CN120881165A - Message processing method, communication system and device - Google Patents
Message processing method, communication system and deviceInfo
- Publication number
- CN120881165A CN120881165A CN202410565008.6A CN202410565008A CN120881165A CN 120881165 A CN120881165 A CN 120881165A CN 202410565008 A CN202410565008 A CN 202410565008A CN 120881165 A CN120881165 A CN 120881165A
- Authority
- CN
- China
- Prior art keywords
- ipv6
- node
- sid
- extension header
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/06—Notations for structuring of protocol data, e.g. abstract syntax notation one [ASN.1]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本申请提供一种报文处理方法、通信系统及装置,应用于通信技术领域。在该报文处理方法中,第一节点接收到的第一IPv6报文所携带的第一节点的SID,可以用于指示第一节点解析第一IPv6报文中的除SRH之外的IPv6扩展头。基于此,可以提高报文处理和转发效率,并且可以简化节点的业务策略的配置。
This application provides a message processing method, communication system, and apparatus, applicable to the field of communication technology. In this message processing method, the SID of the first node carried in the first IPv6 message received by the first node can be used to instruct the first node to parse the IPv6 extension headers in the first IPv6 message, excluding the SRH header. Based on this, message processing and forwarding efficiency can be improved, and the configuration of node service policies can be simplified.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method, a communications system, and an apparatus for processing a message.
Background
With the development of internet protocol version 6 (internet protocol version, IPv 6) technology, various types of IPv6 extension headers may be included in an IPv6 message to implement various service capabilities. For example, a segment routing extension header (segment routing header, SRH) may be used to carry a segment identification (SEGMENT IDENTIFIER, SID) of a Segment Route (SR) to direct the message for SR forwarding. For another example, a destination options extension header (destination options header, DOH) may be used to carry a flow-along detection flag to enable flow-along detection of messages. For another example, a hop-by-hop option header (hop-by-hop options header, HBH) may be used to carry a network slice identity to direct packet forwarding in a split plane.
However, based on the current standard, if the node on the IPv6 packet forwarding path is to perform service processing according to the IPv6 extension header, a service policy needs to be configured for implementation in most cases. However, performing the matching of the service policies may reduce forwarding performance of the IPv6 packet, and configuring the service policies may also occupy additional resources.
Disclosure of Invention
The application provides a message processing method, a communication system and a device, which are used for solving the problems of large occupied resources and low forwarding efficiency caused by complex service strategies which need to be configured for processing an IPv6 message in the prior art.
In order to achieve the above purpose, the application adopts the following technical scheme:
In a first aspect, the present application provides a method for processing a message, where the method is applied to a first node, and may also be a module, such as a chip or a chip system, applied to the first node. The message processing method can include that a first node receives a first IPv6 message, wherein the first IPv6 message comprises a first IPv6 extension header and a second IPv6 extension header. Based on the first SID indication in the DA field in the first IPv6 message, the first node parses the second IPv6 extension header. The first IPv6 expansion head is SRH, and comprises a first SID.
Based on the scheme, the SID (i.e. the first SID) of the first node carried by the DA field of the first IPv6 message can instruct the first node to analyze the second IPv6 extension header without configuring related service policies in the first node, thereby simplifying the configuration of the first node. In addition, the efficiency of message forwarding can be improved without matching the service strategies.
With reference to the first aspect, in an optional implementation manner, the second IPv6 extension header is DOH or HBH.
With reference to the first aspect, in an optional implementation manner, the second IPv6 extension header includes at least one of APN information IFIT information, security resource information, computing power resource information, service trusted information, or network slice information.
With reference to the first aspect, in an optional implementation manner, the option field of the second IPv6 extension header includes an identifier, where the identifier is associated with at least one of APN information, IFIT information, security resource information, computing power resource information, service trusted information, or network slice information.
With reference to the first aspect, in an optional implementation manner, the second IPv6 extension header includes APN information, where the APN information is used to indicate a user or an application to which the first IPv6 packet belongs. The first node analyzing the second IPv6 extension header may specifically include the first node analyzing the second IPv6 extension header to obtain APN information. And then, the first node determines a secure resource instance corresponding to the first IPv6 message according to the APN information. Further, the first node processes the first IPv6 message by using the secure resource instance corresponding to the first IPv6 message.
With reference to the first aspect, in an optional implementation manner, the second IPv6 extension header includes security resource information, where the security resource information is used to indicate a security resource instance corresponding to the first IPv6 packet. The first node analyzing the second IPv6 extension header may specifically include the first node analyzing the second IPv6 extension header to obtain the security resource information. And then, the first node determines a secure resource instance corresponding to the first IPv6 according to the secure resource information. Further, the first node processes the first IPv6 message by using the secure resource instance corresponding to the first IPv 6.
With reference to the first aspect, in an optional implementation manner, the second IPv6 extension header includes computing power resource information, where the computing power resource information is used to indicate a computing power resource instance corresponding to the first IPv6 packet. The first node analyzing the second IPv6 extension header may specifically include the first node analyzing the second IPv6 extension header to obtain the computing power resource information. And then, the first node determines the computing power resource instance corresponding to the first IPv6 message according to the computing power resource information. Further, the first node processes the first IPv6 message by using the computing power resource instance corresponding to the first IPv6 message.
In a second aspect, the present application provides a method for processing a message, where the method is applied to a first node, and may also be a module, such as a chip or a chip system, applied to the first node. The message processing method can include that a first node receives a first IPv6 message, wherein the first IPv6 message comprises a first IPv6 extension header. Based on the first segment identification SID in the DA field of the first IPv6 message, the second IPv6 extension header is indicated and encapsulated, and the first node is the second IPv6 extension header of the first IPv6 message Wen Fengzhuang so as to obtain the second IPv6 message. And then, the first node forwards the second IPv6 message. The first IPv6 expansion head is SRH, the first IPv6 expansion head comprises a first SID, and the second IPv6 expansion head does not belong to SRH.
Based on the scheme, the SID (i.e. the first SID) of the first node carried by the DA field of the first IPv6 message can indicate to encapsulate the second IPv6 extension header without configuring related service policies in the first node, so that the configuration of the first node can be simplified. In addition, the efficiency of message forwarding can be improved without matching the service strategies.
With reference to the second aspect, in an optional implementation manner, the second IPv6 extension header is DOH or HBH.
With reference to the second aspect, in an optional implementation manner, the second IPv6 extension header includes at least one of APN information, IFIT information, security resource information, computing resource information, service trusted information, or network slice information.
With reference to the second aspect, in an optional implementation manner, the option field of the second IPv6 extension header includes an identifier, where the identifier is associated with at least one of APN information, IFIT information, security resource information, computing power resource information, service trusted information, or network slice information.
With reference to the second aspect, in an optional implementation manner, the first SID is BSID, and at least one SID corresponding to the BSID is included in the SRH of the second IPv6 packet.
With reference to the second aspect, in an optional implementation manner, the first node is a first IPv6 packet Wen Fengzhuang and a second IPv6 extension header to obtain a second IPv6 packet, and may specifically include the first node being a first IPv6 packet Wen Fengzhuang, a second IPv6 extension header, and a third IPv6 extension header to obtain the second IPv6 packet. Wherein the third IPv6 extension header is SRH, and the third IPv6 extension header comprises at least one SID.
With reference to the second aspect, in an optional implementation manner, the first node is a first IPv6 packet Wen Fengzhuang and a second IPv6 extension header to obtain a second IPv6 packet, which may specifically include the first node being the second IPv6 extension header of the first IPv6 packet Wen Fengzhuang and updating the first IPv6 extension header. Wherein the updated first IPv6 extension header includes at least one SID.
With reference to the second aspect, in an optional implementation manner, the first node is a gateway node of the resource pool, and the at least one SID includes a SID of at least one resource node in the resource pool, where the at least one SID is used to instruct forwarding of the second IPv6 packet to the at least one resource node.
In a third aspect, the present application provides a method for processing a message, where the method is applied to a first node, and may also be a module, such as a chip or a chip system, applied to the first node. The message processing method can include that a first node receives a first MPLS message, wherein the first MPLS message comprises an MPLS label stack and a first MPLS extension header, a first MPLS label at the top of the MPLS label stack indicates to analyze the first MPLS extension header, and the first MPLS label is an MPLS label of the first node. And then, the third node analyzes the first MPLS extension header in the first MPLS message according to the indication of the first MPLS label.
Based on the scheme, in the MPLS forwarding scene, the MPLS label of the node can be used for indicating the node to process the MPLS extension header in the received MPLS message, and the configuration of the node can be simplified without configuring corresponding service strategies in the node. In addition, the efficiency of message forwarding can be improved without matching the service strategies.
In a fourth aspect, the present application provides a message processing method, where the method is applied to a controller, and may also be a module applied to the controller, such as a chip or a chip system. The message processing method can include that a controller obtains configuration information of a first SID. Thereafter, the controller transmits the first SID configuration information to the first node. Wherein the first SID is the SID of the first node. The configuration information of the first SID indicates the first node to analyze the second IPv6 extension header in the message when receiving the message with the DA field being the first SID.
Based on this scheme, in the SRv scenario, the first SID configured by the controller to the first node may be used to instruct the first node to parse the second IPv6 extension header in the message with the DA field being the first SID. Based on the above, the analysis of the message by the first node can be realized without configuring the service policy, so that the configuration of the first node can be simplified. And the analysis behavior does not need to match policy rules, so that the efficiency of message forwarding can be improved.
In a fifth aspect, the present application provides a message processing method, where the method is applied to a controller, and may also be a module applied to the controller, such as a chip or a chip system. The message processing method can include that a controller obtains configuration information of a first SID. Thereafter, the controller transmits the first SID configuration information to the first node. Wherein the first SID is the SID of the first node. The configuration information of the first SID indicates that the first node is the second IPv6 extension header of the report Wen Fengzhuang when receiving the message with the DA field being the first SID. The second IPv6 extension header does not belong to SRH.
Based on this scheme, in the SRv scenario, the first SID configured by the controller to the first node may be used to indicate that the first node is the second IPv6 extension header of report Wen Fengzhuang with the DA field being the first SID. Based on the above, the packaging action of the first node on the message can be realized without configuring a service policy, so that the configuration of the first node can be simplified. And the encapsulation behavior does not need to match policy rules, so that the efficiency of message forwarding can be improved.
In a sixth aspect, the present application provides a message processing method, where the method is applied to a controller, and may also be a module applied to the controller, for example, a chip or a chip system. The message processing method can include that a controller obtains configuration information of a first MPLS label. The controller then transmits configuration information of the first MPLS label to the first node. The configuration information of the first MPLS label indicates the first node to analyze a first MPLS extension header in a message when receiving the message with the stack top label being the first MPLS label.
Based on the scheme, in the MPLS scenario, the first MPLS label configured by the controller to the first node may be used to instruct the first node to parse the first MPLS extension header in the packet with the top label being the first MPLS label. Based on the above, the analysis of the message by the first node can be realized without configuring the service policy, so that the configuration of the first node can be simplified. And the analysis behavior does not need to match policy rules, so that the efficiency of message forwarding can be improved.
In a seventh aspect, a communication device is provided, which may include a receiving unit and a processing unit. The receiving unit may be configured to receive a first IPv6 packet, where the first IPv6 packet includes a first IPv6 extension header and a second IPv6 extension header, and the first IPv6 extension header is SRH. The processing unit may be configured to parse the second IPv6 extension header based on the first SID indication in the DA field in the first IPv6 message parsing the second IPv6 extension header. Wherein the first IPv6 extension header includes the first SID.
