[go: up one dir, main page]

WO2017133647A1 - Procédé de traitement de paquets, classificateur de trafic et instance de fonction de services - Google Patents

Procédé de traitement de paquets, classificateur de trafic et instance de fonction de services Download PDF

Info

Publication number
WO2017133647A1
WO2017133647A1 PCT/CN2017/072783 CN2017072783W WO2017133647A1 WO 2017133647 A1 WO2017133647 A1 WO 2017133647A1 CN 2017072783 W CN2017072783 W CN 2017072783W WO 2017133647 A1 WO2017133647 A1 WO 2017133647A1
Authority
WO
WIPO (PCT)
Prior art keywords
service function
service
flow
identifier
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2017/072783
Other languages
English (en)
Chinese (zh)
Inventor
梁乾灯
黄世碧
徐小虎
尤建洁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of WO2017133647A1 publication Critical patent/WO2017133647A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/12Avoiding congestion; Recovering from congestion
    • H04L47/125Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering

Definitions

  • the invention relates to the field of communication technology. More specifically, it relates to a message processing method, a stream classifier, and a service function instance.
  • SFC Service Function Chaining
  • one service function in a service function chain may correspond to multiple service function instances.
  • the multiple service function instances are capable of load balancing traffic.
  • the service function of the firewall it may correspond to three service function instances of firewall 1, firewall 2 and firewall 3.
  • the forwarding device uses only the fields in the packet (for example, a quintuple) to distinguish different sessions, thereby implementing load balancing on traffic.
  • the forwarding device only uses the fields in the packet to identify and process the packet, which is not flexible enough.
  • the embodiment of the present invention provides a packet processing method, a traffic classifier, and a service function instance, so as to solve the problem that the forwarding device does not process the packet flexibly in the prior art.
  • the embodiment of the present application provides the following technical solutions:
  • a first aspect of the embodiments of the present application discloses a packet processing method, where the method is performed by a flow classifier, and the method includes:
  • the service function includes a service index, a service function path identifier corresponding to the service function chain, a network address of multiple service function instances corresponding to the first service function of the service function chain, and a tunnel of the multiple service function instances.
  • the information, or the information of the service function chain includes a service index, a service function path identifier corresponding to the service function chain, and a network of multiple service function instances corresponding to the next service function of the first service function of the service function chain.
  • An address, and the tunnel information of the multiple service function instances, where the service index is a lifetime value of the service function chain, where the lifetime time value is equal to the number of service functions included in the service function chain;
  • the first packet is encapsulated into a second packet, where the second packet includes a service header and a tunnel header, and the service header includes the service function path identifier, the identifier of the stream, and a first value.
  • the first value is equal to the service index minus 1.
  • the tunnel header is generated based on the tunnel information, where the tunnel header includes a network address of a first service function instance, and the first service function instance is the An example of a service function of the plurality of service function instances, where a network address of the first service function instance is identified by the service function path, and the identifier of the flow and the first value are determined;
  • the flow classifier is a network device capable of communicating with one of the plurality of service function instances corresponding to the first service function in the service function chain, or the flow classifier is the service The first business function of the function chain.
  • the method before the receiving the flow table sent by the network control device, the method further includes:
  • the identifier of the flow and the first value determine a network address of the first service function instance, where:
  • the flow classifier searches for, in the flow distribution publication, an entry matching the service function path identifier and the first value in the flow distribution publication by using the service function path identifier and the first value as a search key, the flow score
  • the entry in the publication that matches the service function path identifier and the first value includes the first service function and a network address of multiple service function instances corresponding to the first service function, or the flow distribution is published.
  • the entry that matches the service function path identifier and the first value includes a network address of the next service function and multiple service function instances corresponding to the next service function;
  • the service header is an NSH network service header
  • the location of the identifier of the flow in the service header includes:
  • the service header When the value of the MD-type field in the service header is equal to 0x2, the service header includes a TLV-Class, and the TLV-Class includes a Type Code and an identifier of the stream, where the Type Code is used to indicate the The TLV-Class carries the identifier of the stream;
  • the Mandatory Context Header in the service header carries the identifier of the flow.
  • the second aspect of the embodiment of the present application discloses a flow classifier, which is a network device capable of communicating with one of a plurality of service function instances corresponding to the first service function in the service function chain, Or the flow classifier is the first service function of the service function chain, and the flow classifier includes:
  • a receiving unit configured to receive a flow table sent by the network control device, and obtain a first packet, where the flow table includes a rule of the flow, information of the service function chain to which the flow is bound, and the network control device
  • the assigned label of the stream The information of the service function chain includes a service index, a service function path identifier corresponding to the service function chain, a network address of multiple service function instances corresponding to the first service function of the service function chain, and the multiple
  • the tunnel information of the service function instance, or the information of the service function chain includes a service index, a service function path identifier corresponding to the service function chain, and a next service function corresponding to the first service function of the service function chain.
  • a processing unit configured to determine that the first packet obtained by the receiving unit matches the flow table, and encapsulate the first packet into a second packet, where the second packet includes a service header and a tunnel header
  • the service header includes the service function path identifier, the identifier of the flow, and a first value, where the first value is equal to the service index minus 1, and the tunnel header is generated based on the tunnel information.
  • the network header includes a network address of the first service function instance, where the first service function instance is one of the multiple service function instances, and the network address of the first service function instance is used by the service a function path identifier, the identifier of the stream and the first value determination;
  • a sending unit configured to send the second packet to the first service function instance determined by the processing unit.
  • the processing unit is further configured to:
  • the response includes an identifier of the flow, and the identifier of the flow is different from the information of the flow.
  • the network address of the first service function instance is identified by the service function path, and the identifier of the stream and the processing determined by the first value are Units, including:
  • the processing unit is configured to: in the flow distribution publication, look up an entry matching the service function path identifier and the first value by using the service function path identifier and the first value as a search key,
  • the entry in the score publication that matches the service function path identifier and the first value includes the network address of the first service function and multiple service function instances corresponding to the first service function, or the flow
  • the entry in the sub-publishing that matches the service function path identifier and the first value includes the network address of the next service function and the multiple service function instances corresponding to the next service function, and the service function
  • the path identifier and the identifier of the flow are search keywords, and the network address of the plurality of service function instances included in the entry that matches the service function path identifier and the first value in the flow distribution is determined. Describe the network address of the first service function instance;
  • the processing unit is configured to determine, by the service function path identifier and the first value, a network address of the first service function and multiple service function instances corresponding to the first service function, or the next one a service function and a network address of the plurality of service function instances corresponding to the next service function, where the service function path identifier and the identifier of the stream are hash keys, from the first service function or the next service function
  • the network address of the first service function instance is determined in the network address of the corresponding multiple service function instances.
  • the processing unit is further configured to:
  • the service header is an NSH network service header
  • the service header when the value of the MD-type field in the service header is equal to 0x2, the service header includes a TLV-Class, and the TLV-Class includes a Type Code and a An identifier of the flow, the Type Code is used to indicate that the TLV-Class carries an identifier of the flow;
  • the service header is an NSH network service header
  • the value of the MD-type field in the service header is equal to 0x1
  • the Mandatory Context Header in the service header carries the identifier of the flow.
  • the third aspect of the embodiment of the present application discloses a flow classifier, which includes: the flow classifier may be a communication function instance that can communicate with one of a plurality of service function instances corresponding to the first service function in the service function chain.
  • the network device, or the flow classifier may be the first service function of the service function chain, and the flow classifier includes:
  • a receiver configured to receive a flow table sent by the network control device, and obtain a first packet, where the flow table includes a rule of the flow, information of the service function chain to which the flow is bound, and the network control device An identifier of the allocated service, where the information of the service function chain includes a service index, a service function path identifier corresponding to the service function chain, and a network address of multiple service function instances corresponding to the first service function of the service function chain, And the tunnel information of the multiple service function instances, or the information of the service function chain, including a service index, a service function path identifier corresponding to the service function chain, and a next service of the first service function of the service function chain a network address of the plurality of service function instances corresponding to the function, and tunnel information of the plurality of service function instances, where the service index is a lifetime time value of the service function chain, where the lifetime time value is equal to that included in the service function chain
