CN117201640A

CN117201640A - Method for processing message, communication device and communication system

Info

Publication number: CN117201640A
Application number: CN202210612470.8A
Authority: CN
Inventors: 邰博; 郎明亮; 潘欣宇; 刘兵社
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2022-05-31
Filing date: 2022-05-31
Publication date: 2023-12-08

Abstract

The application discloses a method for processing a message, a communication device and a communication system, and belongs to the technical field of communication. The method comprises the following steps: the first communication device receives a first message, wherein the first message comprises an inner layer message header and an outer layer message header. And then, the first communication device copies the inner layer message header, and the copied inner layer message header is arranged outside the outer layer message header, so that a second message is obtained. The copied inner layer message header is used for processing a second message. Because the first communication device places the copied inner layer message header outside the outer layer message header, the second message can be processed based on the copied inner layer message header without deleting the outer layer message header and then processing the second message based on the inner layer message header. Therefore, the complexity of processing the second message is reduced, and the processing process of the second message is simpler and more flexible. After the second message is processed based on the copied inner layer message header, the outer layer message header still remains in the second message without adding an additional outer layer message header.

Description

Method for processing message, communication device and communication system

Technical Field

The present application relates to the field of communications technologies, and in particular, to a method for processing a packet, a communications device, and a communications system.

Background

In the field of communication technology, a message header included in a message is used for processing the message. How to realize a simple and flexible message processing process becomes a concern.

Disclosure of Invention

The application provides a method for processing a message, a communication device and a communication system, which are used for realizing a simple and flexible message processing process. The technical scheme provided by the application comprises the following aspects.

In a first aspect, a method for processing a message is provided. In the method, a first communication device receives a first message, the first message including an inner layer header and an outer layer header. And then, the first communication device copies the inner layer message header, and the copied inner layer message header is arranged outside the outer layer message header, so that a second message is obtained. The copied inner layer message header is used for processing a second message.

In the application, the first communication device places the copied inner layer message header outside the outer layer message header, so that the second message can be processed based on the copied inner layer message header without deleting the outer layer message header and then processing the second message based on the inner layer message header. Therefore, the complexity of processing the second message is reduced, and the processing process of the second message is simpler and more flexible. And after the second message is processed based on the copied inner layer message header, the outer layer message header still remains in the second message, and the outer layer message header included in the second message can be used according to actual requirements without additionally adding the outer layer message header.

In one possible implementation, the outer layer header includes at least one of an internet protocol (Internet protocol, IP) extended header and a multiprotocol label switching (MPLS) header.

In one possible implementation, the IP extension header is a segment routing header (segment routing header, SRH), the SRH includes a segment identifier (segment identification, SID), the SID includes a location field for indicating the first communication device and a function field for indicating the duplication of the inner layer header, and the duplicated inner layer header is placed outside the outer layer header to obtain the second message. The first communication device copies the inner layer message header, places the copied inner layer message header outside the outer layer message header to obtain a second message, and comprises: the first communication device copies the inner layer message header based on the SID, and places the copied inner layer message header outside the outer layer message header to obtain the second message.

In the application, when the outer layer message header is SRH, a SID is newly defined, the function field of the SID is used for indicating to copy the inner layer message header, and the copied inner layer message header is arranged outside the outer layer message header to obtain a second message. Thereby, the first communication device is enabled to obtain the second message based on the indication of the SID.

In one possible implementation, the destination address field of the duplicated inner layer header is an address of a next-hop communication device of the first communication device on the transmission path, and the transmission path is determined based on the outer layer header.

The destination address field is used for enabling the processed second message to reach a next-hop communication device of the first communication device on the transmission path, so that flexibility of message transmission is improved.

In one possible implementation, the duplicated inner layer header is used to identify whether the second message needs to be discarded.

In the traffic cleaning scenario, the copied inner layer header is used to identify whether the second message needs to be discarded. In the related art, for a first message including an inner layer header and an outer layer header, the outer layer header needs to be deleted first, the inner layer header is exposed, and then whether the second message needs to be discarded is identified based on the exposed inner layer header. In the implementation mode, whether the second message needs to be discarded is directly identified based on the copied inner message header, the outer message header does not need to be deleted, and the complexity of flow cleaning of the second message is reduced.

In one possible implementation manner, after obtaining the second message, the method further includes: the first communication device deletes the copied inner layer message header to obtain a third message; the first communication device sends a third message to the second communication device according to the transmission path determined based on the outer layer message header, wherein the second communication device is a communication device which sends the first message to the first communication device.

Under the flow cleaning scene, the outer layer message header does not need to be deleted in the process of identifying whether the second message needs to be discarded or not, so that the outer layer message header still remains in the second message after the second message does not need to be discarded, and the outer layer message header does not need to be additionally added. Accordingly, the message reinjection can be carried out according to the transmission path determined based on the outer layer message header, and the message reinjection mode is simple and easy to implement and flexible.

In one possible implementation, the duplicated inner layer header is used to forward the second message.

In a virtual private network (virtual private network, VPN) option (option) a scenario, the duplicated inner layer header is used to forward the second message, for example, to forward the second message across domains, that is, to transmit the second message from one autonomous system (autonomous system, AS) domain to another domain. According to the requirement of VPN Option A scene, if the message to be forwarded in a cross-domain mode comprises an outer layer message header, deleting the outer layer message header, exposing the inner layer message header and then forwarding in a cross-domain mode. In the application, because the second message contains the copied inner layer message header, the second message can be directly forwarded in a cross-domain manner without deleting the outer layer message header, and the complexity of forwarding the second message in a cross-domain manner is reduced.

And after the second message reaches another AS domain, the outer layer message header is still reserved in the second message, so that message forwarding can be continued in the other AS domain according to the transmission path determined based on the outer layer message header. Namely, in one AS domain, the message transmission path in the other AS domain is appointed through the outer layer message header, so that the flexibility of message forwarding is improved.

In one possible implementation, the SID is located at a head node of the SRH, or the SID is located at an intermediate node of the SRH.

In one possible implementation, the method further includes: the first communication device modifies at least one field of the duplicated inner layer header, the at least one field including at least one of a next header field, a destination address field, a source address field, a time-to-live field, and a frame check sequence field.

In one possible implementation, the inner layer header includes at least one of an IP base header including a fourth version of an internet protocol (Internet protocol version, ipv 4) base header or a sixth version of an internet protocol (Internet protocol version, ipv 6) base header and a transport layer header including a user datagram protocol (user datagram protocol, UDP) header or a transport control protocol (transmission control protocol, TCP) header.

In one possible implementation manner, after obtaining the second message, the method further includes: the first communication device sends a second message to the third communication device, and the copied inner layer message header is used for the third communication device to process the second message.

In this implementation, the second message obtained by the first communication device is processed by the third communication device. Wherein the first communication means and the third communication means may be different communication devices.

In a second aspect, a method for processing a message is provided. In the method, a second communication device generates a first message, wherein the first message comprises an inner layer message header and an outer layer message header. Then, the second communication device sends a first message to the first communication device. The first message is used for copying an inner layer message header by the first communication device, the copied inner layer message header is arranged outside an outer layer message header to obtain a second message, and the copied inner layer message header is used for processing the second message.

In one possible implementation, the outer layer header includes at least one of an IP extension header and an MPLS header.

In one possible implementation, the IP extension header is an SRH, the SRH includes a SID, the SID includes a location field and a function field, the location field is used to indicate the first communication device, the function field is used to indicate the duplication of the inner layer header, and the duplication of the inner layer header is placed outside the outer layer header, so as to obtain the second packet.

In one possible implementation, the inner layer header includes at least one of an IP basic header including an IPv4 basic header or an IPv6 basic header and a transport layer header including a UDP header or a TCP header.

In a third aspect, there is provided a first communication device comprising:

the receiving and transmitting module is used for receiving a first message, and the first message comprises an inner layer message header and an outer layer message header;

the processing module is used for copying the inner layer message header, and placing the copied inner layer message header outside the outer layer message header to obtain a second message, wherein the copied inner layer message header is used for processing the second message.

In one possible implementation, the IP extension header is an SRH, the SRH includes a SID, the SID includes a location field and a function field, the location field is used to indicate the first communication device, the function field is used to indicate the duplication of the inner layer header, and the duplication of the inner layer header is placed outside the outer layer header, so as to obtain the second packet;

and the processing module is used for copying the inner layer message header based on the SID, and placing the copied inner layer message header outside the outer layer message header to obtain a second message.

In a possible implementation manner, the processing module is further configured to delete the duplicated inner layer packet header to obtain a third packet;

and the receiving and transmitting module is also used for transmitting a third message to the second communication device according to the transmission path determined based on the outer layer message header, wherein the second communication device is a communication device for transmitting the first message to the first communication device.

In one possible implementation, the processing module is further configured to modify at least one field of the duplicated inner layer header, where the at least one field includes at least one of a next header field, a destination address field, a source address field, a time-to-live field, and a frame check sequence field.

In one possible implementation, the transceiver module is further configured to send a second message to the third communication device, and the duplicated inner layer header is used for the third communication device to process the second message.