With reference to the seventh aspect, in an optional implementation manner, the second IPv6 extension header is DOH or HBH.
With reference to the seventh aspect, in an optional implementation manner, the second IPv6 extension header includes at least one of APN information, IFIT information, security resource information, computing resource information, service trusted information, or network slice information.
With reference to the seventh aspect, in an optional implementation manner, the option field of the second IPv6 extension header includes an identifier, where the identifier is associated with at least one of APN information, IFIT information, security resource information, computing power resource information, service trusted information, or network slice information.
With reference to the seventh aspect, in an optional implementation manner, the second IPv6 extension header includes APN information, where the APN information is used to indicate a user or an application to which the first IPv6 packet belongs. The processing unit may be configured to parse the second IPv6 extension header to obtain APN information. The processing unit may be further configured to determine, according to the APN information, a secure resource instance corresponding to the first IPv6 packet. The processing unit may be configured to process the first IPv6 packet using a secure resource instance corresponding to the first IPv6 packet.
With reference to the seventh aspect, in an optional implementation manner, the second IPv6 extension header includes security resource information, where the security resource information is used to indicate a security resource instance corresponding to the first IPv6 packet. The processing unit may be configured to parse the second IPv6 extension header to obtain secure resource information. The processing unit may be further configured to determine, according to the secure resource information, a secure resource instance corresponding to the first IPv6 packet. And then, the first node processes the first IPv6 message by using the secure resource instance corresponding to the first IPv6 message.
With reference to the seventh aspect, in an optional implementation manner, the second IPv6 extension header includes computing power resource information, where the computing power resource information is used to indicate a computing power resource instance corresponding to the first IPv6 packet. The processing unit may be configured to parse the second IPv6 extension header to obtain computing power resource information. The processing unit may be further configured to determine, according to the computing power resource information, a computing power resource instance corresponding to the first IPv6 packet. The processing unit may be further configured to process the first IPv6 packet using an instance of a computing power resource corresponding to the first IPv6 packet.
In an eighth aspect, a communication apparatus is provided, which may include a receiving unit, a processing unit, and a transmitting unit. The receiving unit may be configured to receive the second IPv6 packet. The second IPv6 message includes a first IPv6 extension header, and the first IPv6 extension header is SRH. The processing unit may be configured to encapsulate the second IPv6 extension header based on the first SID indication in the DA field of the second IPv6 packet, and obtain a third IPv6 packet for the second IPv6 packet Wen Fengzhuang. Wherein the first IPv6 extension header includes a first SID, and the second IPv6 extension header does not belong to the SRH. The sending unit may be configured to forward the second IPv6 message.
With reference to the eighth aspect, in an optional implementation manner, the second extension header is DOH or HBH.
With reference to the eighth aspect, in an optional implementation manner, the second extension header includes at least one of APN information, IFIT information, security resource information, computing resource information, service trusted information, or network slice information.
With reference to the eighth aspect, in an optional implementation manner, the option field of the second IPv6 extension header includes an identifier, where the identifier is associated with at least one of APN information, IFIT information, security resource information, computing power resource information, service trusted information, or network slice information.
With reference to the eighth aspect, in an optional implementation manner, the first SID is a BSID, and at least one SID corresponding to the BSID (i.e., the first SID) is included in the SRH of the second IPv6 packet.
With reference to the eighth aspect, in an optional implementation manner, the processing unit may be configured to obtain the second IPv6 packet for the second IPv6 extension header and the third IPv6 extension header of the first IPv6 packet Wen Fengzhuang. Wherein the third IPv6 extension header is SRH, and the third IPv6 extension header includes at least one SID corresponding to the first SID.
With reference to the eighth aspect, in an optional implementation manner, the processing unit may be configured to update the first IPv6 extension header and the second IPv6 extension header for the first IPv6 report Wen Fengzhuang. Wherein the updated first IPv6 extension header includes at least one SID corresponding to the first SID.
With reference to the eighth aspect, in an optional implementation manner, the first node is a gateway node of the resource pool, at least one SID corresponding to the first SID includes a SID of at least one resource node in the resource pool, and at least one SID corresponding to the first SID is used to indicate that the second IPv6 packet is forwarded to at least one resource node in the resource pool.
A ninth aspect provides a communication device configured to implement any one of the first, second, third, fourth, fifth or sixth aspects of the foregoing method. The communication device comprises corresponding modules, units or means (means) for implementing the above method, where the modules, units or means may be implemented by hardware, software, or implemented by hardware executing corresponding software. The hardware or software includes one or more modules or units corresponding to the functions described above.
In a tenth aspect, there is provided a communication device comprising a processor, the processor being configured to perform the method according to any one of the first, second, third, fourth, fifth or sixth aspects according to instructions in a memory after being coupled to the memory and reading the instructions in the memory.
In one possible implementation, the communication device further includes a memory for storing computer instructions.
In one possible implementation, the communication apparatus further includes a communication interface for the communication apparatus to communicate with other devices. Illustratively, the communication interface is a transceiver, an input/output interface, an interface circuit, an output circuit, an input circuit, a pin or related circuit, or the like.
In one possible implementation, the communication device may be a chip or a system-on-chip. When the communication device is a chip system, the communication device may be formed by a chip, or may include a chip and other discrete devices.
In one possible implementation, when the communication device is a chip or a chip system, the communication interface may be an input/output interface, an interface circuit, an output circuit, an input circuit, a pin, or related circuitry, etc. on the chip or the chip system. The processor described above may also be embodied as processing or logic circuits.
In an eleventh aspect, there is provided a computer readable storage medium having instructions stored therein, which when run on a computer, cause the computer to perform the message processing method of any of the first, second, third, fourth, fifth or sixth aspects above.
In a twelfth aspect, there is provided a computer program product which, when run on a processor, causes the processor to perform the message processing method as described in any one of the possible implementations of the first, second, third, fourth, fifth or sixth aspects.
The technical effects caused by any one of the design manners of the ninth aspect to the twelfth aspect may be referred to as technical effects caused by different design manners of the first aspect, the second aspect, the third aspect, the fourth aspect, the fifth aspect or the sixth aspect, and are not repeated here.
Drawings
Fig. 1 is a schematic structural diagram of an IPv6 packet according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of an SRH according to an embodiment of the present application;
FIG. 3 is a schematic diagram of identifying different users based on an end.X SID according to an embodiment of the present application;
fig. 4 is a schematic diagram of identifying different users by using APN information according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a communication network according to an embodiment of the present application;
Fig. 6 is a schematic structural diagram of another communication network according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of another communication network according to an embodiment of the present application;
FIG. 8 is a flow chart of a message processing method according to an embodiment of the present application;
Fig. 9 is a schematic diagram of a first IPv6 packet forwarding process according to an embodiment of the present application;
Fig. 10 is a schematic diagram of another first IPv6 packet forwarding process according to an embodiment of the present application;
FIG. 11 is a flowchart illustrating another message processing method according to an embodiment of the present application;
fig. 12 is a schematic diagram of a first IPv6 packet forwarding process according to an embodiment of the present application;
Fig. 13 is a schematic diagram of another first IPv6 packet forwarding process according to an embodiment of the present application;
fig. 14 is a schematic structural diagram of a communication device according to an embodiment of the present application;
Fig. 15 is a schematic structural diagram of another communication device according to an embodiment of the present application;
Fig. 16 is a schematic structural diagram of another communication device according to an embodiment of the present application.
Detailed Description
Before describing the embodiments of the present application, some terms and related techniques related to the embodiments of the present application are explained. It should be noted that the following explanation is for easier understanding of the embodiments of the present application, and should not be construed as limiting the scope of protection required by the embodiments of the present application.
The IPv6 message consists of a fixed-length IPv6 basic header and a variable-length IPv6 extension header, and the special functions originally provided by the IPv4 option (option) can be realized through the IPv6 extension header. IPv6 extension headers currently in common use in the art include HBH, DOH, and SRH.
For example, fig. 1 is a schematic structural diagram of an IPv6 packet, where, as shown in fig. 1, the IPv6 packet may include at least an IPv6 basic header and a payload (payload). As an alternative implementation manner, an IPv6 extension header such as HBH, DOH, and SRH may be further included between the IPv6 base header and the payload. The IPv6 base header may include version (version), traffic class (TRAFFIC CLASS), flow label (flow label), payload length (payload), next header (next header), hop limit (hop limit), source Address (SA), and destination address (destination address, DA) fields, and the meaning related standards of the respective fields are defined, which will not be described in detail in the present application.
The SR is a source routing protocol, and its core idea is to cut the network packet forwarding path into different segments, and insert segment information into the packet at the path starting point to guide packet forwarding. Currently, SR supports two data planes, multiprotocol label switching (multi protocol label exchange, MPLS) and IPv6, corresponding to two solutions, SR based on MPLS data plane (referred to as SR-MPLS), and SR based on IPv6 data plane (referred to as SRv), respectively.
In SRv6 scenario, the source node may encapsulate the SIDs of the nodes on the SRv path in sequence in the SRH of the IPv6 packet, where the SRH can instruct the IPv6 packet to forward SRv. Specifically, the source node may take the first SID in the SRH (i.e., the SID of the first hop node on the SRv path) as the DA of the IPv6 packet, and then send the IPv6 packet. After the IPv6 message reaches the first hop node on the SRv path, the first hop node may update the DA of the IPv6 message with the second SID in the SRH (i.e., the SID of the second hop node on the SRv path), and then send the updated IPv6 message. Similarly, the node on SRv path can continuously update the value of DA field according to SID in SRH to realize segment forwarding of IPv6 message.
By way of example, FIG. 2 is a schematic diagram of the structure of an SRH, as shown in FIG. 2, which may include fields of a next header, an extension header length (Hdr Ext Len), a routing type, a remaining segment (SEGMENTS LEFT), a last entry (LAST ENTRY), a flag (flags), a tag (tag), and a segment list (SEGMENT LIST). Wherein the segment list field may include SIDs for a plurality of segments of the SRv path, such as SIDs [0] through SID [ n ] in the figure, which are encapsulated in reverse order. The remaining segment field is a pointer indicating the SID that is currently in effect. The remaining segment field and the segment list field together determine the value of the DA field in the IPv6 base header. The meaning of the other fields in the SRH may be referred to as defined in the relevant standards and will not be described in detail herein.
In the art, performing SRv forwarding based on SRH in the IPv6 packet requires that a node on the SRv path configure a local SID table, where the local SID table may include the SID of the node, an instruction bound to the SID, and forwarding information related to the instruction (such as an egress interface and a next hop). After the SID carried in the DA field of the IPv6 message hits the local SID table of the node, the node can process and forward the IPv6 message according to the local SID table.
SRv6 SIDs are programmable, and instructions bound to SIDs can indicate a variety of different behaviors. For example, the end.x SID may instruct the node to update the DA field of the message according to the SRH and may instruct the node to forward the message from the outgoing interface to which the end.x SID is bound.
In one possible implementation, the node may also utilize the SID of SRv to distinguish between the traffic of different users.
