CN105103503B - A kind of method and apparatus to E-Packet - Google Patents

A kind of method and apparatus to E-Packet Download PDF

Info

Publication number
CN105103503B
CN105103503B CN201480000859.0A CN201480000859A CN105103503B CN 105103503 B CN105103503 B CN 105103503B CN 201480000859 A CN201480000859 A CN 201480000859A CN 105103503 B CN105103503 B CN 105103503B
Authority
CN
China
Prior art keywords
address
message
value
service
added service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201480000859.0A
Other languages
Chinese (zh)
Other versions
CN105103503A (en
Inventor
张先国
史扬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of CN105103503A publication Critical patent/CN105103503A/en
Application granted granted Critical
Publication of CN105103503B publication Critical patent/CN105103503B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

This application involves the communications field more particularly to a kind of method and apparatus to E-Packet.Stream distribution point or value-added service equipment obtain the first message, first message is obtained according to service message, first message includes address table, described address table includes the IP address and forwarding address of value-added service equipment, the forwarding address be described address table last in address;The value-added service equipment is located on the service path of the service message;The purpose IP address of first message is changed according to the address in the first item of described address table, is deleted the first item of described address table, is obtained the second message;Second message is forwarded according to the purpose IP address of second message.The application, which realizes, specifies value-added service equipment, can avoid the message being sent to incoherent value-added service equipment, and then avoid the waste to value-added service capacity of equipment while carrying out value-added service processing to the message.