  • a processor configured to determine that the first packet obtained by the receiver matches the flow table, and encapsulate the first packet into a second packet, where the second packet includes a service header and a tunnel header
  • the service header includes the service function path identifier, the identifier of the flow, and a first value, where the first value is equal to the service index minus 1, and the tunnel header is generated based on the tunnel information.
  • the network header includes a network address of the first service function instance, where the first service function instance is one of the multiple service function instances, and the first service function instance is an Internet protocol or multimedia access. The control address is identified by the service function path, and the identifier of the flow and the first value are determined;
  • a transmitter configured to send the second packet to the first service function instance determined by the processor.
  • a fourth aspect of the embodiments of the present disclosure discloses a storage device, where the storage device is applicable to a traffic classifier, where the traffic classifier may be in multiple service function instances corresponding to the first service function in the service function chain. a network function of a service function instance communication, or the flow classifier may be the first service function of the service function chain, the storage device comprising a memory and a processor connected to the memory through a bus;
  • the memory stores program code for performing message processing, the program code includes computer operation instructions, and the processor is configured to run the program code;
  • the program code for performing message processing includes: receiving a flow table sent by a network control device, the flow table includes a rule of a flow, information of a service function chain to which the flow is bound, and the network control An identifier of the flow of the service function, where the information of the service function chain includes a service index, a service function path identifier corresponding to the service function chain, and a network address of multiple service function instances corresponding to the first service function of the service function chain And the tunnel information of the multiple service function instances, or the information of the service function chain includes a service index, a service function path identifier corresponding to the service function chain, and a next service function of the service function chain a network address of the plurality of service function instances corresponding to the service function, and tunnel information of the plurality of service function instances, where the service index is a lifetime value of the service function chain, and the lifetime time value is equal to the service function The number of business functions contained in the chain;
  • the first packet is encapsulated into a second packet, where the second packet includes a service header and a tunnel header, and the service header includes the service function path identifier, the identifier of the stream, and a first value.
  • the first value is equal to the service index minus 1.
  • the tunnel header is generated based on the tunnel information, where the tunnel header includes a network address of a first service function instance, and the first service function instance is the An example of a service function of the plurality of service function instances, where a network address of the first service function instance is identified by the service function path, and the identifier of the flow and the first value are determined;
  • the fifth aspect of the embodiment of the present application discloses a packet processing method, where the packet processing method is performed by a first service function instance corresponding to a first service function of a service function chain, where the packet processing method includes:
  • the first packet is encapsulated into a third packet, and the service header in the third packet includes the service function path identifier, the identifier of the stream, and a second value, where the second value is equal to the The first value is decremented by 1.
  • the tunnel header in the third packet includes a network address of the second service function instance corresponding to a next service function of the first service function, and a network of the second service function instance. The address is identified by the service function path, and the identifier of the flow and the second value are determined;
  • the method further includes:
  • the identifier of the flow and the second value determine a network address of the second service function instance, where:
  • the entry that matches the service function path identifier and the second value in the flow distribution publication with the service function path identifier and the second value as a lookup key includes the next one of the first service function a service function, and a network address of multiple service function instances corresponding to the next service function;
  • the network function address of the second service function instance is determined from the network address of the multiple service function instances corresponding to the next service function by using the service function path identifier and the identifier of the flow as a hash key.
  • the sixth aspect of the embodiment of the present application discloses an example of a service function, where the service function instance is a first service function instance corresponding to the first service function of the service function chain, and includes:
  • a receiving unit configured to receive a second packet forwarded by the first service function instance corresponding to the previous service function of the first service function in the service classifier, and the service in the second packet
  • the header includes a service function path identifier corresponding to the service function chain, an identifier of the stream allocated by the network control device, and a first value, where the first value is equal to the service index minus 1, and the tunnel header in the second packet includes a network address of the first service function instance corresponding to the first service function, where the second packet includes a first packet, where the service index is a lifetime value of the service function chain, The lifetime value is equal to the number of business functions included in the business function chain;
  • a processing unit configured to determine, according to the service function path identifier that is received by the receiving unit, the identifier of the stream and the second value determine a second service function instance corresponding to a next service function of the first service function
  • the network address is processed according to the service header in the second packet received by the receiving unit, and the first packet is encapsulated into a third packet, where the first packet is encapsulated into a third packet.
  • the traffic header in the third packet includes the service function path identifier, the identifier of the flow, and the second value, where the second value is equal to the first value minus 1, and the tunnel header in the third packet includes The network address of the second service function instance corresponding to the next service function of the first service function, the network address of the second service function instance is identified by the service function path, the identifier of the flow and the The second value is determined;
  • a sending unit configured to send the third packet to the second service function instance determined by the processing unit.
  • the method further includes:
  • the receiving unit is further configured to receive, according to the service function path identifier of the flow application, the service index, and a next service function corresponding to the first service function selected for the identifier of the flow Information table of tunnel information for business function instances.
  • the processing unit that is identified by the service function path, the identifier of the flow, and the second value determines a network address of the second service function instance Also includes:
  • the processing unit is further configured to: use the service function path identifier and the second value as a search key to search for a table item that matches the service function path identifier and the second value in a stream distribution publication. a next service function of the first service function, and a network address of the plurality of service function instances corresponding to the next service function, where the service function path identifier and the identifier of the stream are search keywords, Determining, in the network address of the plurality of service function instances included in the entry that matches the service function path identifier and the second value, the network address of the second service function instance;
  • the processing unit is further configured to determine, by the service function path identifier and the second value, a next service function of the first service function, and a network of multiple service function instances corresponding to the next service function.
  • the address is determined by using the service function path identifier and the identifier of the flow as a hash key, and determining a network address of the second service function instance from the network addresses of the multiple service function instances corresponding to the next service function.
  • the seventh aspect of the embodiment of the present application discloses an example of a service function, where the service function instance is a first service function instance corresponding to the first service function of the service function chain, and includes:
  • a receiver configured to receive a second packet forwarded by the first service function instance corresponding to the previous service function of the first service function in the service classifier, and the service in the second packet
  • the header includes a service function path identifier corresponding to the service function chain, an identifier of the stream allocated by the network control device, and a first value, where the first value is equal to the service index minus 1, and the tunnel header in the second packet includes a network address of the first service function instance corresponding to the first service function, where the second packet includes a first packet, where the service index is a lifetime value of the service function chain, and the lifetime time value is equal to the service function chain.
  • a processor configured to determine, according to the service function path identifier that is received by the receiver, the identifier of the stream and the second value determine a second service function instance corresponding to a next service function of the first service function
  • the network address is processed according to the service header in the second packet received by the receiving unit, and the first packet is encapsulated into a third packet, where the first packet is encapsulated into a third packet.
  • the traffic header in the third packet includes the service function path identifier, the identifier of the flow, and the second value, where the second value is equal to the first value minus 1, and the tunnel header in the third packet includes a network address of the second service function instance corresponding to a next service function of the first service function, the second service The network address of the function instance is identified by the service function path, and the identifier of the stream and the second value are determined;
  • a transmitter configured to send the third packet to the second service function instance determined by the processor.
  • the eighth aspect of the embodiment of the present application discloses a storage device, where the storage device is applicable to a first service function instance corresponding to a first service function of a service function chain, where the storage device includes a memory and is connected to the memory through a bus.
  • the memory stores program code for performing message processing, the program code includes computer operation instructions, and the processor is configured to run the program code;
  • the program code for performing message processing includes:
  • the first packet is encapsulated into a third packet, and the service header in the third packet includes the service function path identifier, the identifier of the stream, and a second value, where the second value is equal to the The first value is decremented by 1.
  • the tunnel header in the third packet includes a network address of the second service function instance corresponding to a next service function of the first service function, and a network of the second service function instance. The address is identified by the service function path, and the identifier of the flow and the second value are determined;
  • a ninth aspect of the embodiment of the present application discloses a message processing system, including a stream classifier, a service function instance, and a network control device;
  • the flow classifier includes the flow classifier disclosed in the second aspect of the embodiment of the present application or the third aspect of the embodiment of the present application, or the flow classifier includes the storage device disclosed in the fourth aspect of the embodiment of the present application;
  • the service function example includes the service function example disclosed in the sixth aspect of the embodiment of the present application or the seventh aspect of the embodiment of the present application, or the service function instance includes the storage device disclosed in the eighth aspect of the embodiment of the present application;
  • the network control device is a network controller or an AAA server, configured to receive a request sent by the flow classifier to allocate an identifier of the flow for a flow, where the request includes information about the flow, and is the flow A response to assign an identifier of the flow, the response including an identifier of the flow, the identifier of the flow being different from the information of the flow.
  • the packet processing method, the flow classifier, and the service function example provided by the embodiment of the present application are known from the technical solutions disclosed in the foregoing application.
  • the packet processing process according to the identifier of the flow allocated by the network control device, the service function path identifier of the service function chain, and the service index determine a specific service function instance, and send the encapsulated to the determined specific service function instance. Message.
  • the technical solution disclosed in the embodiment of the present application is more flexible than the method in the prior art for identifying and processing a packet by using a field in a packet.
  • FIG. 1 is a schematic flowchart of a packet processing method according to Embodiment 1 of the present application.
  • FIG. 2 is a schematic diagram of a format of a service header according to Embodiment 2 of the present application.
  • FIG. 3 is a schematic diagram of another format of a service header according to Embodiment 2 of the present application.
  • FIG. 4 is a schematic flowchart of a packet processing method according to Embodiment 3 of the present application.
  • FIG. 5 is a schematic flowchart of a flow forwarding process of a clouded CPE solution according to Embodiment 3 of the present application;
  • FIG. 6 is a schematic structural diagram of a flow classifier according to Embodiment 1 and Embodiment 2 disclosed in Embodiment 5 of the present application;
  • FIG. 7 is a schematic structural diagram of a physical structure of a flow classifier according to Embodiment 5 of the present application.
  • FIG. 8 is a schematic structural diagram of a service function example according to Embodiment 3 disclosed in Embodiment 5 of the present application.
  • FIG. 9 is a schematic diagram of an entity structure of a service function example according to Embodiment 5 of the present application.
  • FIG. 10 is a schematic structural diagram of a message processing system according to Embodiment 5 of the present application.
  • IP Internet Protocol, Internet Protocol
  • MAC Media Access Control, media access control
  • NSH Network Service Header, network service header
  • SFC Service Function Chaining, business function chain
  • SFF Service Function Forwarder, service function forwarder
  • SFP Service Function Path, service function path
  • FC Flow Classifier, stream classifier
  • FW Fire Wall, firewall
  • TTL Time To Live, the time to live value.
  • the forwarding device of the prior art uses only the fields in the message to identify and process the message, which is not flexible enough.
  • the embodiment of the present application discloses a technical solution for packet processing, which is determined according to the identifier of the flow allocated by the network control device, the service function path identifier of the service function chain, and the service index in the process of processing the message.
  • the service function instance sends the encapsulated packet to the specific service function instance.
  • the message is identified and processed, and the packet is processed according to the identifier of the flow allocated by the network control device, and the processing manner is more flexible.
  • the specific implementation process is described in detail by the following embodiments.
  • FIG. 1 it is a schematic flowchart of a packet processing method disclosed in Embodiment 1 of the present application.
  • the message processing method is performed by a stream classifier (FC).
  • the FC may be a network device capable of communicating with one of the plurality of service function instances corresponding to the first service function (SF) in the service function chain (SF), or the SF may be the SFC The first SF.
  • the message processing method includes the following steps:
  • the flow table is used to indicate that the FC identifies a message of the flow.
  • the flow table contains rules for the flow, the information of the SFC to which the flow is bound, and the identification of the flow (the ID of the flow) assigned by the network control device.
  • the SFC to which the stream is bound means that the stream needs to be processed by the SFC.
  • the ID of the stream is allocated by the network control device for the stream.
  • the ID of the stream is used to identify the stream within the process that the stream is processed by the SFC.
  • the ID of the stream can be a field, and the field can be a number.
  • the network control device may assign an ID of the flow to the flow based on the application of the forwarding device.
  • the network control device releases the ID of the flow when the flow is revoked or the flow session is terminated.
  • the network control device may allocate an ID of the multiple flows for multiple flows.
  • the plurality of streams and the IDs of the plurality of streams are in one-to-one correspondence.
  • the information of the SFC includes a service index, a service function path identifier (SFP ID) corresponding to the SFC, a network address of multiple service function instances corresponding to the first SF of the SFC, and an instance of the multiple service function instances.
  • Tunnel information ;
  • the information of the SFC includes a service index, an SFP ID corresponding to the SFC, a network address of multiple service function instances corresponding to a next SF of the first SF of the SFC, and an instance of the multiple service function instances. Tunnel information.
  • the service index mentioned above is used to provide a location in the service path.
  • the service index is a field in a service path header.
  • the service path header may also include a service path ID field. Refer to section 3.3 on page 11 of the standard document draft-quinn-sfc-nsh-07 for service indexing, service path identification, and service path headers.
  • the service index is a time-to-live value (TTL) of the service function chain.
  • TTL is equal to the number of service functions included in the service function chain.
  • the service function chain includes at least N service functions, and N is a positive integer greater than 1.
  • the tunnel information mentioned above includes: a tunnel endpoint identifier (for example, an IP address), a tunnel type (for example, NSH OVER UDP), and a TTL (for example, a service index of the NSH).
  • a tunnel endpoint identifier for example, an IP address
  • a tunnel type for example, NSH OVER UDP
  • a TTL for example, a service index of the NSH
  • one SF is composed of at least one data link layer or a service function instance of the same service type reachable by the network layer.
  • the business function example is a combination of SF and SFF, for example: NSH aware VAS.
  • the service function instance has forwarding information.
  • the forwarding information includes routing information or interface information.
  • the routing table is searched based on the routing information, or the media access control (MAC) table is searched based on the interface information.
  • S104 Encapsulate the first packet as a second packet.
  • the second packet includes a service header and a tunnel header.
  • the service header includes the SFP ID, an ID of the flow, and a first value.
  • the first value is equal to the TTL minus one.
  • SFP-id For the SFP ID (SFP-id), refer to the standard document “draft-ietf-sfc-control-plane-03" published by the IETF on January 21, 2016. The name of the standard document is "Service Function Chaining (SFC) Control Plane Components&Requirements".
  • SFC Service Function Chaining
  • the embodiment of the application refers to the standard document Draft-ietf-sfc-control-plane-03, and the standard document draft-ietf-sfc-control-plane-03 is included as part of the disclosure of the present application;
  • the tunnel header is generated based on the tunnel information obtained in step S101.
  • the tunnel header includes a network address of the first service function instance.
  • the first service function instance is one of the plurality of service function instances.
  • the network address of the first service function instance is determined by the SFP ID, the ID of the stream, and the first value;
  • the network address of the first service function instance includes an IP address or a MAC protocol address.
  • the NSH header may be generated based on a Payload (net load) of a UDP packet, or may be generated based on a Payload of a transit frame.
  • the NSH may include a Base Header, a Service Path Header, and a context header.
  • base headers, service path headers, and context headers refer to section 3 on page 9-15 of the standard document draft-quinn-sfc-nsh-07.
  • the standard document “draft-quinn-sfc-nsh-07” is named "Network Service Header”. The standard document was published on February 24, 2015. The publisher of the standard document is the IETF.
  • the standard document “draft-quinn-sfc-nsh-07” is referred to in the embodiment of the present application, and the standard document “draft-quinn-sfc-nsh-07” is taken as an integral part of the content disclosed in the embodiment of the present application.
  • the FC performing the foregoing S101 to S105 is a network device capable of communicating with one of the plurality of service function instances corresponding to the first service function in the service function chain
  • the first The service function instance is one of multiple service function instances corresponding to the first SF of the SFC.
  • the FC of the foregoing S101 is the first SF of the SFC
  • the first service function instance is one of the plurality of service function instances corresponding to the next SF on the SFC.
  • S101-S105 describes the processing of a stream. When multiple flows exist in the network, you can process multiple flows by referring to the preceding steps and implement load balancing. The following describes how to implement the scenario of multiple streams in combination with S101-S105. The technical content not mentioned below can be referred to the description of S101-S105 above.
  • the flow table includes rules of the multiple flows, information of a service function chain to which the multiple flows are bound, and the multiple flows allocated by the network control device to the multiple flows Logo.
  • the plurality of streams are bound to the same business function chain.
  • the FC may identify the plurality of flows according to rules of the plurality of flows. For example, the FC may parse the message using the rules of the flow to determine the characteristics of the message.
  • the identifiers of the plurality of streams are in one-to-one correspondence with the plurality of streams.
  • a stream in this application refers to a collection of messages having the same characteristics.
  • the feature can be a port for receiving a message or a field in a packet header.
  • the feature may be a port for receiving a message, and a field in the header of the message.
  • the field in the message header can be a field or multiple fields.
  • the set of packets received by the same inbound interface can be considered to belong to the same flow. It can also be considered that the set of packets with the same quintuple (source IP address, destination IP address, source port, destination port, and protocol number) belongs to the same stream. It can also be considered that the set of packets in which the binary group (source IP address and destination IP address) are the same belongs to the same stream.
  • the FC acquires multiple messages. For example, the FC acquires message 1 and message 2. Specifically, the FC can receive the message 1 and the message 2 through the ingress port. The FC can also generate message 1 and message 2. Message 1 and Message 2 belong to Stream 1 and Stream 2, respectively.
  • the FC determines that the plurality of packets match the flow table. For example, the FC determines that the message 1 matches the stream 1 according to the rules of the multiple flows. Determining, according to the rules of the multiple flows, the packet 2 and the stream 2 Match. Specifically, the rules of the multiple flows include a rule of flow 1 and a rule of flow 2. The FC determines that the packet 1 matches the rule of the stream 1 by using the quintuple of the packet 1 as a search key. The FC determines that the packet 2 matches the rule of the stream 2 by using the quintuple of the packet 2 as a search key. The matching field of the rule of stream 1 contains the quintuple of message 1. The matching field of the rule of stream 2 contains the quintuple of message 2.
  • the FC encapsulates multiple packets to obtain multiple encapsulated packets.
  • the plurality of messages are aligned with the plurality of encapsulated messages.
  • the FC encapsulates the packet 1 into the packet 3 and the packet 2 into the packet 4.
  • the tunnel header contained in packet 3 contains the IP address of service function instance 1.
  • the tunnel header contained in packet 4 contains the IP address of service function instance 2.
  • the FC determines an IP address of the service function instance 1 according to the service function path identifier, the identifier of the stream 1 and the first value.
  • the FC determines an IP address of the service function instance 2 according to the service function path identifier, the identifier of the stream 2, and the first value.
  • the service function instance 1 and the service function instance 2 correspond to the same service function. Therefore, the service function instance 1 and the service function instance 2 can load balance traffic.
  • a business function instance can perform a corresponding business function.
  • a business function instance can include a processor and a memory coupled to the processor.
  • a computer program is included in the memory.
  • the processor performs a business function by executing the computer program.
  • a business function instance can be a router, a network switch, or a hardware firewall.
  • the FC sends a message 1 to the service function instance 1 and a message 2 to the service function instance 2, respectively. That is to say, different flows are sent to different service function instances, and load sharing of traffic is realized.
  • the load sharing of traffic can be achieved by using the method shown in FIG. 1 in a scenario of multiple flows.
  • Embodiment 1 of the present application is to receive a flow table sent by a network control device, where the flow table includes a rule of a flow, information of an SFC to which the flow is bound, and a flow allocated by the network control device. ID.
  • the packet processing process according to the identifier of the flow allocated by the network control device, the service function path identifier of the service function chain, and the service index determine a specific service function instance, and send the encapsulated to the determined specific service function instance.
  • the packet is processed and processed according to the identifier of the flow allocated by the network control device, and the processing manner is more flexible.
  • the embodiment of the present application refers to the standard document RFC7665, and the standard document RFC7665 is taken as an integral part of the content disclosed in the present application.
  • the method for processing a message according to the above-mentioned first embodiment of the present application, before performing the step S101 of receiving the flow table sent by the network control device, further includes:
  • the FC first sends a request to the network control apparatus to allocate an ID of the flow for the flow, where the request includes information of the flow;
  • the ID of the network control device to allocate the flow based on the FC request may be implemented, and the network control device may pre-save a mapping table of the ID of the flow and the information of the flow;
  • the information of the flow may be acquired.
  • the information of the stream can The port that the FC receives the packet belonging to the flow.
  • the information of the flow may also be a field in the message belonging to the flow. For example, the destination IP address. It can also be a combination of the above information, such as port and destination IP address.
  • the request may be sent to the network control device.
  • the request includes a port and a destination IP address.
  • the port and the destination IP address are used as search keys, and the entry matching the port and the destination IP address is searched in the pre-stored mapping table to obtain the ID of the stream. ;
  • a response including the ID of the flow is sent to the FC.
  • the identifier of the flow is obtained from the response.
  • the flow table is generated based on the ID of the flow.
  • the behavior of sending the identifier of the flow to the network device (corresponding SF) of the FC or the FC is referred to as an identifier of the flow distribution flow.
  • the network control device may allocate the ID of the flow to the flow by statically assigning the ID of the flow, or may assign the ID of the flow to the flow by dynamically assigning the ID of the flow.
  • the network control device predetermines a mapping relationship between the user identifier and the ID of the stream, and saves;
  • the FC After receiving the packet, the FC obtains the user information and sends the user information, and then the network control device searches for the mapping relationship and delivers a forwarding table containing the ID of the stream (the ID of the stream is assigned to the stream).
  • the network control device does not predetermine and save the mapping relationship between the user identifier and the ID of the stream;
  • the FC After the FC receives the packet, the FC obtains the user information and sends the user information, and then the network control device searches for the mapping relationship from the resource pool, and delivers a forwarding table containing the ID of the stream (the ID of the stream is assigned to the stream) .
  • Embodiment 1 of the present application discloses a message processing method.
  • the network address of the first service function instance included in the tunnel header of the second packet obtained in step S104, the network address of the first service function embodiment is the SFP ID, the ID of the stream, and The first value is determined.
  • the process of determining specifically includes the following two methods:
  • the FC receives the distribution of the traffic sent by the network control device:
  • the FC searches for an entry matching the SFP ID and the first value in the score publication with the SFP ID and the first value as a search key.
  • the entry in the flow distribution that matches the SFP ID and the first value includes a network address of the first SF and multiple service function instances corresponding to the first SF; or, the flow score
  • the entry in the publication that matches the SFP ID and the first value includes a network address of multiple service function instances corresponding to the next SF and the next SF;
  • the FC does not receive the distribution of the distribution issued by the network control device:
  • the FC determines, by the SFP ID and the first value, a network address of the first SF and multiple service function instances corresponding to the first SF. Or, the FC determines, by using the SFP ID and the first value, a network address of multiple service function instances corresponding to the next SF and the next SF;
  • the network address of the first service function instance is determined from the network addresses of the plurality of service function instances corresponding to the first SF or the next SF by using the SFP ID and the ID of the stream as a hash key.
  • the FC can determine the first SFC in different ways according to the content sent by the network control device.
  • the network address of the service function instance of the SF or the next SF That is, if the FC receives the distribution of the traffic sent by the network control device.
  • the FC publishes, according to the flow distribution, a network address of the first service function instance in the network address of the multiple service function instances of the first or next SF of the SFC, and sends the encapsulated second packet to the first Business function instance;
  • the FC may determine, by using the SFP ID and the ID of the stream as a hash key, from a network address of multiple service function instances corresponding to the first SF or the next SF. A network address of the service function instance, and the encapsulated second packet is sent to the first service function instance.
  • the NSH needs to be extended.
  • the location of the service flow ID in the service header includes:
  • FIG. 1 A schematic diagram of the format of the service header shown in FIG.
  • the service header is extended. That is to extend a new TLV-Class.
  • the TLV-Class includes a Type Code and an ID of the stream.
  • the Type Code is used to indicate that the TLV-Class carries an ID of the stream. That is, carrying the ID of the stream in the TLV;
  • FIG. 1 A schematic diagram of the format of the service header shown in FIG.
  • the value of the MD-type field in the service header is equal to 0x1 (representing 1 in hexadecimal)
  • the Mandatory Context Header in the traffic header carries the ID of the stream.
  • the embodiment of the present application determines a specific service function instance according to the identifier of the flow allocated by the network control device, the service function path identifier of the service function chain, and the service index in the message processing process, and The determined specific service function instance sends the encapsulated message.
  • the packet is processed and processed according to the identifier of the flow allocated by the network control device, and the processing manner is more flexible.
  • FIG. 4 shows another packet processing method.
  • the packet processing method is performed by the first service function instance corresponding to the first SF of the SFC.
  • the first SF is the last SF on the non-SFC. As shown in Figure 4, the following steps are included:
  • the service header in the second packet includes an SFP ID corresponding to the SFC, an ID of the stream allocated by the network control device, and a first value.
  • the first value is equal to the service index minus one.
  • the tunnel header in the second packet includes a network address of the first service function instance corresponding to the first SF.
  • the second packet includes a first packet.
  • the second message involved in S201 may be the second message involved in S104.
  • the execution entity first service function instance of the method described in FIG. 4 may be the first service function instance involved in S105.
  • the first packet involved in S201 may be the first packet involved in S101. Therefore, for the first packet, the second packet, and the first service function instance, reference may be made to the description of the method shown in FIG. 1 in the embodiment, and details are not described herein again.
  • the service index mentioned above is used to provide a location in the service path.
  • the service index is a field in a service path header.
  • the service path header may also include a service path ID field. Refer to section 3.3 on page 11 of the standard document draft-quinn-sfc-nsh-07 for service indexing, service path identification, and service path headers.
  • the service index is a time-to-live value (TTL) of the service function chain.
  • TTL is equal to the number of service functions included in the service function chain.
  • the business function chain includes at least N Business function, N is a positive integer greater than 1.
  • the tunnel information mentioned above includes: a tunnel endpoint identifier (for example, an IP address), a tunnel type (for example, NSH OVER UDP), and a TTL (for example, a service index of the NSH).
  • a tunnel endpoint identifier for example, an IP address
  • a tunnel type for example, NSH OVER UDP
  • a TTL for example, a service index of the NSH
  • S202 Determine, according to the SFP ID, the network address of the second service function instance corresponding to the next SF of the first SF, and the first value.
  • S203 Perform service processing on the first packet according to the service header in the second packet.
  • the first packet is encapsulated into a third packet.
  • the service header in the third packet includes the SFP ID, an ID of the stream, and a second value.
  • the second value is equal to the first value minus one.
  • the tunnel header in the third packet includes a network address of the second service function instance corresponding to the next SF of the first SF.
  • the network address of the second service function instance is determined by the SFP ID, the ID of the stream, and the second value.
  • a message processing method is disclosed based on the above-mentioned Embodiment 3 of the present application.
  • the network address of the second service function instance included in the tunnel header of the third packet obtained in S204 is executed.
  • the network address of the second service function embodiment is determined by the SFP ID, the ID of the stream, and the second value.
  • the process of determining specifically includes the following three methods:
  • the first service function instance may receive the SFP ID including the flow application, the service index, and a next service function corresponding to the first service function selected for the ID of the flow.
  • the first service instance may determine a service function instance to be forwarded to the next SF of the SFC based on the information included in the information table, and perform service processing and forwarding. After the third packet, the service header and the tunnel header of the third packet are updated.
  • the first service function instance receives the distribution of the traffic sent by the network control device:
  • the entry that matches the SFP ID and the second value includes a next SF of the first SF, and a network address of multiple service function instances corresponding to the next SF;
  • the first service function instance does not receive the score distribution sent by the network control device:
  • the network address of the second service function instance is determined from the network addresses of the plurality of service function instances corresponding to the next SF by using the SFP ID and the ID of the stream as a hash key.
  • the first service function instance that receives the second packet is a service function instance of the last SF on the SFC, in the process of performing the forwarding in the manner of receiving the distribution of the distribution or not receiving the distribution of the distribution.
  • Time The service header of the second packet is removed, and the forwarding is performed according to the L2/L3 routing mode.
  • the packet processing method disclosed in the foregoing embodiment of the present application is performed by the first service function instance of the non-last SF on the SFC of the streaming application.
  • the second message includes an identifier of the stream allocated by the network control device.
  • the packet processing process according to the identifier of the flow allocated by the network control device, the service function path identifier of the service function chain, and the service index determine a specific service function instance, and send the encapsulated to the determined specific service function instance. Message.
  • the packet is processed and processed according to the identifier of the flow allocated by the network control device, and the processing manner is more flexible.
  • FC execution message processing method disclosed in the first embodiment of the present application the FC execution message processing method disclosed in the second embodiment, and the first service function instance of the non-last SF on the SFC are disclosed in the third embodiment.
  • the packet processing method is described in the fourth embodiment of the present application.
  • FIG. 5 it is a schematic block diagram of the structure of the clouded CPE solution.
  • the process of performing flow forwarding in the solution includes:
  • STATION1 The network operation and maintenance personnel pull up a set of corresponding NAT and FW service instances on the remote end (for example, the server in the metropolitan area network DC) and pre-configure them to provide network connectivity.
  • AAA DB Add authentication and authorization information in the authentication, authorization and accounting data base (AAA DB). For example, configure authentication mode, domain information, fine binding circuit information, and authorized service chain ID.
  • AAA DB is equivalent to a network control device.
  • the broadband remote access server (BRAS) according to the circuit information of any uplink message from the L2CPE (access interface + QinQ, for example, the L2CPE and the OLT shown in FIG. 5 layer each layer of the message) VLAN tag) triggers authentication.
  • the authentication request message carries the information such as the access domain, the user information, and the network access identifier to the authentication, authorization, and accounting server (AAA Server) authentication.
  • BRAS can be used to implement FC.
  • BRAS can also be the first service node on the service chain.
  • the BRAS After receiving the authentication and authorization result, the BRAS generates a corresponding user table.
  • the flow rule table information of the L2CPE upstream traffic identifier (access interface + QinQ) to the SFC ID and the ID mapping of the flow is reflected (the flow rule table here is used to implement the flow table in S101).
  • the S4:vCPE control and management device can load and preload the service function instances of the service function according to NAT, FW (NAT and FW are equivalent to service nodes of the service chain).
  • the load balancing policy is used to generate a specific service function instance that is sent to the BRAS, the NAT, and the FW, and is used to guide the newly-introduced L2CPE traffic to each suitable service function instance in the service function chain, or to adjust the existing part of the migration.
  • L2CPE traffic of the service function instance (in the case where there is a synchronization of the service session data between the old and new service function instances that require service traffic migration).
  • the SFC controller can be set to issue the default stream distribution.
  • the BRAS or NAT, FW service instance check score publication does not hit, it can be distributed according to the default stream distribution.
  • the BRAS is the NSH (service header) of the L2CPE uplink traffic encapsulation service packet, and carries the corresponding SFC ID, service index, and flow ID, and is forwarded to the corresponding next service function according to the traffic distribution of the service function chain.
  • NSH service header
  • SFC ID service index
  • flow ID flow ID
  • a business function such as CGN 1, or CGN2, ..., or CGN N in Figure 5
  • the service flow of the L2CPE whose circuit information is (P+V+V:1/100/200) is accessed from the BRAS, and the ID (Flow ID) of the assigned flow is 1, specifying The application service chain business chain BRAS ⁇ CGN ⁇ FW, the corresponding SFC ID is 2.
  • the BRAS forwards the uplink traffic of the L2CPE to the CGN service instance CGN1 according to the flow distribution
  • the CGN1 forwards the uplink traffic to the L2CPE to the FW service instance FW1 according to the flow distribution.
  • the packet processing method disclosed in the embodiment of the present application determines the specificity according to the identifier of the flow allocated by the network control device, the service function path identifier of the service function chain, and the service index in the packet processing process.
  • the service function instance sends the encapsulated packet to the specific service function instance.
  • the packet is processed and processed according to the identifier of the flow allocated by the network control device, and the processing manner is more flexible.
  • the corresponding fifth embodiment of the present application further discloses an FC that executes the foregoing packet processing method.
  • the FC may be a network device capable of communicating with one of a plurality of service function instances corresponding to the first SF in the SFC.
  • the FC can be The first SF of the SFC.
  • the FC mainly includes a receiving unit 11, a processing unit 12, and a transmitting unit 13.
  • the receiving unit 11 is configured to receive a flow table sent by the network control device, and obtain the first packet;
  • the flow table includes rules of the flow, information of the SFC to which the flow is bound, and an ID of the flow allocated by the network control device.
  • the information of the SFC includes a service index, an SFP ID corresponding to the SFC, a network address of multiple service function instances corresponding to the first SF of the SFC, and tunnel information of the multiple service function instances.
  • the information of the SFC includes a service index, an SFP ID corresponding to the SFC, a network address of multiple service function instances corresponding to a next SF of the first SF of the SFC, and an instance of the multiple service function instances. Tunnel information.
  • the service index is a lifetime time value of the SFC.
  • the time to live value is equal to the number of SFs included on the SFC;
  • the processing unit 12 is configured to determine that the first packet obtained by the receiving unit 11 matches the flow table, and encapsulate the first packet into a second packet.
  • the second packet includes a service header and a tunnel header.
  • the service header includes the SFP ID, an ID of the flow, and a first value.
  • the first value is equal to the service index minus one.
  • the tunnel header is generated based on the tunnel information.
  • the tunnel header includes a network address of the first service function instance.
  • the first service function instance is one of the plurality of service function instances.
  • the network address of the first service function instance is determined by the SFP ID, the ID of the stream, and the first value.
  • the sending unit 13 is configured to send the second packet to the first service function instance determined by the processing unit 12.
  • the processing unit is further configured to: send, to the network control apparatus, a request for allocating an identifier of the flow to the flow, where the request includes the flow And receiving, by the network control device, a response of the identifier of the flow that is allocated by the network control device, where the response includes an identifier of the flow, where the identifier of the flow is different from the information of the flow.
  • the network address of the first service function instance is identified by the service function path, and the identifier of the flow and the processing unit 12 determined by the first value are sent by the network control device.
  • the flow distribution is published, and the determination of the network address of the first service function instance has two different execution modes:
  • the FC receives the distribution of the traffic sent by the network control device:
  • the processing unit 12 is configured to search, in the score distribution, an entry matching the SFP ID and the first value by using the SFP ID and the first value as a search key.
  • the entry in the distribution publication that matches the SFP ID and the first value includes a network address of the first SF and multiple service function instances corresponding to the first SF.
  • the entry in the distribution publication that matches the SFP ID and the first value includes a network address of multiple service function instances corresponding to the next SF and the next SF. Determining, by using the SFP ID and the ID of the stream as a search key, from a network address of multiple service function instances included in the entry that matches the SFP ID and the first value in the distribution publication a network address of the first service function instance;
  • the FC does not receive the distribution of the traffic sent by the network control device:
  • the processing unit 12 is configured to determine, by using the SFP ID and the first value, a network address of the first SF and multiple service function instances corresponding to the first SF. Or determining, by using the SFP ID and the first value, a network address of multiple service function instances corresponding to the next SF and the next SF.
  • the network address of the first service function instance is determined from the network addresses of the plurality of service function instances corresponding to the first SF or the next SF by using the SFP ID and the ID of the stream as a hash key.
  • the processing header obtained when the foregoing encapsulation is performed is further configured to: when the service header is an NSH network service header, when the value of the MD-type field in the service header is equal to 0x2, the service header includes a TLV-Class.
  • the TLV-Class includes a Type Code and an identifier of the stream.
  • the Type Code is used to indicate that the TLV-Class carries an identifier of the flow;
  • the service header is an NSH network service header
  • the value of the MD-type field in the service header is equal to 0x1
  • the Mandatory Context Header in the service header carries the identifier of the flow.
  • each unit in the FC disclosed above may be integrated into an entity in a practical application, as shown in FIG. 7, including a receiver 101, a processor 102, and a transmitter 103.
  • the receiving unit 11 may be the receiver 101
  • the sending unit 13 may be the transmitter 103
  • the processing unit 12 may be the processor 102.
  • the processor 101 and the transmitter 103 are controlled by the processor 102 to perform corresponding operations.
  • the processor 2 may be a central processing unit CPU, or a specific integrated circuit ASIC, or one configured to implement the embodiments of the present application. Multiple integrated circuits.
  • the embodiment of the present application further discloses a storage device, where the storage device is applicable to the FC, and the storage device includes a memory and a processor connected to the memory through a bus. ;
  • the memory stores program code for performing message processing, the program code includes computer operation instructions, and the processor is configured to run the program code;
  • the program code for performing message processing includes:
  • the flow table contains rules for the flow, information of the SFC to which the flow is bound, and the ID of the flow assigned by the network control device.
  • the information of the SFC includes a service index, an SFP ID corresponding to the SFC, a network address of multiple service function instances corresponding to the first SF of the SFC, and tunnel information of the multiple service function instances.
  • the information of the SFC includes a service index, an SFP ID corresponding to the SFC, a network address of multiple service function instances corresponding to a next SF of the first SF of the SFC, and an instance of the multiple service function instances.
  • the service index is a lifetime time value of the SFC. The lifetime time value is equal to the number of SFs included on the SFC;
  • the first packet is encapsulated into a second packet.
  • the second packet includes a service header and a tunnel header.
  • the service header includes the SFP ID, an ID of the flow, and a first value.
  • the first value is equal to the service index minus one.
  • the tunnel header is generated based on the tunnel information.
  • the tunnel header includes a network address of the first service function instance.
  • the first service function instance is one of the plurality of service function instances.
  • the network address of the first service function instance is determined by the SFP ID, the ID of the stream, and the first value.
  • the above mentioned memory may include a high speed RAM memory, and may also include a nonvolatile memory such as at least one disk memory;
  • the processor may be a central processing unit CPU, or a specific integrated circuit ASIC, or one or more integrated circuits configured to implement embodiments of the present application.
  • the corresponding fifth embodiment of the present application further corresponding to the first service function instance corresponding to the first SF of the SFC that executes the packet processing method, the first The SF is not the last SF on the SFC.
  • the first service function instance 20 mainly includes: a receiving unit 21, a processing unit 22, and a sending unit 23.
  • the receiving unit 21 is configured to receive a second packet forwarded by the first service function instance corresponding to the previous service function of the first service function in the FC or the SFC.
  • the service header in the second packet includes an SFP ID corresponding to the SFC, an ID of a stream allocated by the network control device, and a first value.
  • the first value is equal to the service index minus one.
  • the tunnel header in the second packet includes a network address of the first service function instance corresponding to the first service function.
  • the second packet includes a first packet.
  • the service index is a lifetime time value of the SFC.
  • the time to live value is equal to the number of service functions included on the SFC;
  • the processing unit 22 is configured to determine, according to the SFP ID received by the receiving unit 21, the ID of the stream and the second value, a network of a second service function instance corresponding to a next SF of the first SF. address. And performing service processing on the first packet according to the service header in the second packet received by the receiving unit, and encapsulating the first packet into a third packet.
  • the service header in the third packet includes the SFP ID, an ID of the stream, and a second value.
  • the second value is equal to the first value minus one.
  • the tunnel header in the third packet includes a network address of the second service function instance corresponding to the next SF of the first SF.
  • the network address of the second service function instance is determined by the SFP ID, the ID of the stream, and the second value.
  • the sending unit 23 is configured to send the third packet to the second service function instance determined by the processing unit 22.
  • the receiving unit 21 is further configured to receive the SFP ID including the flow application, the service index, and the selected for the ID of the flow.
  • the processing unit 22 that determines the network address of the second service function instance by using the SFP ID, the ID of the stream, and the second value further includes:
  • the processing unit 22 is further configured to search, in the score distribution, an entry matching the SFP ID and the second value by using the SFP ID and the second value as a search key.
  • the entry matching the SFP ID and the second value in the flow distribution includes the next SF of the first SF and the network address of the multiple service function instances corresponding to the next SF. Determining, by using the SFP ID and the ID of the stream as a search key, a network address of multiple service function instances included in the entry that matches the SFP ID and the second value in the distribution publication The network address of the second service function instance;
  • the processing unit 22 is further configured to determine, by the SFP ID and the second value, a next SF of the first SF, and a network address of multiple service function instances corresponding to the next SF.
  • the network address of the second service function instance is determined from the network addresses of the plurality of service function instances corresponding to the next SF by using the SFP ID and the ID of the stream as a hash key.
  • each module in the foregoing disclosed service function instance may be integrated into an entity, as shown in FIG. 9, including the receiver 201, the processor 202, and Transmitter 203.
  • the receiving unit 21 may be the receiver 201
  • the processing unit 22 may be the processor 202
  • the sending unit 23 may be the transmitter 203.
  • the receiver 201 and the transmitter 203 are controlled by the processor 202 to perform corresponding operations.
  • the processor 202 may be a central processing unit CPU, or a specific integrated circuit ASIC, or one configured to implement the embodiments of the present application. Multiple integrated circuits.
  • the embodiment of the present application further discloses a storage device, where the storage device is applicable to the service function instance, where the storage device includes a memory and a bus and the memory. Connected processor
  • the memory stores program code for performing message processing, the program code includes computer operation instructions, and the processor is configured to run the program code;
  • the program code for performing message processing includes:
  • the service header in the second packet includes a service function path identifier corresponding to the service function chain, an identifier of the stream allocated by the network control device, and a first value.
  • the first value is equal to the service index minus one.
  • the tunnel header in the second packet includes a network address of the first service function instance corresponding to the first service function.
  • the second packet includes a first packet.
  • the service index is a lifetime time value of the service function chain. The lifetime time value is equal to the number of service functions included in the service function chain;
  • the first packet is encapsulated into a third packet.
  • the service header in the third packet includes the service function path identifier, the identifier of the stream, and a second value.
  • the second value is equal to the first value minus one.
  • the tunnel header in the third packet includes a network address of the second service function instance corresponding to the next service function of the first service function.
  • the network address of the second service function instance is identified by the service function path, and the identifier of the flow and the second value are determined;
  • the embodiment of the present application further discloses a message processing system 40, as shown in FIG. 10, including the FC disclosed in FIG. 6 or FIG. 7 or the FC applicable to the storage device disclosed in the embodiment of the present application.
  • the network control device 30 is a network controller or an AAA server, and the ID control unit 31 of the flow is provided in the network control device 30.
  • a packet processing system disclosed in the embodiment of the present application determines the specificity according to the identifier of the flow allocated by the network control device, the service function path identifier of the service function chain, and the service index in the packet processing process.
  • the service function instance sends the encapsulated packet to the determined specific service function instance.
  • the technical solution disclosed in the embodiment of the present application is used to identify and process a packet according to a field in a packet, and the packet is processed according to the identifier of the stream allocated by the network control device. The way is more flexible.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

La présente invention concerne, dans certains modes de réalisation, un procédé de traitement de paquets, un classificateur de trafic, et une instance de fonction de services. Le procédé comporte les étapes consistant à: faire recevoir, par un classificateur de trafic, une table de flux envoyée par un dispositif de commande de réseau et des identifiants de flux attribués par le dispositif de commande de réseau; acquérir un premier paquet; déterminer que le premier paquet concorde avec la table de flux; conditionner le premier paquet en tant que deuxième paquet, le deuxième paquet comportant un en-tête de services et un en-tête de tunnel, l'en-tête de services comportant un identifiant de chemin de fonction de services, un identifiant de flux, et une première valeur, et l'en-tête de tunnel comportant une adresse de réseau d'une première instance de fonction de services; et envoyer le deuxième paquet à la première instance de fonction de services. La solution technique décrite dans les modes de réalisation de la présente invention traite des paquets d'après l'identifiant de flux attribué par un dispositif de commande de réseau, permettant un traitement plus souple.
PCT/CN2017/072783 2016-02-06 2017-01-26 Procédé de traitement de paquets, classificateur de trafic et instance de fonction de services Ceased WO2017133647A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610083925.6 2016-02-06
CN201610083925.6A CN107046506B (zh) 2016-02-06 2016-02-06 一种报文处理方法、流分类器和业务功能实例

Publications (1)

Publication Number Publication Date
WO2017133647A1 true WO2017133647A1 (fr) 2017-08-10

Family

ID=59500605

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/072783 Ceased WO2017133647A1 (fr) 2016-02-06 2017-01-26 Procédé de traitement de paquets, classificateur de trafic et instance de fonction de services

Country Status (2)

Country Link
CN (1) CN107046506B (fr)
WO (1) WO2017133647A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111224872A (zh) * 2018-11-24 2020-06-02 南宁富桂精密工业有限公司 封包转送方法与装置
CN112491739A (zh) * 2020-07-10 2021-03-12 中兴通讯股份有限公司 一种业务流量处理方法及装置
CN114363257A (zh) * 2021-12-29 2022-04-15 杭州迪普信息技术有限公司 隧道报文的五元组匹配方法及装置
CN115150420A (zh) * 2021-03-29 2022-10-04 中移(上海)信息通信科技有限公司 业务处理方法、装置及相关设备

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109922005B (zh) * 2017-12-13 2022-08-19 中兴通讯股份有限公司 一种负载分担方法、装置和系统、计算机可读存储介质
US10880206B2 (en) * 2018-06-13 2020-12-29 Futurewei Technologies, Inc. Multipath selection system and method for datacenter-centric metro networks
CN115426267B (zh) 2019-12-31 2025-01-10 华为技术有限公司 用于获取网络切片标识的方法和装置
CN111262762B (zh) * 2020-01-20 2021-08-03 烽火通信科技股份有限公司 基于vCPE租户SFC业务链多WAN业务的实现方法及系统
CN111464443B (zh) * 2020-03-10 2022-06-28 中移(杭州)信息技术有限公司 基于服务功能链的报文转发方法、装置、设备及存储介质
CN113037632B (zh) * 2021-02-26 2021-12-17 中国电子科技集团公司第五十四研究所 一种基于路径标识的天基网络资源调度方法

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104869065A (zh) * 2014-02-26 2015-08-26 中兴通讯股份有限公司 数据报文处理方法及装置
CN104954245A (zh) * 2014-03-27 2015-09-30 中兴通讯股份有限公司 业务功能链处理方法及装置
WO2016004556A1 (fr) * 2014-06-17 2016-01-14 华为技术有限公司 Procédé, appareil et dispositif de traitement de flux de services

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104869065A (zh) * 2014-02-26 2015-08-26 中兴通讯股份有限公司 数据报文处理方法及装置
CN104954245A (zh) * 2014-03-27 2015-09-30 中兴通讯股份有限公司 业务功能链处理方法及装置
WO2016004556A1 (fr) * 2014-06-17 2016-01-14 华为技术有限公司 Procédé, appareil et dispositif de traitement de flux de services

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
WANG, C. ET AL.: "IPv6 Service Function Chain draft-wang-6man-ipv6-service-function-chain-00", IETF, 2 July 2015 (2015-07-02) *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111224872A (zh) * 2018-11-24 2020-06-02 南宁富桂精密工业有限公司 封包转送方法与装置
CN112491739A (zh) * 2020-07-10 2021-03-12 中兴通讯股份有限公司 一种业务流量处理方法及装置
CN115150420A (zh) * 2021-03-29 2022-10-04 中移(上海)信息通信科技有限公司 业务处理方法、装置及相关设备
CN115150420B (zh) * 2021-03-29 2024-04-09 中移(上海)信息通信科技有限公司 业务处理方法、装置及相关设备
CN114363257A (zh) * 2021-12-29 2022-04-15 杭州迪普信息技术有限公司 隧道报文的五元组匹配方法及装置
CN114363257B (zh) * 2021-12-29 2023-10-17 杭州迪普信息技术有限公司 隧道报文的五元组匹配方法及装置

Also Published As

Publication number Publication date
CN107046506A (zh) 2017-08-15
CN107046506B (zh) 2020-02-14

Similar Documents

Publication Publication Date Title
CN107046506B (zh) 一种报文处理方法、流分类器和业务功能实例
US10158568B2 (en) Method and apparatus for service function forwarding in a service domain
TWI744359B (zh) 一種資料傳輸的方法及網路設備
CN112422393B (zh) 可扩展虚拟局域网报文发送方法、计算机设备和可读介质
US10230627B2 (en) Service path allocation method, router and service execution entity
CN104350714B (zh) 一种报文转发方法和VxLAN网关
CN102577270B (zh) 用于云拓扑中企业扩展的可伸缩架构
CN107786437B (zh) 报文转发方法及装置
US10848457B2 (en) Method and system for cross-zone network traffic between different zones using virtual network identifiers and virtual layer-2 broadcast domains
CN103765839A (zh) 用于网络设备内的分组处理的基于变量的转发路径结构
US12238063B2 (en) Business service providing method and system, and remote acceleration gateway
CN106559292A (zh) 一种宽带接入方法和装置
WO2014176740A1 (fr) Classificateur de flux, déclencheur de routage de service, et procédé et système de traitement de message
WO2015014187A1 (fr) Procédé de transmission de données et appareil qui prend en charge de multiples locataires
KR20150076041A (ko) 가상 사설 클라우드망에서 사설 ip 주소 기반의 멀티 테넌트를 지원하기 위한 시스템 및 그 방법
CN105681198B (zh) 一种业务链处理方法、设备及系统
CN104579898A (zh) 一种租户隔离方法及系统
WO2021083332A1 (fr) Procédé, appareil et système d'envoi de message
CN104580505A (zh) 一种租户隔离方法及系统
CN103560951A (zh) 报文处理方法及物理转发设备
CN105490957A (zh) 一种负载分担方法及装置
WO2014139157A1 (fr) Procédé de traitement de paquet et dispositif et système de paquet
EP2869510B1 (fr) En-tête express pour des paquets avec des identificateurs de longueur variable hiérarchiquement structurés
US10855733B2 (en) Method and system for inspecting unicast network traffic between end points residing within a same zone
CN115766560A (zh) 数据转发方法、装置、路由器及存储介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17746967

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17746967

Country of ref document: EP

Kind code of ref document: A1