2019 is the first year when 5g is officially commercial. 2b is the new blue ocean of 5g. According to the business forecast of GSMA, 5g has the greatest opportunity to be applied in 2B industry. Referring to the market economic analysis of major mainstream consulting companies, 5g 2B industry will leverage the economy of about $12 trillion. China's three major operators are building 5g commercial networks on a large scale, and have released 5g 2B strategic plan: China Mobile has formulated the "5g plan" to promote the development of 5g industry; China Unicom proposes to grasp the digital transformation trend with "edcba" and build 5g innovation cooperation ecology; China Telecom released 5g top ten industrial applications (including smart policing, smart transportation, smart ecology, smart party building, media live broadcasting, smart medical treatment, Internet of vehicles, smart education, smart tourism and smart manufacturing).

5g MEC is the key carrier to realize 5g differentiated and deterministic SLA. It can realize high differentiation (bandwidth, delay, packet loss jitter, mobility, reliability), high security (multi tenant network isolation, data not out of the park), high automation (automatic service distribution, network independent management, intelligent operation and maintenance), and diversified 5g network services. Gartner, a consulting firm, predicts that edge computing will enter a stage of rapid development in the market, and edge computing will become a necessary demand for all digital services in 2022.

01

5g MEC introduction

MEC is an open platform that integrates the core capabilities of network, computing, storage and application at the edge of the network close to people, things or data sources. It can provide edge intelligent services nearby to meet the key needs of industry digitization in terms of agile access, real-time business, data optimization, application intelligence, security and privacy protection.

5g MEC is based on SA architecture. 5gc implements MEC network bearer control, supports the introduction of 5g network characteristics and functions, and takes UPF as the data anchor of edge computing. According to the definition of ETSI, MEC platform is isomorphic with nfv, which is a lightweight extension of nfv architecture at the edge and carries characteristic it application services. The logic architecture of 5g MEC is shown in Figure 1.

 

02

5g MEC meets the requirements of 7 main application scenarios according to technical characteristics:

a) Enterprise diversion of application localization. Divert user traffic to the enterprise network.

b) Video optimization for content regionalization. Deploy wireless analysis applications at the edge to assist TCP congestion control and bit rate adaptation.

c) Video stream analysis of content regionalization. Analyze and process the video at the edge, reduce the cost of video acquisition equipment and reduce the traffic sent to the core network.

d) Computational marginalization of augmented reality. Edge applications quickly process user positions and camera images to provide users with real-time auxiliary information.

e) Auxiliary sensitive calculation of computational marginalization. Provide high-performance computing, perform delay sensitive data processing, and feed back the results to the end equipment.

f) Computing the marginalized Internet of things. The Internet of things enables application aggregation at the edge of the platform, analyzes the messages generated by the equipment and makes decisions in time.

g) Calculate the marginalized Internet of vehicles. Analyze the data of vehicle and roadside sensors, and send time delay sensitive information such as danger to surrounding vehicles.

According to the demands of the industry for network capability and the analysis of 5g MEC application scenarios in the industry, the application deployment of 5g MEC industry is considered to be realized in three stages. In the initial stage, operators provide local diversion capacity and IAAs / PAAS integrated environment services for industrial enterprises through 5g MEC, and transform the digitization and networking capacity of industrial enterprises. With the maturity of the industry application scenario functions, the next stage will be devoted to the sports and entertainment industry. Through 5g MEC, the business and deployment collaboration among edge, center and CDN will be supported to realize that CDN will sink to the edge side in the mobile network scenario, provide users with 5g HD / VR video services and boost the development of the sports and entertainment industry. The target stage of 5g MEC industry application will focus on high-value industries such as v2x and high-end industrial interconnection, meet the scenario requirements of delay sensitive networks and industrial sensor interconnection, and support the revolutionary development of high-end industry and v2x industry.

03

5g MEC service network capability

Through local traffic unloading and cooperation with the center, 5g MEC realizes edge data billing, service control and security control. The functional organization chart of 5g MEC network is shown in Figure 2.

 

Edge data service control is realized through 5gc core network linkage technology, synchronous local traffic billing technology, adaptive data monitoring technology and differentiated QoS Technology of local services.

5gc includes billing policy distribution, service control policy, user and service enabling policy. SX / N4 interface is supported between the edge user plane gateway of MEC and the gw-c / SMF of central DC to transmit service policy information. Gw-u / UPF, as the executor of core network policy, performs billing, Li and service control functions.

3.2.1 ulcl (uplink classifier) scheme

Ulcl shunting scheme is realized through dynamic shunting strategy, and service shunting is realized by taking the destination IP port of urlue location as the shunting dimension. The ulcl diversion scheme is shown in Figure 3.

 

Implementation process of diversion business:

a) Store service information (such as location, IP address, etc.) in UDR unified database through Nef capability open interface;

b) Formulate the diversion strategy of selecting UPF on PCF.

c) When users access large network and local services, PCF will distribute the service application information and diversion strategy obtained from UDR to SMF.

d) SMF selects the nearest ulcl UPF and PSA UPF according to the message destination IP address, UE location and shunting strategy;

e) Based on the identification of upstream service flow characteristics, ulcl UPF shunts data to local server and remote session anchor PSA UPF to achieve access to different services.

The shunting mode has the characteristics of UE no handover perception and ultra-low delay experience, and achieves the effect of collaborative application and network flow.

3.2.2 IPv6 multi homing (BP) scheme

IPv6 multi homing (BP) shunting, which takes the source IPv6 address prefix as the shunting dimension to realize service shunting. The IPv6 multi homing shunting scheme is shown in Figure 4.

   

Based on IPv6 multi homing (BP) shunting, the UE side needs to support IPv6 multi homing. Its business implementation process is consistent with that of ulcl, and supports shunting data to different UPF session anchors. BP shunting can realize business continuity multi home PDU sessions and local access DN multi home PDU sessions. Business continuity multi home PDU sessions can achieve anchor switching. In the process, UE services are not affected and continuity services can be obtained. The multi home PDU session of local access DN is used in the application scenario where UE needs to access both local services (such as local server) and central services (such as Internet).

3.2.3 LADN (local area data network) scheme

The LADN scheme takes the location information as the diversion dimension to realize the service diversion. The LADN diversion scheme is shown in Figure 5.

   

The end user requests to establish a local PDU session according to the LADN information obtained from the core network and the user's own location information. SMF realizes local edge network access and local application access through the selection of appropriate local edge UPF and the establishment of local PDU session. When SMF finds that the end user moves out of LADN area, it disconnects the original PDU session.

When the end user is not in the LADN region, SMF will reject even if the LADN session request is initiated.

Based on LADN shunting, local shunting of enterprise applications can be realized and isolated from Internet services. UE can only use enterprise applications in enterprise parks to realize security isolation. At the same time, LADN can finely realize the control of different businesses in the enterprise park with the help of ursp. Different businesses in the enterprise park choose different slices to realize differentiated control. This method can be applied to business scenarios with security isolation requirements and differentiated control requirements.

5g MEC will present new security risks different from 5g core network in industrial application deployment. There are three main security risks.

a) As the deployment position sinks to the edge node, the user plane ne sinks to the network edge side. The network edge side is the network untrusted domain, which has the security risk of weak security protection and vulnerable to attack, and then affects the whole core network

b) Due to the cloud deployment of the system and the application sharing storage resources, there are security risks such as illegal access to data before the business system, tampering with the virtual machine image, and data leakage caused by virtual migration.

c) Due to the introduction of third-party untrusted applications, there will be security risks such as illegal theft of MEP management permissions, integration of untrusted third-party applications (APP has vulnerabilities or malicious code, etc.), and malicious applications disguised as legitimate applications to obtain corresponding network resources.

5g MEC deals with the above security risks through a new network security architecture, and establishes a secure and reliable edge connection through multi-point isolation and layer by layer protection. MEC security architecture is shown in Figure 6.

 

1) External attack protection. Deploy a firewall at the DC entrance to prevent DDoS like attacks, reasonably divide and reserve internal hardware resources, and realize application flow control.

2) Domain isolation. The DC is divided into three VDCs according to ran, CN and third-party app. Through hardware isolation, an independent firewall is deployed to realize domain isolation.

3) Cn subdomain isolation. Since the sub domain can come from different manufacturers, it is necessary to divide the ne sub domain and mec sub domain, isolate layer I resources, and increase VFW according to the actual business requirements to realize CN Sub Domain isolation..

4) Apply isolation. Different apps are deployed on different host groups to isolate layer I resources. Due to the sensitive content security, application isolation needs to be realized by adding VFW.

5) Secure encrypted tunnel. Secure business cloud side collaboration needs to be realized based on TLS, IPSec and other secure encrypted tunnels.

6) Decentralization and domain management. The operator and app application operation management interface shall be decentralized to ensure business security.

When 5g MEC is deployed in the industry, the security network deployment architecture can be adjusted according to the needs of industry customers and the actual deployment situation.

04

5g MEC deployment case

In the early stage of commercial construction of 5g MEC, 5g MEC is the starting point for operators to go deep into the industry application. The operator of a municipality directly under the central government conducted research and Analysis on the 5g MEC industry application scenarios and business network capabilities. In order to meet various 5g MEC needs of industry users, 5g MEC network architecture adapted to its network status was built.

The 5g MEC network architecture of the municipal operator is determined by many factors, including communication cloud DC resource pool resources; Industry business demand (main low delay index requirements); Current situation of network resources and investment income of network construction. Its 5g MEC network architecture is shown in Figure 7.

 

5g MEC is divided into control management domain and business domain. The control management domain is deployed according to dual DC disaster recovery, and the business domain is deployed according to 4 layout classes and X on-site access classes. The layout class is deployed in the operator's core office room, and the access class is deployed in the operator's Shanghai pop computer room.

The operators in the municipality directly under the central government have a small area and the overall network structure is flat. According to the analysis of the existing network, the end-to-end delay is within 20ms. The industry business requirements are classified into 5g MEC of layout type, which carries regional high computing power and industrial general applications. Its disadvantage is that the delay will reach 20ms, and the data security can not be fully guaranteed. Its advantage is that it can solve the problem of cross regional transmission coverage, and is also conducive to the opening of network capacity on the core side. The on-site 5g MEC is oriented to industrial applications with ultra-low network delay (< 5ms) and data security requirements.

At the initial stage of 5g MEC industry application deployment, the main demand of industry users is 5g MEC network capability.

According to their business needs, application customers in an industry have newly built 5g MEC in the operator's pop computer room, including UPF and mec application platforms. The organizational structure of an industry application network in a municipality directly under the central government is shown in Figure 8.

 

The 5g MEC network implementation scheme is mainly realized through SMF and UPF network elements.

1、SMF

When SMF selects UPF, in the PDU session establishment process, SMF needs to select UPF according to UE location, DNN, s-nssai and other information to establish a connection with UPF. UPF can select UPF that meets the specified service and is close to the user according to the DNN, slice and location information accessed by the user. It can also combine the shunting capability, interface capability and whether it supports interworking with EPS Weight to select UPF.

 

 

2、UPF

UPF has a variety of roles, including anchor UPF, ulcl / BP UPF and i-upf. The principles of selecting UPF for different roles in different processes are different, and the relationship between the selection principles is shown in the following figure:

 

Only after the first round of selection is completed can further selection be made according to the following principles according to the actual situation. There is no priority between the first round selection principles.

In the second round of selection, priority can be set to select one UPF or location area or S11 port.

After the current two rounds of selection, if multiple UPFs in the returned results meet the selection conditions, the user will select the qualified UPF according to the weight of the UPF.

At any step, if the selected UPF is unique, select finish.

 Each PDU session of UE will be established through the set network principles, so as to realize 5g MEC service diversion. According to the needs of industrial users in this period, their DNN diversion principle will be configured on the network side through their business needs to dredge the DNN service on the terminal side to the new 5g MEC platform.

05

Conclusion

5g MEC is an important means for operators to enable industry application in the 5g network era. It integrates various resources of telecom operators and makes industry users realize the transformation and innovation of 5g network to their business. Through ulcl, IPv6 multi homing, LADN diversion scheme and mec security solution, 5g MEC can meet various application scenarios of low delay, large bandwidth local diversion and data security for industrial users. At present, it is still in the initial stage of commercial application of 5g MEC industry. An operator of a municipality directly under the central government supports industrial application by relying on layout MEC and field MEC. With the change of industry application scenario requirements, 5g MEC deployment scheme needs to be further refined in the future.

This article is reproduced from“Post and Telecommunications design technology”, support the protection of intellectual property rights. Please indicate the original source and author for reprint. If there is infringement, please contact us to delete.