Description

A kind of method and apparatus to E-Packet
Technical field
The present invention relates to the communications field more particularly to a kind of method and apparatus to E-Packet.
Background technology
In a communication network, value-added service equipment, such as fire wall, load equalizer (English:Load balancer, contracting It writes:LB), intrusion prevention system (English:Intrusion prevention system, abbreviation:IPS), intruding detection system (English:Intrusion Detection System, abbreviation:IDS), data loss prevention (English:data loss Prevention, abbreviation:DLP) equipment, anti-virus (English:Anti-virus, abbreviation:AV) deployed position of equipment etc. is usual It is strong correlation with network topology, i.e., value-added service equipment is generally deployed in turning for the message for needing the value-added service equipment to handle It sends out on path, or on the other network equipment (such as router or interchanger) hung on forward-path.
The problem of being brought using above-mentioned value-added service equipment and message forwarding close-coupled is that business processing path is ineffective It is living.For example, on a forward-path, the message normally forwarded can all pass through fire wall and IPS.But by the forward-path Message, some only may need fire wall to be handled, some then need fire wall and IPS all to be handled.In conventional deployment Under pattern, the message for not needing IPS processing also has to pass through IPS, wastes the processing capacity of IPS.
Therefore, how message to be carried out to avoid the waste to value-added service capacity of equipment while value-added service processing, It is problem to be solved.
Invention content
The present invention provides a kind of method and apparatus to E-Packet, to avoid standard is used during E-Packeting Field in tunnel head carrys out service conflict caused by identification service path, mitigates the burden of the network equipment on service path.
First aspect provides a kind of method to E-Packet, including:
The first message is obtained, first message is obtained according to service message, and the service message is to need to rise in value The message of business processing, first message include address table, described address table include value-added service equipment IP address and Forwarding address, the forwarding address be described address table last in address;The value-added service equipment is located at described On the service path of service message;
The purpose IP address of first message is changed according to the address in the first item of described address table, is deleted describedly The first item of location table obtains the second message;
Second message is forwarded according to the purpose IP address of second message.
In conjunction with described in a first aspect, in the first realization method of the first aspect, the method is by stream distribution point It executes, before the first message of the acquisition, the method further includes:
Receive the service message;Obtain the traffic stream identifier of the Business Stream belonging to the service message;According to the industry Business traffic identifier obtains the service path of the service message, and the service path includes the sequence of value-added service equipment;Obtain institute State the IP address of the value-added service equipment in service path;And the forwarding address is obtained, the forwarding address is the industry The purpose IP address of message of being engaged in or the IP address of stream distribution point.
In conjunction with the first realization method of the first aspect, in second of realization method of the first aspect, institute Stating the first message of acquisition includes:
Address table is added for the service message, adds the increment industry in the service path successively in described address table The IP address for equipment of being engaged in, last in described address table add the forwarding address, obtain first message.
In conjunction with the first or second of realization method of the first aspect, in the third realization side of the first aspect In formula, the service path that the service message is obtained according to the traffic stream identifier includes:According to the traffic stream identifier Search strategy table obtains the strategy belonging to the traffic stream identifier, obtains the service path in the strategy;Policy Table's packet At least one strategy is included, each strategy includes the correspondence of traffic stream identifier, service path and pass-through mode;The acquisition The forwarding address include it is following any one:The pass-through mode in the strategy is obtained, when the pass-through mode is return side When formula, using the IP address of the stream distribution point as the forwarding address;And the pass-through mode in the acquisition strategy, work as institute State pass-through mode be direct pass-through mode when, using the purpose IP address of the service message as the forwarding address.
In conjunction with the first aspect the first, second or the third realization method, the 4th of the first aspect the It is described when the sequence of the value-added service equipment includes the sequence of the mark of the value-added service equipment in kind realization method The IP address for obtaining the value-added service equipment in the service path includes:It is obtained successively in the service path according to mapping table Value-added service equipment the corresponding value-added service equipment of mark IP address, each list item of the mapping table includes increment industry The correspondence of the IP address for equipment of being engaged in and the mark of value-added service equipment;Or the sequence packet when the value-added service equipment When including the sequence of the IP address of the value-added service equipment, the IP for obtaining the value-added service equipment in the service path Location includes:The IP address of the value-added service equipment is directly obtained from the service path.
In conjunction with described in a first aspect, in the 5th kind of realization method of the first aspect, the method is by value-added service Equipment executes, and the first message of the acquisition includes:Receiving stream point of departure or upper hop value-added service equipment send described first Message.
In conjunction with the 5th kind of realization method of the first aspect, in the 6th kind of realization method of the first aspect, institute The method of stating further includes:Value-added service equipment processing is carried out to first message, obtain that treated the first message, the processing The purpose IP address and address table of the first message afterwards are identical as the purpose IP address of first message and address table.
In conjunction with the 6th kind of realization method of the first aspect, in the 7th kind of realization method of the first aspect, institute State to obtain the second message include:
According to the address modification in the first item of the address table of treated first message, described treated first The purpose IP address of message deletes the first item of the address table of treated first message, obtains second message.
In conjunction with the 7th kind of realization method of the first aspect, in the 8th kind of realization method of the first aspect, when It is described to obtain second message and include when the IP address of value-added service equipment in described address table is empty:
According to the address modification in the first item of the address table of treated first message, described treated first The purpose IP address of message deletes the address table of treated first message, obtains second message.
Second aspect provides a kind of device to E-Packet, including:
In conjunction with the second aspect, in the first realization method of the second aspect, described device further includes receiving Module and the second acquisition module:
The receiving module is for receiving the service message;
Second acquisition module is used to obtain the traffic stream identifier of the Business Stream belonging to the service message;According to described Traffic stream identifier obtains the service path of the service message, and the service path includes the sequence of value-added service equipment;It obtains The IP address of value-added service equipment in the service path;And the forwarding address is obtained, the forwarding address is described The IP address of the purpose IP address of service message or stream distribution point.
In conjunction with the first realization method of the second aspect, in second of realization method of the second aspect, institute The first acquisition module is stated to be specifically used for:
Address table is added for the service message that the receiving module receives, adds the business successively in described address table The IP address of value-added service equipment in path, last in described address table add the forwarding address, obtain described First message.
In conjunction with the first or second of realization method of the second aspect, in the third realization side of the second aspect In formula, described device further includes memory module, is used for storage strategy table,
The service path that second acquisition module obtains the service message according to the traffic stream identifier includes:According to The traffic stream identifier searches the Policy Table stored in the memory module, obtains the plan belonging to the traffic stream identifier Slightly, the service path in the strategy is obtained;The Policy Table includes at least one strategy, each strategy is failed to be sold at auction including business Know, the correspondence of service path and pass-through mode;
Second acquisition module obtain the forwarding address include it is following any one:Obtain the forwarding in the strategy Mode, when the pass-through mode is echo plex mode, using the IP address of the stream distribution point as the forwarding address;And it obtains The pass-through mode in the strategy is taken, when the pass-through mode is direct pass-through mode, by the destination IP of the service message Address is as the forwarding address.
In conjunction with the second aspect the first, second or the third realization method, the 4th of the second aspect the In kind realization method, described device further includes the second memory module, is used for memory map assignments, each list item packet of the mapping table Include the correspondence of the IP address of value-added service equipment and the mark of value-added service equipment;
When the sequence of the value-added service equipment includes the sequence of the mark of the value-added service equipment, described second obtains The IP address that unit obtains the value-added service equipment in the service path is taken to include:Obtain the business successively according to mapping table The IP address of the corresponding value-added service equipment of mark of value-added service equipment in path, each list item of the mapping table include The correspondence of the IP address of value-added service equipment and the mark of value-added service equipment.
In conjunction with the second aspect, in the 5th kind of realization method of the second aspect, the first acquisition module is specifically used In first message that receiving stream point of departure or upper hop value-added service equipment are sent.
In conjunction with the 5th kind of realization method of the second aspect, in the 6th kind of realization method of the second aspect, institute Stating device further includes:
Processing module, for carrying out value-added service equipment processing to first message, first message that obtains that treated, The purpose IP address and address table phase of the purpose IP address and address table and first message of treated first message Together.
It is repaiied in the 7th kind of realization method of the second aspect in conjunction with the 6th kind of realization method of the second aspect Change module to be specifically used for:
According to the address modification in the first item of the address table of treated first message, described treated first The purpose IP address of message deletes the first item of the address table of treated first message, obtains second message.
In conjunction with the 7th kind of realization method of the second aspect, in the 8th kind of realization method of the second aspect, when When the IP address of value-added service equipment in described address table is empty, the modification unit is specifically used for:
According to the address modification in the first item of the address table of treated first message, described treated first The purpose IP address of message deletes the address table of treated first message, obtains second message.
The third aspect provides a kind of device to E-Packet, including processor, communication interface, memory and bus, wherein The processor, the communication interface and the memory carry out mutual communication by the bus;
The memory is for storing program;
The processor is used to call the described program in the memory, and the first aspect is executed according to described program Method, and pass through the communication interface and forward second message.
In said program, stream distribution point by the service message of reception add include value-added service equipment IP address And the address table of forwarding address, the value-added service that the service message is sent to successively in corresponding service path can be set It is standby, it realizes while carrying out value-added service processing to the service message, avoids the service message being sent to not phase The value-added service equipment of pass, and then avoid the waste to value-added service capacity of equipment.Also, address table is added by stream distribution point It is added in service message and sends, avoid and configuration complexities caused by service path are respectively configured in each value-added service equipment ask Topic.
Description of the drawings
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for For those of ordinary skill in the art, without creative efforts, other are can also be obtained according to these attached drawings Attached drawing.
Fig. 1 is a kind of network architecture schematic diagram provided in an embodiment of the present invention;
Fig. 2 is a kind of flow diagram of the method to E-Packet provided in the embodiment of the present invention;
Fig. 3 is the flow diagram for the method that the another kind provided in the embodiment of the present invention E-Packets;
Fig. 4 is the flow diagram for the method that another provided in the embodiment of the present invention E-Packets;
Fig. 5 is a kind of structural schematic diagram of the device to E-Packet provided in the embodiment of the present invention;
Fig. 6 is the structural schematic diagram for the device that the another kind provided in the embodiment of the present invention E-Packets;
Fig. 7 is the structural schematic diagram for the device that the another kind provided in the embodiment of the present invention E-Packets;
Fig. 8 is the structural schematic diagram of the still another device to E-Packet provided in the embodiment of the present invention.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation describes, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, those of ordinary skill in the art are obtained every other without creative efforts Embodiment shall fall within the protection scope of the present invention.
An embodiment of the present invention provides a kind of system to E-Packet, as shown in Figure 1, the system stream distribution point 12 and Value-added service equipment 13, the value-added service equipment can there are one or it is multiple, multiple value-added service equipment are shown in figure 13a-n.Wherein, the stream distribution point 12 and value-added service equipment 13 may each be the dummy node in network, virtual functions Module or hardware physical entity.Stream distribution point 12 is used for acquisition strategy table, selects service path according to the Policy Table, passes through The selected service path sends Business Stream to value-added service equipment 13.Two service paths, respectively industry are shown in Fig. 1 Business path 1 and service path 2.The value-added service equipment 13 is used to carry out value-added service processing to the Business Stream, and forwards Treated Business Stream.The stream distribution point 12 and the concrete function of value-added service equipment 13 can refer to following each implementation Description in example.
Based on system shown in FIG. 1, an embodiment of the present invention provides a kind of method to E-Packet, the execution of the method Main body can be stream distribution point 12 or value-added service equipment 13, as shown in Fig. 2, the method can be held by value-added service equipment Row, can also be executed by stream distribution point, the method includes:
201, the first message is obtained, first message is obtained according to service message, and the service message is to need The message of value-added service processing, first message includes address table, and described address table includes the IP address of value-added service equipment And forwarding address, the value-added service equipment are located on the service path of the service message.Wherein, first message can Can also be the warp that value-added service equipment receives to be that stream distribution point passes through the service message received the message that processing obtains Overcurrent point of departure treated message can also be being handled by other value-added service equipment of receiving of value-added service equipment Message can also be the report obtained after sending that treated by value-added service device for flow point of departure service message being further processed Text is not limited here.No matter how first message obtains, first message is finally according to the business report What text obtained.
The service path is by needing to carry out the value-added service equipment of value-added service processing successively to the service message The path of composition, i.e., the described service path include the value-added service equipment for needing to carry out the service message value-added service processing Sequence.It may include the whole on the service path according to the variation of the executive agent of the method, in described address table The IP address information of value-added service equipment or the IP address information of part value-added service equipment.The increasing in described address table The IP address of value business device may be sky, i.e., described address table includes only the forwarding address.
The forwarding address be described address table last in address.
202, the purpose IP address of first message is changed according to the address in the first item of described address table, deletes institute The first item for stating address table obtains the second message.
Step 202 specifically refers to, the first item purpose IP address of first message being revised as in described address table In address, and delete the first item in described address table, using the message that the first message is obtained after above-mentioned processing as Second message.
When executing the method by stream distribution point, the address in the first item of described address table is value-added service equipment IP address.When executing the method by value-added service equipment, the address in the first item can be next-hop value-added service The IP address of equipment, or forwarding address.
203, second message is forwarded according to the purpose IP address of second message.
Specifically, it is to be transmitted to second message according to the purpose IP address of second message in step 203 The corresponding value-added service equipment of purpose IP address of second message, i.e. next-hop value-added service equipment.
Include the IP address of value-added service equipment and the address of forwarding address by acquisition in the above embodiment of the present invention First message of table, and first message is modified to obtain the second message, second message is then sent, is realized Value-added service equipment is specified, can be avoided sending out the message while carrying out value-added service processing to the message Incoherent value-added service equipment is given, and then avoids the waste to value-added service capacity of equipment.
Separately below from the angle of stream distribution point and value-added service equipment, method shown in Fig. 2 is further elaborated.
As shown in figure 3, in one embodiment of the invention, it is described when method shown in Fig. 2 is executed by stream distribution point Method can specifically include:
301, stream distribution point receives service message, wherein the service message is the report for needing to carry out value-added service processing Text.
The service message can be the message received from user side, can also be the message received from network side, this reality It is without limitation to apply example.The service message is IP packet.
302, the stream distribution point obtains the traffic stream identifier of the Business Stream belonging to the service message.
Wherein it is possible to by source IP address, purpose IP address, source port, destination interface, at least one of protocol number letter Breath carrys out identification service stream, and therefore, the traffic stream identifier may include the source IP address of the service message, purpose IP address, Source port, at least one of destination interface and protocol number.Optionally, the traffic stream identifier can be the service message Five-tuple information can also be the numerical value obtained by certain algorithm according to the five-tuple information of the service message, such as Pass through the obtained numerical value of Hash (hash) algorithm.
303, the stream distribution point obtains the service path of the service message, the business according to the traffic stream identifier Path includes the sequence for needing to carry out the service message value-added service equipment of value-added service processing.
Specifically, the stream distribution point obtains the traffic stream identifier according to the traffic stream identifier search strategy table Affiliated strategy obtains the service path in the strategy.The Policy Table is used to indicate the value-added service processing side of Business Stream Formula.The Policy Table includes at least one strategy, each strategy includes pair of traffic stream identifier, service path and pass-through mode It should be related to.
The sequence of the value-added service equipment can be specifically the sequence or IP address of the mark of value-added service equipment Sequence.The sequence shows the sequence that value-added service equipment handles Business Stream.The mark can be digital number, For example, the number that the number that the number of FW is 1, IPS is 2, IDS is 3 etc., then service path (3,1,2) indicates that Business Stream needs Handled by three value-added service equipment, the sequence of processing IDS before this, after be FW, be finally IPS.It is described mark or The code of value-added service equipment, for example, it may be FW, IPS or IDS etc..
The pass-through mode refers to the pass-through mode of the last one the value-added service equipment in corresponding service path, including Echo plex mode and direct pass-through mode.The echo plex mode, which refers to the last one value-added service equipment, will pass through all increment industry The message obtained after business equipment processing still returns to stream distribution point.The direct pass-through mode refers to the last one described increment Business device is turned the message obtained after the processing of all value-added service equipment according to the purpose IP address of service message Hair.
The Policy Table can the stream distribution point obtained from management equipment, can also be to be pre-configured with by user On the stream distribution point, it is not limited herein.
304, the stream distribution point obtains the IP address of the value-added service equipment in the service path.
Wherein, when the service path includes multiple value-added service equipment, the increment in the service path is obtained The IP address of business device, in particular to according to the IP of the multiple value-added service equipment obtained successively in the service path Location.
When the service path includes the sequence of the mark of value-added service equipment, the stream distribution point according to mapping table according to The IP address of the secondary corresponding value-added service equipment of mark for obtaining the value-added service equipment in the service path.Wherein, described Each list item of mapping table includes the correspondence of the IP address of value-added service equipment and the mark of value-added service equipment.It is described to reflect Firing table can be that the management equipment and stream distribution point negotiate determination, can also be that the management equipment is sent out according to configuration Give the stream distribution point.When the service path includes the sequence of the IP address of value-added service equipment, the stream distribution Point directly obtains the IP address of the value-added service equipment from the service path.
305, the stream distribution point obtains the forwarding address of the service message.
The forwarding address is the purpose for the message that the service message obtains after the processing of whole value-added service equipment IP address.The forwarding address is turned by the stream distribution point according to the last one the value-added service equipment in the service path Originating party formula determines, as previously mentioned, the pass-through mode can be obtained by the Policy Table.
The forwarding address that the stream distribution point obtains the service message includes:The pass-through mode in the strategy is obtained, When the pass-through mode is echo plex mode, using the IP address of the stream distribution point as the forwarding address;And obtain institute The pass-through mode in strategy is stated, when the pass-through mode is direct pass-through mode, by the purpose IP address of the service message As the forwarding address.
306, the stream distribution point obtains the first message, and first message is obtained according to the service message, institute It includes address table to state the first message, and described address table includes the IP address and forwarding address of value-added service equipment, the increment Business device is located on the service path of the service message.
Specifically, the first message of the stream distribution point acquisition includes:Address table is added for the service message, described Added successively in address table the value-added service equipment on the service path obtained in the step 304 IP address and The forwarding address obtained in the step 305 is added in last of described address table, obtains first message, described turn Send out address be described address table last in address.
Specifically, the service path includes the sequence of multiple value-added service equipment, and described address table includes correspondingly The IP address of the multiple value-added service equipment.Also, the IP address of the multiple value-added service equipment is in described address table Sequence it is identical as sequence of corresponding value-added service equipment in the service path.
Described address table can in many ways add in the service message, for example, the addition of described address table is existed In extension header for the service message, alternatively, by the addition of described address table in the IP options of the service message.
It, can be with altogether there are four value-added service equipment 13a-13d in service path 1 by taking service path 1 shown in FIG. 1 as an example It being denoted as (13a, 13b, 13c, 13d), the IP address of the value-added service equipment 13a-13d is respectively 1.1.1.10,1.1.1.11, And 1.1.1.13 1.1.1.12.It is 1.1.1.1 that stream distribution point, which receives source IP address, and purpose IP address is the business of 2.2.2.2 After message, the traffic stream identifier of the Business Stream belonging to the service message is obtained, business is got according to the traffic stream identifier Path 1 is got according to the mark of each value-added service equipment in the service path 1 according to the mapping table being locally stored respectively IP address 1.1.1.10,1.1.1.11,1.1.1.12 and the 1.1.1.13 of each value-added service equipment, it is assumed that the business road The pass-through mode of the last one value-added service equipment is direct pass-through mode in diameter, then the stream distribution point determines the forwarding ground Location is 2.2.2.2, then, address table is added for the service message, by the IP address of each value-added service equipment according to institute The sequence for stating the mark of each value-added service equipment in service path 1 is added in described address table, and the forwarding address is added To described address table last in, obtain source IP address be 1.1.1.1, purpose IP address 2.2.2.2, carry address table First message of (1.1.1.10,1.1.1.11,1.1.1.12,1.1.1.13,2.2.2.2).
In each embodiment of the application, for the ease of statement, described address table is indicated with round bracket, is implemented In, described address table can be there are many form of expression.
307, the stream distribution point changes the purpose of first message according to the address in the first item of described address table IP address deletes the first item of described address table, obtains the second message.
Specifically, the stream distribution point is according to the IP address in the first item of described address table, i.e., the described service path In first value-added service equipment IP address, change the purpose IP address of first message, and delete first message In described address table first item, obtain the second message.
Then the source IP address of above-mentioned example, first message is 1.1.1.1, and purpose IP address 2.2.2.2 takes The address table of band is (1.1.1.10,1.1.1.11,1.1.1.12,1.1.1.13,2.2.2.2).Then in this step, the stream The purpose IP address of first message is revised as the first item in described address table by point of departure by 2.2.2.2, i.e., 1.1.1.10,1.1.1.10 and from described address table is deleted, obtains the second message, the source IP address of second message is 1.1.1.1, purpose IP address 1.1.1.10, the address table of carrying be (1.1.1.11,1.1.1.12,1.1.1.13, 2.2.2.2)。
308, the stream distribution point sends second message according to the purpose IP address of second message.
Specifically, since the purpose IP address of second message is first value-added service in the service path Second message is sent to first increasing in the service path by the IP address of equipment, the point of stream distribution described in this step It is worth business device.
Above-mentioned steps 306,307 and 308 are step 201 in Fig. 2,202 and 203 specific implementation respectively.
In the above embodiment of the present invention, stream distribution point includes value-added service equipment by being added in the service message of reception IP address and forwarding address address table, the increasing that the service message can be sent to successively in corresponding service path It is worth business device, realizes while carrying out value-added service processing to the service message, avoid sending out the service message Incoherent value-added service equipment is given, and then avoids the waste to value-added service capacity of equipment.Also, it will by stream distribution point Address table addition is sent in service message, is avoided to be respectively configured caused by service path in each value-added service equipment and is configured Complexity problem.
As shown in figure 4, in another embodiment of the present invention, when method shown in Fig. 2 is executed by value-added service equipment When, the method can specifically include:
401, value-added service equipment obtains the first message, and first message is obtained according to service message, the industry Business message is the message for needing value-added service to handle, and first message includes address table, and described address table includes value-added service The IP address and forwarding address of equipment, the value-added service equipment are located on the service path of the service message.
The forwarding address be described address table last in address.There are one in described address forwarding table only When address, described address is the forwarding address, in this case, it is believed that the IP address of value-added service equipment is sky.
The value-added service equipment obtains the first message, can be specifically the first message that receiving stream point of departure is sent, or Person is the first message that upper hop value-added service equipment is sent.
It is described altogether there are four value-added service equipment 13a-13d in service path 1 by taking service path 1 shown in FIG. 1 as an example The IP address of value-added service equipment 13a-13d is respectively 1.1.1.10,1.1.1.11,1.1.1.12 and 1.1.1.13.For For value-added service equipment 13a, first message can be that the stream distribution point is sent, source IP address 1.1.1.1, mesh IP address be 1.1.1.10, the address table of carrying is the message of (1.1.1.11,1.1.1.12,1.1.1.13,2.2.2.2). Wherein, the 1.1.1.11 in described address table, 1.1.1.12,1.1.1.13 are the IP address of value-added service equipment, and 2.2.2.2 is Forwarding address.
402, the value-added service equipment carries out value-added service processing to first message, first report that obtains that treated Text.
Since the major function of value-added service equipment is exactly to carry out value-added service processing to message, the increment industry Equipment of being engaged in carries out value-added service processing after receiving first message, to first message, obtains that treated first Message.Purpose IP address and address of the purpose IP address and address table of treated first message with first message Table is identical.
403, the value-added service equipment is according to the address in the first item of the address table of treated first message The purpose IP address of modification is described treated the first message deletes the first of the address table of treated first message , obtain the second message.
In a realization method of the present embodiment, the IP address of the value-added service equipment is not sky, still with the increasing It is worth for business device 13a, is 1.1.1.1 when the value-added service equipment 13a receives source IP address, purpose IP address is 1.1.1.10, after the address table of carrying is first message of (1.1.1.11,1.1.1.12,1.1.1.13,2.2.2.2), it is assumed that To first message after value-added service is handled, the purpose IP address and address table of first message that obtains that treated are not Become, then in step 403, the value-added service equipment 13a is by the purpose IP address 1.1.1.10 of treated first message The first item being revised as in described address table, i.e. 1.1.1.11, and delete the first item of described address table, i.e., from described address table Middle deletion 1.1.1.11 obtains the second message, and the source IP address of second message is 1.1.1.1, and purpose IP address is 1.1.1.11, the address table of carrying is (1.1.1.12,1.1.1.13,2.2.2.2).
In another realization method of the present embodiment, when the value-added service in the described address table of first message is set Standby IP address is sky, i.e., when only including one of forwarding address in described address table, then in step 403, due to processing Only has one in the address table of the first message afterwards, then the value-added service equipment is by deleting treated first report The address table of text, can just obtain second message.For example, when first message is the value-added service equipment 13d from increasing When being worth the message that business device 13c is received, the source IP address of first message is 1.1.1.1, and purpose IP address is 1.1.1.13, address table is (2.2.2.2), it is assumed that the source IP address of treated the first message, purpose IP address and address table Constant, then value-added service equipment 13d changes the purpose IP address of treated first message, 2.2.2.2, and by address 2.2.2.2 in table is deleted, after deleting 2.2.2.2, since the address table in treated first message be empty, increasing Value business device 13d further deletes described address table, obtains the second message.Second message at this time is without address table Message.
404, the value-added service equipment forwards second message according to the purpose IP address of second message.
In one embodiment, the value-added service equipment 13a is according to the purpose IP address of second message 1.1.1.11 second message is sent to value-added service equipment 13b.
In another embodiment, the value-added service equipment 13d is according to the purpose IP address of second message 2.2.2.2 second message is forwarded.
Above-mentioned steps 401,403 and 404 are step 201 in Fig. 2,202 and 203 specific implementation respectively.
In the present embodiment, the value-added service equipment receiving stream point of departure or upper hop value-added service equipment send the One message, according to the address table carried in first message by first message be sent to other value-added service equipment or It is forwarded, i.e., is realized by address table and value-added service equipment is specified, value-added service can carried out to the message While processing, avoid the message being sent to incoherent value-added service equipment, and then avoid to value-added service equipment The waste of ability.
The embodiment above method to realize the present invention, the embodiment of the present invention additionally provide a kind of device 500 to E-Packet, As shown in figure 5, described device includes the first acquisition module 501, modified module 502 and forwarding module 503.
First acquisition module 501 is obtained for obtaining the first message, first message according to service message, The service message is the message for needing value-added service to handle, and first message includes address table, and described address table includes increasing It is worth the IP address and forwarding address of business device, the value-added service equipment is located on the service path of the service message.
The modified module 502 is used to change the mesh of first message according to the address in the first item of described address table IP address, delete described address table first item, obtain the second message.
The forwarding module 503 is used to forward second message according to the purpose IP address of second message.
Above-mentioned first acquisition module 501, modified module 502 and forwarding module 503 be respectively used to execute step 201,202 with And 203, concrete function please refers to Fig.2 relevant description.
In one embodiment of the invention, when the device to E-Packet is stream distribution point, as shown in fig. 6, institute Stating device 500 further includes:Receiving module 601 and the second acquisition module 602.
The receiving module 601 is for receiving the service message.
Second acquisition module 602 is for the traffic stream identifier for obtaining the Business Stream belonging to the service message; The service path of the service message is obtained according to the traffic stream identifier, the service path includes the sequence of value-added service equipment Row;Obtain the IP address of the value-added service equipment in the service path;And obtain the forwarding address, the forwarding address For the purpose IP address of the service message or the IP address of stream distribution point.
The service message that first acquisition module 501 is specifically used for receiving for the receiving module adds address table, The IP address for adding the value-added service equipment in the service path in described address table successively, in last of described address table Item adds the forwarding address, obtains first message.
Further, described device 500 further includes the first memory module 603, is used for storage strategy table, and described second obtains The service path that module 602 obtains the service message according to the traffic stream identifier includes:It is looked into according to the traffic stream identifier The Policy Table stored in first memory module 603 is looked for, the strategy belonging to the traffic stream identifier is obtained, obtains the strategy In service path;The Policy Table include at least one of strategy, each strategy include traffic stream identifier, service path and turn The correspondence of originating party formula;Second acquisition module 602 obtain the forwarding address include it is following any one:Described in acquisition Pass-through mode in strategy turns when the pass-through mode is echo plex mode using the IP address of the stream distribution point as described Send out address;And the pass-through mode in the acquisition strategy, when the pass-through mode is direct pass-through mode, by the business The purpose IP address of message is as the forwarding address.
Further, described device further includes the second memory module 604, memory map assignments is used for, when the value-added service When the sequence of equipment includes the sequence of the mark of the value-added service equipment, second acquisition module 602 obtains the business The IP address of value-added service equipment in path includes:Obtain the increment industry in the service path successively according to the mapping table The IP address of the corresponding value-added service equipment of mark for equipment of being engaged in, each list item of the mapping table includes value-added service equipment The correspondence of the mark of IP address and value-added service equipment.
In another embodiment of the present invention, when the device to E-Packet is value-added service equipment, such as Fig. 7 institutes Show, described device further includes processing module 701.First acquisition module 501 is specifically used for receiving stream point of departure or upper hop First message that value-added service equipment is sent.
The processing module 701 is used to carry out value-added service processing to first message, first report that obtains that treated Text, the purpose IP address of treated first message and purpose IP address and address with address table and first message Table is identical.
The modified module 502 is specifically used for, according in the first item of the address table of treated first message The purpose IP address of address modification is described treated the first message deletes the of the address table of treated first message One, obtain second message.
In another embodiment of the present invention, when the device to E-Packet is value-added service equipment, if institute That is, the IP address for stating the value-added service equipment in the address table of the first message of the first acquisition module 501 acquisition is sky, describedly When only including one (address therein is forwarding address) in the table of location, the modified module 502 is specifically used for according to the processing The purpose IP address of address modification in the first item of the address table of the first message afterwards is described treated the first message, is deleted The address table of treated first message, obtains second message.
Device in the various embodiments described above of the present invention includes the IP address of value-added service equipment by acquisition and forwards ground First message of the address table of location, and first message is modified to obtain the second message, then send second report Text is realized and is specified to value-added service equipment, can be avoided institute while carrying out value-added service processing to the message It states message and is sent to incoherent value-added service equipment, and then avoid the waste to value-added service capacity of equipment.
The embodiment of the present invention additionally provides a kind of device 800 to E-Packet, described device can be include computing capability Host server or router, network switch etc., the specific embodiment of the invention is not to the specific of calculate node Realization limits.As shown in figure 8, described device 800 includes:
Processor (English:Processor) 810, communication interface (English:Communications interface) 820, Memory (English:Memory) 830, bus 840.
Processor 810, communication interface 820, memory 830 carry out mutual communication by bus 840.
Communication interface 820, for being communicated with ext nal network element.In one embodiment, the communication interface 820 be used for The communications such as management equipment 11, value-added service equipment 13.In another embodiment, the communication interface 820 is used for and flow point Hair point 12, value-added service equipment 13 etc. communicates.Communication interface 820 can be by optical transceiver, electric transceiver, wireless transceiver or its Arbitrary combination is realized.For example, optical transceiver can be Small Form-Factor Pluggable (English:small form-factor pluggable Transceiver, abbreviation:SFP) transceiver (English:Transceiver), enhance Small Form-Factor Pluggable (English:enhanced Small form-factor pluggable, abbreviation:SFP+) transceiver or 10 gigabit Small Form-Factor Pluggables (English:10 Gigabit small form-factor pluggable, abbreviation:XFP) transceiver.Electric transceiver can be Ethernet (English Text:Ethernet) network interface controller (English:Network interface controller, abbreviation:NIC).It is wireless to receive Hair device can be radio network interface controller (English:Wireless network interface controller, abbreviation: WNIC).Communication interface 820 may include multiple physical interfaces, such as communication interface 820 includes multiple Ethernet interfaces.
Processor 810, for executing program 832.
Specifically, program 832 may include program code, and said program code includes computer-managed instruction.
Processor 810 may be central processing unit (English:Central processing unit, abbreviation:CPU), or It is application-specific integrated circuit (English:Application-specific integrated circuit, abbreviation:ASIC).
Memory 830, for storing program 832.Memory 830 may include volatile memory (English:volatile Memory), such as random access memory is (English:Random-access memory, abbreviation:RAM);Memory 830 also may be used To include nonvolatile memory (English:Non-volatile memory), such as read-only memory (English:read-only Memory, abbreviation:ROM), flash memory (English:Flash memory), hard disk (English:Hard disk drive, contracting It writes:HDD) or solid state disk is (English:Solid-state drive, abbreviation:SSD);Memory 830 can also include above-mentioned kind The combination of the memory of class.
Processor 810 is used to call the program 832 in the memory, and Fig. 2, Fig. 3 or Fig. 4 institutes are executed according to program 832 The method shown, and second message is forwarded by the communication interface.
One of ordinary skill in the art will appreciate that realizing that all or part of step of above-described embodiment can pass through hardware It completes, relevant hardware can also be instructed to complete by program, the program can be stored in a kind of computer-readable In storage medium, storage medium mentioned above can be read-only memory, disk or CD etc..
The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all the present invention principle it Interior, any modification, equivalent replacement, improvement and so on should all be included in the protection scope of the present invention.

Claims (7)

1. a kind of method to E-Packet, which is characterized in that including:
The first message is obtained, first message is obtained according to service message, and the service message is to need value-added service The message of processing, first message include address table, and described address table includes IP address and the forwarding of value-added service equipment Address, the forwarding address be described address table last in address;The value-added service equipment is located at the business On the service path of message;The service path includes the value-added service for needing to carry out the service message value-added service processing The sequence of equipment;
The purpose IP address of first message is changed according to the address in the first item of described address table, deletes described address table First item, obtain the second message;
Second message is forwarded according to the purpose IP address of second message;
Before the first message of the acquisition, the method further includes:
Receive the service message;
Obtain the traffic stream identifier of the Business Stream belonging to the service message;
The service path of the service message is obtained according to the traffic stream identifier, the service path includes value-added service equipment Sequence;
Obtain the IP address of the value-added service equipment in the service path;And
The forwarding address is obtained, the forwarding address is for the purpose IP address of the service message or the IP of stream distribution point Location;
The service path that the service message is obtained according to the traffic stream identifier includes:It is looked into according to the traffic stream identifier Policy Table is looked for, the strategy belonging to the traffic stream identifier is obtained, obtains the service path in the strategy;The Policy Table includes At least one strategy, each strategy include the correspondence of traffic stream identifier, service path and pass-through mode;
It is described obtain the forwarding address include it is following any one:The pass-through mode in the strategy is obtained, when the forwarding When mode is echo plex mode, using the IP address of the stream distribution point as the forwarding address;And it obtains in the strategy Pass-through mode turns when the pass-through mode is direct pass-through mode using the purpose IP address of the service message as described Send out address.
2. according to the method described in claim 1, it is characterized in that, the first message of the acquisition includes:
Address table is added for the service message, the value-added service added successively in described address table in the service path is set Standby IP address, last in described address table add the forwarding address, obtain first message.
3. according to the method described in claim 2, it is characterized in that,
It is described to obtain the industry when the sequence of the value-added service equipment includes the sequence of the mark of the value-added service equipment The IP address of value-added service equipment in business path includes:Obtain the value-added service in the service path successively according to mapping table The IP address of the corresponding value-added service equipment of mark of equipment, each list item of the mapping table includes the IP of value-added service equipment The correspondence of the mark of address and value-added service equipment;Or
When the sequence of the value-added service equipment includes the sequence of the IP address of the value-added service equipment, the acquisition The IP address of value-added service equipment in the service path includes:The value-added service is directly obtained from the service path The IP address of equipment.
4. a kind of device to E-Packet, which is characterized in that including:
First acquisition module, for obtaining the first message, first message is obtained according to service message, the business report Text is the message for needing value-added service to handle, and first message includes address table, and described address table includes value-added service equipment IP address and forwarding address, the forwarding address be described address table last in address;The value-added service Equipment is located on the service path of the service message;The service path includes needing to carry out increment industry to the service message The sequence for the value-added service equipment handled of being engaged in;
Modified module changes the purpose IP address of first message for the address in the first item according to described address table, The first item for deleting described address table, obtains the second message;
Forwarding module, for forwarding second message according to the purpose IP address of second message;
Described device further includes receiving module and the second acquisition module:
The receiving module is for receiving the service message;
Second acquisition module is used to obtain the traffic stream identifier of the Business Stream belonging to the service message;According to the business Traffic identifier obtains the service path of the service message, and the service path includes the sequence of value-added service equipment;Described in acquisition The IP address of value-added service equipment in service path;And the forwarding address is obtained, the forwarding address is the business The IP address of purpose IP address or the stream distribution point of message;
Described device further includes memory module, is used for storage strategy table,
The service path that second acquisition module obtains the service message according to the traffic stream identifier includes:According to described Traffic stream identifier searches the Policy Table stored in the memory module, obtains the strategy belonging to the traffic stream identifier, obtains Take the service path in the strategy;The Policy Table includes at least one strategy, each strategy includes traffic stream identifier, business The correspondence of path and pass-through mode;
Second acquisition module obtain the forwarding address include it is following any one:Obtain the forwarding side in the strategy Formula, when the pass-through mode is echo plex mode, using the IP address of the stream distribution point as the forwarding address;And it obtains Pass-through mode in the strategy, when the pass-through mode is direct pass-through mode, by the destination IP of the service message Location is as the forwarding address.
5. device according to claim 4, which is characterized in that first acquisition module is specifically used for:
Address table is added for the service message that the receiving module receives, adds the service path successively in described address table In value-added service equipment IP address, last in described address table add described forwarding address, obtain described first Message.
6. device according to claim 5, which is characterized in that described device further includes the second memory module, for storing Mapping table, each list item of the mapping table include the correspondence of the IP address of value-added service equipment and the mark of value-added service equipment Relationship;
When the sequence of the value-added service equipment includes the sequence of the mark of the value-added service equipment, described second obtains list The IP address that member obtains the value-added service equipment in the service path includes:Obtain the service path successively according to mapping table In value-added service equipment the corresponding value-added service equipment of mark IP address, each list item of the mapping table includes increment The correspondence of the IP address of business device and the mark of value-added service equipment.
7. a kind of device to E-Packet, which is characterized in that including processor, communication interface, memory and bus, wherein institute Processor is stated, the communication interface and the memory carry out mutual communication by the bus;
The memory is for storing program;
The processor is used to call the described program in the memory, requires to appoint in 1-3 according to described program perform claim Method described in meaning one, and second message is forwarded by the communication interface.
CN201480000859.0A 2014-01-06 2014-01-06 A kind of method and apparatus to E-Packet Active CN105103503B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2014/070184 WO2015100751A1 (en) 2014-01-06 2014-01-06 Packet forwarding method and device

Publications (2)

Publication Number Publication Date
CN105103503A CN105103503A (en) 2015-11-25
CN105103503B true CN105103503B (en) 2018-07-31

Family

ID=53493054

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201480000859.0A Active CN105103503B (en) 2014-01-06 2014-01-06 A kind of method and apparatus to E-Packet

Country Status (2)

Country Link
CN (1) CN105103503B (en)
WO (1) WO2015100751A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114124777A (en) * 2020-08-27 2022-03-01 中国电信股份有限公司 Value added service processing method, device and system
CN113992592B (en) * 2021-10-27 2023-11-17 锐捷网络股份有限公司 Message forwarding method and device, port drainage system and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101984598A (en) * 2010-11-04 2011-03-09 成都市华为赛门铁克科技有限公司 Message forwarding method and deep packet inspection (DPI) device
CN102075438A (en) * 2011-02-14 2011-05-25 中兴通讯股份有限公司 Unicast data frame transmission method and device
CN103346974A (en) * 2013-06-03 2013-10-09 华为技术有限公司 Controlling method of service process and network device
WO2013189272A1 (en) * 2012-06-18 2013-12-27 华为技术有限公司 Service processing method, device and system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101510845B (en) * 2009-03-27 2012-10-10 北京星网锐捷网络技术有限公司 Method and apparatus for forwarding label
US8699488B2 (en) * 2009-12-30 2014-04-15 Verizon Patent And Licensing Inc. Modification of peer-to-peer based feature network based on changing conditions / session signaling
CN102769557B (en) * 2012-08-09 2015-08-12 深圳市共进电子股份有限公司 A kind of transmission method of business datum message and device
CN103051629B (en) * 2012-12-24 2017-02-08 华为技术有限公司 Software defined network-based data processing system, method and node

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101984598A (en) * 2010-11-04 2011-03-09 成都市华为赛门铁克科技有限公司 Message forwarding method and deep packet inspection (DPI) device
CN102075438A (en) * 2011-02-14 2011-05-25 中兴通讯股份有限公司 Unicast data frame transmission method and device
WO2013189272A1 (en) * 2012-06-18 2013-12-27 华为技术有限公司 Service processing method, device and system
CN103346974A (en) * 2013-06-03 2013-10-09 华为技术有限公司 Controlling method of service process and network device

Also Published As

Publication number Publication date
WO2015100751A1 (en) 2015-07-09
CN105103503A (en) 2015-11-25

Similar Documents

Publication Publication Date Title
CN108471397B (en) Firewall configuration, message sending method and device
EP3076612B1 (en) Packet processing methods and nodes
CN108141416B (en) Message processing method, computing equipment and message processing device
US10243833B2 (en) Flow table management method, and related device and system
CN104580168B (en) A kind of processing method of Attacking Packets, apparatus and system
JP6348983B2 (en) Layer 2 path tracking through context coding in software defined networking
CN105745883B (en) Forwarding table synchronous method, the network equipment and system
JP2017518710A (en) Service flow processing method, apparatus, and device
WO2018036254A1 (en) Packet forwarding method and device
US11522795B1 (en) End to end application identification and analytics of tunnel encapsulated traffic in the underlay
JP5888338B2 (en) Communication system and communication method
US11165653B2 (en) Node discovery mechanisms in a switchless network
EP3096498A1 (en) Packet transfer device, control device, communication system, communication method, and program
US20170201466A1 (en) Data packet processing apparatus and method
CN105103516A (en) Processing rule modification method, device and apparatus
JPWO2014112616A1 (en) Control device, communication device, communication system, switch control method and program
CN104811380A (en) Method for transmitting traffic-guiding routing information and cleaning apparatus
WO2014022350A1 (en) Connection mesh in mirroring asymmetric clustered multiprocessor systems
CN105103503B (en) A kind of method and apparatus to E-Packet
US20200028779A1 (en) Packet processing method and apparatus
US20170359259A1 (en) Packet field matching in openflow
US10177935B2 (en) Data transfer system, data transfer server, data transfer method, and program recording medium
US11411998B2 (en) Reputation-based policy in enterprise fabric architectures
EP3059909B1 (en) Method, apparatus and system for controlling forwarding of service data in virtual network
JPWO2016017737A1 (en) Switch, overlay network system, communication method and program

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant