描述信息NSD、所述至少一个目标VNF Package标识对应的至少一个目标VNF Package和身份验证文件;
    验证单元,用于根据所述接收单元接收到的所述身份验证文件对所述用户进行身份验证;
    上载单元,用于当所述验证单元验证成功时,依次完成每个目标VNF Package的上载流程。
  14. 根据权利要求13所述的装置,其特征在于,所述接收单元还用于,
    接收用户发送的第二查询请求,所述第二查询请求携带有所述网络服务所需的全部VNF Package标识和至少一个VNF Package版本号,每个VNF Package版本号对应一个VNF Package标识;
    所述查找单元还用于:
    查找所述全部VNF Package标识中,VNF Package标识和VNF Package版本号未记录在VNF目录中的至少一个目标VNF Package标识。
  15. 根据权利要求13所述的装置,其特征在于,所述接收单元还用于,接收用户发送的第三查询请求,所述第三查询请求携带有所述网络服务所需的全部VNF Package标识和所述用户的用户标识;
    所述验证单元还用于,根据所述接收单元接收到的所述用户标识判断所述用户是否具有查询权限;
    所述查找单元还用于,当所述验证单元验证有所述查询权限时,查找所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识。
  16. 根据权利要求13所述的装置,其特征在于,所述发送单元还用于,接收用户发送的第四查询请求,所述第四查询请求携带有所述网络服务所需的全部VNF Package标识、至少一个VNF Package版本号和所述用户的用户标识;
    所述验证单元还用于,根据所述用户标识判断所述用户是否具有查询权限;
    所述查找单元还用于,当所述验证单元验证有所述查询权限时,查找所述全部VNF Package标识中,VNF Package标识和VNF Package版本号未记录在VNF目录中的至少一个目标VNF Package标识。
  17. 根据权利要求13至16中任一项所述的装置,其特征在于,所述网络服务包还携带有验证策略文件,所述验证策略文件用于所述网络 功能虚拟化编排器确定如何对所述VNF Package的完整性和真实性进行验证,所述验证单元还用于:
    如果所述网络服务包中未携带有所述验证策略文件,则对全部VNF Package和所述NSD的完整性和真实性进行验证,所述完整性表示VNF Package中携带的程序是否完整,所述真实性表示所述VNF Package中携带的程序的功能是否与虚拟网络功能包描述信息VNFD中描述的一致;
    如果所述网络服务包中携带有所述验证策略文件,则对所述验证策略文件进行解析,确定验证策略。
  18. 根据权利要求13至17中任一项所述的装置,其特征在于,所述上载单元具体用于:
    依次将每个目标VNF Package添加到所述VNF目录中并将所述VNF中携带的镜像发送到VIM;
    当所述NSD描述的全部VNF Package全部添加到所述VNF目录中时,将所述NSD添加到NSD目录。
  19. 一种数据上载的系统,其特征在于,所述系统包括权利要求10至12中任一项所述的装置和权利要求13至18中任一项所述的装置组成。
  20. 一种数据上载的装置,其特征在于,所述装置位于用户当前登录的设备中,所述用户为请求提供网络服务NS的用户,所述装置包括:
    发射器,用于向网络功能虚拟化编排器NFV Orchestrator发送第一查询请求,所述查询请求携带有所述网络服务所需的全部虚拟网络功能包VNF Package标识;
    接收器,用于接收所述网络功能虚拟化编排器发送的查询结果,所述查询结果携带有目标VNF Package标识列表,所述目标VNF Package标识列表用于记载未上载的至少一个目标VNF Package的标 识;
    处理器,用于当所述接收器接收的所述目标VNF Package标识列表不为空时,根据所述目标VNF Package标识列表获取所述至少一个目标VNF Package;
    所述发射器还用于,将所述网路服务的网络服务描述信息NSD、所述处理器获取的所述至少一个目标VNF Package和身份验证文件进行封装并发送至所述网络功能虚拟化编排器,所述身份验证文件用于对验证用户身份的合法性。
  21. 根据权利要求20所述的装置,其特征在于,所述发射器还用于:
    向网络功能虚拟化编排器发送第二查询请求,所述第二查询请求携带有所述网络服务所需的全部VNF Package标识和至少一个VNF Package版本号,每个VNF Package版本号对应一个VNF Package标识;
    或者,
    向网络功能虚拟化编排器发送第三查询请求,所述第三查询请求携带有所述网络服务所需的全部VNF Package标识和所述用户的用户标识;
    或者,
    向网络功能虚拟化编排器发送第四查询请求,所述第四查询请求携带有所述网络服务所需的全部VNF Package标识、所述至少一个VNF Package版本号和所述用户的用户标识。
  22. 根据权利要求20或21所述的装置,其特征在于,所述发射器还用于,将所述网路服务的NSD、所述至少一个目标VNF Package、身份验证文件和验证策略文件进行封装并发送至所述网络功能虚拟化编排器,所述验证策略文件用于所述网络功能虚拟化编排器确定如何对 所述VNF Package的完整性和真实性进行验证。
  23. 一种数据上载的装置,其特征在于,所述装置位于网络功能虚拟化编排器中,所述装置包括:
    接收器,用于接收用户发送的第一查询请求,所述查询请求携带有所述用户请求的网络服务所需的全部VNF Package标识;
    处理器,用于查找所述接收器接收到的所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识;
    发射器,用于向所述用户发送目标VNF Package标识列表,所述目标VNF Package标识列表用于记载所述处理器查找到的所述至少一个目标VNF Package标识;
    所述接收器还用于,接收所述用户发送的网络服务包,所述网络服务包携带有所述网路服务的网络服务描述信息NSD、所述至少一个目标VNF Package标识对应的至少一个目标VNF Package和身份验证文件;
    所述处理器还用于,根据所述接收器接收到的所述身份验证文件对所述用户进行身份验证;
    当验证成功时,依次完成每个目标VNF Package的上载流程。
  24. 根据权利要求23所述的装置,其特征在于,所述接收器还用于,
    接收用户发送的第二查询请求,所述第二查询请求携带有所述网络服务所需的全部VNF Package标识和至少一个VNF Package版本号,每个VNF Package版本号对应一个VNF Package标识;
    所述处理器还用于:
    查找所述全部VNF Package标识中,VNF Package标识和VNF Package版本号未记录在VNF目录中的至少一个目标VNF Package标 识。
  25. 根据权利要求23所述的装置,其特征在于,所述接收器还用于,接收用户发送的第三查询请求,所述第三查询请求携带有所述网络服务所需的全部VNF Package标识和所述用户的用户标识;
    所述处理器还用于,根据所述接收器接收到的所述用户标识判断所述用户是否具有查询权限;
    当验证有所述查询权限时,查找所述全部VNF Package标识中,未记录在VNF目录中的至少一个目标VNF Package标识。
  26. 根据权利要求23所述的装置,其特征在于,所述发射器还用于,接收用户发送的第四查询请求,所述第四查询请求携带有所述网络服务所需的全部VNF Package标识、至少一个VNF Package版本号和所述用户的用户标识;
    所述处理器还用于,根据所述用户标识判断所述用户是否具有查询权限;
    当验证有所述查询权限时,查找所述全部VNF Package标识中,VNF Package标识和VNF Package版本号未记录在VNF目录中的至少一个目标VNF Package标识。
  27. 根据权利要求23至26中任一项所述的装置,其特征在于,所述网络服务包还携带有验证策略文件,所述验证策略文件用于所述网络功能虚拟化编排器确定如何对所述VNF Package的完整性和真实性进行验证,所述处理器还用于:
    如果所述网络服务包中未携带有所述验证策略文件,则对全部VNF Package和所述NSD的完整性和真实性进行验证,所述完整性表示VNF Package中携带的程序是否完整,所述真实性表示所述VNF Package中携带的程序的功能是否与虚拟网络功能包描述信息VNFD中描述的一致;
    如果所述网络服务包中携带有所述验证策略文件,则对所述验证策略文件进行解析,确定验证策略。
  28. 根据权利要求23至27中任一项所述的装置,其特征在于,所述处理器还用于:
    依次将每个目标VNF Package添加到所述VNF目录中并将所述VNF中携带的镜像发送到VIM;
    当所述NSD描述的全部VNF Package全部添加到所述VNF目录中时,将所述NSD添加到NSD目录。
  29. 一种数据上载的系统,其特征在于,所述系统包括权利要求20至22中任一项所述的装置和权利要求23至28中任一项所述的装置组成。
PCT/CN2015/073119 2015-02-15 2015-02-15 数据上载的方法、装置及系统 Ceased WO2016127436A1 (zh)

Priority Applications (5)

Application Number Priority Date Filing Date Title
BR112017017491A BR112017017491A2 (pt) 2015-02-15 2015-02-15 método, aparelho e sistema de carregamento de dados
CN201580002153.2A CN106105154B (zh) 2015-02-15 2015-02-15 数据上载的方法、装置及系统
EP15881598.5A EP3249882A4 (en) 2015-02-15 2015-02-15 Data uploading method, device and system
PCT/CN2015/073119 WO2016127436A1 (zh) 2015-02-15 2015-02-15 数据上载的方法、装置及系统
US15/676,122 US20170373939A1 (en) 2015-02-15 2017-08-14 Data uploading method, apparatus, and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2015/073119 WO2016127436A1 (zh) 2015-02-15 2015-02-15 数据上载的方法、装置及系统

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US15/676,122 Continuation US20170373939A1 (en) 2015-02-15 2017-08-14 Data uploading method, apparatus, and system

Publications (1)

Publication Number Publication Date
WO2016127436A1 true WO2016127436A1 (zh) 2016-08-18

Family

ID=56614084

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/073119 Ceased WO2016127436A1 (zh) 2015-02-15 2015-02-15 数据上载的方法、装置及系统

Country Status (5)

Country Link
US (1) US20170373939A1 (zh)
EP (1) EP3249882A4 (zh)
CN (1) CN106105154B (zh)
BR (1) BR112017017491A2 (zh)
WO (1) WO2016127436A1 (zh)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019029327A1 (zh) * 2017-08-08 2019-02-14 华为技术有限公司 网络功能服务的发现方法及设备
US20200313981A1 (en) * 2017-09-29 2020-10-01 Orange Method and device for processing a network service instantiation request

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11271948B2 (en) * 2017-05-22 2022-03-08 Amdocs Development Limited System, method, and computer program for verifying virtual network function (VNF) package and/or network service definition integrity
US10700946B2 (en) * 2017-08-08 2020-06-30 Amdocs Development Limited System, method, and computer program for automatically certifying a virtual network function (VNF) for use in a network function virtualization (NFV) based communication network
EP4113940A1 (en) * 2016-10-05 2023-01-04 Convida Wireless, LLC Capability exposure for service instantiation
US10318723B1 (en) * 2016-11-29 2019-06-11 Sprint Communications Company L.P. Hardware-trusted network-on-chip (NOC) and system-on-chip (SOC) network function virtualization (NFV) data communications
JP6806263B2 (ja) * 2017-02-07 2021-01-06 日本電気株式会社 Vnfパッケージ署名システム及びvnfパッケージ署名方法
CN110324164B (zh) * 2018-03-29 2020-10-16 华为技术有限公司 一种网络切片的部署方法及装置
US12192052B2 (en) * 2019-06-10 2025-01-07 Apple Inc. End-to-end radio access network (RAN) deployment in open ran (O-RAN)
US11283678B2 (en) * 2019-06-18 2022-03-22 Level 3 Communications, Llc Adaptive virtual services
CN115705388A (zh) * 2021-08-06 2023-02-17 贵州白山云科技股份有限公司 一种缓存对象处理方法、装置、设备及存储介质
CN116112358B (zh) * 2022-11-28 2025-05-09 深圳市智莱科技股份有限公司 反窃电采集工作站的初始化方法、系统、设备及存储介质

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140317261A1 (en) * 2013-04-22 2014-10-23 Cisco Technology, Inc. Defining interdependent virtualized network functions for service level orchestration
CN104253866A (zh) * 2014-09-20 2014-12-31 华为技术有限公司 虚拟网络功能网元的软件部署方法、系统及相关设备
CN104348873A (zh) * 2013-08-05 2015-02-11 中兴通讯股份有限公司 虚拟网元自动装载及虚拟机ip地址获取的方法与系统

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8429630B2 (en) * 2005-09-15 2013-04-23 Ca, Inc. Globally distributed utility computing cloud
EP3028528A4 (en) * 2013-08-27 2017-05-03 Huawei Technologies Co., Ltd. System and method for mobile network function virtualization
US20160212012A1 (en) * 2013-08-30 2016-07-21 Clearpath Networks, Inc. System and method of network functions virtualization of network services within and across clouds
US9794187B1 (en) * 2013-12-19 2017-10-17 Amdocs Software Systems Limited System, method, and computer program for resource conversion in a network function virtualization (NFV) based communication network
US9813335B2 (en) * 2014-08-05 2017-11-07 Amdocs Software Systems Limited System, method, and computer program for augmenting a physical system utilizing a network function virtualization orchestrator (NFV-O)
US9853869B1 (en) * 2015-01-27 2017-12-26 Amdocs Software Systems Limited System, method, and computer program for automatically instructing a virtual network function (VNF) to operate in accordance with one of a plurality of function definitions
US9760428B1 (en) * 2013-12-19 2017-09-12 Amdocs Software Systems Limited System, method, and computer program for performing preventative maintenance in a network function virtualization (NFV) based communication network
WO2015126430A1 (en) * 2014-02-24 2015-08-27 Hewlett-Packard Development Company, L.P. Virtual network function management with deactivated virtual machines
WO2016060597A1 (en) * 2014-10-16 2016-04-21 Telefonaktiebolaget L M Ericsson (Publ) Lawful intercept management modules and methods for li configuration of an internal interception function in a cloud based network
US9946614B2 (en) * 2014-12-16 2018-04-17 At&T Intellectual Property I, L.P. Methods, systems, and computer readable storage devices for managing faults in a virtual machine network
US20180034781A1 (en) * 2015-02-13 2018-02-01 Nokia Solutions And Networks Oy Security mechanism for hybrid networks

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140317261A1 (en) * 2013-04-22 2014-10-23 Cisco Technology, Inc. Defining interdependent virtualized network functions for service level orchestration
CN104348873A (zh) * 2013-08-05 2015-02-11 中兴通讯股份有限公司 虚拟网元自动装载及虚拟机ip地址获取的方法与系统
CN104253866A (zh) * 2014-09-20 2014-12-31 华为技术有限公司 虚拟网络功能网元的软件部署方法、系统及相关设备

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
NFV ETSI ISG.: "Network Functions Virtualisation (NFV); NFV Security; Security and Trust Guidance", ETSI GS NFV-SEC 003 V1.1.1, 31 December 2014 (2014-12-31), XP014216283 *
See also references of EP3249882A4 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019029327A1 (zh) * 2017-08-08 2019-02-14 华为技术有限公司 网络功能服务的发现方法及设备
US11258822B2 (en) 2017-08-08 2022-02-22 Huawei Technologies Co., Ltd. Network function service discovery method and device
US20200313981A1 (en) * 2017-09-29 2020-10-01 Orange Method and device for processing a network service instantiation request
US12255791B2 (en) * 2017-09-29 2025-03-18 Orange Method and device for processing a network service instantiation request

Also Published As

Publication number Publication date
US20170373939A1 (en) 2017-12-28
CN106105154B (zh) 2019-10-22
BR112017017491A2 (pt) 2018-06-26
EP3249882A1 (en) 2017-11-29
EP3249882A4 (en) 2018-02-21
CN106105154A (zh) 2016-11-09

Similar Documents

Publication Publication Date Title
WO2016127436A1 (zh) 数据上载的方法、装置及系统
CN105871838B (zh) 一种第三方账号的登录控制方法及用户中心平台
CN102752319B (zh) 一种云计算安全访问方法、装置及系统
US9191384B2 (en) Maintaining privacy in a multi-tenant cloud service participating in a federated identity platform
JP6574168B2 (ja) 端末識別方法、ならびにマシン識別コードを登録する方法、システム及び装置
CN104506487B (zh) 云环境下隐私策略的可信执行方法
CN106302308B (zh) 一种信任登录方法和装置
CN104158818B (zh) 一种单点登录方法及系统
CN106209726B (zh) 一种移动应用单点登录方法及装置
CN110798466B (zh) 一种虚拟机场景下软件license的验证方法及系统
CN103428179B (zh) 一种登录多域名网站的方法、系统以及装置
US20170048225A1 (en) Method, Apparatus, and System for Secure Authentication
KR20170037612A (ko) 단말 식별자들을 용이하게 하는 방법 및 시스템
CN105376220A (zh) 一种业务实现方法、系统以及服务器
US9178869B2 (en) Locating network resources for an entity based on its digital certificate
CN105897663A (zh) 一种确定访问权限的方法、装置及设备
CN110365483A (zh) 云平台认证方法、客户端、中间件及系统
CN110581824A (zh) 基于多个微信公众号快速登录管理系统
CN106209727B (zh) 一种会话访问方法和装置
CN104219626B (zh) 一种身份认证的方法和装置
US12381739B2 (en) Image management method and apparatus
CN105610855A (zh) 一种跨域系统登录验证的方法和装置
CN115412294A (zh) 基于平台服务的访问方法及装置、存储介质、电子设备
CN103118025B (zh) 基于入网认证的单点登录方法、装置及认证服务器
WO2022062688A1 (zh) 消息推送方法、电子设备及存储介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15881598

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

REEP Request for entry into the european phase

Ref document number: 2015881598

Country of ref document: EP

REG Reference to national code

Ref country code: BR

Ref legal event code: B01A

Ref document number: 112017017491

Country of ref document: BR

ENP Entry into the national phase

Ref document number: 112017017491

Country of ref document: BR

Kind code of ref document: A2

Effective date: 20170815