CN118802462A

CN118802462A - Abnormal status notification method, device, equipment and readable storage medium

Info

Publication number: CN118802462A
Application number: CN202311718891.XA
Authority: CN
Inventors: 赵际洲; 黎丹; 都晨辉
Original assignee: China Mobile Communications Group Co Ltd; Research Institute of China Mobile Communication Co Ltd
Current assignee: China Mobile Communications Group Co Ltd; Research Institute of China Mobile Communication Co Ltd
Priority date: 2023-12-14
Filing date: 2023-12-14
Publication date: 2024-10-18

Abstract

An embodiment of the present application provides an abnormal status notification method, apparatus, device and readable storage medium, the method comprising: receiving first information from a first gateway, the first information being used to indicate that a second function is in an abnormal state; determining, based on the first information, that the second function is unreachable, and selecting a third function; wherein the second function establishes a connection with the first function through the first gateway, or the second function is directly connected to the first function, the third function establishes a connection with the first function through the first gateway or the second gateway, or the third function is directly connected to the first function, and the second function and the third function are located in an edge network.

Description

Abnormal status notification method, device, equipment and readable storage medium

技术领域Technical Field

本申请实施例涉及通信技术领域，具体涉及一种异常状态通知方法、装置、设备及可读存储介质。The embodiments of the present application relate to the field of communication technology, and specifically to an abnormal state notification method, device, equipment and readable storage medium.

背景技术Background Art

参见图1，现有的信令安全网关处理的流程如下：Referring to FIG. 1 , the process of the existing signaling security gateway is as follows:

步骤1：用户面功能(User Plane Function，UPF)1发送异常信令，开启仿冒攻击等；Step 1: User Plane Function (UPF) 1 sends abnormal signaling, initiates a spoofing attack, etc.

步骤2：信令安全网关进行攻击识别，从而判定UPF1存在安全攻击；Step 2: The signaling security gateway identifies the attack and determines that there is a security attack on UPF1;

步骤3：信令安全网关对涉及UPF1上的会话信令进行丢弃(包括会话管理功能(Session Management Function，SMF)1向UPF1以及UPF1向SMF1两个方向发送的信令)；Step 3: The signaling security gateway discards the session signaling related to UPF1 (including signaling sent from Session Management Function (SMF) 1 to UPF1 and from UPF1 to SMF1);

步骤4：对于SMF1发送给UPF1的信令，SMF1无法收到响应，则进行信令重发(一般是按照配置每隔一段时间进行重发，重发一定次数)；Step 4: For the signaling sent by SMF1 to UPF1, if SMF1 cannot receive a response, it will resend the signaling (generally, it will be resent at intervals according to the configuration and for a certain number of times);

步骤5：信令重发失败后，SMF1会依照路径优先级进行切换，切换到信令安全网关2的路径；或者，此时若信令安全网关2故障，则切换至直连路径，不过无论如何切换，均无法阻断与UPF1的通信，存在安全风险。Step 5: After the signaling retransmission fails, SMF1 will switch according to the path priority and switch to the path of Signaling Security Gateway 2; or, if Signaling Security Gateway 2 fails at this time, it will switch to the direct connection path. However, no matter how it switches, it cannot block the communication with UPF1, which poses a security risk.

对于边缘UPF、边缘UPF+，现有技术方案在信令安全网关对异常信令进行识别后，仅仅是通过丢弃来进行安全防护，不会主动通知SMF，在信令重发及优先级路径配置下，仍然会与UPF1继续通信，存在安全风险，且由于UPF1已经是攻击者，N4会话信令无法正常处理，业务同样无法接续。For edge UPF and edge UPF+, the existing technical solution only provides security protection by discarding the abnormal signaling after the signaling security gateway identifies the abnormal signaling, and will not actively notify the SMF. Under the signaling retransmission and priority path configuration, it will still continue to communicate with UPF1, which poses a security risk. Moreover, since UPF1 is already an attacker, the N4 session signaling cannot be processed normally, and the business cannot be continued.

发明内容Summary of the invention

本申请实施例在于提供一种异常状态通知方法、装置、设备及可读存储介质，解决无法阻断SMF与异常UPF通信，SMF存在被攻击的风险，以及多轮次的信令重发不仅浪费时间，也无法对N4会话进行接续的问题。The embodiments of the present application aim to provide an abnormal status notification method, apparatus, device and readable storage medium to solve the problem that the communication between SMF and abnormal UPF cannot be blocked, SMF is at risk of being attacked, and multiple rounds of signaling retransmission not only wastes time but also fails to connect the N4 session.

第一方面，通过一种异常状态通知方法，应用于第一功能，包括：In a first aspect, an abnormal state notification method is applied to a first function, including:

从第一网关接收第一信息，所述第一信息用于指示第二功能为异常状态；receiving first information from the first gateway, wherein the first information is used to indicate that the second function is in an abnormal state;

根据所述第一信息，确定所述第二功能不可达，选择第三功能；According to the first information, determining that the second function is unreachable, and selecting a third function;

其中，所述第二功能通过所述第一网关与所述第一功能建立连接，或者所述第二功能与所述第一功能直连，所述第三功能通过所述第一网关或第二网关与所述第一功能建立连接，或者所述第三功能与所述第一功能直连，所述第二功能和所述第三功能位于边缘网络。The second function establishes a connection with the first function through the first gateway, or the second function is directly connected to the first function, the third function establishes a connection with the first function through the first gateway or the second gateway, or the third function is directly connected to the first function, and the second function and the third function are located in an edge network.

可选的，从第一网关接收第一信息，包括：Optionally, receiving first information from a first gateway includes:

接收由所述第一网关构造的第一消息，所述第一消息中携带所述第一信息。A first message constructed by the first gateway is received, where the first message carries the first information.

可选的，从第一信令安全网关接收第一信息，包括：Optionally, receiving first information from a first signaling security gateway includes:

向所述第一信令安全网关发送第二消息；Sending a second message to the first signaling security gateway;

接收所述第一网关发送的用于响应所述第二消息的第三消息，所述第三消息中携带所述第一信息。A third message sent by the first gateway to respond to the second message is received, wherein the third message carries the first information.

可选的，所述第一信息包括以下至少一项：异常状态标识、所述第二功能在本端的虚拟IP地址、所述第二功能的真实IP地址。Optionally, the first information includes at least one of the following: an abnormal state identifier, a virtual IP address of the second function on the local end, and a real IP address of the second function.

第二方面，提供一种异常状态通知方法，应用于第一网关，包括：In a second aspect, a method for notifying an abnormal state is provided, which is applied to a first gateway and includes:

向第一功能发送第一信息，所述第一信息用于指示第二功能为异常状态；Sending first information to the first function, where the first information is used to indicate that the second function is in an abnormal state;

其中，所述第一信息用于确定所述第二功能不可达并选择第三功能，所述第二功能通过所述第一网关与所述第一功能建立连接，或者所述第二功能与所述第一功能直连，所述第三功能通过所述第一网关或第二网关与所述第一功能建立连接，或者所述第三功能与所述第一功能直连。Among them, the first information is used to determine that the second function is unreachable and select a third function, the second function establishes a connection with the first function through the first gateway, or the second function is directly connected to the first function, the third function establishes a connection with the first function through the first gateway or the second gateway, or the third function is directly connected to the first function.

可选的，向第一功能发送第一信息，包括：Optionally, sending the first information to the first function includes:

向第一功能发送由所述第一网关构造的第一消息，所述第一消息中携带所述第一信息。A first message constructed by the first gateway is sent to the first function, where the first message carries the first information.

接收所述第一功能发送的第二消息；receiving a second message sent by the first function;

向所述第一功能发送用于响应所述第二消息的第三消息，所述第三消息中携带所述第一信息。A third message is sent to the first function to respond to the second message, wherein the third message carries the first information.

可选的，所述方法还包括：Optionally, the method further includes:

向所述第二网关发送第二信息，所述第二信息用于指示所述第二功能为异常状态。Sending second information to the second gateway, where the second information is used to indicate that the second function is in an abnormal state.

第三方面，提供一种异常状态通知装置，应用于第一功能，包括：In a third aspect, an abnormal state notification device is provided, which is applied to the first function, including:

第一接收模块，用于从第一网关接收第一信息，所述第一信息用于指示第二功能为异常状态；A first receiving module, configured to receive first information from a first gateway, wherein the first information is used to indicate that the second function is in an abnormal state;

第一处理模块，用于根据所述第一信息，确定所述第二功能不可达，选择第三功能；A first processing module, configured to determine, based on the first information, that the second function is unreachable, and select a third function;

第四方面，提供一种异常状态通知装置，应用于第一网关，包括：In a fourth aspect, an abnormal state notification device is provided, which is applied to a first gateway, including:

第一发送模块，用于向第一功能发送第一信息，所述第一信息用于指示第二功能为异常状态；A first sending module, used for sending first information to the first function, wherein the first information is used for indicating that the second function is in an abnormal state;

第五方面，提供一种通信设备，包括处理器，存储器及存储在所述存储器上并可在所述处理器上运行的程序或指令，所述程序或指令被所述处理器执行时实现如第一方面或第二方面所述的方法的步骤。In a fifth aspect, a communication device is provided, comprising a processor, a memory, and a program or instruction stored in the memory and executable on the processor, wherein the program or instruction, when executed by the processor, implements the steps of the method described in the first aspect or the second aspect.

第六方面，提供一种可读存储介质，所述可读存储介质上存储程序或指令，所述程序或指令被处理器执行时实现如第一方面或第二方面所述的方法的步骤。In a sixth aspect, a readable storage medium is provided, on which a program or instruction is stored. When the program or instruction is executed by a processor, the steps of the method described in the first aspect or the second aspect are implemented.

在本申请中，第一功能从第一网关接收第一信息，所述第一信息用于指示第二功能为异常状态；然后第一功能根据所述第一信息，确定所述第二功能不可达，选择第三功能，也就是在判断处于异常状态的第二功能已不可达的情況下，匹配第一功能本地配置的至异常状态的第二功能路径，不再进行路径切换，存在业务时，直接进行网元切换选择第三功能，阻断第一功能与处于异常状态的第二功能的通信，降低第一功能被攻击的风险，同时能够减少多轮次第一功能与处于异常状态的第二功能之间的信令重发，避免浪费时间，而且通过选择第三功能可以实现对N4会话进行接续。In the present application, the first function receives first information from the first gateway, and the first information is used to indicate that the second function is in an abnormal state; then the first function determines that the second function is unreachable based on the first information, and selects the third function, that is, when it is determined that the second function in the abnormal state is no longer reachable, the first function matches the path to the second function in the abnormal state configured locally by the first function, and no longer performs path switching. When there is business, the network element switching is directly performed to select the third function, blocking the communication between the first function and the second function in the abnormal state, reducing the risk of the first function being attacked, and at the same time being able to reduce multiple rounds of signaling retransmissions between the first function and the second function in the abnormal state, avoiding wasting time, and by selecting the third function, the N4 session can be continued.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

通过阅读下文优选实施方式的详细描述，各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的，而并不认为是对本申请的限制。而且在整个附图中，用相同的参考符号表示相同的部件。在附图中：Various other advantages and benefits will become apparent to those of ordinary skill in the art by reading the detailed description of the preferred embodiments below. The accompanying drawings are only for the purpose of illustrating the preferred embodiments and are not to be considered as limiting the present application. Also, the same reference symbols are used throughout the accompanying drawings to represent the same components. In the accompanying drawings:

图1是现有技术中信令安全网关处理的示意图；FIG1 is a schematic diagram of signaling security gateway processing in the prior art;

图2是边缘专网的示意图；FIG2 is a schematic diagram of an edge private network;

图3是信令安全网关的示意图；FIG3 is a schematic diagram of a signaling security gateway;

图4是FullMesh组网示意图；Figure 4 is a schematic diagram of FullMesh networking;

图5是SMF和UPF间的路径优先级的示意图；FIG5 is a schematic diagram of path priority between SMF and UPF;

图6是信令安全网关跨网元纠错的功能的示意图；FIG6 is a schematic diagram of the signaling security gateway cross-network element error correction function;

图7是主信令安全网关和备用信令安全网关的示意图；7 is a schematic diagram of a primary signaling security gateway and a standby signaling security gateway;

图8是本申请实施例提供的异常状态通知方法的示意图之一；FIG8 is a schematic diagram of one of the abnormal state notification methods provided in an embodiment of the present application;

图9是本申请实施例提供的异常状态通知方法的示意图之二；FIG9 is a second schematic diagram of the abnormal state notification method provided in an embodiment of the present application;

图10是本申请实施例提供的异常状态通知方法的示意图之三；FIG10 is a third schematic diagram of the abnormal state notification method provided in an embodiment of the present application;

图11是本申请实施例提供的异常状态通知装置的示意图之一；FIG11 is a schematic diagram of an abnormal state notification device according to an embodiment of the present application;

图12是本申请实施例提供的异常状态通知装置的示意图之二；FIG12 is a second schematic diagram of an abnormal state notification device provided in an embodiment of the present application;

图13是本申请的实施例提供的通信设备的示意图。FIG13 is a schematic diagram of a communication device provided in an embodiment of the present application.

具体实施方式DETAILED DESCRIPTION

下面将结合本申请实施例中的附图，对本申请实施例中的技术方案进行清楚、完整地描述，显然，所描述的实施例是本申请一部分实施例，而不是全部的实施例。基于本申请中的实施例，本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例，都属于本申请保护的范围。The following will be combined with the drawings in the embodiments of the present application to clearly and completely describe the technical solutions in the embodiments of the present application. Obviously, the described embodiments are part of the embodiments of the present application, not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by ordinary technicians in this field without creative work are within the scope of protection of this application.

本申请的说明书和权利要求书中的术语“包括”以及它的任何变形，意图在于覆盖不排他的包含，例如，包含了一系列步骤或单元的过程、方法、系统、产品或设备不必限于清楚地列出的那些步骤或单元，而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。此外，说明书以及权利要求中使用“和/或”表示所连接对象的至少其中之一，例如A和/或B，表示包含单独A，单独B，以及A和B都存在三种情况。The term "comprise" and any variation thereof in the specification and claims of the present application are intended to cover non-exclusive inclusions, for example, a process, method, system, product or device comprising a series of steps or units need not be limited to those steps or units clearly listed, but may include other steps or units that are not clearly listed or inherent to these processes, methods, products or devices. In addition, the use of "and/or" in the specification and claims to indicate at least one of the connected objects, such as A and/or B, means that A alone, B alone, and A and B exist in three cases.

在本申请实施例中，“示例性的”或者“例如”等词用于指示作例子、例证或说明。本申请实施例中被描述为“示例性的”或者“例如”的任何实施例或设计方案不应被解释为比其它实施例或设计方案更优选或更具优势。确切而言，使用“示例性的”或者“例如”等词旨在以具体方式呈现相关概念。In the embodiments of the present application, words such as "exemplary" or "for example" are used to indicate examples, illustrations or descriptions. Any embodiment or design described as "exemplary" or "for example" in the embodiments of the present application should not be interpreted as being more preferred or more advantageous than other embodiments or designs. Specifically, the use of words such as "exemplary" or "for example" is intended to present related concepts in a specific way.

为了便于理解本申请的实施例，先介绍以下相关技术点：In order to facilitate understanding of the embodiments of the present application, the following related technical points are first introduced:

1、关于信令安全网关的介绍。1. Introduction to signaling security gateway.

如图2所示，由于边缘专网(包括边缘UPF、边缘UPF+、边缘定制化核心网等)部署在非可信区域，为防止边缘网络被攻击后，通过接口对中心网络发起攻击，从而影响全网业务，需要在大网与专网边界部署信令安全网关，实现安全隔离与消息防护。As shown in Figure 2, since the edge private network (including edge UPF, edge UPF+, edge customized core network, etc.) is deployed in an untrusted area, in order to prevent the edge network from being attacked and launching attacks on the central network through the interface, thereby affecting the services of the entire network, it is necessary to deploy a signaling security gateway at the boundary between the large network and the private network to achieve security isolation and message protection.

信令安全网关可以实现拓扑隐藏，面向N4接口实现信令代理功能，仅对IP层地址、包转发控制协议(Packet Forwarding Control Protocol，PFCP)消息全量会话端点标识(Fully Qualified Session Endpoint Identifier，F-SEID)信元进行转换，如图3所示。The signaling security gateway can achieve topology hiding and implement the signaling proxy function for the N4 interface, converting only the IP layer address and the Fully Qualified Session Endpoint Identifier (F-SEID) information element of the Packet Forwarding Control Protocol (PFCP) message, as shown in Figure 3.

对于3SMF*2信令安全网关*4UPF FullMesh组网示意图，如图4所示。The schematic diagram of 3SMF*2 signaling security gateway*4UPF FullMesh network is shown in Figure 4.

对于边缘UPF和UPF+，信令安全网关主要是对N4接口进行安全防护；现网部署时，考虑到容灾会部署一对信令安全网关提升可靠性；同时为了使信令安全网关均故障时，业务不受影响，启动故障旁路(bypass)功能，即为在主备用信令安全网关均故障的情况下，SMF支持选取直连路径完成会话业务处理。在SMF和UPF间的路径优先级如图5，SMF需配置信令安全网关1、信令安全网关2及UPF的IP地址，并进行优先级区分，以便于管理同一个偶联上传输路径。For edge UPF and UPF+, the signaling security gateway mainly provides security protection for the N4 interface; when deployed in the existing network, a pair of signaling security gateways will be deployed to improve reliability in consideration of disaster recovery; at the same time, in order to ensure that the service is not affected when both signaling security gateways fail, the fault bypass function is enabled, that is, when both the primary and backup signaling security gateways fail, SMF supports the selection of a direct path to complete session service processing. The path priority between SMF and UPF is shown in Figure 5. SMF needs to configure the IP addresses of signaling security gateway 1, signaling security gateway 2, and UPF, and distinguish their priorities to facilitate the management of the transmission path on the same coupling.

2、关于跨网元纠错功能2. About the cross-network element error correction function

如图6所示，对于边缘UPF、边缘UPF+，跨网元纠错是信令安全网关的一个增值功能，由于要对SMF和UPF的信令进行代理转发，实现拓扑隐藏等从而提升边缘网络的安全性，所以信令安全网关具有全局视角，可以作为汇聚点对信令进行综合分析，感知到部分UPF网元的异常行为(比如仿冒UPF消息等)，当前仅针对SMF与UPF间的节点级信令进行感知处理，包括心跳、偶联建立、节点上报等。As shown in Figure 6, for edge UPF and edge UPF+, cross-network element error correction is a value-added function of the signaling security gateway. Since the signaling of SMF and UPF needs to be proxy forwarded to achieve topology hiding and thus improve the security of the edge network, the signaling security gateway has a global perspective and can be used as a convergence point to conduct a comprehensive analysis of the signaling and perceive the abnormal behavior of some UPF network elements (such as counterfeit UPF messages, etc.). Currently, only the node-level signaling between SMF and UPF is perceived and processed, including heartbeat, coupling establishment, node reporting, etc.

由于实际应用时，信令安全网关通常会成对部署，所以在应用该功能时，对SMF和UPF有功能要求，需要确保主用信令安全网关能够汇聚所有偶联的节点级消息，即SMF需支持在心跳消息中携带标记位指示边缘UPF在主动发送节点级消息时路径选择通过同一个信令安全网关作为信令集中点；边缘UPF根据SMF指示，主动发送节点级消息上行路径选择同一个信令安全网关。如图7所示，在UPF1发生安全攻击后，主用信令安全网关(信令安全网关01)可以进行识别，而备用安全网关(信令安全网关02)不具备识别能力。Since signaling security gateways are usually deployed in pairs in actual applications, there are functional requirements for SMF and UPF when applying this function. It is necessary to ensure that the main signaling security gateway can aggregate all coupled node-level messages, that is, SMF needs to support carrying a marker bit in the heartbeat message to indicate that the edge UPF chooses to use the same signaling security gateway as the signaling concentration point when actively sending node-level messages; the edge UPF actively sends the node-level message uplink path according to the SMF instruction. As shown in Figure 7, after a security attack on UPF1 occurs, the main signaling security gateway (signaling security gateway 01) can identify it, while the backup security gateway (signaling security gateway 02) does not have the identification capability.

参见图8，本申请实施例提供一种异常状态通知方法，应用于第一功能，第一功能包括但不限于SMF，具体步骤包括：Referring to FIG. 8 , an embodiment of the present application provides an abnormal state notification method, which is applied to a first function, the first function including but not limited to SMF, and the specific steps include:

步骤801：从第一网关接收第一信息，所述第一信息用于指示第二功能为异常状态；Step 801: receiving first information from a first gateway, where the first information is used to indicate that a second function is in an abnormal state;

可选的，第一网关可以是第一信令安全网关(或主用信令安全网关)。Optionally, the first gateway may be a first signaling security gateway (or a primary signaling security gateway).

步骤802：根据所述第一信息，确定所述第二功能不可达，选择第三功能；Step 802: According to the first information, determine that the second function is unreachable, and select a third function;

其中，所述第二功能通过所述第一网关与所述第一功能建立连接，或者所述第二功能与所述第一功能直连，所述第三功能通过所述第一网关或第二网关与所述第一功能建立连接，或者所述第三功能与所述第一功能直连，所述第二功能和所述第三功能位于边缘网络(边缘专网)。Among them, the second function establishes a connection with the first function through the first gateway, or the second function is directly connected to the first function, the third function establishes a connection with the first function through the first gateway or the second gateway, or the third function is directly connected to the first function, and the second function and the third function are located in the edge network (edge private network).

可选的，第二网关可以是第二信令安全网关(或备用信令安全网关)。Optionally, the second gateway may be a second signaling security gateway (or a backup signaling security gateway).

在步骤802中，第一功能进行特定字段识别，判定第二功能不可达：基于第一信息，第一功能可判定对端网元(即第二功能)不可达，而非路径不可达；对端网元(即第二功能)基于第一功能本地配置进行IP地址匹配，包括第二功能的虚拟IP地址以及第二功能的真实IP地址；至此，第一功能不会再进行同一个网元的路径切换，从而避免了重传机制。In step 802, the first function performs specific field identification and determines that the second function is unreachable: based on the first information, the first function can determine that the opposite network element (i.e., the second function) is unreachable, rather than the path being unreachable; the opposite network element (i.e., the second function) performs IP address matching based on the local configuration of the first function, including the virtual IP address of the second function and the real IP address of the second function; at this point, the first function will no longer perform path switching on the same network element, thereby avoiding the retransmission mechanism.

可选的，第二功能可以是第一UPF、或第一UPF+、或第一边缘定制化核心网网元；第三功能可以第二UPF、或第二UPF+、或第二边缘定制化核心网网元。Optionally, the second function can be the first UPF, or the first UPF+, or the first edge customized core network element; the third function can be the second UPF, or the second UPF+, or the second edge customized core network element.

例如，SMF根据所述第一信息，确定所述第一UPF(或第一UPF+或第一边缘定制化核心网网元)不可达，触发重选选择第二UPF(或第二UPF+或第二边缘定制化核心网网元)。For example, based on the first information, the SMF determines that the first UPF (or the first UPF+ or the first edge customized core network element) is unreachable, and triggers reselection of the second UPF (or the second UPF+ or the second edge customized core network element).

在本申请的一种实施方式中，从第一网关接收第一信息，包括：In one implementation of the present application, receiving first information from a first gateway includes:

可选的，第一消息可以是心跳消息。在现有技术中，信令安全网关不会构造心跳消息，只会转发由UPF或SMF发送的心跳消息。Optionally, the first message may be a heartbeat message. In the prior art, the signaling security gateway does not construct a heartbeat message, but only forwards the heartbeat message sent by the UPF or SMF.

在本申请的一种实施方式中，从第一信令安全网关接收第一信息，包括：In one implementation of the present application, receiving first information from a first signaling security gateway includes:

可选的，第二消息可以是节点级消息，例如包括第一功能发送的心跳消息、偶联建立消息等。Optionally, the second message may be a node-level message, such as a heartbeat message, a coupling establishment message, etc. sent by the first function.

在本申请的一种实施方式中，所述第一信息包括以下至少一项：In one embodiment of the present application, the first information includes at least one of the following:

(1)异常状态标识；(1) Abnormal status identification;

(2)第二功能在本端的虚拟IP地址；(2) The virtual IP address of the second function on the local end;

例如，异常UPF在本端的虚拟IP地址；For example, the virtual IP address of the abnormal UPF on the local end;

(3)第二功能的真实IP地址。(3) The real IP address of the second function.

例如，异常UPF的真实IP地址；For example, the real IP address of the abnormal UPF;

可以理解的是，若开启故障bypass功能，第一功能上会配置第二功能的真实地址。It is understandable that if the fault bypass function is turned on, the real address of the second function will be configured on the first function.

边缘网络部署信令安全网关时，若边缘UPF或UPF+发起仿冒攻击等异常行为时，信令安全网关仅对异常信令进行丢弃，在现有机制下，会造成多轮次重发，不仅会浪费交互时长导致业务中断，也无法阻断安全风险。本提案中，在识别到边缘UPF或UPF+异常后，信令安全网关向涉及的SMF发起安全事件通知，SMF根据携带的字段可以判断特定UPF网元(逻辑上为特定对端网元)已不可达，从而不基于本端配置陆续进行与异常网元的三条路径下的重发，避免继续与非安全UPF的交互，提升网络安全性并触发SMF重新选择可用UPF网元，缩短业务处理时长。When deploying a signaling security gateway on the edge network, if the edge UPF or UPF+ initiates abnormal behaviors such as counterfeit attacks, the signaling security gateway only discards the abnormal signaling. Under the existing mechanism, it will cause multiple rounds of retransmission, which will not only waste interaction time and cause service interruption, but also fail to block security risks. In this proposal, after identifying the abnormality of the edge UPF or UPF+, the signaling security gateway initiates a security event notification to the SMF involved. The SMF can determine that a specific UPF network element (logically a specific peer network element) is unreachable based on the carried fields, so it does not retransmit under three paths with the abnormal network element based on the local configuration, avoids continued interaction with the non-secure UPF, improves network security, and triggers the SMF to reselect available UPF network elements, shortening service processing time.

在本申请中，在跨网元纠错功能生效时，除了对相关信令的丢弃外，增加由第一网关向第一功能及网关间的异常状态信息同步流程，依赖第一功能对特定字段的识别，判断处于异常状态的第二功能已不可达，匹配第一功能本地配置的至异常状态的第二功能路径，不再进行路径切换，存在业务时，直接进行网元切换选择第三功能。阻断第一功能与处于异常状态的第二功能的通信，降低第一功能被攻击的风险，同时能够减少多轮次第一功能与处于异常状态的第二功能之间的信令重发，避免浪费时间，通过选择第三功能可以实现对N4会话进行接续。In this application, when the cross-network element error correction function takes effect, in addition to discarding the relevant signaling, an abnormal state information synchronization process is added from the first gateway to the first function and the gateway, relying on the first function's recognition of specific fields, judging that the second function in the abnormal state is unreachable, matching the first function's locally configured path to the second function in the abnormal state, no longer performing path switching, and directly performing network element switching to select the third function when there is business. Blocking the communication between the first function and the second function in the abnormal state reduces the risk of the first function being attacked, and at the same time can reduce multiple rounds of signaling retransmissions between the first function and the second function in the abnormal state, avoiding wasting time, and the N4 session can be continued by selecting the third function.

参见图9，本申请实施例提供一种异常状态通知方法，应用于第一网关，具体步骤包括：Referring to FIG. 9 , an embodiment of the present application provides an abnormal state notification method, which is applied to a first gateway, and the specific steps include:

步骤901：向第一功能发送第一信息，所述第一信息用于指示第二功能为异常状态；Step 901: Sending first information to a first function, where the first information is used to indicate that the second function is in an abnormal state;

其中，所述第一信息用于确定所述第二功能不可达并选择第三功能；Wherein, the first information is used to determine that the second function is unreachable and select a third function;

其中，所述第二功能通过所述第一网关与所述第一功能建立连接，或者所述第二功能与所述第一功能直连，所述第三功能通过所述第一网关或第二网关与所述第一功能建立连接，或者所述第三功能与所述第一功能直连。Among them, the second function establishes a connection with the first function through the first gateway, or the second function is directly connected to the first function, and the third function establishes a connection with the first function through the first gateway or the second gateway, or the third function is directly connected to the first function.

在本申请的一种实施方式中，向第一功能发送第一信息，包括：In one implementation of the present application, sending first information to the first function includes:

在本申请的一种实施方式中，所述方法还包括：In one embodiment of the present application, the method further includes:

向所述第二网关发送第二信息，所述第二信息用于指示所述第二功能为异常状态。或者指示第二网关在接收到异常状态的第二功能发送的信令时对信令进行丢弃。Sending second information to the second gateway, where the second information is used to indicate that the second function is in an abnormal state, or instructing the second gateway to discard signaling when receiving signaling sent by the second function in an abnormal state.

例如，第一网关为主网关，第二网关为备用网关，第一网关通过向第二网关发送第二信息，实现网关之间同步安全状态信息。这样可以防止第二功能向第二网元等其他备用网关发送异常信令，备用安全网元无法识别。当第二功能恢复正常后(如经检测，不再发起仿冒攻击，信令无异常)，第一网关支持向第二网关同步异常状态恢复，第二网关将以往异常功能标注为正常。For example, the first gateway is the main gateway, and the second gateway is the backup gateway. The first gateway synchronizes the security status information between the gateways by sending the second information to the second gateway. This can prevent the second function from sending abnormal signaling to other backup gateways such as the second network element, which the backup security network element cannot recognize. When the second function returns to normal (such as after detection, no counterfeit attacks are launched, and there is no abnormality in the signaling), the first gateway supports the synchronization of abnormal status recovery to the second gateway, and the second gateway marks the previous abnormal function as normal.

可选的，第二信息包括以下至少一项：第二功能的真实IP地址、异常状态标识。Optionally, the second information includes at least one of the following: a real IP address of the second function and an abnormal status identifier.

(1)异常状态标识；(1) Abnormal status identification;

参见图10，具体步骤如下：Referring to Figure 10, the specific steps are as follows:

步骤1001：UPF1发送异常信令，发动仿冒攻击等安全攻击行为；Step 1001: UPF1 sends abnormal signaling and launches security attacks such as spoofing attacks;

步骤1002：信令安全网关1进行攻击识别，判定UPF1存在安全攻击；Step 1002: Signaling security gateway 1 performs attack identification and determines that there is a security attack on UPF1;

步骤1003：信令安全网关1对涉及UPF1上的会话信令进行丢弃，包括SMF1向UPF1及UPF1向SMF1两个方向发送的信令；Step 1003: the signaling security gateway 1 discards the session signaling related to UPF1, including the signaling sent from SMF1 to UPF1 and from UPF1 to SMF1;

步骤1004：信令安全网关1通知SMF异常状态；Step 1004: The signaling security gateway 1 notifies the SMF of the abnormal status;

在识别到UPF1发动仿冒攻击等安全事件后，信令安全网关1可以执行以下之一：After identifying a security event such as a phishing attack launched by UPF1, signaling security gateway 1 may perform one of the following:

(1)主动告知：构造发送至SMF的心跳消息中携带异常状态信息，包括异常状态标识(用来指示非安全状态)、异常UPF在本端的虚拟IP地址、异常UPF的真实IP地址(若开启故障bypass功能，SMF上会配置UPF的真实地址)；正常状态下，信令安全网关不会构造心跳消息，只会代理由UPF或SMF发送的心跳消息。(1) Active notification: The heartbeat message sent to the SMF contains abnormal status information, including the abnormal status identifier (used to indicate an unsafe state), the virtual IP address of the abnormal UPF on the local end, and the real IP address of the abnormal UPF (if the fault bypass function is enabled, the real address of the UPF will be configured on the SMF); under normal circumstances, the signaling security gateway will not construct a heartbeat message, but will only proxy the heartbeat message sent by the UPF or SMF.

(2)响应告知：对于正在收到的节点级消息(包括SMF发送的心跳消息、偶联建立等)，支持在响应消息中反馈失败，携带异常状态标识及异常UPF在本端的虚拟IP地址、异常UPF的真实IP地址。(2) Response notification: For node-level messages being received (including heartbeat messages sent by SMF, connection establishment, etc.), it supports feedback of failure in the response message, carrying the abnormal status identifier and the virtual IP address of the abnormal UPF at this end and the real IP address of the abnormal UPF.

步骤1005：信令安全网关间同步安全状态信息：主用信令安全网关向备用信令安全网关进行状态同步，包括异常UPF真实IP地址，异常状态标识。该步骤是为了防止异常UPF向其他信令安全网关发送异常信令，备用安全网元无法识别。当异常UPF恢复正常后(如经检测，不再发起仿冒攻击，信令无异常)，主用信令安全网元支持向备用信令安全网关同步异常状态恢复，备用安全网元将以往异常UPF标注为正常。Step 1005: Synchronize security status information between signaling security gateways: The active signaling security gateway synchronizes status with the standby signaling security gateway, including the real IP address of the abnormal UPF and the abnormal status identifier. This step is to prevent the abnormal UPF from sending abnormal signaling to other signaling security gateways, which the standby security network element cannot recognize. When the abnormal UPF returns to normal (such as after detection, no counterfeit attacks are launched, and there is no abnormality in the signaling), the active signaling security network element supports synchronization of abnormal status recovery to the standby signaling security gateway, and the standby security network element marks the previous abnormal UPF as normal.

步骤1006：SMF进行特定字段识别，判定异常UPF不可达：基于对节点消息中的异常状态标识，SMF可判定对端网元不可达，而非路径不可达；对端网元基于SMF本地配置进行IP地址匹配，包括异常UPF的虚拟IP地址以及异常UPF的真实IP地址；至此，SMF不会再进行同一个网元的路径切换，从而避免了重传机制；Step 1006: SMF identifies specific fields and determines that the abnormal UPF is unreachable: Based on the abnormal status identifier in the peer message, SMF can determine that the peer network element is unreachable, rather than the path is unreachable; the peer network element performs IP address matching based on the SMF local configuration, including the virtual IP address of the abnormal UPF and the real IP address of the abnormal UPF; at this point, SMF will no longer switch the path of the same network element, thereby avoiding the retransmission mechanism;

7)SMF进行UPF网元切换：在SMF已判断异常UPF不可达后，后续N4接口会话会依照切换网元处理，包括新N4偶联选择其他正常状态的UPF；原有偶联的后续信令，会下线由SMF进行UPF的重选再继续处理N4会话。7) SMF performs UPF network element switching: After SMF has determined that the abnormal UPF is unreachable, subsequent N4 interface sessions will be processed according to the switched network element, including the new N4 coupling selecting other UPFs in normal status; subsequent signaling of the original coupling will be offline and SMF will reselect UPF and continue to process the N4 session.

参见图11，本申请实施例提供一种异常状态通知装置，应用于第一功能，装置1100包括：Referring to FIG. 11 , an embodiment of the present application provides an abnormal state notification device, which is applied to a first function. The device 1100 includes:

第一接收模块1101，用于从第一网关接收第一信息，所述第一信息用于指示第二功能为异常状态；A first receiving module 1101 is used to receive first information from a first gateway, where the first information is used to indicate that the second function is in an abnormal state;

第一处理模块1102，用于根据所述第一信息，确定所述第二功能不可达，选择第三功能；A first processing module 1102, configured to determine, based on the first information, that the second function is unreachable, and select a third function;

在本申请的一种实施方式中，第一接收模块1001包括：In one implementation of the present application, the first receiving module 1001 includes:

第一接收单元，用于接收由所述第一网关构造的第一消息，所述第一消息中携带所述第一信息。The first receiving unit is configured to receive a first message constructed by the first gateway, where the first message carries the first information.

第一发送单元，用于向所述第一信令安全网关发送第二消息；A first sending unit, configured to send a second message to the first signaling security gateway;

第二接收单元，用于接收所述第一网关发送的用于响应所述第二消息的第三消息，所述第三消息中携带所述第一信息。The second receiving unit is configured to receive a third message sent by the first gateway in response to the second message, wherein the third message carries the first information.

(1)异常状态标识；(1) Abnormal status identification;

本申请实施例提供的装置能够实现图8所示的方法实施例实现的各个过程，并达到相同的技术效果，为避免重复，这里不再赘述。The device provided in the embodiment of the present application can implement each process implemented by the method embodiment shown in Figure 8 and achieve the same technical effect. To avoid repetition, it will not be repeated here.

参见图12，本申请实施例提供一种异常状态通知装置，应用于第一网关，装置1200包括：Referring to FIG. 12 , an embodiment of the present application provides an abnormal state notification device, which is applied to a first gateway. The device 1200 includes:

第一发送模块1201，用于向第一功能发送第一信息，所述第一信息用于指示第二功能为异常状态；A first sending module 1201 is used to send first information to the first function, where the first information is used to indicate that the second function is in an abnormal state;

在本申请的一种实施方式中，第一发送模块1201包括：In one implementation of the present application, the first sending module 1201 includes:

第二发送单元，用于向第一功能发送由所述第一网关构造的第一消息，所述第一消息中携带所述第一信息。The second sending unit is configured to send a first message constructed by the first gateway to the first function, wherein the first message carries the first information.

第二接收单元，用于接收所述第一功能发送的第二消息；A second receiving unit, configured to receive a second message sent by the first function;

第三发送单元，用于向所述第一功能发送用于响应所述第二消息的第三消息，所述第三消息中携带所述第一信息。A third sending unit is used to send a third message for responding to the second message to the first function, and the third message carries the first information.

在本申请的一种实施方式中，所述第一信息包括以下至少一项：异常状态标识、异常UPF在本端的虚拟IP地址、异常UPF的真实IP地址。In one implementation manner of the present application, the first information includes at least one of the following: an abnormal state identifier, a virtual IP address of the abnormal UPF at the local end, and a real IP address of the abnormal UPF.

在本申请的一种实施方式中，所述装置还包括：In one embodiment of the present application, the device further comprises:

第二发送模块，用于向所述第二网关发送第二信息，所述第二信息用于指示所述第二功能为异常状态。The second sending module is used to send second information to the second gateway, where the second information is used to indicate that the second function is in an abnormal state.

(1)异常状态标识；(1) Abnormal status identification;

本申请实施例提供的装置能够实现图9所示的方法实施例实现的各个过程，并达到相同的技术效果，为避免重复，这里不再赘述。The device provided in the embodiment of the present application can implement each process implemented by the method embodiment shown in Figure 9 and achieve the same technical effect. To avoid repetition, it will not be repeated here.

如图13所示，本申请实施例还提供一种通信设备1300，包括处理器1301，存储器1302，存储在存储器1302上并可在所述处理器1301上运行的程序或指令，该程序或指令被处理器1301执行时实现上述图8或图9所示方法实施例的各个过程，且能达到相同的技术效果。为避免重复，这里不再赘述。As shown in FIG13, the embodiment of the present application further provides a communication device 1300, including a processor 1301, a memory 1302, and a program or instruction stored in the memory 1302 and executable on the processor 1301, wherein the program or instruction is executed by the processor 1301 to implement each process of the method embodiment shown in FIG8 or FIG9, and can achieve the same technical effect. To avoid repetition, it will not be described here.

本申请实施例还提供一种可读存储介质，所述可读存储介质上存储有程序或指令，该程序或指令被处理器执行时实现上述图8或图9所示方法实施例的各个过程，且能达到相同的技术效果，为避免重复，这里不再赘述。An embodiment of the present application also provides a readable storage medium, on which a program or instruction is stored. When the program or instruction is executed by a processor, the various processes of the method embodiment shown in Figure 8 or Figure 9 above are implemented, and the same technical effect can be achieved. To avoid repetition, it will not be repeated here.

其中，所述处理器为上述实施例中所述的终端中的处理器。所述可读存储介质，包括计算机可读存储介质，如计算机只读存储器(Read-Only Memory，ROM)、随机存取存储器(Random Access Memory，RAM)、磁碟或者光盘等。The processor is the processor in the terminal described in the above embodiment. The readable storage medium includes a computer readable storage medium, such as a computer read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk.

结合本申请公开内容所描述的方法或者算法的步骤可以硬件的方式来实现，也可以由在处理器执行软件指令的方式来实现。软件指令可以由相应的软件模块组成，软件模块可以被存放于RAM、闪存、ROM、EPROM、EEPROM、寄存器、硬盘、移动硬盘、只读光盘或者本领域熟知的任何其它形式的存储介质中。一种示例性的存储介质耦合至处理器，从而使处理器能够从该存储介质读取信息，且可向该存储介质写入信息。当然，存储介质也可以是处理器的组成部分。处理器和存储介质可以携带在ASIC中。另外，该ASIC可以携带在核心网接口设备中。当然，处理器和存储介质也可以作为分立组件存在于核心网接口设备中。The steps of the method or algorithm described in conjunction with the contents disclosed in this application can be implemented in hardware or by executing software instructions in a processor. The software instructions can be composed of corresponding software modules, and the software modules can be stored in RAM, flash memory, ROM, EPROM, EEPROM, registers, hard disks, mobile hard disks, read-only optical disks, or any other form of storage medium known in the art. An exemplary storage medium is coupled to the processor so that the processor can read information from the storage medium and write information to the storage medium. Of course, the storage medium can also be a component of the processor. The processor and the storage medium can be carried in an ASIC. In addition, the ASIC can be carried in a core network interface device. Of course, the processor and the storage medium can also exist in the core network interface device as discrete components.

本领域技术人员应该可以意识到，在上述一个或多个示例中，本申请所描述的功能可以用硬件、软件、固件或它们的任意组合来实现。当使用软件实现时，可以将这些功能存储在计算机可读介质中或者作为计算机可读介质上的一个或多个指令或代码进行传输。计算机可读介质包括计算机存储介质和通信介质，其中通信介质包括便于从一个地方向另一个地方传送计算机程序的任何介质。存储介质可以是通用或专用计算机能够存取的任何可用介质。Those skilled in the art should be aware that in one or more of the above examples, the functions described in this application can be implemented using hardware, software, firmware, or any combination thereof. When implemented using software, these functions can be stored in a computer-readable medium or transmitted as one or more instructions or codes on a computer-readable medium. Computer-readable media include computer storage media and communication media, wherein communication media include any media that facilitates the transmission of a computer program from one place to another. The storage medium can be any available medium that a general or special-purpose computer can access.

以上所述的具体实施方式，对本申请的目的、技术方案和有益效果进行了进一步详细说明，所应理解的是，以上所述仅为本申请的具体实施方式而已，并不用于限定本申请的保护范围，凡在本申请的技术方案的基础之上，所做的任何修改、等同替换、改进等，均应包括在本申请的保护范围之内。The specific implementation methods described above further illustrate the purpose, technical solutions and beneficial effects of the present application in detail. It should be understood that the above description is only the specific implementation methods of the present application and is not intended to limit the scope of protection of the present application. Any modifications, equivalent substitutions, improvements, etc. made on the basis of the technical solutions of the present application should be included in the scope of protection of the present application.

本领域内的技术人员应明白，本申请实施例可提供为方法、系统、或计算机程序产品。因此，本申请实施例可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且，本申请实施例可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will appreciate that the embodiments of the present application may be provided as methods, systems, or computer program products. Therefore, the embodiments of the present application may adopt the form of complete hardware embodiments, complete software embodiments, or embodiments in combination with software and hardware. Moreover, the embodiments of the present application may adopt the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) that contain computer-usable program code.

本申请实施例是参照根据本申请实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器，使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present application embodiment is described with reference to the flowchart and/or block diagram of the method, device (system) and computer program product according to the present application embodiment. It should be understood that each flow process and/or box in the flow chart and/or block diagram and the combination of the flow chart and/or box in the flow chart and/or block diagram can be realized by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, a special-purpose computer, an embedded processing machine or other programmable data processing device to produce a machine, so that the instructions executed by the processor of the computer or other programmable data processing device produce a device for realizing the function specified in one flow chart or multiple flows and/or one box or multiple boxes of the block chart.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中，使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品，该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing device to work in a specific manner, so that the instructions stored in the computer-readable memory produce a manufactured product including an instruction device that implements the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上，使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理，从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions may also be loaded onto a computer or other programmable data processing device so that a series of operational steps are executed on the computer or other programmable device to produce a computer-implemented process, whereby the instructions executed on the computer or other programmable device provide steps for implementing the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.

显然，本领域的技术人员可以对本申请实施例进行各种改动和变型而不脱离本申请的精神和范围。这样，倘若本申请实施例的这些修改和变型属于本申请权利要求及其等同技术的范围之内，则本申请也意图包含这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the embodiments of the present application without departing from the spirit and scope of the present application. Thus, if these modifications and variations of the embodiments of the present application fall within the scope of the claims of the present application and their equivalents, the present application is also intended to include these modifications and variations.

Claims

1. An abnormal state notification method applied to a first function, comprising:

receiving first information from a first gateway, wherein the first information is used for indicating that a second function is in an abnormal state;

according to the first information, determining that the second function is not reachable, and selecting a third function;

The second function establishes connection with the first function through the first gateway, or the second function is directly connected with the first function; the third function establishes connection with the first function through the first gateway or the second gateway, or the third function is directly connected with the first function, and the second function and the third function are located in an edge network.

2. The method of claim 1, wherein receiving the first information from the first gateway comprises:

And receiving a first message constructed by the first gateway, wherein the first message carries the first information.

3. The method of claim 1, wherein receiving the first information from the first signaling security gateway comprises:

Sending a second message to the first signaling security gateway;

And receiving a third message which is sent by the first gateway and is used for responding to the second message, wherein the third message carries the first information.

4. The method of claim 1, wherein the first information comprises at least one of: the abnormal state identification, the virtual IP address of the second function at the home terminal and the real IP address of the second function.

5. An abnormal state notification method applied to a first gateway is characterized by comprising the following steps:

sending first information to a first function, wherein the first information is used for indicating that a second function is in an abnormal state;

The first information is used for determining that the second function is unreachable and selecting a third function, the second function is connected with the first function through the first gateway, or the second function is directly connected with the first function, and the third function is connected with the first function through the first gateway or the second gateway, or the third function is directly connected with the first function.

6. The method of claim 5, wherein sending the first information to the first function comprises:

And sending a first message constructed by the first gateway to a first function, wherein the first message carries the first information.

7. The method of claim 5, wherein sending the first information to the first function comprises:

receiving a second message sent by the first function;

And sending a third message for responding to the second message to the first function, wherein the third message carries the first information.

8. The method of claim 5, wherein the first information comprises at least one of: the abnormal state identification, the virtual IP address of the second function at the home terminal and the real IP address of the second function.

9. The method of claim 5, wherein the method further comprises:

and sending second information to the second gateway, wherein the second information is used for indicating that the second function is in an abnormal state.

10. An abnormal state notification apparatus applied to a first function, comprising:

the first receiving module is used for receiving first information from the first gateway, wherein the first information is used for indicating that the second function is in an abnormal state;

The first processing module is used for determining that the second function is not reachable according to the first information and selecting a third function;

The second function is connected with the first function through the first gateway, or the second function is directly connected with the first function, the third function is connected with the first function through the first gateway or the second gateway, or the third function is directly connected with the first function, and the second function and the third function are located in an edge network.

11. An abnormal state notification apparatus applied to a first gateway, comprising:

The first sending module is used for sending first information to the first function, wherein the first information is used for indicating that the second function is in an abnormal state;

12. A communication device comprising a processor, a memory and a program or instruction stored on the memory and executable on the processor, which program or instruction when executed by the processor implements the steps of the method according to any of claims 1 to 9.

13. A readable storage medium, characterized in that it stores thereon a program or instructions which, when executed by a processor, implement the steps of the method according to any of claims 1 to 9.