FORM 2
THE PATENTS ACT, 1970 (39 OF 1970) & THE PATENT RULES, 2003
COMPLETE SPECIFICATION
(See section 10 and rule 13)
“METHOD AND SYSTEM FOR AUTOMATING MANAGEMENT OF NETWORK TRAFFIC AT NETWORK
FUNCTIONS”
We, Jio Platforms Limited, an Indian National, of Office - 101, Saffron, Nr. Centre Point, Panchwati 5 Rasta, Ambawadi, Ahmedabad - 380006, Gujarat, India.
The following specification particularly describes the invention and the manner in which it is to be performed.

METHOD AND SYSTEM FOR AUTOMATING MANAGEMENT OF NETWORK TRAFFIC AT NETWORK FUNCTIONS
FIELD OF INVENTION
[0001] Embodiment of the present disclosure generally relate to a field of wireless communication. More particularly, the present disclosure relates to a method and a system for automating management of network traffic at one or more network functions in a network.
BACKGROUND
[0002] The following description of the related art is intended to provide background information pertaining to the field of the disclosure. This section may include certain aspects of the art that may be related to various features of the present disclosure. However, it should be appreciated that this section is used only to enhance the understanding of the reader with respect to the present disclosure, and not as admissions of the prior art.
[0003] Wireless communication technology has rapidly evolved over the past few decades, with each generation bringing significant improvements and advancements. The first generation of wireless communication technology was based on analog technology and offered only voice services. However, with the advent of the second generation (2G) technology, digital communication and data services became possible, and text messaging was introduced. The third generation (3G) technology marked the introduction of high-speed internet access, mobile video calling, and location-based services. The fourth generation (4G) technology revolutionized wireless communication with faster data speeds, better network coverage, and improved security. Currently, the fifth generation (5G) technology is being deployed, promising even faster data speeds, low latency, and the ability to connect multiple devices simultaneously. With each generation, wireless

communication technology has become more advanced, sophisticated, and capable of delivering more services to its users.
[0004] IP Tables is a Linux-based firewall application that controls incoming and outgoing traffic. The IP Tables is a user-space utility program that allows a system administrator to configure the IP packet filter rules of the operating system firewall that are implemented as Netfilter modules. The filters used in the IP Tables are organised in a set of tables, that includes chains of rules for treating the network traffic packets. The IP Tables includes different types of tables for filtering the packets such as, but not limited to, filter table, Network Address Translation (NAT) table, etc. The filter table is used to decide whether to let the traffic packet continue to its intended destination or to deny its request. The filter table contains security rules that decide whether to allow or deny traffic to IP addresses and/or ports. Further, the NAT table allows containers in bridge networks to communicate with destinations that are outside the host. Further, the rules in the NAT table determine modification in the traffic packet’s source or destination addresses (i.e., IP addresses) in order to impact the way that the packet and any response traffic are routed.
[0005] Currently, the IP Tables at the 5G network function level are entered manually. The manual approach to enter the IP Tables at the 5G network function level takes more time and provides a scope for manual errors.
[0006] Hence, in view of these and other existing limitations, there arises an imperative need to provide an efficient solution to overcome the above-mentioned and other limitations and to provide a method and a system for automating management of network traffic at one or more network functions in a network.
SUMMARY

[0007] This section is provided to introduce certain aspects of the present disclosure in a simplified form that are further described below in the detailed description. This summary is not intended to identify the key features or the scope of the claimed subject matter.
[0008] An aspect of the present disclosure may relate to a method for automating management of network traffic at one or more network functions in a network. The method comprises identifying, by a processing unit at a node, the one or more network functions from a plurality of network functions. Further, the method comprises establishing, by a transceiver unit at the node, a network connection between the node and the identified one or more network functions. The method further comprises selecting, by the processing unit at the node, an interface based on the established network connection. Also, the method comprises triggering, by the processing unit at the node, via the selected interface, at the one or more network functions, an automation task remotely. Furthermore, the method comprises performing, by the processing unit at the node, a sanity check associated with the automation task, on the one or more network functions.
[0009] In an exemplary aspect of the present disclosure, the one or more network functions are identified at the node from the plurality of network functions based on a first user input at a user interface of the node.
[0010] In an exemplary aspect of the present disclosure, the interface is selected at the node from a list of interfaces associated with at least the node and the one or more network functions based on a second user input at the user interface of the node.
[0011] In an exemplary aspect of the present disclosure, the automation task is at least one of an implementation task, an upgrade task, and a compliance task associated with one or more IP Tables, wherein the one or more IP Tables are associated with the one or more network functions.

[0012] In an exemplary aspect of the present disclosure, the automation task is associated with setting up IP table rules associated with the one or more IP Tables.
[0013] In an exemplary aspect of the present disclosure, the one or more IP Tables comprise at least a Filter table and a Network Address Translation (NAT) table.
[0014] In an exemplary aspect of the present disclosure, the sanity check is performed by the processing unit at the node, to check a successful execution of the automation task on the one or more network functions.
[0015] Another aspect of the present disclosure relates to a system for automating management of network traffic at one or more network functions in a network. The system comprises a processing unit configured to identify, the one or more network functions from a plurality of network functions. The system further comprises a transceiver unit connected to at least the processing unit, the transceiver unit is configured to establish, a network connection between the node and the identified one or more network functions. Further, the processing unit is configured to select, an interface based on the established network connection. The processing unit is further configured to trigger, via the selected interface, at the one or more network functions, an automation task remotely. Furthermore, the processing unit is configured to perform, a sanity check associated with the automation task, on the one or more network functions.
[0016] Yet another aspect of the present disclosure relates a non-transitory computer readable storage medium storing one or more instructions for automating management of network traffic at one or more network functions in a network. The instructions include executable code which, when executed by one or more units of a system, causes a processing unit of the system to identify the one or more network functions from a plurality of network functions. The executable code which when executed causes a transceiver unit of the system to establish, a network connection

between the node and the identified one or more network functions. Further, the executable code which when executed causes the processing unit of the system to select, an interface based on the established network connection. Furthermore, the executable code which when executed causes the processing unit of the system to trigger, via the selected interface, at the one or more network functions, an automation task remotely. Thereafter, the executable code which when executed causes the processing unit of the system to perform, a sanity check associated with the automation task, on the one or more network functions.
OBJECTS OF THE DISCLOSURE
[0017] Some of the objects of the present disclosure which at least one embodiment disclosed herein satisfies are listed herein below.
[0018] It is an object of the present disclosure to provide a method and a system for automating management of network traffic at one or more network functions in a network.
[0019] It is another object of the present disclosure to provide a solution that allows the entry of the IP Tables in one or more network functions automatically.
[0020] It is another object of the present disclosure to provide a solution to prevent unauthorized access to the container and protect against malicious attacks.
[0021] It is another object of the present disclosure to provide a solution to reduce the time taken in manually entering the IP Tables in one or more network functions.
[0022] It is yet another object of the present disclosure to provide a solution to reduce the errors happened in manually entering the IP Tables in one or more network functions.

DESCRIPTION OF DRAWINGS
[0023] The accompanying drawings, which are incorporated herein, and constitute a part of this disclosure, illustrate exemplary embodiments of the disclosed methods and systems in which like reference numerals refer to the same parts throughout the different drawings. Components in the drawings are not necessarily to scale, emphasis instead being placed upon clearly illustrating the principles of the present disclosure. Also, the embodiments shown in the figures are not to be construed as limiting the disclosure, but the possible variants of the method and system according to the disclosure are illustrated herein to highlight the advantages of the disclosure. It will be appreciated by those skilled in the art that disclosure of such drawings includes disclosure of electrical components or circuitry commonly used to implement such components.
[0024] FIG. 1 illustrates an exemplary block diagram representation of 5th generation core (5gc) network architecture.
[0025] FIG. 2 illustrates an exemplary block diagram of a computing device upon which the features of the present disclosure may be implemented, in accordance with exemplary implementation of the present disclosure.
[0026] FIG. 3 illustrates an exemplary block diagram of a system for automating management of network traffic at one or more network functions in a network, in accordance with exemplary implementation of the present disclosure.
[0027] FIG. 4 illustrates an exemplary method flow diagram for automating management of network traffic at one or more network functions in a network, in accordance with exemplary implementation of the present disclosure.

[0028] FIG. 5 illustrates an exemplary system architecture diagram for automating management of network traffic at one or more network functions in a network, in accordance with exemplary implementation of the present disclosure.
[0029] FIG. 6 illustrates an exemplary process flow diagram depicting the process for automating management of network traffic at one or more network functions in a network, in accordance with exemplary implementation of the present disclosure.
DETAILED DESCRIPTION
[0030] In the following description, for the purposes of explanation, various specific details are set forth in order to provide a thorough understanding of embodiments of the present disclosure. It will be apparent, however, that embodiments of the present disclosure may be practiced without these specific details. Several features described hereafter may each be used independently of one another or with any combination of other features. An individual feature may not address any of the problems discussed above or might address only some of the problems discussed above.
[0031] The ensuing description provides exemplary embodiments only, and is not intended to limit the scope, applicability, or configuration of the disclosure. Rather, the ensuing description of the exemplary embodiments will provide those skilled in the art with an enabling description for implementing an exemplary embodiment. It should be understood that various changes may be made in the function and arrangement of elements without departing from the spirit and scope of the disclosure as set forth.
[0032] Specific details are given in the following description to provide a thorough understanding of the embodiments. However, it will be understood by one of ordinary skill in the art that the embodiments may be practiced without these specific details. For example, circuits, systems, processes, and other components

may be shown as components in block diagram form in order not to obscure the embodiments in unnecessary detail.
[0033] Also, it is noted that individual embodiments may be described as a process which is depicted as a flowchart, a flow diagram, a data flow diagram, a structure diagram, or a block diagram. Although a flowchart may describe the operations as a sequential process, many of the operations may be performed in parallel or concurrently. In addition, the order of the operations may be re-arranged. A process is terminated when its operations are completed but could have additional steps not included in a figure.
[0034] The word “exemplary” and/or “demonstrative” is used herein to mean serving as an example, instance, or illustration. For the avoidance of doubt, the subject matter disclosed herein is not limited by such examples. In addition, any aspect or design described herein as “exemplary” and/or “demonstrative” is not necessarily to be construed as preferred or advantageous over other aspects or designs, nor is it meant to preclude equivalent exemplary structures and techniques known to those of ordinary skill in the art. Furthermore, to the extent that the terms “includes,” “has,” “contains,” and other similar words are used in either the detailed description or the claims, such terms are intended to be inclusive in a manner similar to the term “comprising” as an open transition word without precluding any additional or other elements.
[0035] As used herein, a “processing unit” or “processor” or “operating processor” includes one or more processors, wherein processor refers to any logic circuitry for processing instructions. A processor may be a general-purpose processor, a special purpose processor, a conventional processor, a digital signal processor, a plurality of microprocessors, one or more microprocessors in association with a Digital Signal Processing (DSP) core, a controller, a microcontroller, Application Specific Integrated Circuits, Field Programmable Gate Array circuits, any other type of integrated circuits, etc. The processor may perform signal coding data processing,

input/output processing, and/or any other functionality that enables the working of the system according to the present disclosure. More specifically, the processor or processing unit is a hardware processor.
[0036] As used herein, “a user equipment”, “a user device”, “a smart-user-device”, “a smart-device”, “an electronic device”, “a mobile device”, “a handheld device”, “a wireless communication device”, “a mobile communication device”, “a communication device” may be any electrical, electronic and/or computing device or equipment, capable of implementing the features of the present disclosure. The user equipment/device may include, but is not limited to, a mobile phone, smart phone, laptop, a general-purpose computer, desktop, personal digital assistant, tablet computer, wearable device or any other computing device which is capable of implementing the features of the present disclosure. Also, the user device may contain at least one input means configured to receive an input from unit(s) which are required to implement the features of the present disclosure.
[0037] As used herein, “storage unit” or “memory unit” refers to a machine or computer-readable medium including any mechanism for storing information in a form readable by a computer or similar machine. For example, a computer-readable medium includes read-only memory (“ROM”), random access memory (“RAM”), magnetic disk storage media, optical storage media, flash memory devices or other types of machine-accessible storage media. The storage unit stores at least the data that may be required by one or more units of the system to perform their respective functions.
[0038] As used herein “interface” or “user interface refers to a shared boundary across which two or more separate components of a system exchange information or data. The interface may also be referred to a set of rules or protocols that define communication or interaction of one or more modules or one or more units with each other, which also includes the methods, functions, or procedures that may be called.

[0039] All modules, units, components used herein, unless explicitly excluded herein, may be software modules or hardware processors, the processors being a general-purpose processor, a special purpose processor, a conventional processor, a digital signal processor (DSP), a plurality of microprocessors, one or more microprocessors in association with a DSP core, a controller, a microcontroller, Application Specific Integrated Circuits (ASIC), Field Programmable Gate Array circuits (FPGA), any other type of integrated circuits, etc.
[0040] As used herein the transceiver unit include at least one receiver and at least one transmitter configured respectively for receiving and transmitting data, signals, information or a combination thereof between units/components within the system and/or connected with the system.
[0041] As discussed in the background section, the IP Tables at the 5G network function level are entered manually. The manual approach to enter the IP Tables at the 5G network function level takes more time and provides a scope for manual errors.
[0042] The present disclosure aims to overcome the above-mentioned and other existing problems in this field of technology by providing method and system for automating management of network traffic at one or more network functions in a network. More particularly the present disclosure provides a solution that allows the entry of the IP Tables in one or more network functions automatically. Further the present disclosure provides a solution to prevent unauthorized access to the container and protect against malicious attacks. Also, the present disclosure provides a solution that reduces the time taken in manually entering the IP Tables in one or more network functions. Furthermore, the present disclosure provides a solution to reduce the errors that happen in manual entering of the IP Tables in one or more network functions.

[0043] Hereinafter, exemplary embodiments of the present disclosure will be described with reference to the accompanying drawings.
[0044] Referring to FIG. 1 an exemplary block diagram representation of 5th generation core (5GC) network architecture, in accordance with exemplary implementation of the present disclosure is shown. As shown in FIG. 1, the 5GC network architecture [100] includes a user equipment (UE) [102], a radio access network (RAN) [104], an access and mobility management function (AMF) [106], a Session Management Function (SMF) [108], a Service Communication Proxy (SCP) [110], an Authentication Server Function (AUSF) [112], a Network Slice Specific Authentication and Authorization Function (NSSAAF) [114], a Network Slice Selection Function (NSSF) [116], a Network Exposure Function (NEF) [118], a Network Repository Function (NRF) [120], a Policy Control Function (PCF) [122], a Unified Data Management (UDM) [124], an application function (AF) [126], a User Plane Function (UPF) [128], a data network (DN) [130], wherein all the components are assumed to be connected to each other in a manner as obvious to the person skilled in the art for implementing features of the present disclosure.
[0045] The Radio Access Network (RAN) [104] is the part of a mobile telecommunications system that connects user equipment (UE) [102] to the core network (CN) and provides access to different types of networks (e.g., 5G network). It consists of radio base stations and the radio access technologies that enable wireless communication.
[0046] The Access and Mobility Management Function (AMF) [106] is a 5G core network function responsible for managing access and mobility aspects, such as UE registration, connection, and reachability. It also handles mobility management procedures like handovers and paging.
[0047] The Session Management Function (SMF) [108] is a 5G core network function responsible for managing session-related aspects, such as establishing,

modifying, and releasing sessions. It coordinates with the User Plane Function (UPF) for data forwarding and handles IP address allocation and QoS enforcement.
[0048] The Service Communication Proxy (SCP) [110] is a network function in the 5G core network that facilitates communication between other network functions by providing a secure and efficient messaging service. It acts as a mediator for service-based interfaces.
[0049] The Authentication Server Function (AUSF) [112] is a network function in the 5G core responsible for authenticating UEs during registration and providing security services. It generates and verifies authentication vectors and tokens.
[0050] The Network Slice Specific Authentication and Authorization Function (NSSAAF) [114] is a network function that provides authentication and authorization services specific to network slices. It ensures that UEs can access only the slices for which they are authorized.
[0051] The Network Slice Selection Function (NSSF) [116] is a network function responsible for selecting the appropriate network slice for a UE based on factors such as subscription, requested services, and network policies.
[0052] The Network Exposure Function (NEF) [118] is a network function that exposes capabilities and services of the 5G network to external applications, enabling integration with third-party services and applications.
[0053] The Network Repository Function (NRF) [120] is a network function that acts as a central repository for information about available network functions and services. It facilitates the discovery and dynamic registration of network functions.

[0054] The Policy Control Function (PCF) [122] is a network function responsible for policy control decisions, such as QoS, charging, and access control, based on subscriber information and network policies.
[0055] The Unified Data Management (UDM) [124] is a network function that centralizes the management of subscriber data, including authentication, authorization, and subscription information.
[0056] The Application Function (AF) [126] is a network function that represents external applications interfacing with the 5G core network to access network capabilities and services.
[0057] The User Plane Function (UPF) [128] is a network function responsible for handling user data traffic, including packet routing, forwarding, and QoS enforcement.
[0058] The Data Network (DN) [130] refers to a network that provides data services to user equipment (UE) in a telecommunications system. The data services may include but are not limited to Internet services, private data network related services.
[0059] Referring to FIG. 2 an exemplary block diagram of a computing device [200] upon which the features of the present disclosure may be implemented in accordance with exemplary implementation of the present disclosure is shown. In an implementation, the computing device [200] may implement a method automating management of network traffic at one or more network functions in a network by utilising a system [300]. In another implementation, the computing device [200] itself implements the method for automating management of network traffic at one or more network functions in a network using one or more units configured within the computing device [200], wherein said one or more units are capable of implementing the features as disclosed in the present disclosure.

[0060] The computing device [200] may include a bus [202] or other communication mechanism for communicating information, and a hardware processor [204] coupled with bus [202] for processing information. The hardware processor [204] may be, for example, a general-purpose microprocessor. The computing device [200] may also include a main memory [206], such as a random-access memory (RAM), or other dynamic storage device, coupled to the bus [202] for storing information and instructions to be executed by the processor [204]. The main memory [206] also may be used for storing temporary variables or other intermediate information during execution of the instructions to be executed by the processor [204]. Such instructions, when stored in non-transitory storage media accessible to the processor [204], render the computing device [200] into a special-purpose machine that is customized to perform the operations specified in the instructions. The computing device [200] further includes a read only memory (ROM) [208] or other static storage device coupled to the bus [202] for storing static information and instructions for the processor [204].
[0061] A storage device [210], such as a magnetic disk, optical disk, or solid-state drive is provided and coupled to the bus [202] for storing information and instructions. The computing device [200] may be coupled via the bus [202] to a display [212], such as a cathode ray tube (CRT), Liquid crystal Display (LCD), Light Emitting Diode (LED) display, Organic LED (OLED) display, etc. for displaying information to a computer user. An input device [214], including alphanumeric and other keys, touch screen input means, etc. may be coupled to the bus [202] for communicating information and command selections to the processor [204]. Another type of user input device may be a cursor controller [216], such as a mouse, a trackball, or cursor direction keys, for communicating direction information and command selections to the processor [204], and for controlling cursor movement on the display [212]. The input device typically has two degrees of freedom in two axes, a first axis (e.g., x) and a second axis (e.g., y), that allow the device to specify positions in a plane.

[0062] The computing device [200] may implement the techniques described herein using customized hard-wired logic, one or more ASICs or FPGAs, firmware and/or program logic which in combination with the computing device [200] causes or programs the computing device [200] to be a special-purpose machine. According to one implementation, the techniques herein are performed by the computing device [200] in response to the processor [204] executing one or more sequences of one or more instructions contained in the main memory [206]. Such instructions may be read into the main memory [206] from another storage medium, such as the storage device [210]. Execution of the sequences of instructions contained in the main memory [206] causes the processor [204] to perform the process steps described herein. In alternative implementations of the present disclosure, hard-wired circuitry may be used in place of or in combination with software instructions.
[0063] The computing device [200] also may include a communication interface [218] coupled to the bus [202]. The communication interface [218] provides a two-way data communication coupling to a network link [220] that is connected to a local network [222]. For example, the communication interface [218] may be an integrated services digital network (ISDN) card, cable modem, satellite modem, or a modem to provide a data communication connection to a corresponding type of telephone line. As another example, the communication interface [218] may be a local area network (LAN) card to provide a data communication connection to a compatible LAN. Wireless links may also be implemented. In any such implementation, the communication interface [218] sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information.
[0064] The computing device [200] can send messages and receive data, including program code, through the network(s), the network link [220] and the communication interface [218]. In the Internet example, a server [230] might

transmit a requested code for an application program through the Internet [228], the ISP [226], a host [224], the local network [222] and the communication interface [218]. The received code may be executed by the processor [204] as it is received, and/or stored in the storage device [210], or other non-volatile storage for later execution.
[0065] Referring to FIG. 3 an exemplary block diagram of a node [300] for automating management of network traffic at one or more network functions in a network, in accordance with exemplary implementation of the present disclosure is illustrated. The node [300] comprises at least one processing unit [302], at least one transceiver unit [304], and at least one user interface [306]. Also, all of the components/ units of the node [300] are assumed to be connected to each other unless otherwise indicated below. As shown in FIG. 3, all units shown within the node [300] should also be assumed to be connected to each other. Also, in FIG. 3 only a few units are shown, however, the node [300] may comprise multiple such units or the node [300] may comprise any such numbers of said units, as required to implement the features of the present disclosure. Further, in an implementation, the node [300] may reside in a server or the network entity or the node [300] may be in communication with the network entity to implement the features as disclosed in the present disclosure.
[0066] The node [300] is configured for automating management of network traffic at one or more network functions in a network with the help of the interconnection between the components/units of the node [300].
[0067] In an exemplary aspect of the present disclosure, the processing unit [302] is configured to identify, the one or more network functions from a plurality of network functions. Further, the one or more network functions are identified at the node [300] from the plurality of network functions based on a first user input at the user interface [306] of the node [300]. The one or more network functions from the plurality of network functions may be the network functions where IP Tables scripts

are to be executed. The first user input will select the one or more network functions provided at the user interface [306] of the node [300]. The IP Tables are a user-space utility program that allows a system administrator to configure the IP packet filter rules of the operating system kernel (such as Linux) firewall, implemented as different Netfilter modules. IP Tables is a security tool that helps protect Linux systems from data breaches, unauthorized access, and other network security threats. The filters may be organised in a set of tables, which may include chains of rules for treating the network traffic packets. Further, the IP Tables comprise one or more chains, one or more rules and one or more targets. The one or more chains are a series of rules that apply to specific types of traffic, such as incoming or outgoing traffic. The one or more rules defines criteria for matching the traffic packet and action to take if the traffic packet matches. Further, the one or more targets are actions that IP Tables takes, such as accepting or dropping the traffic packets. The present disclosure uses IP Tables to restrict ingress (incoming) and egress (outgoing) traffic on any of the 5G node, and also for security restrictions by limiting exposure to all the network functions/nodes. Furthermore, the plurality of network functions may include such as, but not limited to, an Access and Mobility Function (AMF) [106], a Session Management Function (SMF) [108], a Service Communication Proxy (SCP) [110], etc. Moreover, in an implementation the first user input at the user interface [306] may be used for selecting the one or more network functions from the plurality of network functions, provided on the user interface [306] of the node [300], on which the automation task may be executed.
[0068] Once the one or more network functions are identified where the IP Tables are to be implemented, the transceiver unit [304] may establish, a network connection between the node [300] and the identified one or more network functions (NFs). In an implementation, the node [300] may be an automation server. Further, in an implementation of the present disclosure, the connection may be established based on network addresses, hostnames, or other unique identifiers associated with the one or more NFs. Once identified, the node [300] initiates a connection using a suitable communication protocol. This may involve protocols

like SSH, HTTPS, or others, depending on the network environment and the specific requirements of the one or more NFs. The node [300] must authenticate itself to the one or more NFs using credentials, such as passwords, keys, or certificates. This confirms that the automation node [300] has the necessary permissions to interact with the one or more NFs. Finally, after successful authentication, a secure and stable communication channel is established between the node [300] and the one or more NFs.
[0069] Further, the processing unit [302] is configured to select, an interface based on the established network connection. The interface refers to a shared boundary across which two or more separate components (i.e., the node [300] and the identified one or more network function) exchange information or data. The 5G core network is designed as an interconnected system of Network Functions (NFs) that communicate through service-based interfaces or reference point interfaces. Network Functions within the 5G control plane will use service-based interfaces for their interactions. The user plane functions, and radio interactions shall use the reference point interfaces. Each NF exposes specific functionality and provides services to other NFs. Therefore, any communication or routing between NFs or between nodes and NFs takes place through these interfaces. Interfaces are self-contained software modules that are reusable independently of each other and can be thought of as micro services. In an example, a N5 interface is used to connect the PCF (Policy Control Function) [122] and an AF (Application Function) [126]. Also, the interface may be selected from the plurality of interfaces connecting plurality of network functions to the node [300]. Further, the selected interface connects the identified one or more network functions from the plurality of network functions to the node [300] i.e., the automation server. Further, the interface is selected at the node from a list of interfaces associated with at least the node and the one or more network functions based on a second user input at the user interface [306] of the node [300]. The second user input may be received at the user interface [306] to select the interface from a list of interfaces provided at the user interface [306].

[0070] Furthermore, the processing unit [302] is configured to trigger, via the selected interface, at the one or more network functions, an automation task remotely. The automation task is at least one of an implementation task, an upgrade task, and a compliance task associated with one or more IP Tables. Further, the automation task is associated with setting up and managing the IP Tables rules associated with the one or more IP Tables. The automation task is related to implementation, upgrade and compliance for the IP Tables rules. The implementation task associated with the one or more IP Tables implements or defines the rules for the IP Tables. The upgrade task is to add on any further requirements related to further enhancements on existing policies related to IP Tables rules. In an implementation, upgrading task may relate to updating limitations or policies on the IP Tables rules. The compliance task is to ensure that the IP Tables rules comply with the standard security guidelines. In other words, the compliance task checks if the IP Tables rules implement the standard security guidelines. In an implementation, the standard security guidelines maybe related to remote Application Programming Interface (API) detection issue or may relate to egress-ingress (incoming and outgoing data) policy for communicating with peer network functions. Further, the one or more IP Tables are associated with the one or more network functions. The automation task is triggered by the node [300] i.e., the automation server on the identified one or more network functions. The triggering process may involve the node [300] executing predefined workflows or scripts that have been designed for automating management of network traffic at one or more network functions in a network. Further, to trigger the automation task at the identified one or more network functions, the node [300] may receive a request from the identified one or more network functions to configure the IP Tables on the identified one or more network functions. The node [300] in response, to the received request from the identified one or more network functions, configures the IP Tables at a corresponding network function from the identified one or more network function.

[0071] The one or more IP Tables comprise at least a Filter table and a Network Address Translation (NAT) table. Further, the filter table is a default table for the IP Tables i.e., the filter table is the table that is created by default when there is no table defined or created. The filter table is used for packet filtering and may include an input chain, an output chain and a forward chain. Further, the filter table decides to allow or deny the packet to continue to its destination. Further, the NAT table is used to implement the network address translation rules. The NAT table determines the modification of the packet’s source or destination addresses in order to impact the way that the packet and any response traffic are routed. The NAT table may be used to route the packets to network functions when direct access is not possible. Furthermore, the IP Tables rules provide a robust security mechanism, that defines which network packets may pass through, and which network packets may not pass through.
[0072] Thereafter, the procession unit [302] is configured to perform, a sanity check associated with the automation task, on the one or more network functions. The sanity check is performed by the processing unit [302] at the node [300], to check a successful execution of the automation task on the one or more network functions. The sanity check refers to a process for checking and validating if the automation task has completed without any error. In an implementation of the present disclosure, if a response to the sanity check is a positive response, it signifies that the automation task has completed successfully, and the node [300] may terminate the automation task. To perform the sanity check, the processing unit [302] may monitor the completion of automation task on the one or more network functions. In another implementation of the present disclosure, if the response to the sanity check is a negative response, the node [300] may wait for a pre-defined time period before performing another sanity check. The pre-defined time period may be defined by a user.
[0073] Referring to FIG. 4 an exemplary method flow diagram for automating management of network traffic at one or more network functions in a network, in

accordance with exemplary implementation of the present disclosure is illustrated. In an implementation the method [400] is performed by the system comprising the node [300]. Also, as shown in FIG. 5, the method [400] initiates at step [402].
[0074] At step [404], the method [400] comprises identifying, by a processing unit [302] at a node, the one or more network functions from a plurality of network functions. Further, the one or more network functions are identified at the node from the plurality of network functions based on a first user input at a user interface [306] of the node. The one or more network functions from the plurality of network functions may be the network functions where IP Tables scripts are to be executed. The IP Tables are a user-space utility program that allows a system administrator to configure the IP packet filter rules of the operating system kernel firewall, implemented as different Netfilter modules. The filters may be organised in a set of tables, which may include chains of rules for treating the network traffic packets. Further, the IP Tables comprise one or more chains, one or more rules and one or more targets. The one or more chains are a series of rules that apply to specific types of traffic, such as incoming or outgoing traffic. The one or more rules defines criteria for matching the traffic packet and action to take if the traffic packet matches. Further, the one or more targets are actions that IP Tables take, such as accepting or dropping the traffic packets. Furthermore, the plurality of network functions may include such as, but not limited to, an Access and Mobility Function (AMF) [106], a Session Management Function (SMF) [108], a Service Communication Proxy (SCP) [110], etc. Moreover, in an implementation, the first user input may be for selecting the one or more network function from a list of network functions, provided on the user interface [306] of the node [300], on which the automation task may be executed.
[0075] Next, at step [406], the method [400] comprises establishing, by a transceiver unit [304] at the node, a network connection between the node [300] and the identified one or more network functions. Also, the node [300] may be an automation server. Further, to establish the network connection between the node

[300] and the identified one or more network functions, the node [300] may send a network connection request to the identified one or more network functions. Further, the node [300] may receive a response from the identified one or more network functions. The response received by the node [300] may be one of a positive response and a negative response. The positive response indicates that the connection can be established, and the negative response indicates that the connection cannot be established. Further, the one or more identified network functions and the node [300] may communicate with each other via any communication channel known in the art.
[0076] Further, at step [408], the method [400] comprises selecting, by the processing unit [302] at the node, an interface based on the established network connection. The interface refers to a shared boundary across which two or more separate components (i.e., the node [300] and the identified one or more network function) exchange information or data. The 5G core network is designed as an interconnected system of Network Functions (NFs) that communicate through service-based interfaces or reference point interfaces. Network Functions within the 5G control plane will use service-based interfaces for their interactions. The user plane functions, and radio interactions shall use the reference point interfaces. Each NF exposes specific functionality and provides services to other NFs. Therefore, any communication or routing between NFs or between nodes and NFs takes place through these interfaces. Interfaces are self-contained software modules that are reusable independently of each other and can be thought of as micro services. In an example, a N5 interface is used to connect the PCF (Policy Control Function) [122] and an AF (Application Function) [126]. Also, the interface may be selected from the plurality of interfaces connecting plurality of network functions to the node [300]. Further, the selected interface connects the identified one or more network functions from the plurality of network functions to the node [300] i.e., the automation node. Further, the interface is selected at the node from a list of interfaces associated with at least the node and the one or more network functions based on a second user input at the user interface [306] of the node [300].

[0077] Further, at step [410], the method [400] comprises triggering, by the processing unit [302] at the node, via the selected interface, at the one or more network functions, an automation task remotely. The automation task is at least one of an implementation task, an upgrade task, and a compliance task associated with one or more IP Tables, wherein the one or more IP Tables are associated with the one or more network functions. Further, the automation task is associated with setting up and managing the IP Table rules associated with the one or more IP Tables. The automation task is related to implementation, upgrade and compliance for the IP Tables rules. The implementation task associated with the one or more IP Tables implements or defines the rules for the IP Tables. The upgrade task is to add on any further requirements related to further enhancements on existing policies related to IP Tables rules. In an implementation, upgrading task may relate to updating limitations or policies on the IP Tables rules. The compliance task is to ensure that the IP Tables rules comply with the standard security guidelines. In other words, the compliance task checks if the IP Tables rules implement the standard security guidelines. In an implementation, the standard security guidelines maybe related to remote Application Programming Interface (API) detection issue or may relate to egress-ingress (incoming and outgoing data) policy for communicating with peer network functions. The automation task is triggered by the node [300] i.e., the automation node on the identified one or more network functions. Further, to trigger the automation task at the identified one or more network functions, the node [300] may receive a request from the identified one or more network functions to configure the IP Tables in the identified one or more functions. The node [300] in response, to the received request from the identified one or more network functions, configures the IP Tables at a corresponding network function from the identified one or more network function. Further, the automation task is associated with setting up IP table rules associated with the one or more IP Tables.
[0078] The one or more IP Tables comprise at least a Filter table and a Network Address Translation (NAT) table. Further, the filter table is a default table for the IP

Tables i.e., the filter table is the table that is created by default when no table is defined or created. The filter table is used for packet filtering and may include an input chain, an output chain and a forward chain. Further, the filter table decides to allow or deny the packet to continue to its destination. Further, the NAT table is used to implement the network address translation rules. The NAT table determines the modification of the packet’s source or destination addresses in order to impact the way that the packet and any response traffic are routed. The NAT table may be used to route the packets to network functions when direct access is not possible. Furthermore, the IP Tables rules provide a robust security mechanism, that defines which network packets may pass through, and which network packets may not pass through.
[0079] Furthermore, at step [412], the method [400] comprises performing, by the processing unit [302] at the node, a sanity check associated with the automation task, on the one or more network functions. The sanity check is performed by the processing unit [302] at the node [300], to check a successful execution of the automation task on the one or more network functions. The sanity check refers to a process for checking and validating if the automation task has completed without any error. In an implementation of the present disclosure, if a response to the sanity check is a positive response, it signifies that the automation task has completed successfully, and the node [300] may terminate the automation task. To perform the sanity check, the processing unit [302] may monitor the completion of automation task on the one or more network functions. In another implementation of the present disclosure, if the response to the sanity check is a negative response, the node [300] may wait for a pre-defined time period before performing another sanity check. The pre-defined time period may be defined by a user.
[0080] Thereafter, at step [414], the method terminates.
[0081] Referring to FIG. 5 an exemplary system architecture diagram for automating management of network traffic at one or more network functions in a

network, in accordance with exemplary implementation of the present disclosure is illustrated. The system architecture comprises at least one automation server [502] and plurality of 5G core network functions, shown as NF-1, NF-2, NF-3…..., NF-N) [504]. Also, all of the components/ units of the system architecture [500] are assumed to be connected to each other unless otherwise indicated below. As shown in FIG. 5, all units shown within the system architecture [500] should also be assumed to be connected to each other.
[0082] Also, the system architecture [500] works in conjunction with the system comprising the node [300] as shown in FIG. 3, for automating management of network traffic at one or more network functions in a network. The automation server [502] performs the same function as the node [300].
[0083] Particularly, the automation server [502] is configured to receive a user input to identify one or more network functions from the plurality of network functions (i.e., NF-1, NF-2, NF-3…., NF-N) [504].
[0084] Further, the connection is established between the automation server [502] and the identified one or more network functions. In an implementation, say the identified one or more network functions are the NF-1, the NF-2 and the NF-3.
[0085] After the connection between the automation server [502] and the identified network functions [504] is established, one or more interfaces are selected from the plurality of the interfaces. The interfaces connect the automations server [502] with the plurality of network functions [504] and across which the automation server [502] and the plurality of network functions [504] exchange information and data. The selected one or more interfaces connect the identified one or more network functions (i.e., the NF-1, the NF-2 and the NF-3) with the automation server [502].
[0086] Further, the automation server [502] remotely triggers an automation task, via the selected one or more interfaces, on the identified one or more network

functions (i.e., the NF-1, the NF-2 and the NF-3) [504]. When the automation server [502] triggers the automation task, the automation server [502] transfers the IP Tables script to the identified one or more network functions [504]. The IP Tables script is a sequence of instructions that may be executed at the identified one or more network functions for entering the IP Tables. Also, the IP Tables script comprises chains of IP Tables rules that are to be entered in the identified one or more network functions. Further, the automation task is associated with setting up IP Tables rules associated with the one or more IP Tables. The one or more IP Tables comprise at least a Filter table and a Network Address Translation (NAT) table. Further, the IP Tables rules provide a robust security mechanism, that defines which network packets may pass through, and which network packets may not pass through.
[0087] Thereafter, the automation server [502] performs a sanity check based on the automation task to check the successful execution of the automation task on the identified one or more network functions (i.e., the NF-1, the NF-2 and the NF-3) [504].
[0088] Referring to FIG. 6 an exemplary process flow diagram depicting a process for automating management of network traffic at one or more network functions in a network, in accordance with exemplary implementation of the present disclosure is illustrated. The process starts at an automation server [502], wherein the automation server [502] receives a user input. The automation server [502] performs the same function as the node [300] as shown in FIG. 3. Further, the user input may be received at the user interface [306] of the automation server [502].
[0089] At step [602], the automation server [502], based on the received user input, selects a network function where IP Tables script is to be executed. The IP Tables script is a sequence of instructions that may be executed at the selected network function for entering the IP Tables. Also, the IP Tables script comprises chains of IP Tables rules that are to be entered in the selected network function. Further, the

network function is selected from a plurality of network functions at the user interface [306] of the automation server [502].
[0090] Next, at step [604], the automation server [502] checks if restore file path is already present. The restore file path may be an interface through which the automation server [502] is connected to the selected network function. The interface is selected from the plurality of interfaces connecting the plurality of network functions. Presence of the restore path describes that a connection has been established between the automation server [502] and the network function.
[0091] Further, at step [606], the automation server [502] appends the IP table rules. The automation server [502] attaches the IP Tables rules via the restore path to the selected network function by triggering the automation task on the selected network function. Further, the automation task is associated with setting up IP Tables rules associated with the one or more IP Tables at the selected network function. The automation task is related to implementation, upgrade and compliance for the IP Tables rules. The implementation task associated with the one or more IP Tables implements or defines the rules for the IP Tables. The upgrade task is to add on any further requirements related to further enhancements on existing policies related to IP Tables rules. In an implementation, upgrading task may relate to updating limitations or policies on the IP Tables rules. The compliance task is to ensure that the IP Tables rules comply with the standard security guidelines. In other words, the compliance task checks if the IP Tables rules implement the standard security guidelines. In an implementation, the standard security guidelines maybe related to remote Application Programming Interface (API) detection issue or may relate to egress-ingress (incoming and outgoing data) policy for communicating with peer network functions.
[0092] Furthermore, at step [608], the automation server [502] waits for the play completion. The play completion may refer to the completion of the automation task of entering the IP Tables rules corresponding to the selected network function.

[0093] Thereafter, at step [610], the IP Tables entry is done at the selected network function. The automation task i.e., entering the IP Tables at the selected network function is thereby completed with this step.
[0094] Moreover, at step [612], the sanity check is done by the automation server [502]. The sanity check is performed to check a successful execution of the automation task on the network function. If the automation task was successful, that is the IP Tables have been entered successfully on the network function, the automation server [502] receives a positive response from the selected network function at which the automation task is executed successfully.
[0095] The present disclosure further discloses a non-transitory computer readable storage medium storing one or more instructions for automating management of network traffic at one or more network functions in a network. The instructions include executable code which, when executed by one or more units of a system comprising a node [300], causes a processing unit [302] to identify one or more network functions from a plurality of network functions. The executable code which when executed causes a transceiver unit [304] to establish, a network connection between the node and the identified one or more network functions. Further, the executable code which when executed causes the processing unit [302] to select, an interface based on the established network connection. Furthermore, the executable code which when executed causes the processing unit [302] to trigger, via the selected interface, at the one or more network functions, an automation task remotely. Thereafter, the executable code which when executed causes the processing unit [302] to perform, a sanity check associated with the automation task, on the one or more network functions.
[0096] As is evident from the above, the present disclosure provides a technically advanced solution for automating management of network traffic at one or more network functions in a network. The present solution allows the entry of the IP Tables in one or more network functions automatically. Further, the present solution

reduces the time taken in manually entering the IP Tables on the one or more network functions by automatically entering the IP Tables on the network functions. Furthermore, the present solution reduces the errors that happen in manually entering the IP Tables on the one or more network functions by automatically entering the IP Tables on the network functions.
[0097] While considerable emphasis has been placed herein on the disclosed implementations, it will be appreciated that many implementations can be made and that many changes can be made to the implementations without departing from the principles of the present disclosure. These and other changes in the implementations of the present disclosure will be apparent to those skilled in the art, whereby it is to be understood that the foregoing descriptive matter to be implemented is illustrative and non-limiting.
[0098] Further, in accordance with the present disclosure, it is to be acknowledged that the functionality described for the various components/units can be implemented interchangeably. While specific embodiments may disclose a particular functionality of these units for clarity, it is recognized that various configurations and combinations thereof are within the scope of the disclosure. The functionality of specific units as disclosed in the disclosure should not be construed as limiting the scope of the present disclosure. Consequently, alternative arrangements and substitutions of units, provided they achieve the intended functionality described herein, are considered to be encompassed within the scope of the present disclosure.

We Claim:
1. A method [400] for automating management of network traffic at one or
more network functions (NFs) in a network, the method [400] comprising:
- identifying, by a processing unit [302] at a node [300], the one or more network functions from a plurality of network functions;
- establishing, by a transceiver unit [304] at the node [300], a network connection between the node and the identified one or more network functions;
- selecting, by the processing unit [302] at the node [300], an interface based on the established network connection;
- triggering, by the processing unit [302] at the node [300], via the selected interface, at the one or more network functions, an automation task remotely; and
- performing, by the processing unit [302] at the node [300], a sanity check associated with the automation task, on the one or more network functions.

2. The method [400] as claimed in claim 1, wherein the one or more network functions are identified at the node [300] from the plurality of network functions based on a first user input at a user interface of the node [300].
3. The method [400] as claimed in claim 2, wherein the interface is selected at the node [300] from a list of interfaces associated with at least the node [300] and the one or more network functions based on a second user input at the user interface of the node [300].
4. The method [400] as claimed in claim 1, wherein the automation task is at least one of an implementation task, an upgrade task, and a compliance task associated with one or more IP Tables, wherein the one or more IP Tables are associated with the one or more network functions.

5. The method [400] as claimed in claim 4, wherein the automation task is associated with setting up IP table rules associated with the one or more IP Tables.
6. The method [400] as claimed in claim 4, wherein the one or more IP Tables comprise at least a Filter table and a Network Address Translation (NAT) table.
7. The method [400] as claimed in claim 1, wherein the sanity check is performed by the processing unit [302] at the node [300], to check a successful execution of the automation task on the one or more network functions.
8. A system [300] for automating management of network traffic at one or more network functions in a network, the system [300] comprises:
- a processing unit [302] at a node [300], wherein the processing unit is
configured to:
o identify, the one or more network functions from a plurality of network functions;
- a transceiver unit [304] connected to at least the processing unit [302],
wherein the transceiver unit [304] is configured to:
o establish, a network connection between the node and the identified one or more network functions;
- the processing unit [302], at the node [302], further configured to:
o select, an interface based on the established network connection;
o trigger, via the selected interface, at the one or more network
functions, an automation task remotely; and o perform, a sanity check associated with the automation task, on the
one or more network functions.

9. The system [300] as claimed in claim 8, wherein the one or more network functions are identified at the node [300] from the plurality of network functions based on a first user input at a user interface of the node [300].
10. The system [300] as claimed in claim 8, wherein the interface is selected at the node [300] from a list of interfaces associated with at least the node [300] and the one or more network functions based on a second user input at the user interface of the node [300].
11. The system [300] as claimed in claim 8, wherein the automation task is at least one of an implementation task, an upgrade task, and a compliance task associated with one or more IP Tables, wherein the one or more IP Tables are associated with the one or more network functions.
12. The system [300] as claimed in claim 11, wherein the automation task is associated with setting up IP table rules associated with the one or more IP Tables.
13. The system [300] as claimed in claim 11, wherein the one or more IP Tables comprise at least a Filter table and a Network Address Translation (NAT) table.
14. The system [300] as claimed in claim 8, wherein the sanity check is performed by the processing unit [302] at the node [300], to check a successful execution of the automation task on the one or more network functions.