In a fourth aspect, there is provided a second communication apparatus comprising:

the processing module is used for generating a first message, wherein the first message comprises an inner layer message header and an outer layer message header;

The receiving and transmitting module is used for sending a first message to the first communication device, wherein the first message is used for copying the inner layer message header by the first communication device, the copied inner layer message header is arranged outside the outer layer message header to obtain a second message, and the copied inner layer message header is used for processing the second message.

In a fifth aspect, a communication device is provided, the communication device comprising a memory and a processor; at least one instruction is stored in the memory, the at least one instruction being loaded and executed by the processor to cause the communication device to implement the method provided by the first aspect or any one of the possible implementations of the first aspect.

In a sixth aspect, a communication device is provided, the communication device comprising a memory and a processor; at least one instruction is stored in the memory, the at least one instruction being loaded and executed by the processor to cause the communication device to implement the second aspect or a method provided by any one of the possible implementations of the second aspect.

In a seventh aspect, a communication system is provided, the communication system comprising a first communication device for implementing the method provided by the first aspect or any one of the possible implementations of the first aspect, and a second communication device for implementing the method provided by the second aspect or any one of the possible implementations of the second aspect.

In an eighth aspect, there is provided a computer readable storage medium having stored therein at least one instruction for loading and execution by a processor to implement the method of the above aspects.

In a ninth aspect, there is provided a computer program product comprising a computer program or instructions for execution by a processor to implement the method of the above aspects.

In a tenth aspect, there is provided a chip comprising a processor for calling from a memory and executing instructions stored in the memory, to cause a chip-mounted communication device to perform the method of the above aspects.

In an eleventh aspect, there is provided another chip comprising: the input interface, the output interface, the processor and the memory are connected through an internal connection path, the processor is used for executing codes in the memory, and when the codes are executed, the communication device with the chip executes the method in each aspect.

Drawings

Fig. 1 is a schematic diagram of an application scenario provided in an embodiment of the present application;

fig. 2 is a schematic diagram of another application scenario provided in an embodiment of the present application;

FIG. 3 is a flowchart of a method for processing a message according to an embodiment of the present application;

fig. 4 is a schematic flow chart of a first message transmission according to an embodiment of the present application;

fig. 5 is a schematic structural diagram of a first packet according to an embodiment of the present application;

fig. 6 is a schematic structural diagram of another first packet according to an embodiment of the present application;

fig. 7 is a schematic structural diagram of another first packet according to an embodiment of the present application;

FIG. 8 is a schematic diagram of a message change in a message processing process according to an embodiment of the present application;

FIG. 9 is a schematic diagram of a message change in another process of processing a message according to an embodiment of the present application;

fig. 10 is a schematic structural diagram of a first communication device according to an embodiment of the present application;

fig. 11 is a schematic structural diagram of a second communication device according to an embodiment of the present application;

fig. 12 is a schematic structural diagram of a communication device according to an embodiment of the present application.

Detailed Description

The terminology used in the description of the embodiments of the application herein is for the purpose of describing particular embodiments of the application only and is not intended to be limiting of the application.

The embodiment of the application provides a method for processing a message, which can be applied to an application scene shown in fig. 1 or fig. 2. These two application scenarios are described below separately.

Referring to fig. 1, fig. 1 illustrates a traffic purge scenario. In the traffic washing scenario, an operator edge (PE) device, an Internet Gateway (IGW) device, a direct connection auxiliary device, a traffic washing server, a detection server, and a management server are included in an internal network. Illustratively, the IGW device is tunneled with the direct-connect auxiliary device. The direct connection auxiliary device is connected with the flow cleaning server through a direct connection port.

Illustratively, the direct connect auxiliary device and the traffic washing server shown in fig. 1 may be two different devices. For example, the direct connection auxiliary device is a network device having a routing function, such as a router, and the traffic washing server is a device having a traffic washing function, and the traffic washing server may not have a routing function. Alternatively, the direct connection auxiliary device and the traffic washing server shown in fig. 1 may be integrated into the same network device having a routing function and a traffic washing function.

The IGW device forwards messages sent by other devices in the network to the PE device, and the messages forwarded by the IGW device comprise an inner layer message header. The detection server samples the message forwarded by the IGW device to detect whether the attack risk exists in the network. If the detection server confirms that the attack risk exists, the detection server reports the management server, the management server indicates the direct connection auxiliary equipment to obtain the message, and the direct connection auxiliary equipment indicates the IGW equipment to send the message through the tunnel. According to the instruction of the direct connection auxiliary equipment, the IGW equipment adds an outer layer message header on the basis of the message forwarded by the IGW equipment so as to send the message to the direct connection auxiliary equipment through the tunnel, and the message sent by the IGW equipment comprises an inner layer message header and an outer layer message header.

And after receiving the message sent by the IGW equipment, the direct connection auxiliary equipment sends the message to the flow cleaning server. The flow cleaning server deletes the outer layer message header, exposes the inner layer message header, and identifies whether the message is attack flow or not based on the inner layer message header. If so, the traffic washing server discards the message. If not, the flow cleaning server returns a message to the direct connection auxiliary equipment, and the message returned by the flow cleaning server only comprises an inner layer message header. And after the direct connection auxiliary equipment receives the message returned by the flow cleaning server, the outer layer message header is increased again so as to reinject the message to the IGW equipment through the tunnel. After receiving the reinjected message, the IGW device forwards the message to the PE device.

In the flow cleaning scene, the flow cleaning server needs to delete the outer layer message header firstly to expose the inner layer message header, and then identifies whether the message is attack flow based on the inner layer message header, so that the complexity of the message cleaning process is higher, and the method is not simple and flexible enough. In addition, because the flow cleaning server deletes the outer layer message header, when the message needs to be reinjected, the outer layer message header also needs to be increased again, and the complexity of the message reinjecting process is increased.

Referring to fig. 2, fig. 2 illustrates a VPN Option a scenario. In the VPN Option a scenario, at least two AS domains are included, such AS domain 1 and AS domain 2 shown in fig. 2. Wherein AS domain 1 includes an autonomous System boundary Router (autonomous system boundary router, ASBR) 1, PE device 1, and Customer Edge (CE) device 1, and AS domain 2 includes ASBR 2, PE device 2, and CE device 2. Illustratively, ASBR 1 is tunneled with PE device 1 and ASBR 2 is tunneled with PE device 2.

The CE device 1 sends a message to the PE device 1, where the message includes an inner layer header. After the PE device 1 receives the message, an outer layer message header is added on the basis of the message so as to send the message to the ASBR 1 through the tunnel, and the message sent by the PE device 1 comprises an inner layer message header and an outer layer message header. After receiving the message, the ASBR 1 deletes the outer layer message header according to the requirement of VPN Option a, exposes the inner layer message header, and then carries out cross-domain forwarding on the message, so that the message reaches the ASBR 2, and the message received by the ASBR 2 only includes the inner layer message header. The ASBR 2 adds the outer layer header again on the basis of the received message, so as to send the message to the PE device 2 through the tunnel, and after the PE device 2 receives the message, it sends the message to the CE device 1.

In the VPN Option a scenario, the ASBR 1 needs to delete the outer layer header first, expose the inner layer header, and then forward the message based on the forwarding, so that the complexity of the message forwarding process is higher, which is not simple and flexible enough. In addition, because the ASBR 1 has deleted the outer layer header, the ASBR 2 needs to add the outer layer header again when forwarding the message, which further increases the complexity of the message forwarding process.

It should be understood that the application scenarios shown in fig. 1 and fig. 2 are examples, and are not intended to limit the method provided by the embodiments of the present application. Other application scenarios, such as applicable to the method provided by the embodiment of the present application, are also included in the protection scope of the embodiment of the present application.

The embodiment of the application provides a method for processing a message, which aims to solve the technical problems of the application scenes shown in the figures 1 and 2. The method for processing the message is described by taking the interaction implementation of the first communication device and the second communication device as an example. As shown in fig. 3, the method includes the following steps 301 to 304.

In step 301, the second communication device generates a first message, where the first message includes an inner layer header and an outer layer header.

The second communication device is a communication device that sends a first message to the first communication device. The second communication device may directly generate, at the local end, a first message including an inner layer header and an outer layer header. Or the second communication device may also receive an original message including an inner layer message header, and add an outer layer message header outside the inner layer message header, so as to obtain a first message including the inner layer message header and the outer layer message header. The first message is illustratively a data message, and the first message carries data through a payload field, where the payload field is located in the header of the inner layer message.

For example, in the traffic washing scenario shown in fig. 1, the second communication device is an IGW device, and the first communication device is a direct-connection auxiliary device. And the IGW equipment receives the messages sent by other equipment in the network to the PE equipment. In some embodiments, the messages received by the IGW device are all original messages, so that the first message is obtained by adding an outer layer header. In other embodiments, the IGW device selects a message satisfying the matching condition from the received messages as an original message, and obtains the first message by adding an outer layer message header. Illustratively, the IGW device stores a flow rule (flow specification, flowspec) route, where the flowspec route includes a correspondence between a matching condition and an action, and the action is to add an outer layer packet header to obtain a first packet, and then the IGW device may obtain an original packet according to the flowspec route, so as to obtain the first packet. Illustratively, the flowspec routing is configured directly in the IGW device. Alternatively, the flowspec route is sent by the direct attached auxiliary device to the IGW device. Under a dynamic flowspec scene, when a detection server detects that an attack risk exists in a network, the detection server reports the management server, the management server generates a flowspec route, the flowspec route is distributed to a direct-connection auxiliary device, and the direct-connection auxiliary device sends the distributed flowspec route to an IGW device. In a static flowspec scenario, the flowspec route is directly configured in the directly connected auxiliary device, and the directly connected auxiliary device sends the configured flowspec route to the IGW device.

For another example, in the VPN Option a scenario shown in fig. 2, the second communication device is a PE device, and the first communication device is an ASBR. The PE equipment receives the message sent by the CE equipment, takes the received message as an original message, and obtains a first message by adding an outer layer message header.

It should be understood that the manner of generating the first message described above is merely exemplary, and is not limited to the manner in which the second communication device generates the first message, and the second communication device may generate the first message including the inner layer header and the outer layer header in other manners.

For the above-mentioned inner layer header, in an exemplary embodiment, the inner layer header includes at least one header of an IP base header and a transport layer header. The IP basic message header comprises an IPv4 basic message header or an IPv6 basic message header, and the transmission layer message header comprises a UDP message header or a TCP message header. Illustratively, when the inner layer header of the first message includes an IP basic header and a transport layer header, the IP basic header is located outside the transport layer header.

For the above outer layer header, in an exemplary embodiment, the outer layer header includes at least one header of an IP extension header and an MPLS header. Illustratively, the IP extension header includes a header in a segment routing IPv4 (segment routing IPv4, SRv 4) scenario or an IPv6 extension header, the header in a SRv scenario including, but not limited to, at least one of a virtual extension local area network (virtual eXtensible local area network, VXLAN) header and a generic routing encapsulation (generic routing encapsulation, GRE) header. The IPv6 extension header includes, but is not limited to, at least one of a Routing Header (RH), a hop-by-hop-hop options header header (HBH), a destination-option header (destination options header, DOH), a Fragment Header (FH), an authentication header (authentication header, AH), and an encapsulation security payload extension ESP (encapsulating security payload, ESP) header. Wherein RH is, for example, SRH.

In step 302, the second communication device sends a first message to the first communication device.

After the second communication device generates the first message, the second communication device transmits the first message to the first communication device. In some embodiments, the second communication device sends the first message to the first communication device by looking up a routing table or the like. In other embodiments, the first message includes an outer layer header for indicating a transmission path from the second communication device to the first communication device, and the last communication device on the transmission path is the first communication device. The second communication device sends a first message to the first communication device according to the transmission path.

For example, the first packet includes an outer packet header that is an MPLS packet header, and a transmission path from the second communication device to the first communication device is also referred to as a label switched path (label switched path, LSP). Each hop communication device on the label switching path realizes hop-by-hop forwarding of the first message by replacing a label (label) field included in the MPLS message header, so that the first message reaches the first communication device.

For another example, the first message includes an outer layer header that is SRH. Wherein the SRH comprises a segment list (segment list) comprising at least one SID indicating a transmission path from the second communication device to the first communication device, the transmission path being referred to as a segment routing IPv6 (segment routing IPv, SRv 6) -traffic engineering (traffic engineering, TE) -policy (policy) tunnel. Each hop communication device on the SRv-TE-Policy tunnel realizes hop-by-hop forwarding of the first message according to the indication of at least one SID, so that the first message reaches the first communication device.

Illustratively, the number of SIDs is at least one, each SID being for instructing a communication device on the transmission path to perform a certain functional operation. Wherein each SID includes a location (locator) field and a function (function) field. The location field is used to indicate a communication device, e.g., the location field carries a locator network segment route for a communication device. The function field carries an operation code (operation code) for indicating a function operation that needs to be performed. The number of SIDs is one when the second communication device is a neighboring communication device to the first communication device. When the second communication apparatus and the first communication apparatus are not adjacent communication apparatuses, the number of SIDs is at least two, and at least two SIDs are sequentially executed in the reverse order of the arrangement order.

Wherein the SIDs can be categorized into a plurality of different types according to the functional operations indicated by the operation codes. Types that have been defined so far include, but are not limited to: end SID, end.X SID, end.DT4 SID, end.DT6 SID, end.DX4 SID, end.DX6SID, end.DX2 SID, end.DT2U SID, end.DT2M SID, end.B6.insert SID, end.B6.insert.Red SID, and the like. The End SID is used to identify a communication apparatus, and the function corresponding to the End SID operates as: the IPv6 forwarding information base (forwarding information base, FIB) is searched for forwarding the message, and the FIB is also called a forwarding table. The end.x SID is used to identify a link, and the function corresponding to the end.x SID operates as: and forwarding the message from the outgoing interface corresponding to the end.X SID (namely, the outgoing interface corresponding to the link identified by the end.X SID). The end.dt4sid is used to identify a VPN instance, and the function corresponding to the end.dt4sid operates as: and decapsulating the message, searching a VPN instance routing table for forwarding, and forwarding the message through an outbound interface of the VPN instance to realize virtual routing forwarding (virtual routing forwarding, VRF). The functional operations corresponding to other types of SIDs are not described in detail herein.

Next, a procedure in which the second communication device transmits the first message to the first communication device according to the transmission path indicated by the SID will be described with reference to fig. 4.

First, referring to fig. 5, the format of the first message is described, where the first message sequentially includes, from the outer layer to the inner layer: IPv6 basic message header, SRH, inner layer message header and load field corresponding to SRH. The IPv6 basic header includes a version (version) field, a traffic class field, a flow label field, a payload length field, a next header field, a hop limit field, a Source Address (SA) field, and a destination address (destination address, DA) field. The next header takes a value of 43 to indicate that the next header is RH. The SRH includes a next header field, a header extension (header extension length) field, a routing type (SL) field, a number of remaining Segments (SL) field, a last record (last entry) field, a flags (flags) field, a tag (tag) field, a segment list field, and an optional (optional) type length value (type length value, TLV) object (objects) field. The routing type field of the SRH has a value of 4, which is used to indicate that the current header is SRH.

The segment list field includes: SL [0]: b2:1:300, SL [1]: b4:1:200, SL 2: b3:1:100. Referring to FIG. 4, B3:1:100 is the End SID of the communication device 1, and the locator segment route of the communication device 1 is B3:1:64. B4:1:200 is the end.X SID of the communication device 2, and the locator network segment route of the communication device 2 is B4:1:64. B2:1:300 is SID of the first communication device, and the locator network segment route of the first communication device is B2:1:64.

In the second communication device, the active segment (active segment) is B3:1:100. The second communication device modifies the DA field of the IPv6 basic message header included in the first message to B3:1:100, so that the first message is transmitted to the communication device 1 according to the DA field. The second communication device also modifies the value of the SL field of the SRH included in the first message to 2, so that the communication device 1 recognizes the SID to be executed.

The communication device 1 hits SL [2] according to the value 2 of the SL field: b3:1:100, the communication device 1 forwards the first message according to the query FIB of B3:1:100. In addition, the active segment is changed to B4:1:200, and the communication device 1 modifies the DA field to B4:1:200 before forwarding the first message, so that the first message is transmitted to the communication device 2 according to the DA field. The communication device 1 also modifies the value of the SL field of the SRH in the first message to 1 in order for the communication device 2 to identify the SID that needs to be performed.

The communication device 2 hits SL [1] according to the value 1 of the SL field: b4:1:200, the communication device 2 forwards the first message by using the corresponding link according to B4:1:200. In addition, the active segment is changed to B2:1:300, and the communication device 2 modifies the DA field to B2:1:300 before forwarding the first message, so that the first message is transmitted to the first communication device according to the DA field. The communication device 2 also modifies the value of the SL field of the SRH in the first message to 0 in order for the first communication device 2 to identify the SID that needs to be performed.

The first communication device hits SL [0] according to the value 0 of the SL field: b2:1:300, after which the first communication device performs the functional operations to be performed according to B2:1:300.

In step 303, the first communication device receives the first message.

After the second communication device sends the first message to the first communication device, the first communication device correspondingly receives the first message. The first communication device then processes the first message, see step 304 below.

In step 304, the first communication device copies the inner layer header, and places the copied inner layer header outside the outer layer header to obtain the second message, where the copied inner layer header is used to process the second message.

The first communication device may be configured to copy the inner layer header after receiving any message, and place the copied inner layer header outside the outer layer header to obtain the second message. The first communication device performs this step 304 by default after receiving the first message. Or, the outer layer message header of the first message may be made to carry an identifier, where the identifier is used to instruct the first communication device to copy the inner layer message header, and the copied inner layer message header is placed outside the outer layer message header, so as to obtain the second message. The first communication device, after receiving the message carrying the identification, performs step 304 based on the indication of the identification.

As can be seen from the description in step 301, there are multiple types of outer layer headers. Illustratively, if the types of the outer layer headers are different, the outer layer headers may carry the identification through different fields. The embodiment of the application does not limit the fields for carrying the identifiers in the outer layer message heads of various types, and the fields for carrying the identifiers can be set according to actual requirements. For example, various types of outer layer headers include reserved fields that may be used to carry an identification.

In an exemplary embodiment, the outer layer header is an SRH, the identification is a SID included in the SRH, and the SID includes a location field and a function field. Wherein the location field is used to indicate the first communication device. The function field is used for indicating to copy the inner layer message header, and the copied inner layer message header is arranged outside the outer layer message header to obtain a second message. Correspondingly, the first communication device copies the inner layer message header, and places the copied inner layer message header outside the outer layer message header to obtain a second message, which comprises: the first communication device copies the inner layer message header based on the SID, and places the copied inner layer message header outside the outer layer message header to obtain the second message.

Illustratively, the location field carries a locator network segment route for the first communication device. The function field carries a certain operation code, the operation code is used for indicating the function operation, the function operation is to copy the inner layer message header, and the copied inner layer message header is arranged outside the outer layer message header to obtain a second message. Wherein the SID is generated by the first communication device. The first communication device stores a local SID table in which the function operation corresponding to the operation code carried in the function field of the SID is recorded. After the SID is generated, the first communication apparatus issues the SID, and the second communication apparatus can obtain the SID, and the second communication apparatus may add the SID to the outer layer header SRH included in the first message.

After the first communication device receives the first message, the first communication device identifies that the SID needs to be executed according to the SL field of the SRH included in the first message. Then, because the first communication device stores the local SID table, the first communication device queries the local SID table according to the operation code carried by the function field of the SID, and obtains the function operation corresponding to the operation code, thereby obtaining the function operation to be executed. Thereafter, the first communication device performs the functional operation, i.e. performs step 304, thereby obtaining the second message.

For example, in the case shown in FIG. 5 above, SL [0]: b2:300 is the SID used for indicating the first communication device to copy the inner layer message header, and the copied inner layer message header is arranged outside the outer layer message header to obtain the second message. The first communication device hits SL [0] according to the value 0 of the SL field: b2:1:300, the first communication device performs the functional operation to be performed according to B2:1:300, that is, performs step 304, and obtains the second message. Of course, the case shown in fig. 5 is a case where the segment list of the SRH includes at least two SIDs, and for a case where the segment list of the SRH illustrated in step 302 includes only one SID, then only SL [0] is included, and SL [1] and SL [2] are not included.

It is important to emphasize that the functional operation corresponding to the SID is different from the functional operation corresponding to the type defined at present, but is a new functional operation defined by the embodiment of the present application. The type of SID is also different from the type that has been defined so far, but a new type is defined by the embodiment of the present application. The SID type may be named end.th type, TH representing a transport header (transport header), for example.

Furthermore, in the exemplary embodiment, the method also includes: the first communication device modifies at least one field of the duplicated inner layer header. Wherein the at least one field includes, but is not limited to, at least one of a next header field, a destination address field, a source address field, a Time To Live (TTL) field, and a frame check sequence (frame check sequence, FCS) field. It should be understood that, the first communication device may modify different fields according to different application scenarios, and the embodiment of the present application is not limited to the fields modified by the first communication device in various application scenarios, and the fields modified by the first communication device may be flexibly adjusted according to actual requirements.

After receiving any message, the first communication device may copy the inner layer header according to the above description, place the copied inner layer header outside the outer layer header, and modify at least one field of the copied inner layer header, so as to obtain the second message. Or, for the case that the outer layer message header of the first message carries the identifier, the identifier is used for instructing the first communication device to copy the inner layer message header, placing the copied inner layer message header outside the outer layer message header, and instructing the first communication device to modify at least one field of the copied inner layer message header to obtain the second message.

Illustratively, the first communication device modifies a next header field of the duplicated inner layer header, the modified next header field being used to delete the duplicated inner layer header.

In some embodiments, for the traffic cleaning scenario, the modified next header field is used to delete the duplicate inner layer header included in the second message after the duplicate-based inner layer header identifies that the second message does not need to be discarded. For example, in the application scenario shown in fig. 1, after the traffic washing server identifies that the second message does not need to be discarded based on the copied inner layer message header, the second message is returned to the direct-connection auxiliary device, and the direct-connection auxiliary device deletes the copied inner layer message header according to the modified value of the next message header field, so as to facilitate the message reinjection to the IGW device. In other embodiments, for the VPN Option a scenario, the modified next header field is used to delete the replicated inner layer header included in the second message after cross-domain forwarding based on the replicated inner layer header. For example, in the application scenario shown in fig. 2, after the ASBR 1 sends the second message to the ASBR 2, the ASBR 2 deletes the copied inner layer header according to the modified value of the next header field, so AS to continue forwarding the message in the AS domain 2 where the ASBR 2 is located.

Illustratively, if the copied inner layer header is different, the modified next header field is also different in value. The communication device for deleting the copied inner layer message header stores the corresponding relation between the value of the modified next message header field and the copied inner layer message header, so that when the value of the modified next message header field is read, the corresponding relation can be queried, the copied inner layer message header needing to be deleted is confirmed, and the copied inner layer message header is deleted again. The embodiment of the application does not limit the value of the next modified message header field, and the configuration is carried out according to the actual requirement. For example, when the copied inner layer header is an IPv6 base header, the modified next header field is a first value. For another example, when the copied inner layer header is an IPv6 basic header and a UDP header, the modified next header field has a second value, and the second value and the first value are different values. Illustratively, the first value is 43 and the second value is 49.

The first communication device modifies the destination address field of the duplicated inner layer header such that the destination address field of the duplicated inner layer header is the address of the next-hop communication device of the first communication device on the transmission path, the transmission path being determined based on the outer layer header, the modified destination address field being used for the transmission of the second message to the address of the next-hop communication device.

In some embodiments, for a traffic flushing scenario, the address of the next hop communication device is the address of the direct connection auxiliary device. And the modified destination address field is used for reading the destination address field of the copied inner layer message header and returning the second message to the direct connection auxiliary equipment indicated by the address of the next hop communication device after the second message does not need to be discarded based on the identification of the copied inner layer message header. In the application scenario shown in fig. 1, the number of directly connected auxiliary devices connected to the traffic washing server is at least one. For a direct-connection auxiliary device, the address of the next-hop communication device may be the address of the local end of the direct-connection auxiliary device, and then the traffic washing server returns the second message to the direct-connection auxiliary device after identifying that the second message does not need to be discarded based on the copy inner-layer message header. Or, the address of the next-hop communication device may be the address of the other direct-connection auxiliary device, and the traffic washing server returns the second message to the other direct-connection auxiliary device after identifying that the second message does not need to be discarded based on the copy inner-layer message header. In other embodiments, the first communication device need not modify the destination address field of the duplicated inner layer header for the VPN Option a scenario.

It should be understood that the first communication device needs to determine the transmission path based on the outer layer header, and then modify the destination address field of the copied inner layer header to the address of the next hop communication device of the first communication device on the transmission path. The transmission path determined based on the outer layer message header comprises a transmission path from the second communication device to the first communication device and a transmission path positioned behind the first communication device. The next hop communication device of the first communication device on the transmission path determined based on the outer layer header, that is, the first communication device on the transmission path after the first communication device.

In the case that the outer layer header is SRH, a transmission path from the second communication apparatus to the first communication apparatus and a transmission path located after the first communication apparatus are determined based on the SID included in the segment list of SRH. For convenience of distinction, the SID for determining the transmission path from the second communication apparatus to the first communication apparatus is referred to as a first SID. As can be seen from the above description, the number of the first SIDs is at least one, and the first SIDs at least include SIDs for instructing the first communication device to copy the inner layer header, and the copied inner layer header is placed outside the outer layer header, so as to obtain the second message. The SID for determining the transmission path located after the first communication apparatus is referred to as a second SID, and the number of the second SIDs is also at least one. When the number of the second SIDs is one, the address of the next hop communication device is the second SID. When the number of the second SIDs is at least two, since the at least two second SIDs need to be sequentially executed in the reverse order of the arrangement order, the address of the next hop communication device is the last second SID in the arrangement order among the at least two SIDs.

In some embodiments, the second SID is used to indicate a transmission path after the first communication apparatus, and the first communication apparatus directly reads the second SID to determine the address of the next-hop communication apparatus, thereby modifying the destination address field of the duplicated inner layer header.

In other embodiments, the second SID is not used to indicate a transmission path that is located after the first communication apparatus, but is used to query for a transmission path that is located after the first communication apparatus. The first communication device stores a matching table, and the matching table records the corresponding relation between the query information and the third SID. Illustratively, the query information includes the second SID, or includes the second SID and an inner layer header. The third SID is used to indicate a transmission path located after the first communication apparatus. After the first communication device obtains the query information, the matching table is queried based on the query information, and a third SID corresponding to the query information is obtained. Then, the first communication device directly reads the third SID to determine the address of the next-hop communication device, thereby modifying the destination address field of the copied inner layer header. The embodiment of the application queries the matching table based on the query information, so that more basis is used in the query process, the query difficulty is reduced, and the query efficiency is ensured.

In an exemplary embodiment, after the query gets the transmission path, the method further comprises: the first communication device replaces the second SID in the second message with the queried third SID. Therefore, the second message carries the third SID, and each hop communication device on the transmission path behind the first communication device can realize message forwarding by reading the third SID.

In some embodiments, for the traffic flushing scenario, the first communication device may perform the replacement procedure before sending the second message, or may perform the replacement procedure after receiving the returned second message. For example, referring to fig. 1, the direct connection auxiliary device may perform the replacement procedure first, and then send a second message to the traffic washing server. Or, the directly connected auxiliary device may execute the replacement process after receiving the second message returned from the flow cleaning server, and perform the message reinjection. In other embodiments, for the VPN Option a scenario, the first communication device may perform the replacement procedure before sending the second message. For example, referring to fig. 2, ASBR 1 performs a replacement procedure before sending a second message to ASBR 2.

For the first communication device to copy the inner layer header, the copied inner layer header is placed outside the outer layer header, and the SID of the second message is obtained, where the SID is in the SRH, and the two embodiments include, but are not limited to, the following.

In some embodiments, the SID is located at a head node of the SRH. For example, fig. 5 illustrates an exemplary case where the SRH includes only the first SID, which is located at the head node of the SRH. For another example, fig. 6 illustrates an exemplary case where the SRH includes a first SID and a second SID, the SIDs being located at a head node of the SRH. In fig. 6, the first packet sequentially includes: the system comprises a first IPv6 basic message header, a first SRH, a second IPv6 basic message header, a second SRH, an inner layer message header and a load. The segment list of the first SRH comprises a first SID, wherein the first SID is SL [0], SL [1] and SL [2], SL [0] is used for indicating the first communication device to copy the inner layer message header, and the copied inner layer message header is arranged outside the outer layer message header to obtain the SID of the second message. The segment list of the second SRH includes second SIDs that are SL [0], SL [1] and SL [2].

For example, for the case shown in fig. 6, after the first communication apparatus reads the SID from the first SRH, the first SRH where the SID is located and the first IPv6 basic header corresponding to the first SRH may be deleted, and step 304 may be performed based on the indication of the SID. The reason why the first communication apparatus performs deletion is that the first SRH includes a first SID that has been read, and the first SRH is not required to be used in the following steps. Accordingly, the manner in which the first communication device performs step 304 includes: the first communication device copies the inner layer message header based on the SID, and places the copied inner layer message header outside the second SRH to obtain a second message.

In other embodiments, the SID is located at an intermediate node of the SRH. As shown in fig. 7, the first packet sequentially includes: IPv6 basic message header, SRH, inner layer message header and load. The segment list of SRH includes the second SID and the first SID in turn, wherein the second SID is SL [0], SL [1] and SL [2], the first SID is SL [3], SL [4] and SL [5], SL [3] is used for indicating the first communication device to copy the inner layer message header, and the copied inner layer message header is placed outside the outer layer message header to obtain the SID of the second message.

Illustratively, for the case shown in fig. 7, after the first communication apparatus reads the SID from the SRH, step 304 is performed based on the indication of the SID, and the IPv6 basic headers corresponding to the SRH and the SRH are still reserved, without deleting the IPv6 basic headers corresponding to the SRH and the SRH.

The above description has been made of the manner in which the first communication apparatus obtains the second message based on the first message. The second message is obtained by the first communication device in any mode, and the second message comprises a copied inner layer message header, and the copied inner layer message header is used for processing the second message.

In some embodiments, for traffic flushing scenarios, the duplicated inner layer header is used to identify whether the second message needs to be discarded. The identification can be performed according to at least one field in the copied inner layer header, and the field for identification is not limited herein.

After the copy-based inner layer header identifies that the second message does not need to be discarded, the method further comprises: and deleting the copied inner layer message header by the first communication device to obtain a third message. The first communication device transmits a third message to the second communication device according to the transmission path determined based on the outer layer message header. As described above, the first communication device may modify the next header field of the duplicated inner layer header, where the modified next header field is used to delete the duplicated inner layer header. Therefore, the first communication device may delete the copied inner layer header from the second message based on the next header field of the copied inner layer header, thereby obtaining a third message, and then send the third message to the second communication device according to the transmission path determined based on the outer layer header. The transmission path determined based on the outer layer header is a transmission path located after the first communication device, that is, a transmission path indicated by the second SID or the third SID in the above description.

In other embodiments, for VPN Option a scenarios, the replicated inner layer header is used to forward the second message, e.g., forwarding the second message across domains. If the outermost layer of the message is the outer layer message header according to the requirement of the VPN Option A scene, the outer layer message header needs to be deleted, and the inner layer message header is exposed and then the cross-domain forwarding is carried out. And because the outermost layer of the second message is the copied inner layer message header, the second message can be directly forwarded in a cross-domain manner. Illustratively, when the cross-domain forwarding is performed, the first communication device determines a VPN instance, and performs the cross-domain forwarding on the second message through the VPN instance. For example, in the case that the outer layer header of the first packet is an SRH, the SRH may carry an end.dt4 SID, and the first communication apparatus determines a VPN instance based on the end.dt4 SID, so that after obtaining the second packet based on the first packet, the second packet is forwarded across the determined VPN instance.

After the cross-domain forwarding is performed based on the copy inner layer header, the second message reaches another AS domain outside the AS domain where the first communication device is located. AS described above, the first communication device may modify the next header field of the duplicated inner layer header, where the modified next header field is used to delete the duplicated inner layer header, so that the communication device in another AS domain may delete the duplicated inner layer header from the second message based on the next header field of the duplicated inner layer header to obtain the third message, and forward the third message in another AS domain according to the transmission path located after the first communication device, that is, the transmission path indicated by the second SID or the third SID in the above description.

In summary, after receiving the first message including the inner layer header and the outer layer header, the first communication device in the embodiment of the present application replicates the inner layer header, and places the replicated inner layer header outside the outer layer header, so that the second message can be processed based on the replicated inner layer header, thereby reducing the complexity of processing the second message, and making the processing procedure of the second message simpler and more flexible. And after the second message is processed based on the copied inner layer message header, the outer layer message header still remains in the second message, and the outer layer message header included in the second message can be used according to actual requirements without additionally adding the outer layer message header.

Next, a method for processing a message according to the embodiment of the present application is illustrated based on different application scenarios.

Based on the traffic washing scenario shown in fig. 1, the first communication device is a direct connection auxiliary device, the second communication device is an IGW device, and the third communication device is a traffic washing server. The method for processing the message comprises the following steps A1 to A8.

And step A1, deploying a SRv6-TE-Policy tunnel between the IGW device and the direct connection auxiliary device.

And step A2, the IGW equipment receives an original message sent by other equipment in the network to the PE equipment, and the detection server acquires a sample of the original message from the IGW equipment. The original message may refer to 801 shown in fig. 8 or 901 shown in fig. 9, where the original message includes an IPv6 basic header and a payload.

And step A3, reporting the management server when the detection server senses that attack traffic possibly exists in the network according to the acquired sample of the original message, generating a flowspec route by the management server, and indicating the direct connection auxiliary equipment to issue the flowspec route to the IGW equipment. And then, the IGW equipment streams the original message meeting the matching condition included in the flowspec route into the SRv6-TE-Policy tunnel deployed in the step A1.

Referring to fig. 8, when the igw device performs drainage, an outer layer packet header may be added outside the original packet, where the outer layer packet header includes a first IPv6 basic packet header, a first SRH, a second IPv6 basic packet header, and a second SRH, so as to obtain a first packet shown as 802. The inner layer message header of the first message is an IPv6 basic message header in the original message. The first SRH carries a transmission path from the IGW device to the direct-connection auxiliary device, and the SID of the head node of the first SRH is used for indicating the direct-connection auxiliary device to copy the IPv6 basic message header in the original message, and the copied IPv6 basic message header is arranged on the outer layer message header to obtain the second message. The second SRH carries a transmission path directly connecting the auxiliary device to the IGW device.

Alternatively, referring to fig. 9, when the igw device performs drainage, an outer layer packet header may be added in addition to the original packet, where the outer layer packet header includes an IPv6 basic packet header and an SRH, to obtain a first packet shown in 902. The inner layer message header of the first message is an IPv6 basic message header in the original message. The SRH carries a transmission path from the IGW equipment to the direct connection auxiliary equipment, the SID of the intermediate node positioned in the SRH is used for indicating the direct connection auxiliary equipment to copy the IPv6 basic message header in the original message, and the copied IPv6 basic message header is arranged on the outer layer message header to obtain a second message. The SRH also carries a transmission path directly connecting the auxiliary device to the IGW device.

And step A4, the direct connection auxiliary equipment receives the first message and obtains a second message based on the first message.

Referring to fig. 8, after the direct connection auxiliary device reads the SID of the head node located in the first SRH, the first IPv6 basic header and the first SRH are deleted, and a message shown in 803 is obtained. And then, copying the IPv6 basic message header in the original message based on the SID, and placing the copied IPv6 basic message header on the second IPv6 basic message header, thereby obtaining the second message shown as 804.

Or, referring to fig. 9, after the direct connection auxiliary device reads the SID of the intermediate node located in the SRH, the IPv6 basic header in the original message is copied based on the SID, and the copied IPv6 basic header is placed on the IPv6 basic header, so as to obtain a second message shown in 903.

In addition, whether the case is shown in fig. 8 or the case is shown in fig. 9, the direct connection auxiliary device also modifies the next header field of the copied IPv6 basic header, and modifies the destination address field of the copied IPv6 basic header according to the transmission path from the direct connection auxiliary device to the IGW device, so that the destination address field carries the address of the local end of the direct connection auxiliary device.

And step A5, the direct connection auxiliary equipment sends a second message to the flow cleaning server through the direct connection port.

And A6, after the flow cleaning server receives the second message and recognizes that the second message does not need to be discarded according to the copied IPv6 basic message header, the flow cleaning server returns the second message to the direct-connection auxiliary equipment according to the destination address field because the destination address field of the copied IPv6 basic message header carries the address of the local end of the direct-connection auxiliary equipment.

And A7, the direct connection auxiliary equipment receives the returned second message, deletes the copied IPv6 basic message header to obtain a third message, and reinjects the third message to the IGW equipment.

Referring to fig. 8, the direct connection auxiliary device receives the second message, deletes the copied IPv6 basic message header based on the next message header field of the copied IPv6 basic message header, obtains a third message shown in 805, and reinjects the third message to the IGW device according to a transmission path from the direct connection auxiliary device to the IGW device, which is carried by the second SRH and included in the third message.

Or, referring to fig. 9, the direct connection auxiliary device deletes the copied IPv6 basic message header based on the next message header field of the copied IPv6 basic message header, so as to obtain a third message shown in 904, and reinjects the third message to the IGW device according to a transmission path from the direct connection auxiliary device to the IGW device, which is carried by the SRH and included in the third message.

And step A8, the IGW equipment receives the third message, obtains an original message, and reinjects the original message to the PE equipment.

Referring to fig. 8, after the igw device receives the third packet, the second IPv6 basic packet header and the second SRH are deleted, so as to obtain an original packet shown in 806, and the original packet is reinjected to the PE device.

Or, referring to fig. 9, after the igw device receives the third message, deleting the IPv6 basic header and the SRH included in the outer layer header, to obtain an original message shown in 905, and reinjecting the original message to the PE device.

Under the flow cleaning scene, the direct connection auxiliary equipment copies the inner layer message header and then places the copied inner layer message header on the outer layer message header to obtain the second message, so that the flow cleaning server can directly identify whether the second message needs to be discarded based on the copied inner layer message header without deleting the outer layer message header first to expose the inner layer message header, and then identify whether the second message needs to be discarded based on the exposed inner layer message header. Therefore, the complexity of flow cleaning of the message is reduced, and the flow cleaning process is simpler and more flexible.

And under the condition that the second message is identified to be not required to be discarded, as the second message is reserved with the outer layer message header, the message reinjection can be carried out according to the transmission path carried by the outer layer message header, the outer layer message header is not required to be additionally increased, and the complexity of the message reinjection is reduced. Compared with the method for carrying out message reinjection by adopting VPN, the method for carrying out message reinjection according to the transmission path carried by the outer layer message header does not need to occupy VPN resources, and has lower cost. Compared with the mode of carrying out message reinjection by adopting a redirection strategy, the method has the advantages that a large number of statically configured table items are not required to be maintained when the message reinjection is carried out according to the transmission path carried by the outer layer message header, so that the cost is low, and the efficiency is high.

The above traffic cleaning scenario may be used to provide traffic cleaning services to users renting internet data centers (internet data center, IDC) to monitor, alert and guard against denial of service attacks (denial of service, dos) or distributed Dos (DDos).

Referring to the VPN Option a scenario shown in fig. 2, the first communication device and the third communication device are integrated into an ASBR 1, and the second communication device is a PE device 1. The method for processing the message comprises the following steps B1 to B6.

In step B1, a SRv-TE-Policy tunnel is deployed between the PE device 1 and the ASBR 1, and a SRv-TE-Policy tunnel is also deployed between the PE device 2 and the ASBR 2.

In step B2, the PE device 1 receives an original packet sent by the CE device 1, where the original packet may refer to 801 shown in fig. 8 or 901 shown in fig. 9, and the original packet includes an IPv6 basic packet header and a payload.

And B3, the PE equipment 1 drains the original message into a SRv6-TE-Policy tunnel deployed between the PE equipment 1 and the ASBR 1.

Referring to fig. 8, when the pe device 1 performs drainage, an outer layer packet header may be added outside the original packet, where the outer layer packet header includes a first IPv6 basic packet header, a first SRH, a second IPv6 basic packet header, and a second SRH, so as to obtain a first packet shown by 802. The inner layer message header of the first message is an IPv6 basic message header in the original message. The first SRH carries a transmission path from the PE device 1 to the ASBR 1, and the SID of the head node located in the first SRH is used to instruct the ASBR 1 to copy the IPv6 basic header in the original packet, and place the copied IPv6 basic header on the outer layer packet header to obtain a second packet, where the first SRH further carries an end.dt4 SID. The second SRH carries the transmission path of ASBR2 to PE device 2.

Alternatively, referring to fig. 9, when the pe device 1 performs drainage, an outer layer packet header may be added to the original packet, where the outer layer packet header includes an IPv6 basic packet header and an SRH, to obtain a first packet shown in 902. The inner layer message header of the first message is an IPv6 basic message header in the original message. The SRH carries a transmission path from the PE device 1 to the ASBR 1, and the SID of the intermediate node located in the SRH is used to instruct the ASBR 1 to copy the IPv6 basic header in the original message, and the copied IPv6 basic header is placed on the outer layer header, so as to obtain the second message. In addition, the SRH also carries an end.dt4sid and a transmission path of ASBR2 to the PE device 2.

And B4, the ASBR 1 receives the first message, obtains a second message based on the first message, and sends the second message to the ASBR 2.

Referring to fig. 8, after asbr 1 reads the SID and end.dt4sid of the head node located in the first SRH, the first IPv6 basic header and the first SRH are deleted, and a message shown in 803 is obtained. And then, copying the IPv6 basic message header in the original message based on the SID, and placing the copied IPv6 basic message header on the second IPv6 basic message header, thereby obtaining the second message shown as 804. And then, the ASBR 1 inquires the VPN instance according to the end.DT4SID, and sends a second message to the ASBR2 through the VPN instance.

Alternatively, referring to fig. 9, after the asbr 1 reads the SID and end.dt4sid of the intermediate node located in the SRH, copies the IPv6 basic header in the original message based on the SID, and places the copied IPv6 basic header on the IPv6 basic header, to obtain the second message shown in 903. And then, the ASBR 1 inquires the VPN instance according to the end.DT4SID, and sends a second message to the ASBR 2 through the VPN instance.

In addition, whether it is the case shown in fig. 8 or fig. 9, ASBR 1HI also modifies the next header field of the copied IPv6 base header.

And B5, ASBR 2 receives the second message, deletes the copied IPv6 basic message header to obtain a third message, and sends the third message to PE equipment 2.

Referring to fig. 8, ASBR 2 receives a second packet, deletes the copied IPv6 basic packet header based on the next packet header field of the copied IPv6 basic packet header, obtains a third packet shown in 805, and according to a transmission path from ASBR 2 to PE device 2 carried by the second SRH included in the third packet, streams the third packet to a SRv-TE-Policy tunnel disposed between PE device 2 and ASBR 2, so as to send the third packet to PE device 2.

Or, referring to fig. 9, the ASBR 2 deletes the copied IPv6 basic header based on the next header field of the copied IPv6 basic header, to obtain a third packet shown in 904, and according to a transmission path from the ASBR 2 carried by the SRH included in the third packet to the PE device 2, the third packet is drained to a SRv-TE-Policy tunnel disposed between the PE device 2 and the ASBR 2, so as to send the third packet to the PE device 2.

And step B6, the PE equipment 2 receives the third message, obtains an original message, and sends the original message to the CE equipment 2.

Referring to fig. 8, after the pe device 2 receives the third packet, the second IPv6 basic packet header and the second SRH are deleted, so as to obtain an original packet shown in 806, and the original packet is sent to the CE device 2.

Alternatively, referring to fig. 9, after the pe device 2 receives the third packet, the IPv6 basic packet header and the SRH included in the outer packet header obtain an original packet shown in 905, and send the original packet to the CE device 2.

In the VPN Option a scenario, after the ASBR copies the inner layer header, the copied inner layer header is placed on the outer layer header to obtain the second packet, so that the ASBR may directly perform cross-domain forwarding on the second packet, without deleting the outer layer header to expose the inner layer header, and then performing cross-domain forwarding. Therefore, the complexity of the cross-domain forwarding process of the message is reduced. And after the second message is forwarded in a cross-domain manner, the message forwarding can be continued in another AS domain according to the transmission path carried by the outer layer message header, so that the outer layer message header is not required to be additionally added, and the flexibility of the message forwarding is improved.

The method for processing a message provided by the embodiment of the present application is described above, and corresponding to the method described above, the embodiment of the present application further provides a first communication device shown in fig. 10, where the first communication device is configured to execute the method for processing a message executed by the first communication device in fig. 3.

The first communication device shown in fig. 10 includes the following modules.

The transceiver module 1001 is configured to receive a first message, where the first message includes an inner layer header and an outer layer header;

the processing module 1002 is configured to copy the inner layer header, and place the copied inner layer header outside the outer layer header to obtain the second message, where the copied inner layer header is used to process the second message.

the processing module 1002 is configured to copy the inner layer header based on the SID, and place the copied inner layer header outside the outer layer header to obtain a second message.

In a possible implementation manner, the processing module 1002 is further configured to delete the duplicated inner layer header to obtain a third message;

the transceiver module 1001 is further configured to send a third message to a second communication device according to a transmission path determined based on the outer layer header, where the second communication device is a communication device that sends the first message to the first communication device.

In one possible implementation, the processing module 1002 is further configured to modify at least one field of the duplicated inner layer header, where the at least one field includes at least one of a next header field, a destination address field, a source address field, a time-to-live field, and a frame check sequence field.

In one possible implementation, the transceiver module 1001 is further configured to send the second message to the third communication device, and the duplicated inner layer header is used for the third communication device to process the second message.

In addition, corresponding to the above method, the embodiment of the present application further provides a second communication device shown in fig. 11, where the second communication device is configured to execute the method for processing a packet executed by the second communication device in fig. 3. The second communication device shown in fig. 11 includes several modules as follows.

A processing module 1101, configured to generate a first message, where the first message includes an inner layer header and an outer layer header;

the transceiver module 1102 is configured to send a first message to the first communication device, where the first message is used for copying an inner layer header by the first communication device, and the copied inner layer header is placed outside the outer layer header to obtain a second message, and the copied inner layer header is used for processing the second message.

In summary, after receiving the first message including the inner layer header and the outer layer header, the first communication device in the embodiment of the present application replicates the inner layer header, and places the replicated inner layer header outside the outer layer header, so that the second message can be processed based on the replicated inner layer header, thereby reducing the complexity of processing the second message, and making the processing procedure of the second message simpler and more flexible.

It should be understood that, when the apparatus provided in fig. 10 or fig. 11 is implemented, only the division of the functional modules is illustrated, and in practical application, the functional modules may be allocated to different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to complete all or part of the functions described above. In addition, the apparatus and the method embodiments provided in the foregoing embodiments belong to the same concept, and specific implementation processes of the apparatus and the method embodiments are detailed in the method embodiments and are not repeated herein.

In an exemplary embodiment, a communication device is provided that includes a memory and a processor; at least one instruction is stored in the memory, and the at least one instruction is loaded and executed by the processor, so that the communication device implements the method executed by the first communication device in the method embodiment.

In an exemplary embodiment, a communication device is provided that includes a memory and a processor; at least one instruction is stored in the memory, and the at least one instruction is loaded and executed by the processor, so that the communication device implements the method executed by the second communication device in the method embodiment.

Referring to fig. 12, fig. 12 shows a schematic structural diagram of an exemplary communication device 1200 of the present application, the communication device 1200 comprising at least one processor 1201, a memory 1203, and at least one network interface 1204.

The processor 1201 is, for example, a general purpose central processing unit (Central Processing Unit, CPU), digital signal processor (digital signal processor, DSP), network processor (network processer, NP), GPU, neural network processor (neural-network processing units, NPU), data processing unit (Data Processing Unit, DPU), microprocessor, or one or more integrated circuits or application-specific integrated circuits (ASICs), programmable logic device (programmable logic device, PLD), other general purpose processor or other programmable logic device, discrete gates, transistor logic, discrete hardware components, or any combination thereof for implementing the inventive arrangements. PLDs are, for example, complex programmable logic devices (complex programmable logic device, CPLD), field-programmable gate arrays (field-programmable gate array, FPGA), general-purpose array logic (generic array logic, GAL), or any combination thereof. A general purpose processor may be a microprocessor or any conventional processor or the like. It is noted that the processor may be a processor supporting an advanced reduced instruction set machine (advanced RISC machines, ARM) architecture. Which may implement or perform the various logical blocks, modules, and circuits described in connection with the present disclosure. A processor may also be a combination of computing functions, including for example, one or more microprocessor combinations, a combination of DSPs and microprocessors, and the like.

Optionally, the communication device 1200 also includes a bus 1202. The bus 1202 is used to transfer information between the components of the communication device 1200. The bus 1202 may be a peripheral component interconnect standard (peripheral component interconnect, PCI) bus, or an extended industry standard architecture (extended industry standard architecture, EISA) bus, among others. The bus 1202 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one line is shown in fig. 12, but not only one bus or one type of bus.

The memory 1203 is, for example, a volatile memory or a nonvolatile memory, or may include both volatile and nonvolatile memory. The nonvolatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an electrically Erasable EPROM (EEPROM), or a flash memory. The volatile memory may be random access memory (random access memory, RAM) which acts as an external cache.

By way of example, and not limitation, many forms of ROM and RAM are available. For example, ROM is a compact disc read only (CD-ROM). RAM includes, but is not limited to, static RAM (SRAM), dynamic random access memory (dynamic random access memory, DRAM), synchronous Dynamic Random Access Memory (SDRAM), double data rate synchronous dynamic random access memory (DDR SDRAM), enhanced SDRAM (ESDRAM), synchronous dynamic random access memory (SLDRAM), and direct memory bus RAM (DR RAM).

Memory 1203 may also be other types of storage devices that may store static information and instructions. Or may be other types of dynamic storage devices that can store information and instructions. Or may be other optical disk storage, optical disk storage (including compact disk, laser disk, optical disk, digital versatile disk, blu-ray disk, etc.), magnetic disk storage media, or other magnetic storage devices, or any other medium capable of carrying or storing desired program code in the form of instructions or data structures and of being accessed by a computer, without limitation. The memory 1203 is, for example, independent and is coupled to the processor 1201 via the bus 1202. Memory 1203 may also be integrated with processor 1201.

The network interface 1204 uses any transceiver-like device for communicating with other devices or communication networks, which may be ethernet, radio access network (radio access network, RAN) or wireless local area network (wireless local area network, WLAN), etc. Network interface 1204 may include a wired network interface, and may also include a wireless network interface. Specifically, the network interface 1204 may be an Ethernet (Ethernet) interface, such as: fast Ethernet (FE) interfaces, gigabit Ethernet (GE) interfaces, asynchronous transfer mode (Asynchronous Transfer Mode, ATM) interfaces, WLAN interfaces, cellular network interfaces, or combinations thereof. The ethernet interface may be an optical interface, an electrical interface, or a combination thereof. In some embodiments of the application, the network interface 1204 may be used for the communication apparatus 1200 to communicate with other devices.

In particular implementations, as some embodiments, processor 1201 may include one or more CPUs, such as CPU0 and CPU1 shown in fig. 12. Each of these processors may be a single-core processor or a multi-core processor. A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).

In a particular implementation, as some embodiments, the communication apparatus 1200 may include a plurality of processors, such as the processor 1201 and the processor 1205 shown in fig. 12. Each of these processors may be a single-core processor or a multi-core processor. A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).

In some embodiments, the memory 1203 is configured to store program instructions 1210 for performing aspects of the present application, and the processor 1201 may execute the program instructions 1210 stored in the memory 1203. That is, the communication apparatus 1200 may implement the method provided by the method embodiment, that is, the method for processing the message performed by the first communication apparatus or the second communication apparatus in fig. 3, through the processor 1201 and the program instructions 1210 in the memory 1203. One or more software modules may be included in program instructions 1210. Alternatively, processor 1201 itself may store program instructions to perform aspects of the present application.

In a specific implementation, the communication device 1200 of the present application may correspond to the first communication device or the second communication device for performing the above method, where the processor 1201 in the communication device 1200 reads the instructions in the memory 1203, so that the communication device 1200 shown in fig. 12 can perform all or part of the steps in the method embodiment.

The communication apparatus 1200 may also correspond to the apparatus shown in fig. 10 or fig. 11 described above, and each functional module in the apparatus shown in fig. 10 or fig. 11 is implemented using software of the communication apparatus 1200. In other words, the functional modules included in the apparatus shown in fig. 10 or 11 are generated after the processor 1201 of the communication apparatus 1200 reads the program instructions 1210 stored in the memory 1203.

Wherein the steps of the method shown in fig. 3 are performed by integrated logic circuitry of hardware or instructions in software form in a processor of the communication device 1200. The steps of an embodiment of a method disclosed in connection with the present application may be embodied directly in a hardware processor for execution, or in a combination of hardware and software modules in the processor. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in the memory, and the processor reads information in the memory, and in combination with the hardware, performs the steps of the above method embodiment, which will not be described in detail herein to avoid repetition.

In an exemplary embodiment, the present application provides a communication system including a first communication device for implementing a method performed by the first communication device in the above method embodiment, and a second communication device for implementing a method performed by the second communication device in the above method embodiment.

In an exemplary embodiment, the present application further provides a computer readable storage medium, where at least one instruction is stored, where the instruction is loaded and executed by a processor, to implement any of the exemplary methods provided in the above method embodiments.

In an exemplary embodiment, the present application also provides a computer program product comprising a computer program or instructions for execution by a processor to implement any of the exemplary methods provided by the method embodiments described above.

In an exemplary embodiment, an embodiment of the present application further provides a chip, including a processor, configured to call from a memory and execute instructions stored in the memory, so that a communication device on which the chip is mounted performs any of the exemplary methods provided in the above-described method embodiments.

In an exemplary embodiment, the embodiment of the present application further provides another chip, including: the input interface, the output interface, the processor and the memory are connected through an internal connection path, the processor is used for executing the codes in the memory, and when the codes are executed, the communication device with the chip executes any one of the exemplary methods provided by the method embodiments.

In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the processes or functions in accordance with the present application are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by a wired (e.g., coaxial cable, fiber optic, digital subscriber line), or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk), etc.

The terms "first," "second," and the like in this disclosure are used for distinguishing between similar elements or items having substantially the same function and function, and it should be understood that there is no logical or chronological dependency between the terms "first," "second," and "n," and that there is no limitation on the amount and order of execution. It will be further understood that, although the following description uses the terms first, second, etc. to describe various elements, these elements should not be limited by the terms. These terms are only used to distinguish one element from another element.

It should also be understood that, in the embodiments of the present application, the sequence number of each process does not mean that the execution sequence of each process should be determined by the function and the internal logic, and should not limit the implementation process of the embodiments of the present application.

The term "at least one" in the present application means one or more, and the term "plurality" in the present application means two or more, for example, a plurality of second devices means two or more second devices. The terms "system" and "network" are often used interchangeably herein.

It is to be understood that the terminology used in the description of the various examples described herein is for the purpose of describing particular examples only and is not intended to be limiting. As used in the description of the various described examples and in the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.

It should also be understood that the terms "if" and "if" may be interpreted to mean "when" ("white" or "upon") or "in response to a determination" or "in response to detection. Similarly, the phrase "if determined" or "if [ a stated condition or event ] is detected" may be interpreted to mean "upon determination" or "in response to determination" or "upon detection of [ a stated condition or event ] or" in response to detection of [ a stated condition or event ] "depending on the context.

The foregoing description of the embodiments of the application is not intended to limit the application, but rather, the application is to be construed as limited to the embodiments disclosed.

Claims

1. A method for processing a message, the method comprising:

the method comprises the steps that a first communication device receives a first message, wherein the first message comprises an inner layer message header and an outer layer message header;

the first communication device copies the inner layer message header, the copied inner layer message header is arranged outside the outer layer message header, a second message is obtained, and the copied inner layer message header is used for processing the second message.

2. The method of claim 1, wherein the outer layer header comprises at least one of an internet protocol, IP, extension header and a multiprotocol, label switching, MPLS, header.

3. The method of claim 2, wherein the IP extended header is a segment routing header SRH, the SRH including a segment identification SID, the SID including a location field for indicating the first communication device and a function field for indicating copying the inner header, and the copied inner header being located outside the outer header to obtain a second message;

the first communication device copies the inner layer message header, and places the copied inner layer message header outside the outer layer message header to obtain a second message, which comprises the following steps:

and the first communication device copies the inner layer message header based on the SID, and places the copied inner layer message header outside the outer layer message header to obtain a second message.

4. A method according to any of claims 1-3, characterized in that the destination address field of the duplicated inner layer header is the address of the next-hop communication device of the first communication device on a transmission path, which transmission path is determined based on the outer layer header.

5. The method according to any of claims 1-4, wherein the duplicated inner layer header is used to identify whether the second message needs to be discarded.

6. The method of claim 5, wherein after the second message is obtained, the method further comprises:

the first communication device deletes the copied inner layer message header to obtain a third message;

the first communication device sends the third message to a second communication device according to a transmission path determined based on the outer layer message header, wherein the second communication device is a communication device which sends the first message to the first communication device.

7. The method according to any of claims 1-4, wherein the duplicated inner layer header is used for forwarding the second message.

8. The method of claim 3, wherein the SID is located at a head node of the SRH or the SID is located at an intermediate node of the SRH.

9. The method according to any one of claims 1-8, further comprising:

the first communication device modifies at least one field of the duplicated inner layer header, the at least one field including at least one of a next header field, a destination address field, a source address field, a time-to-live field, and a frame check sequence field.

10. The method according to any one of claims 1-9, wherein the inner layer header comprises at least one of an internet protocol, IP, basic header and a transport layer header, the IP basic header comprises a fourth version of an internet protocol, IPv4, basic header or a sixth version of an internet protocol, IPv6, basic header, and the transport layer header comprises a user datagram protocol, UDP, header or a transport control protocol, TCP, header.

11. The method according to any one of claims 1-10, wherein after the second message is obtained, the method further comprises:

the first communication device sends the second message to a third communication device, and the copied inner layer message header is used for the third communication device to process the second message.

12. A method for processing a message, the method comprising:

the second communication device generates a first message, wherein the first message comprises an inner layer message header and an outer layer message header;

the second communication device sends the first message to the first communication device, wherein the first message is used for copying the inner layer message header by the first communication device, the copied inner layer message header is arranged outside the outer layer message header to obtain a second message, and the copied inner layer message header is used for processing the second message.

13. The method of claim 12, wherein the outer layer header comprises at least one of an internet protocol IP extension header and a multiprotocol label switching MPLS header.

14. The method of claim 13, wherein the IP extension header is a segment routing header SRH, the SRH including a segment identification SID, the SID including a location field for indicating the first communication device and a function field for indicating copying the inner header, and wherein the copied inner header is placed outside the outer header to obtain the second message.

15. The method according to any of claims 12-14, wherein the destination address field of the duplicated inner layer header is an address of a next hop communication device of the first communication device on a transmission path, the transmission path being determined based on the outer layer header.

16. The method according to any of claims 12-15, wherein the duplicated inner layer header is used to identify whether the second message needs to be discarded.

17. The method according to any of claims 12-15, wherein the duplicated inner layer header is used for forwarding the second message.

18. The method of claim 14, wherein the SID is located at a head node of the SRH or the SID is located at an intermediate node of the SRH.

19. The method according to any of claims 12-18, wherein the inner layer header comprises at least one of an internet protocol, IP, basic header and a transport layer header, the IP basic header comprising a fourth version of an internet protocol, IPv4, basic header or a sixth version of an internet protocol, IPv6, basic header, and the transport layer header comprising a user datagram protocol, UDP, header or a transport control protocol, TCP, header.

20. A first communication device, the first communication device comprising:

the receiving and transmitting module is used for receiving a first message, wherein the first message comprises an inner layer message header and an outer layer message header;

the processing module is used for copying the inner layer message header, placing the copied inner layer message header outside the outer layer message header to obtain a second message, and the copied inner layer message header is used for processing the second message.

21. The first communications device of claim 20, wherein said outer layer header includes at least one of an internet protocol IP extension header and a multiprotocol label switching MPLS header.

22. The first communication device of claim 21, wherein the IP extended header is a segment routing header SRH, the SRH including a segment identification SID, the SID including a location field for indicating the first communication device and a function field for indicating copying the inner header, and the copied inner header is placed outside the outer header to obtain a second message;

23. The first communication device according to any of claims 20-22, wherein the destination address field of the duplicated inner layer header is an address of a next-hop communication device of the first communication device on a transmission path, the transmission path being determined based on the outer layer header.

24. The first communication device according to any of claims 20-23, wherein the inner layer header comprises at least one of an internet protocol, IP, basic header and a transport layer header, the IP basic header comprising a fourth version of an internet protocol, IPv4, basic header or a sixth version of an internet protocol, IPv6, basic header, and the transport layer header comprising a user datagram protocol, UDP, header or a transport control protocol, TCP, header.

25. A second communication device, the second communication device comprising:

the transceiver module is used for sending the first message to the first communication device, the first message is used for copying the inner layer message header by the first communication device, the copied inner layer message header is arranged outside the outer layer message header, a second message is obtained, and the copied inner layer message header is used for processing the second message.

26. The second communications device of claim 25, wherein the outer layer header includes at least one of an internet protocol IP extension header and a multiprotocol label switching MPLS header.

27. The second communication device according to claim 26, wherein the IP extended header is a segment routing header SRH, the SRH including a segment identification SID, the SID including a location field for indicating the first communication device and a function field for indicating copying the inner header, and the copied inner header is placed outside the outer header to obtain the second message.

28. The second communication device according to any of claims 25-27, wherein the destination address field of the duplicated inner layer header is an address of a next-hop communication device of the first communication device on a transmission path, the transmission path being determined based on the outer layer header.

29. The second communication device according to any of claims 25-28, wherein the inner layer header comprises at least one of an internet protocol, IP, basic header and a transport layer header, the IP basic header comprising a fourth version of an internet protocol, IPv4, basic header or a sixth version of an internet protocol, IPv6, basic header, and the transport layer header comprising a user datagram protocol, UDP, header or a transport control protocol, TCP, header.

30. A communication device, the communication device comprising a memory and a processor; the memory has stored therein at least one instruction that is loaded and executed by the processor to cause the communication device to implement the method of any of claims 1-11.

31. A communication device, the communication device comprising a memory and a processor; the memory has stored therein at least one instruction that is loaded and executed by the processor to cause the communication device to implement the method of any of claims 12-19.

32. A communication system comprising a first communication device for implementing the method of any of claims 1-11 and a second communication device for implementing the method of any of claims 12-19.

33. A computer readable storage medium having stored therein at least one instruction, the instruction being loaded and executed by a processor to implement the method of any one of claims 1-19.

34. A computer program product, characterized in that it comprises a computer program or instructions that is executed by a processor to implement the method of any one of claims 1-19.