For example, fig. 3 is a schematic diagram for identifying different users based on an end.x SID, as shown in fig. 3, a cloud network user edge (PE) may be connected to a Virtual Machine (VM), and a plurality of different virtual systems (VSYS) may be included in the VM, for example, VSYS1, VSYS2, and VSYS3 in fig. 3, where different VSYS belong to different users. The interface a of the cloud PE connected to the VM may be divided into sub-interfaces a1, a2 and a3, the interface b of the cloud PE connected to the VM may be divided into sub-interfaces b1, b2 and b3, the interface a of the cloud PE connected to the VM may be divided into sub-interfaces a1, a2 and a3, the interface c of the VM connected to the cloud PE may be divided into sub-interfaces c1, c2 and c3, and the interface d of the VM connected to the cloud PE may be divided into sub-interfaces d1, d2 and d3. The sub-interface a1 of the cloud network PE is correspondingly connected with the sub-interface c1 of the VM, the sub-interface a2 of the cloud network PE is correspondingly connected with the sub-interface c2 of the VM, the sub-interface a3 of the cloud network PE is correspondingly connected with the sub-interface c3 of the VM, the sub-interface b1 of the cloud network PE is correspondingly connected with the sub-interface d1 of the VM, the sub-interface b2 of the cloud network PE is correspondingly connected with the sub-interface d2 of the VM, and the sub-interface b3 of the cloud network PE is correspondingly connected with the sub-interface d3 of the VM. Subinterfaces c1 and d1 of the VM are connected with VSYS1, subinterfaces c2 and d2 of the VM are connected with VSYS2, and subinterfaces c3 and d3 of the VM are connected with VSYS 3. The SID of the cloud network PE may be bound to a subinterface of the cloud network PE, and the SID of the VM may be bound to a subinterface of the VM. For example, the SID to which subinterface a1 of cloud PE binds may be cloud PE end.X_a1, the SID bound by the subinterface b3 of the cloud network PE may be cloud network PE end.x_b. The SID bound by subinterface c1 of the VM may be VM end.x—c1, the SID bound by subinterface d3 of the VM may be VM end.x_d3. Based on the above configuration, different SIDs bind different subinterfaces, which in turn bind different VSYS, so that different SIDs bind different VSYS.
As shown in fig. 3, the SID list in the SRH of the IPv6 packet received by the cloud network PE may include cloud network PE end.x_a1, VM end.x_c1, VM end.x_d1, and cloud network PE end.x_b1. According to the above configuration, the cloud network PE may forward the IPv6 packet from the subinterface a1 to the VM. The VM may receive the IPv6 message from subinterface c1 and may transmit the IPv6 message to the internal VSYS1 process. After that, the VM may further forward the IPv6 packet processed by the VSYS1 from the subinterface d1 to the cloud network PE. The cloud network PE can receive the IPv6 message processed by the VM from the sub-interface d1 and further forward the IPv6 message to a downstream node.
As can be seen from the above example of fig. 3, although the VM can be made to recognize different users by using the binding relationship of end.x SID and subinterface, the required configuration is very complex. Also, the number of SIDs that need to be encapsulated in the SRH is also large.
The above-mentioned problem of complex configuration of a scheme for identifying a user using SID may be solved by application-aware networking (APN) technology in the art. The APN technology can carry application information by using an IPv6 extension header of an IPv6 message, so that a network can identify applications and users, and the requirements of the applications and users on the network are perceived, thereby providing accurate and differentiated network services for the services of different applications and users.
The application information carried by the APN technology in the IPv6 extension header may be referred to as APN information, and the APN information may include an APN Identification (ID) and an APN parameter (parameters). The APN ID is identification information of the application and is used for enabling the network to distinguish different application flows from different users. APN PARAMETERS is information about the network requirements of the application, such as bandwidth requirements, delay requirements, jitter requirements, packet loss rate requirements, etc.
For example, fig. 4 is a schematic diagram of identifying different users by using APN information, as shown in fig. 4, a cloud network PE is connected to a VM, and the VM may include VSYS1, VSYS2, and VSYS3, where different VSYS belong to different users. The interface a of the cloud network PE1 is connected with the interface c of the VM, and the interface b of the cloud network PE is connected with the interface d of the VM. Interfaces c and c of the VM are connected to VSYS1, VSYS2 and VSYS3, without distinguishing sub-interfaces. In this scenario, IPv6 messages of different users may all be transmitted from the same interface to the VM, and the cloud PE may only configure one SID, and the VM may only configure one SID. IPv6 messages for different users may encapsulate the same SID, except for the different APN information encapsulated therein. For example, as shown in fig. 4, the SID list in the SRH of the IPv6 packet received by the cloud network PE includes the cloud network PE SID and the VM SID, and the APN information for identifying the user may be carried in the IPv6 extension header of the IPv6 packet. After receiving the IPv6 message, the cloud network PE can forward the IPv6 message to the VM. After receiving the IPv6 message, the VM may determine the user according to the APN information, and then transmit the determined user to VSYS1, VSYS2, or VSYS3 corresponding to the user.
In the field, in a scenario of implementing network refinement management by using an IPv6 extension header to carry APN information, a node performing service processing by using the APN information needs to configure a related service policy. The node can analyze the IPv6 extension head according to the service strategy, and further identify the application and the user to which the message belongs according to the APN information in the IPv6 extension head, so as to provide refined network service.
In some special scenarios, the APN information may not be encapsulated at the source node of the IPv6 packet, but at an intermediate node on the forwarding path of the IPv6 packet, in which case, a relevant service policy needs to be configured on the intermediate node that encapsulates the APN information, so that it identifies the corresponding IPv6 packet and encapsulates the APN information.
In summary, the processing (including parsing and encapsulation) of the IPv6 extension header by the node needs to be implemented by configuring a corresponding service policy. With the increase of the number of applications and users, the nodes need to configure service policies more and more, and the consumption of node resources is more and more. In addition, after the node configures the service policy, any received IPv6 message needs to be matched with the service policy, which includes many invalid matches, resulting in a decrease in the forwarding performance of the message.
In view of the above problems, the present application provides a message processing method, where the SID in the SRH of the IPv6 message may not only guide the segment routing of the IPv6 message, but also instruct the node to process other IPv6 extension headers in the IPv6 message. After receiving the IPv6 message, the node on SRv path can forward the message according to the SID, and analyze or encapsulate other IPv6 extension heads according to the SID. Based on the method, the configuration of the node can be simplified, the resources of the node can be saved, and the processing efficiency of the node can be improved.
The technical solutions in the embodiments of the present application will be described below with reference to the accompanying drawings in the embodiments of the present application. In the description of the present application, unless otherwise indicated, "/" means that the related objects are in a "or" relationship, for example, a/B may mean a or B, and "and/or" in the present application is merely an association relationship describing the related objects, for example, a and/or B may mean that there may be three relationships, for example, a and/or B, three cases where a exists alone, a and B exist together, and B exists alone, where a and B may be singular or plural. Also, in the description of the present application, unless otherwise indicated, "a plurality" means two or more than two. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (a, b, or c) of a, b, c, a-b, a-c, b-c, or a-b-c may be represented, wherein a, b, c may be single or plural. In addition, in order to facilitate the clear description of the technical solution of the embodiments of the present application, in the embodiments of the present application, the words "first", "second", etc. are used to distinguish the same item or similar items having substantially the same function and effect. It will be appreciated by those of skill in the art that the words "first," "second," and the like do not limit the amount and order of execution, and that the words "first," "second," and the like do not necessarily differ. Meanwhile, in the embodiments of the present application, words such as "exemplary" or "such as" are used to mean serving as examples, illustrations or explanations. Any embodiment or design described herein as "exemplary" or "e.g." in an embodiment should not be taken as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion that may be readily understood. In addition, the network architecture and the service scenario described in the embodiments of the present application are for more clearly describing the technical solution of the embodiments of the present application, and do not constitute a limitation on the technical solution provided by the embodiments of the present application, and as a person of ordinary skill in the art can know, with evolution of the network architecture and appearance of a new service scenario, the technical solution provided by the embodiments of the present application is also applicable to similar technical problems.
Before introducing the message processing method provided by the embodiment of the application, the network architecture to which the message processing method of the application is applied is first introduced.
Fig. 5 is a schematic structural diagram of a communication network provided by the present application, where, as shown in fig. 5, the communication network may include a node 501 and a node 502, and the node 501 and the node 502 may be two nodes on an IPv6 packet transmission path.
The method for processing the message provided by the application can be applied to the communication network shown in fig. 5, and the node 501 can be used for encapsulating the first SID in the SRH of the IPv6 message, where the first SID can indicate to analyze other IPv6 extension headers. The node 502 may be configured to parse other IPv6 extension headers in the IPv6 message according to the indication of the first SID. The specific implementation of this message processing method is described in the method embodiments below, and will not be described in detail here.
The other message processing method provided by the present application may also be applied to the communication network shown in fig. 5, where the node 501 may be configured to encapsulate the first SID in the SRH of the IPv6 message, where the first SID may be capable of indicating to encapsulate other IPv6 extension headers. Node 502 may be configured to encapsulate other IPv6 extension headers based on the indication of the first SID. The specific implementation of this message processing method is described in the method embodiments below, and will not be described in detail here.
In a specific implementation, the communication network shown in fig. 5 may further include a controller 503, where the controller 503 may be configured to issue configuration information of the first SID to the node 501 and the node 502.
Fig. 6 is a schematic diagram of another communication network provided by the present application, as shown in fig. 6, the communication network may include a user equipment 1, a user side network device 1, a metropolitan area network 1, a cloud backbone network, an edge cloud resource pool, and a central cloud resource pool. The user device 1 may be connected to the user side network device 1, the user side network device 1 may be connected to an Access Router (AR) 1 in the metropolitan area network 1, a Core Router (CR) 1 in the metropolitan area network 1 may be connected to a network user edge (PE) 1 in the cloud backbone network, an edge cloud resource pool may also be connected to a network PE1 in the cloud backbone network, and a central cloud resource pool may be connected to a cloud PE1 in the cloud backbone network. It should be understood that AR1 in metro network 1 is in communication with CR1, and that network PE1 and cloud PE1 in the cloud backbone are in communication, as described herein.
As one possible implementation, the edge cloud resource pool and the center cloud resource pool may be a single type of resource pool, or may also include multiple types of resource pools. As shown in fig. 6, the edge cloud resource pool and the center cloud resource pool may include at least one of a secure resource pool, a computing power resource pool, a network resource pool, or a storage resource pool. A specific type of Virtual Machine (VM) may be included in the specific type of resource pool, for example, a secure VM1, a secure VM2, etc. may be included in the secure resource pool, a power VM1, a power VM2, etc. may be included in the power resource pool, a network VM1, a network VM2, etc. may be included in the network resource pool, and a storage VM1, a storage VM2, etc. may be included in the storage resource pool. It should be appreciated that the VMs in the resource pool are associated with actual physical resources, which may be virtualized or pooled from physical resources, and are an abstract collection of resources.
As one possible implementation, the secure VM is virtualized or pooled from secure resources. For example, the secure VM may be associated with a secure resource such as a firewall (firewall, FW), a web application firewall (web application firewall, WAF), an intrusion detection system (intrusion detection system, IDS), an intrusion prevention system (intrusion prevention system, IPS), or an anti-virus (AV), and the secure VM may be referred to as a virtual firewall (vww), a virtual web application firewall (vWAF), a virtual intrusion detection system (vIDS), a virtual intrusion prevention system (vIPS), or a virtual anti-virus (vAV) system, or the like.
As one possible implementation, the computing force VM is virtualized or pooled from computing force resources. For example, the computational power VM may be associated with computational power resources such as a general purpose central processing unit (central processing unit, CPU), a graphics processor (graphics processing unit, GPU), an application-specific integrated circuit (ASIC), and the secure VM may be referred to as a virtual CPU, a virtual GPU, a virtual ASIC, or the like.
As one possible implementation, the network VM is virtualized or pooled from network resources. For example, a network VM may be associated with a network resource such as a network card, gateway, router, switch, etc., and may be referred to as a virtual network card, virtual Gateway (VGW), virtual router, virtual switch, etc.
As one possible implementation, the storage VM is virtualized or pooled from storage resources. For example, a storage VM may be associated with storage resources such as memory, disks, etc., and the storage VM may be referred to as virtual memory, virtual disks, etc.
As a possible implementation manner, with continued reference to fig. 6, the network PE1 in the cloud backbone network may also be connected to the user side network device 2 through a network such as another metropolitan area network, an optical transport network (optical transmission network, OTN), a slice packet network (SLICED PACKET network, SPN), or a radio access network (radio access network, RAN), and the user side network device 2 may be connected to the user side network device 2.
As one possible implementation, the customer-side network device in fig. 6 may be a Customer Edge (CE) device, customer premise equipment (customer premise equipment, CPE), or the like device that is used to provide network access to the customer.
As a possible implementation, the user device in fig. 6 may be a user terminal, for example, a mobile phone, a computer, a smart wearable device, an electronic cash desk, etc.
As a possible implementation manner, the nodes in AR1, CR1, network PE1, cloud PE1, edge cloud resource pool, or central cloud resource pool in fig. 6 may execute the message processing method performed by the first node in the embodiment of the present application, and specific implementation of the method embodiment will be described later and will not be described in detail herein.
As one possible implementation, with continued reference to fig. 6, a cloud management platform, a large network controller, and a cloud resource controller may also be included in the communication network. The cloud management platform can be used for carrying out business arrangement, sending configuration information of network nodes to the large network controller and sending configuration information of virtual nodes in the cloud resource pool to the cloud resource controller. The large network controller can send the configuration information from the cloud management platform to nodes such as user equipment AR, CR, network PE, cloud PE and the like. The cloud resource controller may send configuration information from the cloud management platform to virtual nodes in the edge cloud resource pool or the center cloud resource pool. Wherein, the large network controller and the cloud resource controller both belong to an overlay (overlay) controller. As one implementation, the large network controller may be a network control engine-internet protocol (network control engine-internet protocol, NCE-IP) controller and the cloud resource controller may be a NCE-computer (NCE-Campus) controller.
As a possible implementation manner, the ethernet controller or the cloud resource controller in fig. 6 may perform the message processing method performed by the controller in the embodiment of the present application, and specific implementation may be seen in a method embodiment hereinafter, which is not described in detail herein.
Fig. 7 is a schematic diagram of still another communication network provided in the present application, as shown in fig. 7, the communication network may include a user equipment 1, a user side network equipment 1, a metropolitan area network 1, a user equipment 2, a user side network equipment 2, a metropolitan area network 2, a fabric (fabric) network, and a cloud resource pool. The fabric is a spine-leaf (leaf) network structure, and may include a plurality of spine nodes (e.g., spine node 1 and spine node 2 in fig. 7) and a plurality of leaf nodes (e.g., leaf node 1 and leaf node 2 in fig. 7). The user equipment 1 is connected with the user side network equipment 1, the user side network equipment 1 is connected with a broadband network gateway (broadband network gateway, BNG) 1 in the metropolitan area network 1, CR1 in the metropolitan area network 1 is connected with a ridge node 1 in a fabric network, the user equipment 2 is connected with the user side network equipment 2, the user side network equipment 2 is connected with BNG2 in the metropolitan area network 2, CR2 in the metropolitan area network 2 is connected with the ridge node 2 in the fabric network, and leaf nodes 1 and 2 in the fabric network are connected with a cloud resource pool. It should be understood that BNG1 in metro network 1 is in communication with CR1, BNG2 in metro network 2 is in communication with CR2, and spine and leaf nodes in fabric are in communication, as collectively described herein.
The implementation of the cloud resource pool in fig. 7 may refer to the related description of the cloud resource pool in fig. 6, which is not described herein. For example, as shown in fig. 7, the cloud resource pool may include at least one of a secure resource pool, an algorithm resource pool, a network resource pool, or a storage resource pool.
The implementation of the ue in fig. 7 may also refer to the description related to the implementation of the ue in fig. 6, and the implementation of the ue in fig. 7 may also refer to the description related to the implementation of the ue in fig. 6, which is not repeated herein.
As a possible implementation manner, the BNG1, CR1, BNG2, CR2, virtual router or virtual gateway in fig. 7, or a node in the cloud resource pool may perform the method for processing a message performed by the first node in the embodiment of the present application, and specific implementation of the method embodiment will be described below, which will not be described in detail herein.
As a possible implementation manner, with continued reference to fig. 7, the communication network may further include a cloud management platform, a large network controller, and a cloud resource controller, where the large network controller may be used to manage nodes such as the user side network device 1, the user side network device 2, the BNG1, the CR1, the BNG2, and the CR2, and the cloud resource controller may be used to manage virtual nodes in the cloud resource pool. Specific capabilities of the cloud management platform, the large-network controller, and the cloud resource controller may be referred to the foregoing related descriptions, and will not be described herein.
As a possible implementation manner, the ethernet controller or the cloud resource controller in fig. 7 may perform the message processing method performed by the controller in the embodiment of the present application, and specific implementation may be seen in a method embodiment hereinafter, which will not be described in detail herein.
The following describes a message processing method provided by an embodiment of the present application in connection with the communication systems shown in fig. 5 to 7. The terms and the like used in the embodiments of the present application are not limited to the above-described embodiments. The message name or the parameter name in the message in the embodiment of the present application is only an example, and other names may be used in the specific implementation without limitation.
Fig. 8 is a schematic flow chart of a message processing method according to an embodiment of the present application, as shown in fig. 8, the method may include the following steps S801 and S802.
S801, a first node receives a first IPv6 message, wherein the first IPv6 message comprises a first IPv6 extension header and a second IPv6 extension header. The first SID in the DA field of the first IPv6 packet is used to indicate to parse the second IPv6 extension header, where the first IPv6 extension header is SRH, and the first IPv6 extension header includes the first SID.
In the embodiment of the present application, the first node is a node on a SRv path of the first IPv6 packet, the first SID is a SID of the first node, and the first IPv6 extension header of the first IPv6 packet may include a SID of each node on a SRv path of the first IPv6 packet.
In the current relevant standard, the SID (including the first SID) of each node on the SRv path of the first IPv6 packet is used to guide the forwarding of the first IPv6 packet along the SRv path. In the embodiment of the application, the SID of the first node (i.e., the first SID) can not only guide the first node to forward the first IPv6 message, but also instruct the first node to parse the second IPv6 extension header in the first IPv6 message. That is, the present application defines a new function for the SID of the first node, expanding the value space of the SID.
In the embodiment of the present application, the type of the second IPv6 extension header is not limited in the present application, and the second IPv6 extension header may be any type of IPv6 extension header. As a specific implementation, the second IPv6 extension header may be DOH or HBH. It should be understood that with the development of IPv6 technology, the second IPv6 extension header may also be a new type of IPv6 extension header that appears in the future.
S802, the first node analyzes the second IPv6 expansion header according to the indication of the first SID.
After the first node receives the first IPv6 packet, the first SID in the DA field of the first IPv6 packet hits the local SID table of the first node, and then the first node may perform SRv forwarding according to the first SID.
In a specific implementation manner, the first node performing SRv forwarding according to the first SID specifically may include that the first node may copy a next SID of the first SID in the SRH of the first IPv6 packet to the DA field, so as to implement updating of the DA of the first IPv6 packet. And then, the first node can inquire the route information according to the updated DA and forward the updated first IPv6 message.
In the embodiment of the present application, the first SID may instruct the first node to parse the second IPv6 extension header, in addition to guiding SRv forwarding. In this case, after the first node updates the DA of the first IPv6 packet according to the first SID, the first node does not temporarily forward the updated DA first IPv6 packet, but analyzes the second IPv6 extension header according to the indication of the first SID.
In one possible implementation manner, after the first node parses the second IPv6 extension header, the first node may further perform service processing according to the information parsed by the second IPv6 extension header. And the first node forwards the first IPv6 message after updating the DA after finishing the service processing according to the information analyzed by the second IPv6 extension head.
It should be appreciated that in the conventional SRv scenario, the first SID is only used to direct the first node to SRv forward the first IPv6 message. If the first node wants to parse the second IPv6 extension header of the first IPv6 packet, the first node needs to additionally configure a corresponding service policy to implement the behavior. In the embodiment of the application, the first SID in the first IPv6 message not only can guide the message to be SRv for forwarding, but also can indicate to analyze the second IPv6 extension header in the first IPv6 message. Therefore, the first node can analyze the second IPv6 extension head without configuring the service policy, thereby simplifying the configuration of the first node and saving resources.
In a specific implementation manner, the controller may be configured to issue configuration information of the first SID to the first node, where the configuration information of the first SID may indicate that the first node parses the second IPv6 extension header in the packet when receiving the packet with the DA field being the first SID. Based on the configuration information of the first SID issued by the controller, the first node may execute the above packet processing method corresponding to fig. 8.
In a specific implementation manner, the second IPv6 extension header may include at least one of APN information, iFIT information, security resource information, computing resource information, service trusted information, or network slice information. As an example, the APN information may be an APN ID, the fit information may be a iFIT header, the security resource information may be an identifier of a security resource, the computing resource information may be an identifier of a computing resource, the service trusted information may be an identifier for performing service trusted authentication, and the network slice information may be a network slice identifier (slice ID).
In a specific implementation manner, at least one of the APN information, iFIT information, security resource information, computing power resource information, service trusted information, network slice information, and other information may be specifically carried in an option (option) field of the second IPv6 extension header.
In a specific implementation, an identifier may be included in an option field of the second IPv6 extension header, where the identifier may be associated with at least one of APN information, IFIT information, security resource information, computing resource information, service trusted information, or network slice information.
In a specific implementation, the first SID may specifically indicate parsing the option field in the second IPv6 extension header. Such implementation indicates finer granularity than indicating parsing of the second IPv6 extension header.
In a specific implementation, the first SID may specifically indicate the next processing behavior in addition to the information for parsing the second IPv6 extension header. For example, the first SID may also indicate that the first IPv6 message is to be processed according to information in an option field of the second IPv6 extension header.
In a specific implementation manner, the second IPv6 extension header of the first IPv6 packet includes APN information, where the APN information may indicate a user or an application to which the first IPv6 packet belongs, and the user or the application to which the first IPv6 packet belongs is related to a secure resource instance corresponding to the first IPv6 packet. Based on the above, after the first node analyzes the second IPv6 extension header, the first node may determine, according to the analyzed APN information, a secure resource instance corresponding to the first IPv6 packet. Further, the first node may process the first IPv6 packet by using a secure resource instance corresponding to the first IPv6 packet.
In a specific implementation manner, the second IPv6 extension header of the first IPv6 packet includes security resource information, where the security resource information may indicate a security resource instance corresponding to the first IPv6 packet. Based on the above, after the first node analyzes the second IPv6 extension header, the first node may determine, according to the analyzed security resource information, a security resource instance corresponding to the first IPv6 packet. Further, the first node may process the first IPv6 packet by using a secure resource instance corresponding to the first IPv6 packet.
In a specific implementation manner, the second IPv6 extension header of the first IPv6 packet includes computing power resource information, where the computing power resource information may indicate computing power resources corresponding to the first IPv6 packet. Based on the above, after the first node analyzes the second IPv6 extension header, the first node may determine, according to the analyzed computing power resource information, a computing power resource corresponding to the first IPv6 packet. Further, the first node may then process the first IPv6 message using the computational power resource corresponding to the first IPv6 message.
As an implementation manner, the message processing method corresponding to fig. 8 may be applied to the communication network shown in fig. 6 or fig. 7, and the first node may be a node in an edge cloud resource pool or a central cloud resource pool in fig. 6 or fig. 7.
For example, taking a Customer Premise Equipment (CPE) in the communication network shown in fig. 6 as an example, the edge cloud resource pool includes vwf and vIPS, fig. 9 shows a schematic diagram of a forwarding flow of a first IPv6 packet, where the first IPv6 packet is obtained by encapsulating SRv by the CPE 1a service packet from the customer premise equipment 1. The first IPv6 message is tunneled from CPE1 into SRv and subsequently tunneled from CPE2 out of SRv. As shown in fig. 9, the first IPv6 message generated by CPE1 may include an IPv6 base header, an SRH, a DOH, and a payload. The SRH may encapsulate the SID of the SRv node through which the first IPv6 packet passes, including, for example, an AR1 SID, a CR1 SID, a network PE1 SID, a vwf SID, vIPS SID, a CR2 SID, an AR2 SID, and a CPE2 SID. At least one of the above APN information, IFIT information, security resource information, computing resource information, service trusted information, or network slice information may be encapsulated in the DOH.
AR1, CR1, networks PE1, vFW, vIPS, CR, and AR2 may update DA in the IPv6 base header based on SID in SRH of the first IPv6 packet, and forward SRv the first IPv6 packet. For example, as shown in fig. 9, DA of the first IPv6 packet encapsulated by CPE1 is AR1 SID, and CPE1 forwards the first IPv6 packet to AR1 according to the DA field. The network PE1 may update the vwf SID in the SRH to the DA field, and forward the first IPv6 packet to the vwf according to the DA field. The forwarding behavior of other nodes is similar and will not be described in detail. Thus, the first IPv6 packet may sequentially pass through nodes such as AR1, CR1, and networks PE1, vFW, vIPS, CR, and AR2, and finally be forwarded to CPE2.
Further, in this example, vwf and vIPS may be the first node in S801 and S802 described above, and vwf and vIPS may process the first IPv6 message based on the information encapsulated in the DOH. In the embodiment of the present application, vwf SID and vIPSSID may be defined as capable of indicating to analyze DOH in the first IPv6 message, so that vwf and vIPS can directly analyze the first IPv6 message according to the indication of SID.
As another example, taking the customer premise equipment in the communication network shown in fig. 7 as CPE, the cloud resource pool includes VGW, vwf and vIPS as examples, fig. 10 shows a schematic diagram of another forwarding flow of a first IPv6 packet, where the first IPv6 packet is obtained by SRv encapsulation of a service packet from the customer premise equipment 1 by the CPE 1. The first IPv6 message is tunneled from CPE1 into SRv and subsequently tunneled from CPE2 out of SRv. As shown in fig. 10, the first IPv6 packet may include an IPv6 basic header, an SRH, a DOH, and a payload in sequence. The SRH may encapsulate the SID of the SRv node through which the first IPv6 packet passes, including, for example, a BNG1 SID, a CR1 SID, a VGW SID, a vwf SID, vIPS SID, a CR2 SID, a BNG2 SID, and a CPE2 SID. At least one of the above APN information, IFIT information, security resource information, computing resource information, service trusted information, or network slice information may be encapsulated in the DOH.
BNG1, CR1, VGW, vFW, vIPS, CR2 and BNG2 can update DA in IPv6 basic header based on SID in SRH of first IPv6 message, and forward SRv for first IPv6 message. For example, as shown in fig. 10, DA of the first IPv6 packet encapsulated by CPE1 is BNG1 SID, and CPE1 forwards the first IPv6 packet to BNG1 according to the DA field. VGW can update vFW SID in SRH to DA field, and then forward the first IPv6 message to vFW according to DA field. The forwarding behavior of other nodes is similar and will not be described in detail. Thus, the first IPv6 packet may sequentially pass through nodes such as BNG1, CR1, VGW, vFW, vIPS, CR, and BNG2, and finally be forwarded to CPE2.
Further, in this example, vwf and vIPS may be the first node in S801 and S802 described above, and vwf and vIPS may process the first IPv6 message based on the information encapsulated in the DOH. In the embodiment of the present application, vwf SID and vIPSSID may be defined as capable of indicating to analyze DOH in the first IPv6 message, so that vwf and vIPS can directly analyze the first IPv6 message according to the indication of SID.
In the SRv field, the node following the source node on the SRv6 path is referred to as an end node (endpoint), and SID (endpoint SID) of the end node indicates that the processing by the end node is referred to as end node behavior (endpoint behavior). The first node and the first node in the embodiment of the present application may be end nodes, and the behaviors indicated by the first SID and the first SID belong to the behaviors of the end nodes. Many end node behaviors, such as End、End.X、End.T、End.DX4、End.DX6、End.DT4、End.DT6、End.DX2、End.DX2V、End.DT2U、End.DT2M、End.B6、End.B6.Insert、End.B6.Insert.Red、End.B6.Encaps、End.B6.Encaps.Red, etc., are currently defined in the art, and reference may be made to descriptions in the relevant standards for the end node behaviors, and the present application will not be repeated.
In a specific implementation, the end node behavior indicated by the first SID in the embodiment of the method corresponding to fig. 8 described above may be extended based on the end node behavior already defined in the art. For example, the first SID may indicate End、End.X、End.T、End.DX4、End.DX6、End.DT4、End.DT6、End.DX2、End.DX2V、End.DT2U、End.DT2M、End.B6、End.B6.Insert、End.B6.Insert.Red、End.B6.Encaps or end.b6.encaps.red, etc. end node behavior, and may further indicate a second IPv6 extension header that parses the first IPv6 message.
As a possible implementation, the end node behavior of the first SID in S801 and S802 above may be as shown in table 1. It should be understood that the first SID is a SID of a new type defined by the present application, and the value (value) of the first SID may be different from the SID values already defined in the art.
TABLE 1
The end.Apn is extended based on the End behavior, and besides executing the End behavior, the APN information in the message is analyzed. Illustratively, the first node performing end. Apn behavior according to the indication of the first SID may include the first node copying a next SID of the first SID into a DA field of the first IPv6 message to update the DA of the first IPv6 message. And, the first node analyzes the APN information in the second IPv6 extension header in the first IPv6 message. And then, the first node forwards the updated first IPv6 message after DA. In this case, the service policy may be configured in the first node, so that the first node performs further service processing according to the parsed APN information.
The end.apn.security is extended based on the end.apn behavior, and security service processing is performed according to the analyzed APN information in addition to the END behavior and the analyzed APN information in the message. Illustratively, the first node performing end. Apn. Security behavior according to the indication of the first SID may include the first node copying a next SID of the first SID into a DA field of the first IPv6 message to update the DA of the first IPv6 message. And, the first node analyzes the APN information in the second IPv6 extension header in the first IPv6 message. Further, the first node may determine a secure resource instance corresponding to the first IPv6 packet according to the parsed APN information, and process the first IPv6 packet according to the secure resource instance. Finally, the first node forwards the updated first IPv6 message after DA.
In general, an IPv6 extension header carrying information related to a service in an IPv6 packet is encapsulated by a source node of the IPv6 packet. In some special scenarios, the forwarding node of the IPv6 packet may also newly encapsulate the IPv6 extension header in the IPv6 packet to carry additional information. At present, forwarding nodes of the IPv6 message encapsulate the IPv6 extension header in the IPv6 message, and all the forwarding nodes need to be configured with related service policies to realize the forwarding nodes. The embodiment of the application also provides another message processing method, which can ensure that the forwarding node of the IPv6 message encapsulates the IPv6 extension head according to the indication of the SID without configuring a service policy. A flow chart of such a message processing method may be shown in fig. 11, and referring to fig. 11, the method may include the following steps S1101 to S1103.
S1101, the first node receives a first IPv6 message, wherein the first IPv6 message comprises a first IPv6 extension header, and the first IPv6 extension header is SRH. The first SID in the DA field of the first IPv6 packet indicates that the second IPv6 extension header is encapsulated, the second IPv6 extension header does not belong to the SRH, and the first SID is included in the first IPv6 extension header.
In the embodiment of the present application, the first node is a node on a SRv path of the first IPv6 packet, the first SID is a SID of the first node, and the first IPv6 extension header of the first IPv6 packet may include a SID of each node on a SRv path of the first IPv6 packet.
In the current relevant standard, the SID of each node on the SRv path of the first IPv6 packet (including the first SID) is used to guide the forwarding of the first IPv6 packet along the SRv path. In the embodiment of the application, the SID of the first node (i.e., the first SID) can not only guide the first node to forward the first IPv6 message, but also instruct the first node to encapsulate the second IPv6 extension header in the first IPv6 message. That is, the present application defines a new function for the SID of the first node, expanding the value space of the SID.
S1102, the first node obtains a second IPv6 message for the first IPv6 message Wen Fengzhuang according to the indication of the first SID and the second IPv6 extension header. Wherein the second IPv6 extension header does not belong to SRH.
After the first node receives the first IPv6 packet, the first SID in the DA field of the first IPv6 packet hits the local SID table of the first node, and then the first node may perform SRv forwarding according to the first SID.
In a specific implementation manner, the first node performing SRv forwarding according to the first SID specifically may include that the first node may copy a next SID of the first SID in the SRH of the first IPv6 packet to the DA field, so as to implement updating of the DA of the first IPv6 packet. Furthermore, the first node may query the routing information according to the updated DA, and forward the updated first IPv6 packet.
In the embodiment of the present application, the first SID may instruct the first node to encapsulate the second IPv6 extension header, in addition to guiding SRv forwarding. In this case, after updating the DA of the first IPv6 packet according to the first SID, the first node does not temporarily forward the updated DA first IPv6 packet, but encapsulates the second IPv6 extension header according to the indication of the first SID. After the encapsulation of the second IPv6 extension header is completed, the first node forwards the updated first IPv6 message (i.e., the second IPv6 message).
In the embodiment of the present application, the type of the second IPv6 extension header is not limited in the present application, and the second IPv6 extension header may be any type of IPv6 extension header. As a specific implementation, the second IPv6 extension header may be DOH or HBH. It should be understood that with the development of IPv6 technology, the second IPv6 extension header may also be a new type of IPv6 extension header that appears in the future.
In a specific implementation manner, the second IPv6 extension header may include at least one of APN information, flow detection IFIT information, security resource information, computing power resource information, service trusted information, or network slice information.
In a specific implementation manner, at least one of the APN information, the flow detection IFIT information, the security resource information, the computing resource information, the service trusted information, or the network slice information may be specifically carried in an option field of the second IPv6 extension header.
In a specific implementation, the option field of the second IPv6 extension header includes an identifier, where the identifier is associated with at least one of APN information, flow detection IFIT information, security resource information, computing resource information, service trusted information, or network slice information.
In a specific implementation, the first SID belongs to a Binding SEGMENT IDENTIFIER (BSID), the first SID is associated with a SRv6 policy (policy), and SRv policy indicates at least one SID. In other words, in the case where the first SID is BSID, the first SID corresponds to at least one SID. In this case, the first node encapsulates at least one SID corresponding to the first SID in the first IPv6 packet, in addition to the second IPv6 extension header.
In a specific implementation manner, the first node is a second IPv6 extension header of the first IPv6 packet Wen Fengzhuang to obtain a second IPv6 packet, and specifically may include the first node being the second IPv6 extension header and a third IPv6 extension header of the first IPv6 packet Wen Fengzhuang to obtain the second IPv6 packet. The third IPv6 extension header is a newly encapsulated SRH, and the third IPv6 extension header may include at least one SID corresponding to the first SID.
The first SID in the DA field of the first IPv6 packet indicates that the second IPv6 extension header is encapsulated, which may specifically refer to that the first SID in the DA field in the first IPv6 basic header of the first IPv6 packet indicates that the second IPv6 extension header is encapsulated. In a specific implementation manner, the first node is a second IPv6 extension header of the first IPv6 packet Wen Fengzhuang to obtain a second IPv6 packet, and specifically may include the first node being a second IPv6 extension header, a third IPv6 extension header, and a second IPv6 basic header of the first IPv6 packet Wen Fengzhuang to obtain the second IPv6 packet. The first IPv6 extension header and the third IPv6 extension header may refer to the foregoing descriptions, and are not described herein. The second IPv6 base header is a newly encapsulated IPv6 base header, a value of an SA field in the second IPv6 base header is a first SID, and a value of a DA field in the second IPv6 base header is a first SID of at least one SID corresponding to the first SID.
In the case that the first node encapsulates the second IPv6 extension header and the third IPv6 extension header, both the second IPv6 extension header and the third IPv6 extension header may encapsulate an outer layer of the first IPv6 base header, and the second IPv6 extension header may be located between the third IPv6 extension header and the first IPv6 base header.
As a possible implementation manner, the third IPv6 extension header (i.e., the newly encapsulated SRH) may belong to a reduced SRH, where the first SID of the at least one SID corresponding to the first SID may not be included. It should be understood that the DA field of the second IPv6 base header (i.e., the newly encapsulated IPv6 base header) already carries the first SID of the at least one SID corresponding to the first SID, so that the third IPv6 extension header may not carry the SID, so as to shorten the message length and save communication resources.
In a specific implementation manner, the first node is a second IPv6 extension header of the first IPv6 message Wen Fengzhuang to obtain a second IPv6 message, and specifically may include the first node being the second IPv6 extension header of the first IPv6 message Wen Fengzhuang and updating the first IPv6 extension header to obtain the second IPv6 message. The updated first IPv6 extension header may further include a SID of the at least one SID corresponding to the first SID. In the updated first IPv6 extension header, at least one SID corresponding to the first SID may be immediately after the first SID. In this implementation manner, the first node may further update the DA field of the first IPv6 packet, where the value of the updated DA field is the first SID in the at least one SID corresponding to the first SID.
As a possible implementation manner, in an implementation manner that the first node is the second IPv6 extension header of the first IPv6 report Wen Fengzhuang and updates the first IPv6 extension header, the updated first IPv6 extension header may not include the first SID in the at least one SID corresponding to the first SID. It should be understood that the updated DA field of the first IPv6 packet already carries the first SID of the at least one SID corresponding to the first SID, so that the SID may not be added to the updated first IPv6 extension header, so as to shorten the packet length and save communication resources.
In a specific implementation, the first node may be a gateway node of the resource pool, and the at least one SID corresponding to the first SID may include a SID of at least one resource node in the resource pool, where the at least one SID may be used to instruct the second IPv6 packet to be forwarded to the at least one resource node. For example, the network PE1 in fig. 6 may be a gateway node of an edge cloud resource pool, the first node may be the network PE1 in fig. 6, and the at least one SID corresponding to the first SID may be a SID of at least one secure VM, a computing power VM, a network VM, or a storage VM in the edge cloud resource pool. Also for example, cloud PE1 in fig. 6 may be a gateway node of the central cloud resource pool, the first node may be cloud PE1 in fig. 6, and the at least one SID corresponding to the first SID may be a SID of the at least one VM in the central cloud resource pool. Also for example, a VGW may be included in the cloud resource pool in fig. 7, the first node may be the VGW, and the at least one SID corresponding to the first SID may be a SID of at least one secure VM, an computing VM, a network VM, or a storage VM in the cloud resource pool.
As an implementation manner, the above method for processing a message corresponding to fig. 11 may be applied to the communication network shown in fig. 6 or fig. 7, where the first node may be a network PE1 or a cloud PE1 in fig. 6, or the first node may be a virtual gateway or a virtual router in the cloud resource pool in fig. 7.
For example, taking a Customer Premise Equipment (CPE) in the communication network shown in fig. 6 as an example, the edge cloud resource pool includes vwf and vIPS, fig. 12 shows a schematic diagram of a forwarding flow of a first IPv6 packet, where the first IPv6 packet is obtained by encapsulating SRv by the CPE 1a service packet from the customer premise equipment 1. The first IPv6 message is tunneled from CPE1 into SRv and subsequently tunneled from CPE2 out of SRv. As shown in fig. 12, the first IPv6 packet generated by the CPE1 may include an IPv6 basic header, an SRH, and a payload in sequence, where the SRH may encapsulate the SID of the SRv node through which the first IPv6 packet passes, for example, including an AR1 SID, a CR1 SID, a network PE1 BSID, a CR 2SID, an AR2SID, and a CPE2 SID. Nodes such as AR1, CR1, networks PE1, CR2, and AR2 may update DA in the IPv6 basic header based on SID in SRH of the first IPv6 packet, and forward the first IPv6 packet at SRv. Thus, the first IPv6 packet may sequentially pass through nodes such as AR1, CR1, network PE1, CR2, and AR2, and finally be forwarded to CPE2.
Further, in this example, the mesh PE1 BSID may also be used to stream the first IPv6 message to vwf and vIPS in the edge cloud resource pool, the BSID of mesh PE1 corresponding to vwf SID and vIPSSID. Thus, the network PE1 may forward the first IPv6 message to vwf and vIPS before forwarding to CR2. In this example, the network PE1 may be the first node in the above embodiment, and the network PE1 may execute the packet processing methods of S1101 to S1103.
For example, referring to fig. 12, after the network PE1 receives the first IPv6 packet, the vFW SID and vIPSSID corresponding to the BSID of the network PE1 may be encapsulated in the first IPv6 packet to obtain the second IPv6 packet. Further, the network PE1 may forward the second IPv6 message to vwf and vIPS.
As an implementation manner, as shown in fig. 12, the network PE1 may encapsulate a new IPv6 basic header and an SRH for the first IPv6 packet, where the newly encapsulated SRH includes vwf SID and vIPSSID, and the SA field of the newly encapsulated IPv6 basic header is the network PE1 BSID and the DA field is the vwf SID. In such an implementation, the newly encapsulated SRH of the network PE1 may be a reduced SRH, which may not include the SID of the vwf.
As another implementation, as shown in fig. 12, the network PE1 may add vww SIDs and vIPSSID between the network PE1BSID and the CR2 SID in the SRH. And, the network PE1 may update the value of the DA field in the IPv6 base header to vwf SID. In this implementation, the SID newly added by network PE1 in SRH may not include the vwf SID.
In addition, the network PE1 BSID may also indicate encapsulation DOH, so that the network PE1 may also encapsulate DOH in the received first IPv6 message. As shown in fig. 12, in the case where the network PE1 newly encapsulates the IPv6 base header and the SRH, the location of the DOH may be between the newly encapsulated SRH and the original IPv6 base header. In the case where network PE1 adds vwf SIDs and vIPSSID to the SRH, the location of the DOH may be between the SRH and the payload.
As another example, taking the customer premise equipment in the communication network shown in fig. 7 as CPE, the cloud resource pool includes VGW, vwf and vIPS as examples, fig. 13 shows a schematic diagram of another forwarding flow of a first IPv6 packet, where the first IPv6 packet may be obtained by SRv encapsulation of a service packet from the customer premise equipment 1 by the CPE 1. The first IPv6 message is tunneled from CPE1 into SRv and subsequently tunneled from CPE2 out of SRv. As shown in fig. 13, the first IPv6 packet may sequentially include an IPv6 basic header, an SRH, and a payload, where the SRH may encapsulate the SID of the SRv node through which the first IPv6 packet passes, for example, the SID may include a BNG1 SID, a CR1 SID, a VGW BSID, a CR2 SID, a BNG2 SID, and a CPE2 SID. BNG1, CR1, VGW, CR2 and BNG2 can update DA in IPv6 basic header based on SID in SRH of first IPv6 message, and forward first IPv6 message SRv. Thus, the first IPv6 packet may sequentially pass through nodes such as BNG1, CR1, VGW, CR2, and BNG2, and finally be forwarded to CPE2.
Further, in this example, VGW BSID may be used to stream the first IPv6 message to vwf and vcps in the cloud resource pool, VGW BSID corresponding to vwf SID and vIPSSID. Thus, VGW may forward the first IPv6 message to vwf and vIPS before forwarding to CR2. In this example, VGW may be the first node in the above embodiment, and VGW may perform the message processing methods of S1101 to S1103.
For example, referring to fig. 13, after the VGW receives the first IPv6 packet, vwf SID and vIPSSID corresponding to the BSID of the VGW may be encapsulated in the first IPv6 packet to obtain the second IPv6 packet. Further, VGW may forward the second IPv6 message to vwf and vIPS.
As an implementation, as shown in fig. 13, the VGW may encapsulate the new IPv6 base header and the SRH, where the newly encapsulated SRH includes vwf SID and vIPSSID, the SA field of the newly encapsulated IPv6 base header is VGW BSID, and the DA field is vwf SID. In such an implementation, the newly packaged SRH of the VGW may be a reduced SRH, which may not include the vwf SID.
As another implementation, as shown in fig. 13, VGW may add vww SID and vIPSSID between VGW BSID and CR2 SID in SRH. And, VGW may update the value of DA field in the IPv6 base header to vwf SID. In such an implementation, the newly added SID of the VGW in the SRH may also not include the vwf SID.
In addition, the BSID of the VGW may further indicate encapsulation DOH, so that the VGW may further encapsulate DOH in the received first IPv6 message. As shown in fig. 13, in case of VGW newly encapsulating the IPv6 base header and the SRH, the location of the DOH may be between the newly encapsulated SRH and the original IPv6 base header. In the case where VGW adds vwf SIDs and vIPSSID in the SRH, the location of the DOH may be between the SRH and the payload.
In a specific implementation, the controller may issue configuration information of the first SID and information to be encapsulated in the second IPv6 extension header to the first node.
S1103, the first node forwards the second IPv6 message.
The first node can obtain the second IPv6 message after the second IPv6 extension head is packaged and DA is updated. And then, the first node can query the routing information according to the DA field value of the second IPv6 message, and further forward the second IPv6 message.
Based on the above-described message processing methods in S1101 to S1103, the SID (first SID) of the first node may indicate that the second IPv6 extension header is encapsulated in the first IPv6 message, and the relevant service policy need not be configured to implement the method.
In a specific implementation, the end node behavior indicated by the first SID in the embodiment of the method corresponding to fig. 11 may also be extended based on the end node behavior defined in the art. For example, the first SID may indicate end node behavior of End、End.X、End.T、End.DX4、End.DX6、End.DT4、End.DT6、End.DX2、End.DX2V、End.DT2U、End.DT2M、End.B6、End.B6.Insert、End.B6.Insert.Red、End.B6.Encaps or end.b6.encaps.red, etc., and may further indicate that the second IPv6 extension header is encapsulated in the first IPv6 message. As a possible implementation, the end node behavior of the first SID in S1101 to S1103 described above may be as shown in table 2. It should be understood that the first SID is a defined new type of SID, and the value of the first SID may be different from the SID values already defined in the art.
TABLE 2
Wherein the end.b6.encaps. APN is extended based on the end.b6.encaps behavior, and the APN information is encapsulated in addition to the end.b6.encaps behavior. Illustratively, the first node performing end.B6.Encaps.APN behavior according to the indication of the first SID may include the first node encapsulating a new IPv6 basic header (e.g., the second IPv6 basic header described above) and a new SRH (e.g., the third IPv6 extension header described above) at an outer layer of the first IPv6 message, the newly encapsulated SRH including at least one SID corresponding to the first SID, and DA of the newly encapsulated IPv6 basic header being the first SID of the at least one SID corresponding to the first SID. In addition, the first node may also newly encapsulate the second IPv6 extension header to carry APN information. The first node may then forward the encapsulated second IPv6 extension header.
The end.b6.encaps.red.apn behavior is similar to the end.b6.encaps.apn behavior, except that the end.b6.encaps.red.apn behavior encapsulates a reduced SRH. For example, the SRH newly encapsulated by the first node at the outer layer of the first IPv6 packet is a reduced SRH, where the first SID of the at least one SID corresponding to the first SID is not included.
The end.b6.insert.apn is extended on the basis of the end.b6.insert behavior, and APN information is encapsulated in addition to the end.b6.insert behavior. Illustratively, the first node executing the end.b6.insert.apn behavior according to the indication of the first SID may include the first node inserting at least one SID corresponding to the first SID into an SRH of the first IPv6 packet (i.e., the first IPv6 extension header of the first IPv6 packet described above). And, the first node may also newly encapsulate the second IPv6 extension header to carry APN information. The first node may then forward the encapsulated second IPv6 extension header.
End.b6.insert.red.apn behavior is similar to end.b6.insert.apn behavior, except that the SID inserted in the SRH by end.b6.insert.red.apn behavior may not include the first SID of the at least one SID corresponding to the first SID.
It should be understood that the end node behavior of the first SID shown in tables 1 and2 in the embodiments of the present application is only an example and is not meant to limit the present application.
As one possible implementation, in the field of multiprotocol label switching (multi-protocol label switching, MPLS), labels may also be used to instruct nodes to process MPLS extension headers, the principle of which is similar to the first SID indication parsing or encapsulating IPv6 extension header in the SRv scenario above. For example, the application also provides an MPLS message processing method, which comprises the steps that a first node receives a first MPLS message, the first MPLS message comprises an MPLS label stack and a first MPLS extension header, a first MPLS label at the top of the MPLS label stack indicates to process the first MPLS extension header, and the first MPLS label is an MPLS label of the first node. Then, the first node may parse the first MPLS extension header in the first MPLS packet according to the indication of the first MPLS label.
As one possible implementation, the controller may issue configuration information of the first MPLS label to the first node. The configuration information of the first MPLS label may indicate that, when the first node receives a packet with a stack top label being the first MPLS label, the first MPLS extension header in the packet is parsed.
The embodiment of the application also provides a communication device which is used for realizing the various methods. The communication device may also be the first node in the above-mentioned method embodiment, or a device comprising the first node, or a component usable with the first node. Or the communication device may also be the controller in the above method embodiment, or a device comprising the controller, or a component usable with the controller. It will be appreciated that the communication device, in order to achieve the above-described functions, comprises corresponding hardware structures and/or software modules performing the respective functions. Those of skill in the art will readily appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is implemented as hardware or computer software driven hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The embodiment of the application can divide the functional modules of the communication device according to the above method embodiment, for example, each functional module can be divided corresponding to each function, or two or more functions can be integrated into one processing module. The integrated modules may be implemented in hardware or in software functional modules. It should be noted that, in the embodiment of the present application, the division of the modules is schematic, which is merely a logic function division, and other division manners may be implemented in actual implementation.
Fig. 14 shows a schematic structural diagram of a communication device provided by the present application, and referring to fig. 14, the communication device 140 may include a receiving unit 1401 and an analyzing unit 1402. The communication means 140 may be adapted to implement the functions performed by the first node described above. Wherein the receiving unit 1401 is operable to support the apparatus to perform step S801 in the above-described method embodiment. The parsing unit 1402 may be configured to support the apparatus to perform step S802 in the method embodiment described above. All relevant contents of each step related to the above method embodiment may be cited to the functional descriptions of the corresponding functional modules, and the embodiments of the present application are not described herein.
Fig. 15 shows a schematic structural diagram of another communication device provided by the present application, and referring to fig. 15, a communication device 150 may include a receiving unit 1501, a packaging unit 1502, and a transmitting unit 1503. The communication means 150 may be arranged to implement the functions performed by the second node described above. Wherein the receiving unit 1501 may be adapted to support the apparatus to perform step S1101 in the above-described method embodiment. The encapsulation unit 1502 may be configured to support the apparatus to perform step S1102 in the method embodiment described above. The transmitting unit 1503 may be configured to support the apparatus to perform step S1103 in the above-described method embodiment. All relevant contents of each step related to the above method embodiment may be cited to the functional descriptions of the corresponding functional modules, and the embodiments of the present application are not described herein.
The receiving unit 1401 may be a receiver of the communication device 140, and the parsing unit 1402 may be a processor of the communication device 140 based on a hardware implementation. The receiving unit 1501 may be a receiver of the communication apparatus 150, the packaging unit 1502 may be a processor of the communication apparatus 150, and the transmitting unit 1503 may be a transmitter of the communication apparatus 150. Where the transmitter may be integrated with the receiver generally to function as a transceiver, the particular transceiver may also be referred to as a communication interface or interface circuit.
It should be understood that the division of the modules in the embodiment of the present application is illustrative, and is merely a logic function division, and other division manners may be implemented in practice. For example, two or more functions may be integrated in one processing module. In addition, the integrated modules may be implemented in hardware or in software functional modules, which is not limited in this aspect of the application.
In the present embodiment, the communication device 140 and the communication device 150 are presented in a form of dividing the respective functional modules in an integrated manner. A "module" herein may refer to a particular ASIC, an electronic circuit, a processor and memory that execute one or more software or firmware programs, an integrated logic circuit, and/or other device that can provide the described functionality. In a simple embodiment, one skilled in the art will appreciate that the communication device 140 and the communication device 150 may take the form of the communication device 160 shown in fig. 16.
Fig. 16 is a schematic structural diagram of still another communication device according to an embodiment of the present application, as shown in fig. 16, the communication device 160 includes one or more processors 1601, a communication line 1602, and at least one communication interface (fig. 16 is merely exemplary and includes a communication interface 1603 and a processor 1601 is illustrated as an example). Optionally, a memory 1604 may also be included. The processor 1601 may be a CPU, microprocessor, ASIC, or one or more integrated circuits for controlling the execution of the program of the present application. The communication line 1602 may include a pathway for communication between different components. The communication interface 1603 may be a transceiver module for communicating with other devices or communication networks, such as ethernet, RAN, wireless local area network (wireless local area networks, WLAN), etc. For example, the transceiver module may be a device such as a transceiver, or the like. Optionally, the communication interface 1603 may also be a transceiver circuit located in the processor 1601, for implementing signal input and signal output of the processor. The memory 1604 may be a device having a memory function. for example, a read-only memory (ROM) or other type of static storage device that can store static information and instructions, a random access memory (random access memory, RAM) or other type of dynamic storage device that can store information and instructions, an electrically erasable programmable read-only memory (ELECTRICALLY ERASABLE PROGRAMMABLE READ-only memory, EEPROM), a compact disc read-only memory (compact disc read-only memory, CD-ROM) or other optical disk storage, optical disk storage (including, but not limited to, compact disk, laser disk, optical disk, digital versatile disk, blu-ray disk, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium capable of carrying or storing desired program code in the form of instructions or data structures and capable of being accessed by a computer. The memory may be separate and coupled to the processor via communication line 1602. The memory may also be integrated with the processor. The memory 1604 is used for storing computer-executable instructions for performing aspects of the present application, and is controlled by the processor 1601 for execution. The processor 1601 is configured to execute computer-executable instructions stored in the memory 1604, thereby implementing a method for processing a message provided in an embodiment of the present application. Or the processor 1601 performs a function related to processing in a packet processing method provided in the following embodiment of the present application, where the communication interface 1603 is responsible for communicating with other devices or communication networks, and the embodiment of the present application is not limited in detail. Computer-executable instructions in embodiments of the application may also be referred to as application code, and embodiments of the application are not limited in this regard. As one example, processor 1601 may include one or more CPUs, such as CPU0 and CPU1 in fig. 16.
As one example, communication device 160 may include multiple processors, such as processor 1601 and processor 1607 in fig. 16. Each of these processors may be a single-core processor, or may be a multi-core processor. Processors herein may include, but are not limited to, at least one of a central processing unit (central processing unit, CPU), microprocessor, digital signal processor (DIGITAL SIGNAL processor, DSP), microcontroller (microcontroller unit, MCU), or artificial intelligence processor, each of which may include one or more cores for executing software instructions to perform operations or processes.
As one example, communications apparatus 160 may also include an output device 1605 and an input device 1606. The output device 1605 communicates with the processor 1601 and may display information in a variety of ways. For example, the output device 1605 may be a Liquid Crystal Display (LCD) CRYSTAL DISPLAY, a Light Emitting Diode (LED) display device, a Cathode Ray Tube (CRT) display device, or a projector (projector), or the like. The input device 1606 is in communication with the processor 1601 and may receive user input in a variety of ways. For example, the input device 1606 may be a mouse, keyboard, touch screen device, or sensing device, among others.
The communication apparatus 160 may also be referred to as a communication device, and may be a general-purpose device or a special-purpose device. For example, the communication device 160 may be a controller in a network or an apparatus having a similar structure as in fig. 16. Embodiments of the present application are not limited in the type of communication device 160.
The processor 1601 in the communication device 160 shown in fig. 16 may cause the communication device 160 to execute the message processing method in the above-described method embodiment by calling a computer-executable instruction stored in the memory 1604. Since the communication device 160 provided in this embodiment can execute the above-mentioned message processing method, the technical effects obtained by the method can be referred to the above-mentioned method embodiment, and will not be described herein.
In various embodiments of the present application, the sequence number of each process does not mean the sequence of execution, and the execution sequence of each process should be determined by its functions and internal logic, and should not constitute any limitation on the implementation process of the embodiments of the present application. Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application. It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein. In the several embodiments provided by the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the above-described device embodiments are merely illustrative, e.g., the division of the elements is merely a logical functional division, and there may be additional divisions when actually implemented, e.g., multiple elements or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interface, indirect coupling or communication connection of devices or units, electrical, mechanical, or other form. The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment. In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented using a software program, it may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the processes or functions described in accordance with embodiments of the present application are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by a wired (e.g., coaxial cable, fiber optic, digital subscriber line (digital subscriber line, DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device including one or more servers, data centers, etc. that can be integrated with the medium. The usable medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a magnetic tape), an optical medium (e.g., a digital video disc (DIGITAL VERSATILEDISC, DVD)), or a semiconductor medium (e.g., a Solid State Drive (SSD)), or the like.
As used herein, the terms "component," "module," "system" and the like are intended to refer to a computer-related entity, either hardware, firmware, a combination of hardware and software, or software in execution. For example, a component may be, but is not limited to being, a process running on a processor, an object, an executable, a thread of execution, a program, and/or a computer. By way of example, both an application running on a computing device and the computing device can be a component. One or more components may reside within a process and/or thread of execution and a component may be localized on one computer and/or distributed between two or more computers. Furthermore, these components can execute from various computer readable media having various data structures thereon. The components may communicate by way of local and/or remote processes such as in accordance with a signal having one or more data packets (e.g., data from one component interacting with another component in a local system, distributed system, and/or across a network such as the internet with other systems by way of the signal). The present application may take form in various aspects, embodiments or features around a system that may include a plurality of devices, components, modules, etc. It is to be understood and appreciated that the various systems may include additional devices, components, modules, etc. and/or may not include all of the devices, components, modules etc. discussed in connection with the figures. Furthermore, combinations of these schemes may also be used.
In addition, in the embodiments of the present application, the term "exemplary" is used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, the term use of an example is intended to present concepts in a concrete fashion. In the embodiment of the present application, information, signals, messages, channels may be mixed in some cases, and it should be noted that the meaning of the expression is consistent when the distinction is not emphasized. "of", "corresponding (corresponding, relevant)" and "corresponding (corresponding)" are sometimes used in combination, and it should be noted that the meaning of the expression is consistent when the distinction is not emphasized. "System" and "network" are sometimes used interchangeably, and are intended to be synonymous when de-emphasizing their distinction, e.g., "communication network" refers to "communication system". The network architecture and the service scenario described in the embodiments of the present application are for more clearly describing the technical solution of the embodiments of the present application, and do not constitute a limitation on the technical solution provided by the embodiments of the present application, and those skilled in the art can know that, with the evolution of the network architecture and the appearance of the new service scenario, the technical solution provided by the embodiments of the present application is applicable to similar technical problems.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (18)
1. A method for processing a message, the method comprising:
A first node receives a first internet protocol version IPv6 message, wherein the first IPv6 message comprises a first IPv6 expansion header and a second IPv6 expansion header, and the first IPv6 expansion header is a segmented routing header SRH;
And analyzing the second IPv6 expansion header based on the indication of the first segment identification SID in the DA field of the destination address in the first IPv6 message, wherein the first node analyzes the second IPv6 expansion header, and the first IPv6 expansion header comprises the first SID.
2. The method of claim 1, wherein the second IPv6 extension header is a destination header DOH or a hop-by-hop header HBH.
3. The method according to claim 1 or 2, wherein the second IPv6 extension header includes at least one of application aware network APN information, flow detection IFIT information, security resource information, computational resource information, traffic trusted information, or network slice information.
4. The method according to claim 1 or 2, wherein an identifier is included in the option field of the second IPv6 extension header, the identifier being associated with at least one of APN information, IFIT information, security resource information, computational resource information, traffic trusted information, or network slice information.
5. The method of any of claims 1-4, wherein the second IPv6 extension header includes APN information, the APN information being used to indicate a user or an application to which the first IPv6 message belongs, and the first node parsing the second IPv6 extension header includes:
The first node analyzes the second IPv6 extension header to obtain the APN information;
the first node determines a secure resource instance corresponding to the first IPv6 message according to the APN information;
and the first node processes the first IPv6 message by using the secure resource instance corresponding to the first IPv6 message.
6. The method of any of claims 1-4, wherein the second IPv6 extension header includes security resource information, the security resource information being used to indicate a security resource instance corresponding to the first IPv6 message, and the first node parsing the second IPv6 extension header, including:
The first node analyzes the second IPv6 extension header to obtain the safety resource information;
The first node determines a secure resource instance corresponding to the first IPv6 message according to the secure resource information;
and the first node processes the first IPv6 message by using the secure resource instance corresponding to the first IPv6 message.
7. The method of any of claims 1-4, wherein the second IPv6 extension header includes computing power resource information, the computing power resource information being used to indicate a computing power resource instance corresponding to the first IPv6 message, and the first node parsing the second IPv6 extension header, including:
The first node analyzes the second IPv6 extension header to obtain the computing power resource information;
The first node determines an computing power resource instance corresponding to the first IPv6 message according to the computing power resource information;
and the first node processes the first IPv6 message by using the computing power resource instance corresponding to the first IPv6 message.
8. A method for processing a message, the method comprising:
a first node receives a first internet protocol version IPv6 message, wherein the first IPv6 message comprises a first IPv6 extension header, and the first IPv6 extension header is a segmented routing header SRH;
Based on a first segment identification SID in a destination address DA field of the first IPv6 message, indicating and packaging a second IPv6 extension header, wherein the first node packages the second IPv6 extension header for the first IPv6 message to obtain a second IPv6 message, and the first IPv6 extension header comprises the first SID, and the second IPv6 extension header does not belong to SRH;
The first node forwards the second IPv6 message.
9. The method of claim 8, wherein the second IPv6 extension header is a destination header DOH or a hop-by-hop header HBH.
10. The method according to claim 8 or 9, wherein the second IPv6 extension header includes at least one of application aware network APN information, flow detection IFIT information, security resource information, computational resource information, traffic trusted information, or network slice information.
11. The method according to claim 8 or 9, wherein an identification is included in the option field of the second IPv6 extension header, the identification being associated with at least one of APN information, IFIT information, security resource information, computational resource information, traffic trusted information, or network slice information.
12. The method according to any of claims 8-11, wherein the first SID identifies a BSID for a binding segment, and wherein the SRH of the second IPv6 message includes at least one SID corresponding to the BSID.
13. The method of claim 12, wherein the first node encapsulates the second IPv6 extension header for the first IPv6 message to obtain a second IPv6 message, comprising:
The first node encapsulates the second IPv6 extension header and a third IPv6 extension header for the first IPv6 message to obtain a second IPv6 message, wherein the third IPv6 extension header is SRH, and the third IPv6 extension header comprises the at least one SID.
14. The method of claim 12, wherein the first node encapsulates the second IPv6 extension header for the first IPv6 message to obtain a second IPv6 message, comprising:
the first node encapsulates the second IPv6 extension header for the first IPv6 message and updates the first IPv6 extension header, wherein the updated first IPv6 extension header comprises the at least one SID.
15. The method according to any of claims 12-14, wherein the first node is a gateway node of a resource pool, the at least one SID comprising a SID of at least one resource node in the resource pool, the at least one SID being used to indicate that the second IPv6 message is forwarded to the at least one resource node.
16. A communication device, comprising a processor and a memory;
the memory is configured to store program instructions that, when executed by the processor, cause the communication device to perform the method of any of claims 1-7 or 8-15.
17. A computer readable storage medium comprising instructions which, when run on a computer, cause the computer to perform the method of any of claims 1-7 or 8-15.
18. A computer program product comprising computer instructions which, when run on a processor, cause the processor to perform the method of any of claims 1-7 or 8-15.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410565008.6A CN120881165A (en) | 2024-04-30 | 2024-04-30 | Message processing method, communication system and device |
| PCT/CN2025/091584 WO2025228309A1 (en) | 2024-04-30 | 2025-04-27 | Packet processing method and apparatus, and communication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410565008.6A CN120881165A (en) | 2024-04-30 | 2024-04-30 | Message processing method, communication system and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN120881165A true CN120881165A (en) | 2025-10-31 |
Family
ID=97451010
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410565008.6A Pending CN120881165A (en) | 2024-04-30 | 2024-04-30 | Message processing method, communication system and device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN120881165A (en) |
| WO (1) | WO2025228309A1 (en) |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP4239973A4 (en) * | 2020-11-27 | 2024-01-17 | Huawei Technologies Co., Ltd. | Packet sending method, device, and system |
| CN115242699A (en) * | 2021-04-22 | 2022-10-25 | 华为技术有限公司 | Message transmission method, slice generation method, device and system |
| CN115277525A (en) * | 2021-04-29 | 2022-11-01 | 华为技术有限公司 | Method, device, system and storage medium for processing message |
| CN117792999A (en) * | 2022-09-29 | 2024-03-29 | 华为技术有限公司 | A message processing method, information processing method and device |
| CN117118886A (en) * | 2023-08-24 | 2023-11-24 | 亚信科技(中国)有限公司 | Message forwarding method, head-end equipment, controller, equipment and storage medium |
-
2024
- 2024-04-30 CN CN202410565008.6A patent/CN120881165A/en active Pending
-
2025
- 2025-04-27 WO PCT/CN2025/091584 patent/WO2025228309A1/en active Pending
Also Published As
| Publication number | Publication date |
|---|---|
| WO2025228309A1 (en) | 2025-11-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11625154B2 (en) | Stage upgrade of image versions on devices in a cluster | |
| CN113472650B (en) | Message processing method, device, system and storage medium | |
| US10659355B2 (en) | Encapsulating data packets using an adaptive tunnelling protocol | |
| US11658912B2 (en) | Mechanism to coordinate end to end quality of service between network nodes and service provider core | |
| US12199794B2 (en) | Packet sending method, apparatus, and system | |
| US9178828B2 (en) | Architecture for agentless service insertion | |
| CN113852550B (en) | Method, device, network equipment, system and storage medium for sending message | |
| US20180375764A1 (en) | Providing Network Efficiencies in Forwarding Packets Among Provider Networks and Applying Segment Routing Policies | |
| EP4311367B1 (en) | Session management in a forwarding plane | |
| EP4037265A1 (en) | Packet forwarding method, apparatus, storage medium, and system | |
| US20240106748A1 (en) | Packet processing method, apparatus, and system | |
| WO2022222750A1 (en) | Packet forwarding method and apparatus, network device, and storage medium | |
| US9503278B2 (en) | Reflective relay processing on logical ports for channelized links in edge virtual bridging systems | |
| CN115225545B (en) | A message transmission method and device | |
| CN115150308B (en) | Flow statistics method and device | |
| CN109756409B (en) | Bridge forwarding method | |
| EP3913865B1 (en) | Message decapsulation method and device, message encapsulation method and device, electronic device, and storage medium | |
| CN120881165A (en) | Message processing method, communication system and device | |
| CN108989311A (en) | Generate the method and apparatus of input parameter | |
| CN117527693A (en) | Message forwarding method, equipment, system and storage medium | |
| CN117097818A (en) | A message processing method and related equipment | |
| CN115412618A (en) | Communication method, communication system and provider edge router | |
| KR101707073B1 (en) | Error detection network system based on sdn | |
| CN109218214A (en) | Carrier-class universal flow compression method and device | |
| WO2024007640A1 (en) | Data transmission method, data processing method, electronic device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication |